Chef Automate Release 1.7.10

We are delighted to announce release 1.7.10 of Chef Automate. The release is available for download from https://downloads.chef.io/automate.

New Features

Compliance Scanner - Open Beta
Compliance capabilities in Chef Automate have been steadily growing over the course of this year. This release marks a major step forward with the introduction of the compliance scanner. Until now, the only way to orchestrate remote InSpec runs was through the use of Chef Compliance, a standalone application which does not report data to Chef Automate. With the addition of scanning features we are moving forward on the vision to have all major compliance capabilities integrated into in Chef Automate.

The compliance scanner is now available as an open beta feature in Chef Automate. It allows you to add nodes and execute ad hoc remote compliance scans; in a future release we will add the ability to set up scheduled scan jobs. Remote scans provide an important capability for any systems that may not have an agent installed, as well as for other endpoints and devices. The scanner combined with existing reporting capabilities and profiles offers a major enhancement to remote compliance testing with Chef Automate.

Features:

  • Add remote nodes with SSH and WinRM connections
  • Add credentials for remote connections and sudo configuration
  • Create jobs that execute ad hoc remote scans on all configured nodes
  • View results in Chef Automate’s compliance reporting view

To use the scanner please type beta from within the Chef Automate UI and enable the compliance scanner feature. You can learn more about the feature in our docs. We look forward to hearing your feedback about the new compliance scanner.

Chef Automate Statistics
Have you ever wondered how much data is being stored by Chef Automate? There’s a new automate-ctl data-summary command that gives the total number of Chef client run records and compliance scan records, as well as how much storage is being consumed. For more information, see the automate-ctl docs.

Command Line Option for Reaper
If you’d like to run a manual Reaper job to remove data from Chef Automate, there’s now an option to override the Reaper’s settings. You can specify retention period for a single reaper job from the command line. For more details, see Data Retention Management in Chef Automate.

Removed Legacy Compliance Views
The original compliance data views under the Nodes tab have been accessible via the legacy flag since release of Chef Automate 1.5 in July. With this release those views have been removed from the product, and data is no longer written to the underlying data indices. Historical and new compliance data is stored in new indices. To remove legacy compliance data and reduce storage volume, see Data Retention Management in Chef Automate.

Resolved Issues

  • LDAP authentication can now be configured to use anonymous bind
  • Fixed a UI issue where the workflow change detail screen would scroll to the bottom, obscuring the Deliver button
  • Fixed a UI issue where clicking on the view source window in compliance would close the window, making it impossible to copy its contents
  • Added an Nginx configuration option to fix a security issue where an arbitrary host header could be passed and reflected in a subsequent redirect, which could potentially be used maliciously if a web cache was in use
  • CVE-2017-3526: server-jre has been updated to Java 8 Update 144
  • CVE-2017-8932: Golang has been updated to version 1.9.1

We encourage you to upgrade often. As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!