Hey Everyone,
Happy Monday and to celebrate we’ve released a new version of Chef 12 chock-full of security updates as well as some new functionality.
Ohai 8.25 with Critical Plugins Functionality
Users can now specify a list of plugins which are critical
for the Chef run. Critical plugins will cause Ohai to fail if they do not run successfully (and thus cause a Chef run using Ohai to fail). The syntax for this is:
ohai.critical_plugins << :Filesystem
Security Updates
We’ve updated multiple libraries to resolve CVEs:
libxml2 upgraded to 2.9.5
- https://www.cvedetails.com/cve/CVE-2017-9050/
- https://www.cvedetails.com/cve/CVE-2017-9049/
- https://www.cvedetails.com/cve/CVE-2017-9048/
- https://www.cvedetails.com/cve/CVE-2017-9047/
- https://www.cvedetails.com/cve/CVE-2017-8872/
- https://www.cvedetails.com/cve/CVE-2017-5969/
- https://www.cvedetails.com/cve/CVE-2016-9318/
- https://www.cvedetails.com/cve/CVE-2016-5131/
libxlst upgraded to 1.1.30
zlib upgraded to 1.2.11
- https://www.cvedetails.com/cve/CVE-2016-9840/
- https://www.cvedetails.com/cve/CVE-2016-9841/
- https://www.cvedetails.com/cve/CVE-2016-9842/
- https://www.cvedetails.com/cve/CVE-2016-9843/
openssl upgraded to 1.0.2j
- http://www.cvedetails.com/cve/CVE-2017-3731
- http://www.cvedetails.com/cve/CVE-2017-3732
- http://www.cvedetails.com/cve/CVE-2016-7055
rubygems upgraded to 2.6.14
Full Ruby 2.2 support restored
The previous release of Chef 12.21.20 introduced an Ruby 2.2 incompatibility in Windows DSC code handling that has been resolved.