Chef Client 13.9.4 Released!


Ohai Chefs!

We’re happy to announce the release of Chef Client 13.9.4. This release contains important security updates as well as several useful backported fixes from Chef 14.

What’s New

Security Updates

Ruby has been updated to 2.4.4

  • CVE-2017-17742: HTTP response splitting in WEBrick
  • CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
  • CVE-2018-8777: DoS by large request in WEBrick
  • CVE-2018-8778: Buffer under-read in String#unpack
  • CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
  • CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
  • Multiple vulnerabilities in RubyGems

Nokogiri has been updated to 1.8.2

  • [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem).

OpenSSL has been updated to 1.0.2o

  • CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack.

Platform Updates

As Debian 7 is now end of life we will no longer produce Debian 7 chef-client packages.

Ifconfig on Ubuntu 18.04

Incompatibilities with Ubuntu 18.04 in the ifconfig resource have been resolved.

Ohai Updated to 13.9.2

Virtualization detection on AWS

Ohai now detects the virtualization hypervisor amazonec2 when running on Amazon’s new C5/M5 instances.

Configurable DMI Whitelist

The whitelist of DMI IDs is now user configurable using the additional_dmi_ids configuration setting, which takes an Array.

Filesystem2 on BSD

The Filesystem2 functionality has been backported to BSD systems to provide a consistent filesystem format.

Getting This Release

As always, you can download binaries directly from, or by using the mixlib-install command line utility available in ChefDK.

$ mixlib-install download chef -c stable -v 13.9.4

Alternatively, you can install Chef using one of the following command options:

In Shell

$ curl | sudo bash -s – -P chef -c stable -v 13.9.4

In Windows Powershell

. { iwr -useb } | iex; install -project chef -channel stable -version 13.9.4