Chef Compliance 1.11.6 released

Ohai Compliance friends,

Chef Compliance 1.11.6 is now available from the Chef downloads site. This is a patch release update which is recommended for all users of Chef Compliance. It contains a number of vulnerability fixes for Ruby:

Bug fixes:

  • CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
  • CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
  • CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docod
  • CVE-2017-14064: Heap exposure in generating JSON

Upgrade instructions

Upgrade instructions for Chef Compliance are found here. Download is available at the Chef downloads site.

– Dominik