Chef Compliance 1.12.0 Released

Ohai Compliance friends,

Chef Compliance 1.12.0 is now available from the Chef downloads site. This is a patch release update which is recommended for all users of Chef Compliance. Here are the enhancements and bug fixes included in this release:

Enhancements:

  • CVE-2017-8932: Upgrade Go to 1.9.2
  • New option nginx['strict_host_header'] to mitigate Host-header cache-poisoning attacks

Upgrade instructions

Upgrade instructions for Chef Compliance are found here. Download is available at the Chef downloads site.

– Steven

Hi,

A small correction. This release contains Go 1.9.1, not 1.9.2. Go 1.9.1 is the latest release of the 1.9 series and addresses the mentioned CVE.

Cheers,

Steven