We are delighted to announce the availability of version 14.1.0 of Chef Server.
Bug Fixes and Improvements
- The server status endpoint can now be configured to include the version of the Chef Infra Server in status requests with a new
include_version_in_status
configuration in thechef-server.rb
file. - The
supports
field in cookbook metadata now allows version numbers that only reference a major version, such assupports 'debian', '>= 7'
. Thanks for reporting this issue @acondrat! - A new
nginx['time_format']
configuration in thechef-server.rb
file allows changing the timestamp format in NGINX logs fromtime_iso8601
totime_local
.
Security
Ruby
Ruby has been updated from 2.6.5 to 2.6.6 to resolve CVE-2020-10663 and CVE-2020-10933.
Nokogiri
Nokogiri has been updated from 1.10.10 to 1.11.1 to resolve CVE-2020-26247.
OpenJDK
The AdoptOpenJDK package has been updated from 11.0.7+10 to 11.0.10+9 to resolve the following CVEs:
- CVE-2020-14779
- CVE-2020-14781
- CVE-2020-14782
- CVE-2020-14792
- CVE-2020-14796
- CVE-2020-14797
- CVE-2020-14798
- CVE-2020-14803
OpenSSL
The OpenSSL library has been updated to 1.0.2y to resolve the following CVEs:
Platform Support
We will no longer be producing Chef Infra Server packages for RHEL 6.x as this platform became end-of-life (EOL) Nov 2020. See the Red Hat Linux Enterprise Lifecycle page for additional information on the RHEL 6 lifecycle.
Upgrading From Earlier Releases
Please keep in mind that upgrading from releases before 14.0 will run an automatic Elasticsearch reindexing operation for existing Solr users. We estimate the reindexing operation will take 2 minutes for each 1000 nodes, but it could take more time depending on your server hardware and the complexity of your Chef data.
Get the Build
You can download binaries directly from downloads.chef.io.