We are delighted to announce the availability of version 14.11.21 of Chef Infra Server.
Updated Elasticsearch from 6.8.18 to 6.8.21 to resolve concerns regarding CVE-2021-44228 (Log4j remote code execution). Elastic has stated "Elasticsearch [is] not susceptible to remote code execution with this vulnerability". In the 6.8.21 release, Elastic has disabled JNDI lookups by setting
true and by patching log4j to remove the
JndiLookup class entirely.
Updated Redis from 5.0.7 to 5.0.14 to resolve the following CVEs:
Updated OpenJDK from 11.0.11+7 to 11.0.13+8 to resolve the following CVEs:
Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.
You can download binaries directly from downloads.chef.io.