Chef Infra Server 14.11.21 Released!

We are delighted to announce the availability of version 14.11.21 of Chef Infra Server.

Security

Elasticsearch 6.8.21

Updated Elasticsearch from 6.8.18 to 6.8.21 to resolve concerns regarding CVE-2021-44228 (Log4j remote code execution). Elastic has stated "Elasticsearch [is] not susceptible to remote code execution with this vulnerability". In the 6.8.21 release, Elastic has disabled JNDI lookups by setting log4j2.formatMsgNoLookups to true and by patching log4j to remove the JndiLookup class entirely.

Redis 5.0.14

Updated Redis from 5.0.7 to 5.0.14 to resolve the following CVEs:

  • CVE-2021-41099
  • CVE-2021-32762
  • CVE-2021-32687
  • CVE-2021-32675
  • CVE-2021-32672
  • CVE-2021-32628
  • CVE-2021-32627
  • CVE-2021-32626
  • CVE-2021-32761
  • CVE-2021-21309

OpenJDK 11.0.13+8

Updated OpenJDK from 11.0.11+7 to 11.0.13+8 to resolve the following CVEs:

  • CVE-2021-35550
  • CVE-2021-35565
  • CVE-2021-35556
  • CVE-2021-35559
  • CVE-2021-35561
  • CVE-2021-35564
  • CVE-2021-35567
  • CVE-2021-35578
  • CVE-2021-35586
  • CVE-2021-35603

Packaging

RHEL 8 Build ID

Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.


Get the Build

You can download binaries directly from downloads.chef.io.