We are delighted to announce the availability of version 14.13.42 of Chef Infra Server.
Improvements
Support for Multiple DNS Names
Updated the nginx configuration for Chef Infra Server to support scenarios where the Infra Server has multiple DNS names that clients are configured to use. Thanks for this addition @bdwyertech!
Bug Fixes
- Resolved an error running
chef-server-ctl user-createwith the--prompt-for-passwordflag.
Packaging
Sentry APM Removal
Removed support for Sentry application performance monitoring in oc-id. Chef Infra Server will now ignore any configuration for Sentry during reconfigure.
Habitat Package Updates
The Habitat packages of Chef Infra Server are now built against the latest core-plans update, updating many of the dependencies used by Infra Server.
Security
OpenJDK 11.0.14
OpenJDK has been updated from 11.0.13 to 11.0.14 to resolve the following CVEs:
- CVE-2022-21248: Enhance cross VM serialization
- CVE-2022-21283: Better String matching
- CVE-2022-21291: Better verification of scan methods
- CVE-2022-21293: Improve String constructions
- CVE-2022-21294: Enhance construction of Identity maps
- CVE-2022-21282: Better resolution of URIs
- CVE-2022-21296: Improve SAX Parser configuration management
- CVE-2022-21299: Improved scanning of XML entities
- CVE-2022-21277: Improve TIFF file handling
- CVE-2022-21305: Better array indexing
- CVE-2022-21340: Verify Jar Verification
- CVE-2022-21341: Improve serial forms for transport
- CVE-2022-21360: Enhance BMP image support
- CVE-2022-21365: Enhanced BMP processing
Ruby on Rails 6.1.4.6
Updated the Ruby on Rails framework used by oc-id to 6.1.4.6 to resolve CVE-2021-22904.
Get the Build
You can download binaries directly from downloads.chef.io.