We are delighted to announce the availability of version 14.3.14 of Chef Infra Server.
Chef Infra Server now defaults to supporting only TLS 1.2 for API communication. This new default may require upgrading older releases of Chef Infra Client, which do not support TLS 1.2. On Linux/Unix/macOS systems TLS 1.2 is supported in Chef Infra Client 10.16.4 and later. On Windows systems, TLS 1.2 is supported on Chef Infra Client 12.8 or later.
The Bifrost service was previously exposed externally on port
9683. This service is no longer required externally and is now only exposed to the local system to improve security.
The HTTP Strict-Transport-Security (HSTS) max-age value for the default Chef Infra Server website can now be configured. Set the new
node['private_chef']['nginx']['hsts_max_age'] to define the time in seconds the browser should remember that a site is only to be accessed using HTTPS. This configuration defaults to
31536000 (1 year) and accepts a maximum value of
63072000 (2 years).
The default website for the Chef Infra Server now sets
X-Frame-Options headers to better secure this default website.
We updated Ruby from 2.6.6 to 2.6.7 to resolve a large number of bugs as well as the following CVEs:
We updated Postgresql from 9.6.15 to 9.6.21 to resolve a large number of bugs as well as the following CVEs:
- Packages are no longer produced for Ubuntu 16.04, which reaches End-of-Life status on April 30th. See our Platform End-of-Life Policy for additional information.
- Packages are now produced for Amazon Linux 2. See a complete list of platforms and versions we support at downloads.chef.io
- Ubuntu packages now support FIPS.
Reindexing will now gracefully fail if there is not 2.2x the current ElasticSearch data available on disk before attempting the reindex. This will prevent reindexing from resulting in non-functional server installs when disk space is low.
The OpenResty engine that powers the Chef Infra Server API has been updated to the latest release (22.214.171.124). This release includes significant performance improvements, which may result in improved API performance under some conditions.
You can download binaries directly from downloads.chef.io.