We are delighted to announce the availability of version 15.10.12 of Chef Infra Server.
Platform support
Chef Infra Server is no longer supported on the following platforms:
- Red Hat Enterprise Linux 7
- CentOS 7
License usage
We now collect aggregated and anonymized usage data to understand the Chef Infra Server adoption curve, operating systems that Infra Server runs on, deployed versions of Infra Server, and deployment patterns.
We have ensured that the collected data protects the end user while providing meaningful usage insights.
For more information, see the Chef Infra Server License Usage documentation.
Dependency updates
Redis to KeyDB migration
We replaced Redis with KeyDB to resolve the following CVEs:
- CVE-2023-41056
- CVE-2023-45145
- CVE-2023-41053
- CVE-2022-24834
- CVE-2023-36824
This change doesn't require any configuration change and the service name has been kept unchanged too.
For more information about KeyDB, see the KeyDB documentation.
OpenJRE
Updated OpenJRE to 11.0.22+7 to resolve the following CVEs:
- CVE-2024-20918
- CVE-2024-20921
- CVE-2024-20919
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952
OpenSSL
Updated OpenSSL to 1.0.2zi to resolve the following CVEs:
- CVE-2022-0778
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-4304
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0464
- CVE-2023-0465
- CVE-2023-0466
- CVE-2023-3446
- CVE-2023-3817
Node.js
Updated Node.js to 14.21.3 to resolve the following CVEs:
- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807
Rack
Updated Rack to 2.2.6.3 to resolve the following CVEs:
- CVE-2023-27530
RDoc
Updated RDoc to 6.3.4.1 to resolve the following CVEs:
- CVE-2024-27281
Rails
Updated Rails to 7.0.8.1 to resolve the following CVEs:
- CVE-2024-26143
Nokogiri
Updated Nokogiri to 1.15.6 to resolve the following CVEs:
- CVE-2024-25062
Get the Build
You can download binaries from Chef Software Downloads | Automation, DevOps, Security, DevSecOps | Chef