We are delighted to announce the availability of version 15.3.2 of Chef Infra Server.
New Features
- Chef Infra Server now uses AWS Signature Version 4 (SigV4) when connecting to S3. SigV4 is the process to add authentication information to AWS API requests sent by HTTP.
- Chef Infra Server can now use virtual-hosted-style URLs when connecting to S3. Note: Chef Infra Server will continue to work only with path-style URLs when connecting to Bookshelf.
- Added new optional setting
s3_url_typefor specifying the URL style to be used when connecting to S3. - Added support for Ubuntu 22.04.
Improvements
- Updated gather logs to include Chef Infra Server upgrade version history in the
chef-version-history.txtfile.
Bug Fixes
- Fixed a bug in the
knife user createsubcommand which allowed the creation of users with the same email address but with varying capitalization. For example,this.user@example.comandThis.User@example.comcould be assigned to separate users. Chef Infra Server now validates email addresses with varying capitalization as the same address. - Fixed an issue where knife-tidy was removing needed cookbook versions when cleaning stale nodes from the most recent backup when running
/usr/bin/knife tidy server clean --backup-path /tmp/reports --yes.
Security
OpenSearch
- CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket.
OpenJDK
- CVE-2022-21619: Improper handling of long NTLM client hostnames.
- CVE-2022-21626: Excessive memory allocation in X.509 certificate parsing.
- CVE-2022-21624: Insufficient randomization of JNDI DNS port numbers.
- CVE-2022-21628: HttpServer no connection count limit.
- CVE-2022-39399: Missing SNI caching in HTTP/2.
- CVE-2022-21618: Improper MultiByte conversion can lead to buffer overflow.
Get the Build
You can download binaries directly from downloads.chef.io.