Chef Infra Server 15.3.2 Released!

We are delighted to announce the availability of version 15.3.2 of Chef Infra Server.

New Features

  • Chef Infra Server now uses AWS Signature Version 4 (SigV4) when connecting to S3. SigV4 is the process to add authentication information to AWS API requests sent by HTTP.
  • Chef Infra Server can now use virtual-hosted-style URLs when connecting to S3. Note: Chef Infra Server will continue to work only with path-style URLs when connecting to Bookshelf.
  • Added new optional setting s3_url_type for specifying the URL style to be used when connecting to S3.
  • Added support for Ubuntu 22.04.


  • Updated gather logs to include Chef Infra Server upgrade version history in the chef-version-history.txt file.

Bug Fixes

  • Fixed a bug in the knife user create subcommand which allowed the creation of users with the same email address but with varying capitalization. For example, and could be assigned to separate users. Chef Infra Server now validates email addresses with varying capitalization as the same address.
  • Fixed an issue where knife-tidy was removing needed cookbook versions when cleaning stale nodes from the most recent backup when running /usr/bin/knife tidy server clean --backup-path /tmp/reports --yes.



  • CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket.


  • CVE-2022-21619: Improper handling of long NTLM client hostnames.
  • CVE-2022-21626: Excessive memory allocation in X.509 certificate parsing.
  • CVE-2022-21624: Insufficient randomization of JNDI DNS port numbers.
  • CVE-2022-21628: HttpServer no connection count limit.
  • CVE-2022-39399: Missing SNI caching in HTTP/2.
  • CVE-2022-21618: Improper MultiByte conversion can lead to buffer overflow.

Get the Build

You can download binaries directly from