Chef Infra Server 15.3.2 Released!

We are delighted to announce the availability of version 15.3.2 of Chef Infra Server.

New Features

  • Chef Infra Server now uses AWS Signature Version 4 (SigV4) when connecting to S3. SigV4 is the process to add authentication information to AWS API requests sent by HTTP.
  • Chef Infra Server can now use virtual-hosted-style URLs when connecting to S3. Note: Chef Infra Server will continue to work only with path-style URLs when connecting to Bookshelf.
  • Added new optional setting s3_url_type for specifying the URL style to be used when connecting to S3.
  • Added support for Ubuntu 22.04.

Improvements

  • Updated gather logs to include Chef Infra Server upgrade version history in the chef-version-history.txt file.

Bug Fixes

  • Fixed a bug in the knife user create subcommand which allowed the creation of users with the same email address but with varying capitalization. For example, this.user@example.com and This.User@example.com could be assigned to separate users. Chef Infra Server now validates email addresses with varying capitalization as the same address.
  • Fixed an issue where knife-tidy was removing needed cookbook versions when cleaning stale nodes from the most recent backup when running /usr/bin/knife tidy server clean --backup-path /tmp/reports --yes.

Security

OpenSearch

  • CVE-2022-22971: Spring Framework DoS with STOMP over WebSocket.

OpenJDK

  • CVE-2022-21619: Improper handling of long NTLM client hostnames.
  • CVE-2022-21626: Excessive memory allocation in X.509 certificate parsing.
  • CVE-2022-21624: Insufficient randomization of JNDI DNS port numbers.
  • CVE-2022-21628: HttpServer no connection count limit.
  • CVE-2022-39399: Missing SNI caching in HTTP/2.
  • CVE-2022-21618: Improper MultiByte conversion can lead to buffer overflow.

Get the Build

You can download binaries directly from downloads.chef.io.