Chef Infra Server 15.4.0 Released!

chef-ci · January 5, 2023, 9:41pm

We are delighted to announce the availability of version 15.4.0 of Chef Infra Server.

Packaging

Fixed an issue with Automate by setting s3_url_type configuration to path. Customers should now be able to upload cookbooks that were broken in version chef-server 15.3.2.
Fixed an issue with chef-server-ctl reindex by reading nginx[ssl_port] from the configuration. This resolves an issue when the nginx[ssl_port] is not set to default port(443).

rebar3 (3.6.2 -> 3.20.0)
liblzma (5.2.6 -> 5.2.7)
python (3.10.5 -> 3.11.0)
bash (5.1.16 -> 5.2.9)
popt (1.18 -> 1.19)

CVE-2022-45061: An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder.
CVE-2022-42919: Allows local privilege escalation in a non-default configuration.
CVE-2022-37454: An integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code.

You can download binaries directly from downloads.chef.io.

Topic	Replies	Views
Chef Infra Server 14.13.42 Released! Chef Release Announcements	1228	March 1, 2022
Chef Infra Server 15.1.7 Released! Chef Release Announcements	1313	August 30, 2022
Chef Infra Server 15.3.2 Released! Chef Release Announcements	1364	November 9, 2022
Automate 2 version 20210923171324 Released! Chef Release Announcements	374	September 27, 2021
Chef Server 13.0.17 is now available Chef Release Announcements	607	July 1, 2019