Chef Infra Server 15.4.0 Released!

We are delighted to announce the availability of version 15.4.0 of Chef Infra Server.

Packaging

Habitat Package Updates

  • Chef Infra Server Habitat packages are now built against Erlang 24.

Bug Fixes

  • Fixed an issue with Automate by setting s3_url_type configuration to path. Customers should now be able to upload cookbooks that were broken in version chef-server 15.3.2.
  • Fixed an issue with chef-server-ctl reindex by reading nginx[ssl_port] from the configuration. This resolves an issue when the nginx[ssl_port] is not set to default port(443).

Updated Components

  • rebar3 (3.6.2 -> 3.20.0)
  • liblzma (5.2.6 -> 5.2.7)
  • python (3.10.5 -> 3.11.0)
  • bash (5.1.16 -> 5.2.9)
  • popt (1.18 -> 1.19)

Security

Python

  • CVE-2022-45061: An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder.
  • CVE-2022-42919: Allows local privilege escalation in a non-default configuration.
  • CVE-2022-37454: An integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code.

Get the Build

You can download binaries directly from downloads.chef.io.