We are delighted to announce the availability of version 15.4.0 of Chef Infra Server.
- Chef Infra Server Habitat packages are now built against Erlang 24.
- Fixed an issue with Automate by setting
path. Customers should now be able to upload cookbooks that were broken in version chef-server 15.3.2.
- Fixed an issue with
chef-server-ctl reindexby reading
nginx[ssl_port]from the configuration. This resolves an issue when the
nginx[ssl_port]is not set to default port(443).
- rebar3 (3.6.2 -> 3.20.0)
- liblzma (5.2.6 -> 5.2.7)
- python (3.10.5 -> 3.11.0)
- bash (5.1.16 -> 5.2.9)
- popt (1.18 -> 1.19)
- CVE-2022-45061: An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder.
- CVE-2022-42919: Allows local privilege escalation in a non-default configuration.
- CVE-2022-37454: An integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code.
You can download binaries directly from downloads.chef.io.