Chef Infra Server 15.8.0 Released!

We are delighted to announce the availability of version 15.8.0 of Chef Infra Server.

Private Chef Supermarket

Private Chef Supermarket users upgrading Chef Infra Server must refresh their logins and re-authenticate Supermarket with Chef Identity.

Security Improvements

OCID

Updated DoorKeeper package to resolve:

  • CVE-2020-10187

OpenJRE

Updated OpenJRE to 11.0.20+8 to resolve the following CVEs:

  • CVE-2023-21830
  • CVE-2023-25193
  • CVE-2023-22006
  • CVE-2023-22036
  • CVE-2023-22041
  • CVE-2023-22044
  • CVE-2023-22045
  • CVE-2023-22049
  • CVE-2023-22043
  • CVE-2023-22051
  • CVE-2022-45688

loofah

Updated loofah to 2.19.1 to resolve the following CVEs:

  • CVE-2022-23515
  • CVE-2022-23514
  • CVE-2022-23516

Rack

Update Rack to 2.2.6.4 to resolve the following CVEs:

  • CVE-2023-27530

ActiveStorage

Update ActiveStorage to 6.1.4.7 to resolve the following CVEs:

  • CVE-2022-21831

Get the Build

You can download binaries directly from downloads.chef.io.