We are delighted to announce the availability of version 15.8.0 of Chef Infra Server.
Private Chef Supermarket
Private Chef Supermarket users upgrading Chef Infra Server must refresh their logins and re-authenticate Supermarket with Chef Identity.
Security Improvements
OCID
Updated DoorKeeper package to resolve:
- CVE-2020-10187
OpenJRE
Updated OpenJRE to 11.0.20+8 to resolve the following CVEs:
- CVE-2023-21830
- CVE-2023-25193
- CVE-2023-22006
- CVE-2023-22036
- CVE-2023-22041
- CVE-2023-22044
- CVE-2023-22045
- CVE-2023-22049
- CVE-2023-22043
- CVE-2023-22051
- CVE-2022-45688
loofah
Updated loofah to 2.19.1 to resolve the following CVEs:
- CVE-2022-23515
- CVE-2022-23514
- CVE-2022-23516
Rack
Update Rack to 2.2.6.4 to resolve the following CVEs:
- CVE-2023-27530
ActiveStorage
Update ActiveStorage to 6.1.4.7 to resolve the following CVEs:
- CVE-2022-21831
Get the Build
You can download binaries directly from downloads.chef.io.