Chef Manage 2.4.5 is now available for download.
This release patches a remote execution vulnerability accessible through the user account creation process. This vulnerability has been present in Chef Manage since release 2.1.0 on 2015/11/19.
If you are unable to update at this time, we recommend disabling new user sign up n your Chef Manage instances until the update can be applied. You can do this by editing the file
/etc/chef-manage/manage.rb and adding the following line:
Save the change, then run:
sudo chef-manage-ctl reconfigure