Hey folks,

Happy Friday! In celebration of the end of the week we have a new release of Chef Manage. This release resolves a few pesky bugs and a number of CVEs in bundled components. Be sure to check it out if you're using Manage. Also be sure to check out the new Infra Views capabilities in Chef Automate for managing your Infra nodes all in a single interface.

What's New in 3.0.16

Bug Fixes

• Fixed issues adding cookbook constraints to an environment.
• Fixed errors when changing a node's environment.
• Fixed incorrect cookbook versions being displayed in environments.
• Fixed a blank page being shown when refreshing the databag item page.

Ubuntu 20.04 Support

We added Ubuntu 20.04 packages and continue to support Ubuntu 16.04 and 18.04 packages.

Security Updates

Ruby 2.6

We updated Chef Manage's Ruby installation from 2.5.5 to 2.6.6. This upgrade improves the performance of the application and resolves the following CVEs:

• CVE-2012-6708
• CVE-2015-9251
• CVE-2019-16255
• CVE-2019-16254
• CVE-2019-15845
• CVE-2019-16201
• CVE-2020-10663
• CVE-2020-10933

OpenSSL

We updated OpenSSL from 1.0.2u to 1.0.2w to resolve CVE-2020-1968.

Rack

We updated the Rack gem used in Chef Manage from 2.0.9 to 2.2.3 to resolve CVE-2020-8184.

Rails

We updated the Rails engine used in Chef Manage from 5.2.4.2 to 5.2.4.4 to resolve CVE-2020-15169.

Enjoy,
Tim