Chef Manage 3.1.80 Released!

Hey everyone,

We have a Chef Manage release out today packed with security updates. Be sure to check this out if you run Chef Manage in your environment.

What's New in 3.1.80

Updates

The Chef Manage UI has received minor updates to branding, emails, and external URLs:

  • Links lead to the latest pages
  • Brand logos match Chef Infra Client / Chef Infra Server
  • Community Slack replaces the link to the defunct IRC channel
  • Chef Questions replaces the legacy mailing list

Package Improvements

Smaller Package Size

The Chef Manage packaging is optimized, reducing both the package and the on-disk install size by half.

RHEL 6 Package Removal

Chef Manage packages are no longer produced for EOL RHEL 6.

RPM Package Digests

The file digest in Chef Infra RPM packages is updated from M5 to SHA256 to prevent installation failures on some FIPS-enabled systems.

Security Enhancements

User Signup Enhancements

Users can no longer change their email during the signup process to avoid validation.

MTLS Support

Support MTLS in Chef Infra Server

E-mail Verification

User email verification is enforced for all user email address changes.

Ruby 2.7.4

Ruby has been updated from 2.6.6 to 2.7.4 to resolve a large number of bugs as well as the following CVEs:

  • CVE-2021-28966
  • CVE-2021-28965
  • CVE-2020-25613
  • CVE-2021-31810
  • CVE-2021-32066
  • CVE-2021-31799

Rails 6.1.4.1

The Rails framework used by Chef Manage has been updated from 5.2.4.4 to 6.1.4.1. This new release includes performance improvements, new capabilities, and resolves the following CVEs:

  • CVE-2021-22902
  • CVE-2021-22903
  • CVE-2021-22885
  • CVE-2021-22904

OpenSSL 1.0.2zb

OpenSSL has been updated from 1.0.2w to 1.0.2zb to resolve issues with Let's Encrypt certificates and to resolve CVE-2021-3712.

cacerts

The cacerts bundle has been updated to the 2021-09-30 release, which removes older expired root certificates and adds the following new root certificates:

  • AC RAIZ FNMT-RCM SERVIDORES SEGUROS
  • GlobalSign Root R46
  • GlobalSign Root E46
  • GLOBALTRUST 2020
  • ANF Secure Server Root CA
  • Certum EC-384 CA
  • Certum Trusted Root CA

nokogiri 1.12.5

The nokogiri gem has been updated to 1.12.5 to resolve CVE-2021-41098.

libarchive 3.5.2

The libarchive library has been updated from 3.4.3 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links.

Enjoy,
Tim