Chef Server 12.5.0 is released and contains several security updates

Chef Server 12.5.0 is released. It contains several security updates and can be downloaded here.

Security Updates

Several libraries were updated to fix bugs that existed in previous versions.

  • OpenSSL
    • Updated to 1.0.1s to mitigate CVE-2016-0800 (aka DROWN).
  • NodeJS
    • Updated to 0.10.35 to mitigate CVE-2013-4450.
  • Ruby On Rails
    • Updated to to mitigate CVE-2016-2097 and CVE-2016-2098.