Chef Server 12.5.0 is released and contains several security updates


#1

Chef Server 12.5.0 is released. It contains several security updates and can be downloaded here.

Security Updates

Several libraries were updated to fix bugs that existed in previous versions.

  • OpenSSL
    • Updated to 1.0.1s to mitigate CVE-2016-0800 (aka DROWN).
  • NodeJS
    • Updated to 0.10.35 to mitigate CVE-2013-4450.
  • Ruby On Rails
    • Updated to 4.2.5.2 to mitigate CVE-2016-2097 and CVE-2016-2098.