Chef Server 12.5.0 is released. It contains several security updates and can be downloaded here.

Security Updates

Several libraries were updated to fix bugs that existed in previous versions.

• OpenSSL
  • Updated to 1.0.1s to mitigate CVE-2016-0800 (aka DROWN).
• NodeJS
  • Updated to 0.10.35 to mitigate CVE-2013-4450.
• Ruby On Rails
  • Updated to 4.2.5.2 to mitigate CVE-2016-2097 and CVE-2016-2098.