Chef Server 12.5.0 is released. It contains several security updates and can be downloaded here.
Security Updates
Several libraries were updated to fix bugs that existed in previous versions.
- OpenSSL
- Updated to 1.0.1s to mitigate CVE-2016-0800 (aka DROWN).
- NodeJS
- Updated to 0.10.35 to mitigate CVE-2013-4450.
- Ruby On Rails
- Updated to 4.2.5.2 to mitigate CVE-2016-2097 and CVE-2016-2098.