We are delighted to announce the availability of version 4.2.82 of Chef Supermarket.
- Fixed the
/searchAPI endpoint to properly return the
totalnumber of cookbooks when the result has been paginated.
- Resolved failures when processing cookbook quality metrics.
You can now set up Supermarket to use a corporate GitHub Enterprise installation in user profiles and to perform cookbook quality metrics scans instead of github.com. See the Supermarket configuration documentation for more information on using this new functionality.
You can now set a test string in Supermarket that will be displayed on login for all users. This is a great way to announce regulatory security requirements or to communicate planned maintenance windows. The content of the text can be set with the
Supermarket cookbook pages now include links to the
spdx.dev site describing the terms of each software license, so you can more easily evaluate cookbook licenses with your organizational requirements. See the supermarket-ctl documentation for more information on new commands to process SPDX data for existing cookbooks.
Users can now set the reason a cookbook is deprecated instead of setting a replacement cookbook when setting a cookbook to deprecated.
Updated Ruby from 2.7.4 to 2.7.5 to resolve the following CVEs:
Updated the Sidekiq job queuing engine used to run cookbook quality evaluation jobs from 4.2.10 to 6.3.1 to resolve CVE-2021-30151.
Updated the Redis database used for queuing quality metrics jobs from 6.2.5 to 6.2.6 to resolve the following CVEs:
actionpack gem used by Supermarket's Ruby on Rails engine to 184.108.40.206 to resolve CVE-2021-44528.
Updated the bundled CA Certificates file to the 10-26-2021 release, which includes three new CA certs.
supermarket user account that runs Supermarket is now created as a system account without a working shell for added security.
Permissions-Policy HTTP header to disable a user's webcam and payment systems when browsing Supermarket.
Supermarket no longer ships with New Relic integration for administrators.
Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.
You can download binaries directly from downloads.chef.io.