Chef Supermarket 4.2.82 Released!

We are delighted to announce the availability of version 4.2.82 of Chef Supermarket.

Bug Fixes

  • Fixed the /search API endpoint to properly return the total number of cookbooks when the result has been paginated.
  • Resolved failures when processing cookbook quality metrics.


GitHub Enterprise Support

You can now set up Supermarket to use a corporate GitHub Enterprise installation in user profiles and to perform cookbook quality metrics scans instead of See the Supermarket configuration documentation for more information on using this new functionality.

Maintenance Message Banner Support

You can now set a test string in Supermarket that will be displayed on login for all users. This is a great way to announce regulatory security requirements or to communicate planned maintenance windows. The content of the text can be set with the default['supermarket']['announcement_text'] attribute.

SPDX Licenses

Supermarket cookbook pages now include links to the site describing the terms of each software license, so you can more easily evaluate cookbook licenses with your organizational requirements. See the supermarket-ctl documentation for more information on new commands to process SPDX data for existing cookbooks.

Cookbook Deprecation Reasons

Users can now set the reason a cookbook is deprecated instead of setting a replacement cookbook when setting a cookbook to deprecated.


Ruby 2.7.5

Updated Ruby from 2.7.4 to 2.7.5 to resolve the following CVEs:

  • CVE-2021-41817
  • CVE-2021-41816
  • CVE-2021-41819

Sidekiq 6.3.1

Updated the Sidekiq job queuing engine used to run cookbook quality evaluation jobs from 4.2.10 to 6.3.1 to resolve CVE-2021-30151.

Redis 6.2.6

Updated the Redis database used for queuing quality metrics jobs from 6.2.5 to 6.2.6 to resolve the following CVEs:

  • CVE-2021-41099
  • CVE-2021-32762
  • CVE-2021-32687
  • CVE-2021-32675
  • CVE-2021-32672
  • CVE-2021-32628
  • CVE-2021-32627
  • CVE-2021-32626


Updated the actionpack gem used by Supermarket's Ruby on Rails engine to to resolve CVE-2021-44528.

CA Certificates 10-26-2021

Updated the bundled CA Certificates file to the 10-26-2021 release, which includes three new CA certs.

Supermarket User

The supermarket user account that runs Supermarket is now created as a system account without a working shell for added security.

Improved HTTP Headers

Set the Permissions-Policy HTTP header to disable a user's webcam and payment systems when browsing Supermarket.


New Relic Removal

Supermarket no longer ships with New Relic integration for administrators.

RHEL 8 Build ID

Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.

Get the Build

You can download binaries directly from