We are delighted to announce the availability of version 4.2.82 of Chef Supermarket.
Bug Fixes
- Fixed the
/search
API endpoint to properly return thetotal
number of cookbooks when the result has been paginated. - Resolved failures when processing cookbook quality metrics.
Enhancements
GitHub Enterprise Support
You can now set up Supermarket to use a corporate GitHub Enterprise installation in user profiles and to perform cookbook quality metrics scans instead of github.com. See the Supermarket configuration documentation for more information on using this new functionality.
Maintenance Message Banner Support
You can now set a test string in Supermarket that will be displayed on login for all users. This is a great way to announce regulatory security requirements or to communicate planned maintenance windows. The content of the text can be set with the default['supermarket']['announcement_text']
attribute.
SPDX Licenses
Supermarket cookbook pages now include links to the spdx.dev
site describing the terms of each software license, so you can more easily evaluate cookbook licenses with your organizational requirements. See the supermarket-ctl documentation for more information on new commands to process SPDX data for existing cookbooks.
Cookbook Deprecation Reasons
Users can now set the reason a cookbook is deprecated instead of setting a replacement cookbook when setting a cookbook to deprecated.
Security
Ruby 2.7.5
Updated Ruby from 2.7.4 to 2.7.5 to resolve the following CVEs:
- CVE-2021-41817
- CVE-2021-41816
- CVE-2021-41819
Sidekiq 6.3.1
Updated the Sidekiq job queuing engine used to run cookbook quality evaluation jobs from 4.2.10 to 6.3.1 to resolve CVE-2021-30151.
Redis 6.2.6
Updated the Redis database used for queuing quality metrics jobs from 6.2.5 to 6.2.6 to resolve the following CVEs:
- CVE-2021-41099
- CVE-2021-32762
- CVE-2021-32687
- CVE-2021-32675
- CVE-2021-32672
- CVE-2021-32628
- CVE-2021-32627
- CVE-2021-32626
actionpack 6.1.4.4
Updated the actionpack
gem used by Supermarket's Ruby on Rails engine to 6.1.4.4 to resolve CVE-2021-44528.
CA Certificates 10-26-2021
Updated the bundled CA Certificates file to the 10-26-2021 release, which includes three new CA certs.
Supermarket User
The supermarket
user account that runs Supermarket is now created as a system account without a working shell for added security.
Improved HTTP Headers
Set the Permissions-Policy
HTTP header to disable a user's webcam and payment systems when browsing Supermarket.
Packaging
New Relic Removal
Supermarket no longer ships with New Relic integration for administrators.
RHEL 8 Build ID
Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.
Get the Build
You can download binaries directly from downloads.chef.io.