We are delighted to announce the availability of version 5.0.41 of Chef Supermarket.
Supermarket 5 includes a large upgrade of the underlying PostgreSQL database. An automated upgrade will need to be run post package install. See Upgrade Supermarket for details.
In order to prevent potential host header attacks, users will need to specify the FQDN of the Supermarket with the
node['supermarket']['allowed_host'] attribute. For example, the public supermarket at
https://supermarket.chef.io would set this value to
- Updated links to the Chef Blog to use the latest URL.
- Updated links to the Chef Documentation to use the latest URL.
- Removed unused attributes for New Relic monitoring.
The embedded PostgreSQL 9.3 installation used by Supermarket to store cookbook information has been upgraded to 13.4. This new release of PostgreSQL improves performance, includes new functionality that will be utilized in future Supermarket releases, and resolves multiple security vulnerabilities. See Upgrade Supermarket for more information on completing this upgrade.
The Cookbook Quality Metrics evaluation in Supermarket now uses our Cookstyle engine to evaluate cookbook quality. This greatly improves the breadth of evaluation we provide with ~250 Cookstyle cops being used for each cookbook. This also aligns the quality metrics with the same tools used in local development and CI processes. Stay tuned for exciting new improvements to the Cookbook Quality Metrics using these new capabilities.
Users can now set the permissions of the Supermarket log directory with a new
default['supermarket']['log_mode'] configuration option. This configuration option defaults to the previous directory default of
universe API endpoint is now available under the v1 API endpoint. There are no current plans to introduce breaking changes to the existing
universe API endpoint, but we highly recommend using the new versioned API endpoint for future compatibility.
Supermarket now includes a more secure
Permissions-Policy HTTP header by default.
Puma upgraded from 5.6.1 to 5.6.2 to resolve CVE-2022-23633
The Sidekiq job processing system used by Supermarket has been updated from 6.3.1 to 6.4.1 to resolve CVE-2021-30151.
The Ruby on Rails framework used by Supermarket has been updated from 220.127.116.11 to 18.104.22.168 to resolve CVE-2021-22904.
You can download binaries directly from chef.io/downloads.