Security Release: Chef Server 12.0.1 and Enterprise Chef 11.2.6


#1

Hi Chefs,

We just made available a security release of Chef Server 12.0.1 and
Enterprise Chef Server 11.2.6. This addresses a CSRF vulnerability that was
found in the doorkeeper gem, which is used by the oc-id service found in
Chef Server. Open Source Chef Server 11 is not affected by this, as it does
not ship with the oc-id service.

Full details are in the blog post here:

Thanks,

Mark Mzyk
Chef Server Team Engineer