Ohai Chefs,
Today we have released updated versions of Chef Server, Enterprise Chef
Server, and Analytics in response to the recently announced OpenSSL
vulnerabilities and the POODLE SSLv3 attack disclosure.
The full release announcement is here:
We recommend that you upgrade your packages as soon as possible, or apply
the appropriate mitigation steps from the blog post below:
Note that these steps will protect only against the SSLv3 vulnerability -
in order to be protected against the OpenSSL vulnerabilities, upgrade to
the latest supported packages for your installation is required.
Please reach out to support@getchef.com if you have any further questions
or concerns.
--
Marc Paradise
Software Engineer - Chef Server
Chef Software, Inc.