Security Releases - Omnibus, Chef Server, Chef Client, ChefDK, and Premium Features


Ohai Chefs,

This morning, in conjunction with GitLab [1], we’re releasing a new version
of the Omnibus library as well as Omnibus-built packages of all the
software we ship. These releases address package ownership issues on
Debian-based platforms that result in Omnibus-built packages installing
with contents owned by UID and GID 999 or 1001.

Details of the Omnibus issue:

Chef Server / Premium Feature Releases:

Chef Client Product Releases:

If you are running Chef on Debian-based systems, it is recommended that you
upgrade your packages as soon as possible, or apply the mitigation steps
that are listed in the respective blog posts.

Please reach out to if you have any further questions
or concerns.

[1] GitLab Announcement:

Stephen Delano
Engineering Lead - Chef Server
Chef Software, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104