Friday, March 20, 2015

Chef Server 12.0.6 Released [feedly]



----
Chef Server 12.0.6 Released
// Chef Blog

Today we're pleased to announce that Chef Server 12.0.6 has been released. This update contains the latest OpenSSL 1.0.1m along with further bug fixes and API improvements.

OpenSSL 1.0.1m

While the Chef Server and other Chef products that ship with OpenSSL are not vulnerable to CVE-2015-0291 (see our earlier blog post by Charles Johnson), we've included the latest version of the 1.0.1-series in today's release. This update to OpenSSL includes the following security fixes:

Bug Fixes

The following bugs have been fixed since Chef Server 12.0.5:

  • chef-server#119: LDAP users with special characters in their external_authentication_uid cannot log in
  • chef-server#97: org-user-add -a flag does not give billing-admin rights
  • chef-server#17: When you create a user via chef-server-ctl add-user with –filename pointed at invalid path, the user is created, but the key is not put on the filesystem
  • opscode-omnibus#648: JMX security issues

Key Rotation and Policyfiles

As with the last release, the Key Rotation and Policyfile features are still under heavy development and are being delivered incrementally. We'll be providing more details on those features separately once certain milestones are hit, but you can follow along with the Chef Server CHANGELOG to see what's been added since the last release.


----

Shared via my feedly reader


Sent from my iPhone