Release notes: Chef Automate

Improvements

• Improved integration with Pendo to better capture usage information.

Bug Fixes

• Fixed a bug that was causing the failure of the Automate config patch while patching the backup path. (#8341)

Security

Security Improvements

• Fixed a security issue that allows Chef tags to accept HTML text, URL, all special characters, and weak cipher. (#8355)

Security Updates

• Updated OpenSearch to 1.3.14 to fix the following CVE issues:

  • CVE-2023-45807
  • CVE-2023-31141
  • CVE-2023-25806
  • CVE-2023-23933
  • CVE-2023-23613
  • CVE-2023-23612

• Updated NodeJS to 14.21.3 to fix the following CVEs:

  • CVE-2023-23918
  • CVE-2023-23919
  • CVE-2023-23920
  • CVE-2023-23936
  • CVE-2023-24807

• Updated marked to version 4.0.10 to fix the following CVEs:

  • CVE-2022-21681
  • CVE-2022-21680

• Updated expressJS version to 4.18.2 to fix the following CVEs:

  • CVE-2022-24999

• Update ansi-regex to 5.0.1 which fixes the following CVEs:

  • CVE-2021-3807

• Update rack to 2.2.6.4 which fixes the following CVEs:

  • CVE-2022-30123

• Update yaml.v2 to 2.4.0 which fixes the following CVEs:

  • CVE-2022-3064

Chef Packaged Product Versions

This release uses:

• Chef Habitat version: 1.6.521/20220603154827
• Chef Habitat Builder version: 9497/20221221224518
• Chef Infra Server version: 15.4.0/20230105061154
• Chef InSpec version: 4.56.22/20220517052126

Service versions

This release uses:

• Postgres: 13.5
• OpenSearch: 1.3.14
• Nginx: 1.21.3
• Haproxy: 2.2.29
• Dex: 2.27.0

Supported external Chef products

This release supports the following external Chef products:

• Chef Infra Server version: 14.0.58+
• Chef Inspec version: 4.3.2+
• Chef Infra Client: 17.0.242+
• Chef Habitat: 0.81+

Supported framework versions

This release is built on the following framework versions:

• GoLang: 1.19.3
• OpenJDK: 11.0.20+8
• Angular: 11.2.6

View the package manifest for the latest release.