Downloads
Release notes: Chef Automate
Improvements
- Improved integration with Pendo to better capture usage information.
Bug Fixes
- Fixed a bug that was causing the failure of the Automate config patch while patching the backup path. (#8341)
Security
Security Improvements
- Fixed a security issue that allows Chef tags to accept HTML text, URL, all special characters, and weak cipher. (#8355)
Security Updates
Updated OpenSearch to 1.3.14 to fix the following CVE issues:
- CVE-2023-45807
- CVE-2023-31141
- CVE-2023-25806
- CVE-2023-23933
- CVE-2023-23613
- CVE-2023-23612
Updated NodeJS to 14.21.3 to fix the following CVEs:
- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807
Updated marked to version 4.0.10 to fix the following CVEs:
- CVE-2022-21681
- CVE-2022-21680
Updated expressJS version to 4.18.2 to fix the following CVEs:
- CVE-2022-24999
Update ansi-regex to 5.0.1 which fixes the following CVEs:
- CVE-2021-3807
Update rack to 2.2.6.4 which fixes the following CVEs:
- CVE-2022-30123
Update yaml.v2 to 2.4.0 which fixes the following CVEs:
- CVE-2022-3064
Chef Packaged Product Versions
This release uses:
- Chef Habitat version: 1.6.521/20220603154827
- Chef Habitat Builder version: 9497/20221221224518
- Chef Infra Server version: 15.4.0/20230105061154
- Chef InSpec version: 4.56.22/20220517052126
Service versions
This release uses:
- Postgres: 13.5
- OpenSearch: 1.3.14
- Nginx: 1.21.3
- Haproxy: 2.2.29
- Dex: 2.27.0
Supported external Chef products
This release supports the following external Chef products:
- Chef Infra Server version: 14.0.58+
- Chef Inspec version: 4.3.2+
- Chef Infra Client: 17.0.242+
- Chef Habitat: 0.81+
Supported framework versions
This release is built on the following framework versions:
- GoLang: 1.19.3
- OpenJDK: 11.0.20+8
- Angular: 11.2.6
View the package manifest for the latest release.