-
Notifications
You must be signed in to change notification settings - Fork 113
Pending Release Notes
Dishank Tiwari edited this page Sep 24, 2024
·
945 revisions
Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.
| Your Current Version | Upgrade To |
|---|---|
| Any version before 20220329091442 | 20220329091442 |
| 20220329091442 | 3.0.x |
| 3.0.49 | 4.x |
See the Chef Automate 4.x upgrade documentation for more information.
- Deploy Automate HA on Azure provisioned infrastructure (#8592).
- Improved welcome UI screen for Automate (#8539).
- Improved Automate HA solution ensures services do not flap when re-booted nodes.
- Compliance profiles are updated to version 1.0.0/20240823105414, which includes the new and improved profiles for:
RHEL 7 v4.0.0
RHEL8 v3.0.0
STIG RHEL 9
Windows 2016 v3.0.0
Windows 2019 v3.0.1
STIG Microsoft IIS Server
STIG Postgres SQL
- Fixed bug to ensure that complete report of controls is available for any date of compliance report in UI (#8533).
- Fixed bug to improve handling of user provided data in string literal (#8543).
- Updated embedded Infra Server to 15.10.12
- Updated embedded Inspec to 4.56.61
(examples: dependency updates, CVE fixes)
- Updated Minio to fix following CVEs (#4625):
- CVE-2021-43858
- CVE-2022-24842
- CVE-2022-31028
- CVE-2022-35919
- CVE-2023-25812
- CVE-2023-28433
- CVE-2023-28433
- CVE-2023-28434
- CVE-2023-28432
- CVE-2023-27589
- CVE-2024-36107
- CVE-2024-24747
- CVE-2021-41137
- CVE-2020-11012
- CVE-2021-21287
- CVE-2021-21362
- CVE-2021-21390
- CVE-2018-1000538
- Removed end of life Workflow components from Automate (#8472) to solve following CVE:
- CVE-2023-26111
- CVE-2022-24999
- CVE-2022-46175
- CVE-2022-38900
- CVE-2022-31129
- CVE-2021-43138
- CVE-2022-0355
- CVE-2022-24785
- CVE-2021-32804
- CVE-2021-32803
- CVE-2022-0144
- CVE-2022-21680
- CVE-2022-21681
- CVE-2022-0155
- CVE-2021-37713
- CVE-2021-37712
- CVE-2021-37701
- Updated Angular version in Automate to 17.3.5 with all development dependencies including Typescript, nodeJS, etc. (#8365, #8451, #8336, #8337) to solve following CVE:
- CVE-2022-24999
- CVE-2022-46175
- CVE-2021-3807
- Updated Curl package to 8.7.1 (#4676, #8537) to fix following CVEs:
- CVE-2023-38545
- CVE-2023-38546
- CVE-2024-2398
- CVE-2023-46218
- Updated OpenSSL to 1.0.2zi (#8536) to solve following CVEs:
- CVE-2021-3712
- CVE-2022-0778
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-4304
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0464
- CVE-2023-0465
- CVE-2023-0466
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-5678
- Updated NodeJS to 14.23.3 (#3831) to solve following CVEs:
- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807
This release uses:
- Chef Habitat version:1.6.521/20220603154827
- Chef Habitat Builder version: 9497/20221221224518
- Chef Infra Server version: 15.10.12/20240910074923
- Chef InSpec version: 4.56.61/20240809111842
This release uses:
- Postgres: 13.14
- OpenSearch: 1.3.14
- Nginx: 1.25.4
- Haproxy: 2.2.29
- Dex: 2.27.0
This release supports the following external chef products:
- Chef Infra Server version: 14.0.58+
- Chef Inspec version: 4.3.2+
- Chef Infra Client: 17.0.242+
- Chef Habitat: 0.81+
This release is built on the following framework versions:
- GoLang: 1.19.3
- OpenJDK: 11.0.22+7
- Angular: 11.2.6
View the package manifest for the latest release.