Skip to content

Pending Release Notes

Jump to bottom
AnkurMundhra edited this page Sep 19, 2024 · 937 revisions

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current Version Upgrade To
Any version before 20220329091442 20220329091442
20220329091442 3.0.x
3.0.49 4.x

See the Chef Automate 4.x upgrade documentation for more information.

New Features

  • Deploy Automate HA on Azure provisioned infrastructure (#8592)

Improvements

  • Updated embedded Infra Server to 15.10.12 (#8422)
  • Improved welcome UI screen for Automate (#8539)
  • Improved Automate HA solution to ensure that services do not flap when nodes are re-booted

Compliance Profile Updates

Bug Fixes

  • Fixed bug to ensure that complete report of controls is available for any date of compliance report in UI (#8533)
  • Fixed bug to improve handling of user provided data in string literal (#8543)

Maintenance

Backward Incompatibilities

Security

Security Improvements

(examples: new security configurations)

Security Updates

(examples: dependency updates, CVE fixes)

  • Updated Minio to fix following CVEs (#4625)
  • CVE-2021-43858
  • CVE-2022-24842
  • CVE-2022-31028
  • CVE-2022-35919
  • CVE-2023-25812
  • CVE-2023-28433
  • CVE-2023-28433
  • CVE-2023-28434
  • CVE-2023-28432
  • CVE-2023-27589
  • CVE-2024-36107
  • CVE-2024-24747
  • CVE-2021-41137
  • CVE-2020-11012
  • CVE-2021-21287
  • CVE-2021-21362
  • CVE-2021-21390
  • CVE-2018-1000538
  • Removed end of life Workflow components from Automate (#8472) to solve following CVE
  • CVE-2023-26111
  • CVE-2022-24999
  • CVE-2022-46175
  • CVE-2022-38900
  • CVE-2022-31129
  • CVE-2021-43138
  • CVE-2022-0355
  • CVE-2022-24785
  • CVE-2021-32804
  • CVE-2021-32803
  • CVE-2022-0144
  • CVE-2022-21680
  • CVE-2022-21681
  • CVE-2022-0155
  • CVE-2021-37713
  • CVE-2021-37712
  • CVE-2021-37701
  • Updated Angular version in Automate to 17.3.5 with all development dependencies including Typescript, nodeJS, etc. (#8365, #8451, #8336, #8337) to solve following CVE
  • CVE-2022-24999
  • CVE-2022-46175
  • CVE-2021-3807
  • Updated Curl package to 8.7.1 (#4676, #8537) to fix following CVEs:
  • CVE-2023-38545
  • CVE-2023-38546
  • CVE-2023-42658 ??
  • CVE-2024-2398
  • CVE-2023-46218
  • Updated OpenSSL to 1.0.2zi (#8536) to solve following CVEs:
  • CVE-2021-3712
  • CVE-2022-0778
  • CVE-2022-1292
  • CVE-2022-2068
  • CVE-2022-4304
  • CVE-2023-0215
  • CVE-2023-0286
  • CVE-2023-0464
  • CVE-2023-0465
  • CVE-2023-0466
  • CVE-2023-3446
  • CVE-2023-3817
  • CVE-2023-5678
  • Updated NodeJS to 14.23.3 (#3831) to solve following CVEs:
  • CVE-2023-23918
  • CVE-2023-23919
  • CVE-2023-23920
  • CVE-2023-23936
  • CVE-2023-24807

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version:
  • Chef Habitat Builder version:
  • Chef Infra Server version:
  • Chef InSpec version:

Service Versions

This release uses:

  • Postgres:
  • OpenSearch:
  • Nginx:
  • Haproxy:

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Clone this wiki locally