-
Notifications
You must be signed in to change notification settings - Fork 113
Pending Release Notes
Kallol Roy edited this page Jul 29, 2024
·
937 revisions
Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.
| Your Current Version | Upgrade To |
|---|---|
| Any version before 20220329091442 | 20220329091442 |
| 20220329091442 | 3.0.x |
| 3.0.49 | 4.x |
See the Chef Automate 4.x upgrade documentation for more information.
- Password in backend nodes of Automate HA can be rotated from Bastion system
- Removed ambiguity on restriction of special characters in external database passwords (#8308)
- Added a note in Security Best Practices section so that users don't inadvertently update cache control headers in the configuration (#8446)
- Remove database locking issue while restarting front end nodes and adding new nodes (#8419, #8444, #8469, #8475, #8462, #8481, #8432)
- Use external /hab volume instead of /tmp to solve cross device linking issue (#8435, #8436, #8416)
- Modified license to ensure that product functionalities are available according to existing EULA and terms of use (#8477, #8438)
- Updated Chef Automate Incident Creation app and Chef Automate Integration App to support ServiceNow Utah and Vancouver versions
- Compliance profiles are updated to version 1.0.0/20240704055643, which includes the new and improved profiles for:
- CIS AIX 7.2 v1.1.0
- CIS Microsoft Windows Server 2012 R2 v3.0.0
- CIS MariaDB 10.6 v1.0.0
- CIS MacOS 13 Ventura v2.0.0
- CIS Microsoft Windows 11 Enterprise v3.0.0
- STIG Oracle Linux 8 v1.8.0
- CIS RHEL 8 v3.0.0
- CIS RHEL 7 v4.0.0
- This version improves the following profiles:
- CIS RHEL 7 v3.1.1 - code optimisation
- CIS CentOS Linux 7 v3.1.2 Benchmark Level 1 - Server controls was incorrect improved the password regex check
- This version also fixes the following issues:
- CIS PostgresSQL v1.0.0 - removed default values from configuration.
- Fixed a bug to solve scrolling issue in compliance reports (#8392)
- Searching in Infrastructure report UI is now case insensitive (#8395)
- Fixed a bug to improve ease of filter of nodes while doing wildcard search (#8417)
- Fixed a bug to show filtered data in event feed report after modifying event feed date (#8442)
- Fixed a bug to find log file in Automate (#8414)
(examples: dependency updates, CVE fixes)
- Prototype pollution vulnerability has been solved to prevent exploitation during Javascript runtime: CVE-2022-46175, CVE-2022-24999 (#8365, #8337)
- Updated ansi-regex package version to fix CVE-2021-3807 (#8365, #8336)
- HA proxy package in Automate HA has been upgraded to solve CVE-2023-25725 (#8380)
- Updated NATS server to solve CVE-2022-24450, CVE-2020-26892 (#8423, #8394)
- Solved a vulnerability in SAML connector to process SAML Signature validation: CVE-2020-27847
- Nullified shell escape sequence injection vulnerability in Rack components by solving CVE-2022-30123 (#8385)
- Updated Nginx version to solve CVE-2022-41741 (#8426)
- Updated OpenJDK to solve CVE-2023-22067, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-22081 and CVE-2023-22025 (#8384)
- Updated Postgres database to solve CVE-2023-2454 and CVE-2023-39417 (#8434, #8412)
- Removed dependency from polyfill.io JS package to solve CVE-2024-38526 (#8470)
This release uses:
- Chef Habitat version: 1.6.521/20220603154827
- Chef Habitat Builder version: 9497/20221221224518
- Chef Infra Server version: 15.4.0/20230105061154
- Chef InSpec version: 4.56.22/20220517052126
This release uses:
- Postgres: 13.14
- OpenSearch: 1.3.14
- Nginx: 1.25.4
- Haproxy: 2.2.29
- Dex: 2.27.0
This release supports the following external chef products:
- Chef Infra Server version: 14.0.58+
- Chef Inspec version: 4.3.2+
- Chef Infra Client: 17.0.242+
- Chef Habitat: 0.81+
This release is built on the following framework versions:
- GoLang: 1.19.3
- OpenJDK: 11.0.22+7
- Angular: 11.2.6
View the package manifest for the latest release.