-
Notifications
You must be signed in to change notification settings - Fork 210
Pending Release Notes
Chef Infra Server is no longer supported on the following platforms:
- Red Hat Enterprise Linux 7
- CentOS 7
We now collect aggregated and anonymized usage data to understand the Chef Infra Server adoption curve, operating systems that Infra Server runs on, deployed versions of Infra Server, and deployment patterns. We have ensured that the collected data protects the end user while providing meaningful usage insights. For more information, see the Chef Infra Server License Usage documentation.
We replaced Redis with KeyDB to resolve the following CVEs:
- CVE-2023-41056
- CVE-2023-45145
- CVE-2023-41053
- CVE-2022-24834
- CVE-2023-36824
This change doesn't require any configuration change and the service name has been kept unchanged too. For more information about KeyDB, see the KeyDB documentation.
Updated OpenJRE to 11.0.22+7 to resolve the following CVEs:
- CVE-2024-20918
- CVE-2024-20921
- CVE-2024-20919
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952
Updated OpenSSL to 1.0.2zi to resolve the following CVEs:
- CVE-2022-0778
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-4304
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0464
- CVE-2023-0465
- CVE-2023-0466
- CVE-2023-3446
- CVE-2023-3817
Updated Node.js to 14.21.3 to resolve the following CVEs:
- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807
Updated Rack to 2.2.6.3 to resolve the following CVEs:
- CVE-2023-27530
Updated RDoc to 6.3.4.1 to resolve the following CVEs:
- CVE-2024-27281
Updated Rails to 7.0.8.1 to resolve the following CVEs:
- CVE-2024-26143
Updated Nokogiri to 1.15.6 to resolve the following CVEs:
- CVE-2024-25062