Ohai Chefs!
Chef Server 12.0.8 and Enterprise Chef 11.3.1 are available for immediate download. This release addresses the following vulnerabilities:
This corresponds to chef-server issue 142, “Update Embedded Openresty NGINX”.
Additional Changes
Chef Server 12.0.8 has been further updated as follows:
- The Chef Server 12.0.8 release is the first to enable Server API Versioning and sets the baseline API version at 0, while enabling versioned API behaviors for future releases. This is an internal update that has no outward effect on client or server beyond exposing a new endpoint as described in the RFC.
- opscode-omnibus issue 744 – chef-server-ctl password command has been fixed
There have been no additional changes to Enterprise Chef 11.3.1.
Release
To apply this security update, upgrade your existing Chef Server installation to the latest available version: