Ohai Chefs, Two frequently discussed topics in the community have been issue tracking and the contribution workflow. JIRA has been our issue tracker for a long time and we’ve been using Github from the beginning to host the source code. Our contribution workflow have evolved around the combination of these tools.

A few months back at #ChefConf we had the opportunity to connect some very cool people for a series of “#ChefTalks: Kitchen Chats” on-site at the show. In short, we put together smart people to discuss what’s really going on in IT, from driving organizational and cultural change to skill-building to new technology.

We’re pretty hyped to announce that we’re backing a very cool new project on Kickstarter – “Release! A card game about software and the people who make it.” What is it exactly?

London Technology Week sweeps through the city June 16-20 and Chef is getting in on the fun with a tasty dinner event on June 18. From 6-9 pm Greenwich Time, join our European Chef team – Justin Arbuckle, Andy Hawkins, John Fitzpatrick, and Andrew Gough – at Curry Leaf East, 20 City Road in London.

Ohai Chefs, We have just released Chef Client versions 11.12.8-2 and 10.32.2-3 which includes the mitigation for the recently reported OpenSSL vulnerability CVE-2014-0224. Note that after installing these builds, if you check the OpenSSL version using `OpenSSL::OPENSSL_VERSION` you will see `OpenSSL 1.0.0k 5 Feb 2013`.

Today we joined our friends at Docker for their user conference – DockerCon 2014. There’s a ton going on at the show today and tomorrow, including Docker announcing its first production-ready version, Docker 1.0. Of course, your friendly Chefs are out in force at the show, so please stop by our booth for a chat.

Ohai Chefs, Today we are releasing Chef Client 11.12.8 & 10.32.2-2 which include an updated version of OpenSSL that patches CVE-2014-0224. All installs of Chef Client should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

On Thursday June 5th at approximately 14:00 UTC, the CHEF engineering team was made aware of OpenSSL CVE-2014-0224. A bug in the OpenSSL framework could permit a MITM attack under certain circumstances using a carefully constructed request. Due to the nature of this vulnerabilty, we recommend that you upgrade your installations immediately.

Open Source Chef Server 11.1.1 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Open Source Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.