We are delighted to announce the availability of version 15.4.0 of Chef Infra Server.
Packaging
Habitat Package Updates
- Chef Infra Server Habitat packages are now built against Erlang 24.
Bug Fixes
- Fixed an issue with Automate by setting
s3_url_type configuration topath. Customers should now be able to upload cookbooks that were broken in version chef-server 15.3.2. - Fixed an issue with
chef-server-ctl reindex by readingnginx[ssl_port] from the configuration. This resolves an issue when thenginx[ssl_port] is not set to default port(443).
Updated Components
- rebar3 (3.6.2 -> 3.20.0)
- liblzma (5.2.6 -> 5.2.7)
- python (3.10.5 -> 3.11.0)
- bash (5.1.16 -> 5.2.9)
- popt (1.18 -> 1.19)
Security
Python
- CVE-2022-45061: An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder.
- CVE-2022-42919: Allows local privilege escalation in a non-default configuration.
- CVE-2022-37454: An integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code.
Get the Build
You can download binaries directly fromdownloads.chef.io.