chef-dev - [chef-dev] Security Release 10.16.6

First login ?
Lost password ?

Subscribers: 756
Owners
Adam Jacob
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

Chef Developers

[chef-dev] Security Release 10.16.6

From: Daniel DeLeo < >
To: , Chef Dev < >
Subject: [chef-dev] Security Release 10.16.6
Date: Fri, 11 Jan 2013 11:14:52 -0800

Hi Chefs,

We have just released version 10.16.6 of Chef.

The *only* change in this release is an updated dependency on the extlib library. This fixes a potentially serious security vulnerability similar to the one recently found and fixed in rails.

Note that chef-server and chef-server-webui are the only components affected. Chef client itself does not use this library.

If you are running your own open source chef-server, you should upgrade immediately. To upgrade:

## If installed via gems (including chef-solo bootstrap)

gem install chef-server chef-expander chef-solr

gem install extlib

And then restart chef-server and chef-server-webui

## If installed via apt:

First ensure you have the opscode apt repo enabled, then upgrade as normal:

sudo apt-get update

sudo apt-get upgrade

Note that we've not yet released 10.16.6 packages for chef and chef-server, but we have released an updated version of the extlib library. Updating extlib will fix the security vulnerability.

The release announcement is on our blog:

http://www.opscode.com/blog/2013/01/11/chef-10-16-6-security-release/

If you have any questions or need help upgrading, please ask here or on IRC.

Daniel DeLeo

[chef-dev] Security Release 10.16.6, Daniel DeLeo, 01/11/2013