[chef-dev] Security Release 10.16.6


Chronological Thread 
  • From: Daniel DeLeo < >
  • To: , Chef Dev < >
  • Subject: [chef-dev] Security Release 10.16.6
  • Date: Fri, 11 Jan 2013 11:14:52 -0800

Hi Chefs,

We have just released version 10.16.6 of Chef.

The *only* change in this release is an updated dependency on the extlib library. This fixes a potentially serious security vulnerability similar to the one recently found and fixed in rails.

Note that chef-server and chef-server-webui are the only components affected. Chef client itself does not use this library.

If you are running your own open source chef-server, you should upgrade immediately. To upgrade:

## If installed via gems (including chef-solo bootstrap)

    gem install chef-server chef-expander chef-solr

Or

    gem install extlib

And then restart chef-server and chef-server-webui

## If installed via apt:

First ensure you have the opscode apt repo enabled, then upgrade as normal:

    sudo apt-get update
    sudo apt-get upgrade

Note that we've not yet released 10.16.6 packages for chef and chef-server, but we have released an updated version of the extlib library. Updating extlib will fix the security vulnerability.

The release announcement is on our blog:

http://www.opscode.com/blog/2013/01/11/chef-10-16-6-security-release/

If you have any questions or need help upgrading, please ask here or on IRC.

-- 
Daniel DeLeo



  • [chef-dev] Security Release 10.16.6, Daniel DeLeo, 01/11/2013

Archive powered by MHonArc 2.6.16.

§