- From: Daniel DeLeo <
>
- To:
, Chef Dev <
>
- Subject: [chef-dev] Security Release 10.16.6
- Date: Fri, 11 Jan 2013 11:14:52 -0800
Hi Chefs,
We have just released version 10.16.6 of Chef.
The *only* change in this release is an updated dependency on the extlib library. This fixes a potentially serious security vulnerability similar to the one recently found and fixed in rails.
Note that chef-server and chef-server-webui are the only components affected. Chef client itself does not use this library.
If you are running your own open source chef-server, you should upgrade immediately. To upgrade:
## If installed via gems (including chef-solo bootstrap)
gem install chef-server chef-expander chef-solr
Or
gem install extlib
And then restart chef-server and chef-server-webui
## If installed via apt:
First ensure you have the opscode apt repo enabled, then upgrade as normal:
sudo apt-get update
sudo apt-get upgrade
Note that we've not yet released 10.16.6 packages for chef and chef-server, but we have released an updated version of the extlib library. Updating extlib will fix the security vulnerability.
The release announcement is on our blog:
http://www.opscode.com/blog/2013/01/11/chef-10-16-6-security-release/
If you have any questions or need help upgrading, please ask here or on IRC.
- [chef-dev] Security Release 10.16.6, Daniel DeLeo, 01/11/2013
Archive powered by MHonArc 2.6.16.