[chef-dev] Re: Plan for CHEF-5358 Upgrade OpenSSL to 1.0.1h


Chronological Thread 
  • From: Stephen Delano < >
  • To: Hui Hu < >
  • Cc: Noah Kantrowitz < >, " " < >
  • Subject: [chef-dev] Re: Plan for CHEF-5358 Upgrade OpenSSL to 1.0.1h
  • Date: Fri, 6 Jun 2014 00:37:01 -0700

The version of the client released to address this CVE will be 11.12.8

On Friday, June 6, 2014, Stephen Delano < "> > wrote:
As far as I know, only the open source server build has made it to the download site. The client should be coming in the morning pending some further testing. 

On Friday, June 6, 2014, Hui Hu < ');" target="_blank"> > wrote:
Hi Stephen, Noah, 

Thanks a lot. So chef-11.12.4-1.el6.x86_64.rpm and chef-server-11.1.1-1.el5.x86_64.rpm contains the latest openssl 1.0.1h ?

Thanks
Jesse Hu,  Project Serengeti


2014-06-06 14:49 GMT+08:00 Noah Kantrowitz < >:
Yes, a status message was posted earlier today on twitter/tumblr. Releases are in-progress but AFAIK no ETA is available. Disclaimer: I don't work for Opscode.

--Noah

On Jun 5, 2014, at 11:41 PM, Hui Hu < > wrote:

> Hello,
>
> is there a plan for fix CHEF-5358 Upgrade OpenSSL to 1.0.1h to fix the newly announced SSL/TLS MITM vulnerability and deliver a new chef-server release? Do we have an ETA for it ? Our project uses open source chef server and need to use the chef-server with the new openssl 1.0.1h.
>
> Thanks​ in advance.​
> Jesse Hu




--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104


--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104



Archive powered by MHonArc 2.6.16.

§