[chef-dev] Re: Plan for CHEF-5358 Upgrade OpenSSL to 1.0.1h


Chronological Thread 
  • From: Hui Hu < >
  • To: Stephen Delano < >
  • Cc: Noah Kantrowitz < >, " " < >
  • Subject: [chef-dev] Re: Plan for CHEF-5358 Upgrade OpenSSL to 1.0.1h
  • Date: Fri, 6 Jun 2014 15:47:09 +0800

Thanks a lot Stephen. Will wait for the chef-client 11.12.8.

Jesse Hu


2014-06-06 15:37 GMT+08:00 Stephen Delano < " target="_blank"> >:
The version of the client released to address this CVE will be 11.12.8


On Friday, June 6, 2014, Stephen Delano < " target="_blank"> > wrote:
As far as I know, only the open source server build has made it to the download site. The client should be coming in the morning pending some further testing. 

On Friday, June 6, 2014, Hui Hu < > wrote:
Hi Stephen, Noah, 

Thanks a lot. So chef-11.12.4-1.el6.x86_64.rpm and chef-server-11.1.1-1.el5.x86_64.rpm contains the latest openssl 1.0.1h ?

Thanks
Jesse Hu,  Project Serengeti


2014-06-06 14:49 GMT+08:00 Noah Kantrowitz < >:
Yes, a status message was posted earlier today on twitter/tumblr. Releases are in-progress but AFAIK no ETA is available. Disclaimer: I don't work for Opscode.

--Noah

On Jun 5, 2014, at 11:41 PM, Hui Hu < > wrote:

> Hello,
>
> is there a plan for fix CHEF-5358 Upgrade OpenSSL to 1.0.1h to fix the newly announced SSL/TLS MITM vulnerability and deliver a new chef-server release? Do we have an ETA for it ? Our project uses open source chef server and need to use the chef-server with the new openssl 1.0.1h.
>
> Thanks​ in advance.​
> Jesse Hu




--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104


--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104




Archive powered by MHonArc 2.6.16.

§