[chef-dev] Re: Plan for CHEF-5358 Upgrade OpenSSL to 1.0.1h

[Hui Hu < >]

Thanks a lot Stephen. Will wait for the chef-client 11.12.8.

Jesse Hu

2014-06-06 15:37 GMT+08:00 Stephen Delano < " target="_blank"> >:

The version of the client released to address this CVE will be 11.12.8

On Friday, June 6, 2014, Stephen Delano < " target="_blank"> > wrote:

As far as I know, only the open source server build has made it to the download site. The client should be coming in the morning pending some further testing. 

On Friday, June 6, 2014, Hui Hu < > wrote:

Hi Stephen, Noah, 

Thanks a lot. So chef-11.12.4-1.el6.x86_64.rpm and chef-server-11.1.1-1.el5.x86_64.rpm contains the latest openssl 1.0.1h ?

Thanks

Jesse Hu,  Project Serengeti

2014-06-06 14:49 GMT+08:00 Noah Kantrowitz < >:

Yes, a status message was posted earlier today on twitter/tumblr. Releases are in-progress but AFAIK no ETA is available. Disclaimer: I don't work for Opscode.

--Noah

On Jun 5, 2014, at 11:41 PM, Hui Hu < > wrote:

> Hello,
>
> is there a plan for fix CHEF-5358 Upgrade OpenSSL to 1.0.1h to fix the newly announced SSL/TLS MITM vulnerability and deliver a new chef-server release? Do we have an ETA for it ? Our project uses open source chef server and need to use the chef-server with the new openssl 1.0.1h.
>
> Thanks​ in advance.​
> Jesse Hu

--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104

--
Stephen Delano
Software Development Engineer
Opscode, Inc.
1008 Western Avenue
Suite 601
Seattle, WA 98104