chef-dev - [chef-dev] Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6

Subscribers: 756
Owners
Adam Jacob
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

Chef Developers

[chef-dev] Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6

From: Mark Mzyk < >
To: " Dev" < >
Subject: [chef-dev] Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6
Date: Wed, 17 Dec 2014 17:08:01 -0500

Hi Chefs,

We just made available a security release of Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This addresses a CSRF vulnerability that was found in the doorkeeper gem, which is used by the oc-id service found in Chef Server. Open Source Chef Server 11 is not affected by this, as it does not ship with the oc-id service.

Full details are in the blog post here: https://www.chef.io/blog/2014/12/17/security-release-chef-server-12-0-1-and-enterprise-chef-server-11-2-6/

Thanks,

Mark Mzyk
Chef Server Team Engineer

[chef-dev] Security Release: Chef Server 12.0.1 and Enterprise Chef Server 11.2.6, Mark Mzyk, 12/17/2014