[chef] Security Release: Chef Server 12.0.1 and Enterprise Chef 11.2.6


Chronological Thread 
  • From: Mark Mzyk < >
  • To:
  • Subject: [chef] Security Release: Chef Server 12.0.1 and Enterprise Chef 11.2.6
  • Date: Wed, 17 Dec 2014 17:04:22 -0500

Hi Chefs,

We just made available a security release of Chef Server 12.0.1 and Enterprise Chef Server 11.2.6. This addresses a CSRF vulnerability that was found in the doorkeeper gem, which is used by the oc-id service found in Chef Server. Open Source Chef Server 11 is not affected by this, as it does not ship with the oc-id service.

Full details are in the blog post here: https://www.chef.io/blog/2014/12/17/security-release-chef-server-12-0-1-and-enterprise-chef-server-11-2-6/

Thanks,

Mark Mzyk
Chef Server Team Engineer



  • [chef] Security Release: Chef Server 12.0.1 and Enterprise Chef 11.2.6, Mark Mzyk, 12/17/2014

Archive powered by MHonArc 2.6.16.

§