We need to review at least our security releases for other products since, but maybe a

Thanks for the details & legwork <a class="user-mention notranslate" data-hovercar

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Release for security updates needed about omnibus-chef-server HOT 15 OPEN

chef-boneyard commented on July 4, 2024

Release for security updates needed

from omnibus-chef-server.

Comments (15)

marcparadise commented on July 4, 2024

Thanks for the details & legwork @btm

@jessehu we're looking into this internally and should have further news in the next day or so.

from omnibus-chef-server.

jessehu commented on July 4, 2024

@marcparadise many thanks . Looking forward to the good news!

from omnibus-chef-server.

thommay commented on July 4, 2024

I don't think the arguments for not upgrading ruby in the 11.x client apply in the same way here, fwiw. Our concern there was that users' code might break given the upgrade from 1.9 to 2.1.

from omnibus-chef-server.

adamedx commented on July 4, 2024

@thommay, @mp, can we just use the current channel of our apt / yum repos to distribute a version with a new openssl in the short term?

from omnibus-chef-server.

marcparadise commented on July 4, 2024

We can get a build out on packagecloud with the updated openssl in short order. I've got that in flight now and will update here when it's available.

@JessHu This will not be a formal release, but will contain the fix you need to unblock your deployment.

Is upgrading to Chef Server 12 is an option for you instead? Aside from new features, it has newer versions of many base components (such as solr 4 instead of 1.4 - which is out of support and has unpatched security issues).

If you already have Chef Server 11.1.x or later installed, the upgrade path is relatively straightforward:

http://docs.chef.io/upgrade_server.html#from-chef-server-osc

With additional information here:

https://docs.chef.io/upgrade_server_open_source_notes.html

There are two things to ensure before an upgrade:

Chef Server 11.1.0 (or later) to CS12 is the only supported upgrade path - if you're on a CS 11.0.x, you would first need to upgrade to 11.1.6
All cookbooks must have the 'name' attribute set in metadata.rb.

from omnibus-chef-server.

marcparadise commented on July 4, 2024

The change has been completed and passed CI. Once the next nightly is available with this update, I'll post a link. Here's the PR: #105

from omnibus-chef-server.

jessehu commented on July 4, 2024

Thanks @marcparadise a lot. Can the postgresql 9.2.9 be updated to 9.2.10 ? It also a critical security issue for us.

from omnibus-chef-server.

jessehu commented on July 4, 2024

@marcparadise, one of our engineers tried to upgrade to Chef Server 12 but met some issue. So we decided to stick to Chef Server 11, and Chef Server 12 might be the last choice. Since OpenSSL 1.0.1m and postgresql 9.2.10 can be packaged in new Chef Server 11, we will still use Chef Server 11.

from omnibus-chef-server.

rhass-r7 commented on July 4, 2024

I am 👍 for upgrading ruby to a non-eol version (2.x?) EOL means no security fixes, and managing the risk of that seems far easier to handle in a non-emergency time than when a high risk issue drops. That's my two cents worth if anyone cared to hear it.

from omnibus-chef-server.

jessehu commented on July 4, 2024

Hi @marcparadise, where can I get the nightly build which contains the openssl 1.0.1m and postgresql 9.2.10 ?

from omnibus-chef-server.

stevendanna commented on July 4, 2024

@jessehu Apologies for yet another round of questioning, but when reading through this thread, it occurred to me: Are you targeting Open Source Chef Server 11 or Enterprise Chef Server 11?

Nightlies of the open source build with the upgraded nginx and postgresql can now be found on package cloud. Here is the package from ubuntu:

https://packagecloud.io/chef/current/packages/ubuntu/precise/chef-server_11.1.6+20150508104619.git.8.373c970-1_amd64.deb

from omnibus-chef-server.

jessehu commented on July 4, 2024

Thanks @stevendanna, I want Open Source Chef Server 11 for Redhat RHEL 5 x86_64. What's the download URL?

from omnibus-chef-server.

jessehu commented on July 4, 2024

I find it on https://packagecloud.io/chef/current . Will test it in my env. When will the formal release 11.1.7 annouced and avaible for download ?

from omnibus-chef-server.

jessehu commented on July 4, 2024

Hi @marcparadise , I'm now using chef-12.4.1-1.el6.x86_64 and found the following files. I'm a little confused whether /opt/chef/embedded/lib/libssl.so.1.0.0 is the openssl 1.0.1m. BTW, will a new Chef Client 12 version which contains openssl 1.0.1p delivered in 1 or 2 weeks ?

$ ll /opt/chef/embedded/lib/libssl*
-rw-r--r-- 1 root root 749714 Jul 7 14:40 /opt/chef/embedded/lib/libssl.a
lrwxrwxrwx 1 root root 15 Sep 9 11:01 /opt/chef/embedded/lib/libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root 483887 Jul 7 14:40 /opt/chef/embedded/lib/libssl.so.1.0.0

$ grep openssl /opt/chef/version-manifest.txt
openssl 1.0.1m md5:d143d1555d842a069cb7cc34ba745a06
openssl-customization 12.4.1

from omnibus-chef-server.

jessehu commented on July 4, 2024

The latest chef-12.4.3-1.el6.x86_64 released last week contains OpenSSL 1.0.1p. Thank you all.

from omnibus-chef-server.

Release for security updates needed about omnibus-chef-server HOT 15 OPEN

Comments (15)

Related Issues (8)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent