diff options
author | Tim Smith <tsmith@chef.io> | 2019-03-08 10:39:06 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-08 10:39:06 -0800 |
commit | afbc9bc90ed4a601a4233f9dab40101636a61fa8 (patch) | |
tree | 6a3c976ac847c09bd8e2a6d9e323a9714c0254d8 | |
parent | a8d397df02d82a8c7a61f6c5eb13554b12aa4c78 (diff) | |
download | chef-afbc9bc90ed4a601a4233f9dab40101636a61fa8.tar.gz |
Add Chef 13.11.12 release notes
-rw-r--r-- | RELEASE_NOTES.md | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index a08bd9e97d..8e18416f34 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,6 +1,37 @@ _This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes._ -# Chef Client Release Notes 13.12 +# Chef Client Release Notes 13.12.14 + +## Bugfixes + +- The mount provider now properly adds blank lines between fstab entries on AIX +- Ohai now reports itself as Ohai well communicating with GCE metadata endpoints +- Property deprecations in custom resources no longer result in an error. Thanks for reporting this [martinisoft](https://github.com/martinisoft) +- mixlib-archive has been updated to prevent corruption of archives on Windows systems + +## Updated Components + +- libxml2 2.9.7 -> 2.9.9 +- ca-certs updated to 2019-01-22 for new roots +- nokogiri 1.8.5 -> 1.10.1 + +## Security Updates + +### OpenSSL + +OpenSSL has been updated to 1.0.2r in order to resolve [CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559) and [CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407) + +### RubyGems + +RubyGems has been updated to 2.7.9 in order to resolve the following CVEs: + - [CVE-2019-8320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320): Delete directory using symlink when decompressing tar + - [CVE-2019-8321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321): Escape sequence injection vulnerability in verbose + - [CVE-2019-8322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322): Escape sequence injection vulnerability in gem owner + - [CVE-2019-8323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323): Escape sequence injection vulnerability in API response handling + - [CVE-2019-8324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324): Installing a malicious gem may lead to arbitrary code execution + - [CVE-2019-8325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325): Escape sequence injection vulnerability in errors + +# Chef Client Release Notes 13.12.3 ## Smaller Package and Install Size |