diff options
author | Tim Smith <tsmith@chef.io> | 2019-03-06 12:36:11 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-06 12:36:11 -0800 |
commit | 4c86e07602b2a3711207ccdc0951adc2da1b5da7 (patch) | |
tree | aa6d45957eff9b7a735288ad9914145d52486e20 | |
parent | ac0ab505b042f9772ada54440a828d66d40ce182 (diff) | |
parent | 7894cdddfbb2306ef7c477be14d62ae06b8b4bcd (diff) | |
download | chef-4c86e07602b2a3711207ccdc0951adc2da1b5da7.tar.gz |
Merge pull request #8272 from chef/14_11_release_notes
Update Rubygems to 2.7.9 + Add release notes for Chef 14.11
-rw-r--r-- | RELEASE_NOTES.md | 54 | ||||
-rw-r--r-- | omnibus_overrides.rb | 2 |
2 files changed, 55 insertions, 1 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 256a52777a..2695b8264c 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,59 @@ This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes.html> for the official Chef release notes. +# Chef Client Release Notes 14.11: + +## Updated Resources + +### chocolatey_package + +The chocolatey_package resource now uses the provided options to fetch information on available packages, which allows installation packages from private sources. Thanks [@astoltz](https://github.com/astoltz) for reporting this issue. + +### openssl_dhparam + +The openssl_dhparam resource now supports updating the dhparam file's mode on subsequent chef-client runs. Thanks [@anewb](https://github.com/anewb) for the initial work on this fix. + +### mount + +The mount resource now properly adds a blank line between entries in fstab to prevent mount failures on AIX. + +### windows_certificate + +The windows_certificate resource now supports importing Base64 encoded CER certificates and nested P7B certificates. Additionally, private keys in PFX certificates are now imported along with the certificate. + +### windows_share + +The windows_share resource has improved logic to compare the desired share path vs. the current path, which prevents the resource from incorrectly converging during each Chef run. Thanks [@Xorima](https://github.com/xorima) for this fix. + +### windows_task + +The windows_task resource now properly clears out arguments that are no longer present when updating a task. Thanks [@nmcspadden](https://github.com/nmcspadden) for reporting this. + +## InSpec 3.7.1 + +InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improvements to the plugin system, a new config file system, and improvements to multiple resources. Additionally, profile attributes have also been renamed to inputs to prevent confusion with Chef attributes, which weren't actually related in any way. + +## Updated Components + +- bundler 1.16.1 -> 1.17.3 +- libxml2 2.9.7 -> 2.9.9 +- ca-certs updated to 2019-01-22 for new roots + +## Security Updates + +### OpenSSL + +OpenSSL has been updated to 1.0.2r in order to resolve [CVE-2019-1559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559) + +### RubyGems + +RubyGems has been updated to 2.7.9 in order to resolve the following CVEs: + - [CVE-2019-8320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320): Delete directory using symlink when decompressing tar + - [CVE-2019-8321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321): Escape sequence injection vulnerability in verbose + - [CVE-2019-8322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322): Escape sequence injection vulnerability in gem owner + - [CVE-2019-8323](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323): Escape sequence injection vulnerability in API response handling + - [CVE-2019-8324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324): Installing a malicious gem may lead to arbitrary code execution + - [CVE-2019-8325](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325): Escape sequence injection vulnerability in errors + # Chef Client Release Notes 14.10: ## Updated Resources diff --git a/omnibus_overrides.rb b/omnibus_overrides.rb index ffd6875d2a..1b789bc926 100644 --- a/omnibus_overrides.rb +++ b/omnibus_overrides.rb @@ -4,7 +4,7 @@ # # NOTE: You MUST update omnibus-software when adding new versions of # software here: bundle exec rake dependencies:update_omnibus_gemfile_lock -override :rubygems, version: "2.7.8" +override :rubygems, version: "2.7.9" override :bundler, version: "1.17.3" override "nokogiri", version: "1.10.1" override "libffi", version: "3.2.1" |