diff options
author | Tim Smith <tsmith@chef.io> | 2021-08-27 12:11:55 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-27 12:11:55 -0700 |
commit | 387b02dcf153ff2fc6fe065e0dca7c5f8e63a166 (patch) | |
tree | ba7e27caa36f1a06ac8fd08f21c734be010c0b3c | |
parent | 8675b0849785d6610cf1406dc00d123f2713bccd (diff) | |
parent | 3bbef90949624aa5299f3724ba068f0f76e7705d (diff) | |
download | chef-387b02dcf153ff2fc6fe065e0dca7c5f8e63a166.tar.gz |
Merge pull request #11976 from chef/hotfix
Add 17.4.38 release notes
-rw-r--r-- | RELEASE_NOTES.md | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 9a279dc880..c71dca3b0b 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,6 +1,35 @@ This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes/> for the official Chef release notes. -## What's New in 17.4 +## What's New in 17.4.38 + +### Bug fixes + +- Resolved a regression introduced in Chef Infra Client 17.4 that caused HWRP-style resources inheriting from LWRPBase to fail. + +### Enhancements + +- Improved log output to clearly define where the Infra Phase ends and the Compliance Phase begins. +- Enhanced Ohai data collection of Amazon EC2 metadata to collect additional data for some configurations. +- Removed ERROR logs when retrying failed communication with the Chef Infra Server. +- Improved the `archive_file` resource by upgrading the `libarchive` library it uses, which includes the following improvements: + - Support for PWB and v7 binary CPIO formats. + - Support for the deflate algorithm in symbolic link decompression with zip files. + - Various bug fixes when working with CAB, ZIP, 7zip, and RAR files. + +### Security + +#### OpenSSL 1.1.1l + +OpenSSL has been updated from 1.1.1k to 1.1.1l on macOS systems to resolve the following CVEs: + +- [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) +- [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712) + +#### libarchive 3.5.2 + +Updated the libarchive library that powers the `archive_file` resource from 3.5.1 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links. + +## What's New in 17.4.25 ### Compliance Phase Improvements |