summaryrefslogtreecommitdiff
path: root/RELEASE_NOTES.md
diff options
context:
space:
mode:
authorTim Smith <tsmith84@gmail.com>2019-09-11 14:13:14 -0700
committerTim Smith <tsmith84@gmail.com>2019-09-11 14:13:14 -0700
commit37ee85044a8ca7f286ae7eb558c34680dbcd5dc4 (patch)
treeefaa0c487011be817f6755f7e45ae878c271ff5b /RELEASE_NOTES.md
parent3498039af9402f0025c48ab0cba9c0f7ed9764eb (diff)
downloadchef-37ee85044a8ca7f286ae7eb558c34680dbcd5dc4.tar.gz
Add security updates to the release notes
Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r--RELEASE_NOTES.md14
1 files changed, 14 insertions, 0 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index eb068f3278..23e2fdd567 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -87,6 +87,20 @@ Chef InSpec has been updated from 4.10.4 to 4.16.0 with the following changes:
- The `service` resource now includes a new `startname` property for determining which user is starting the Windows services.
- The `groups` resource now properly gathers membership information on macOS hosts.
+## Security Updates
+
+### Ruby
+
+Ruby has been updated from 2.6.3 to 2.6.4 in order to resolve [CVE-2012-6708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6708) and [CVE-2015-9251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251).
+
+### openssl
+
+openssl has been updated from 1.0.2s to 1.0.2s in order to resolve [CVE-2019-1563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563) and [CVE-2019-1547](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547).
+
+### nokogiri
+
+nokogori has been updated from 1.10.2 to 1.10.4 in order to resolve [CVE-2019-5477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477)
+
# Chef Infra Client 15.2
## Updated Resources