Chef Manage Release Notes
Chef Manage provides a web-based user interface that manages Chef Infra nodes and other policy objects, such as data bags and roles, on the instance of Chef Infra Server that it’s installed on.
Chef Manage is deprecated and users should plan to migrate to Chef Automate as the replacement.
Upgrading
Download the latest version of the chef-manage package for your platform from Chef Downloads to your Chef Infra Server, then run:
rpm -Uvh /path/to/chef-manage-*.rpm
or
dpkg -i /path/to/chef-manage-*.deb
then:
chef-manage-ctl reconfigure
chef-server-ctl reconfigure
Chef Manage 3.3.97
https://packages.chef.io/release-notes/manage/3.3.97.mdUpdates
- Removed the ‘My Account’ menu item in the top-right user menu. This change applies only to Hosted Chef.
Chef Manage 3.3.96
https://packages.chef.io/release-notes/manage/3.3.96.mdBug Fixes
We fixed an issue introduced in Chef Manage 3.3.93 where changes made to attributes using the web UI would not persist.
To fix this issue, we’ve removed the redis-namespace
Gem since it is no longer supported by Sidekiq.
Note: If you use the Redis instance shipped with Chef Manage, please review your use case to ensure this change doesn’t affect you.
Chef Manage 3.3.95
https://packages.chef.io/release-notes/manage/3.3.95.mdSecurity
Security Improvements
- Updated the Content Security Policy (CSP) to exclude the
unsafe-eval
policy, which is susceptible to common bypass techniques.
Updates
- Removed support for Google Tag Manager.
Chef Manage 3.3.93
https://packages.chef.io/release-notes/manage/3.3.93.mdImprovements
- Added support for Google Tag Manager. Google Tag Manager ID can be set to manage Google Tags. (#1714 , #1718)
- Added support for OneTrust cookie consent which can be set to display a cookie consent banner. (#1714)
- Updated footer to include links to Privacy Policy & Cookie Policy. (#1705)
- Updated logo to reflect current Progress Chef brand. (#1705)
Security
Security Improvements
- The user sign-up form now includes improved input validation. (#1690)
- Updated password reset message (#1645)
- Upgrade : globalid,rack,actionpack,rails (#1624)
- Bump sidekiq from 6.5.6 to 7.0.7 (#1634)
- Gem upgrade: rack, omnibus-software, newrelic_rpm, excon, kitchen-vagrant, spring, test-kitchen, rails-html-sanitizer, loofah, sinatra, haml, nokogiri, redis-store, timers (#1622)
- Gem upgrade: savon, timers, redis, sidekiq, asset_sync, omnibus-software (#1490)
- Gem upgrade: newrelic_rpm, omnibus (#1477)
- Gem upgrade for dotenv and excon (#1459)
- Upgrade omnibus-software and kitchen-vagrant (#1455)
- Bump actionpack from 7.0.3 to 7.0.3.1 in /src/chef-manage (#1452)
- Bundle Dependabot PRs (#1475, #1444, #1450)
- Bump sidekiq from 6.4.2 to 6.5.0 in /src/chef-manage (#1421)
- Upgrade octkit, kitchen-vagrant and test-kitchen (#1430)
- Fix release notes expeditor path (#1426)
- Removed all the debugging code and updated the project name (#1425)
Bug Fixes
- Updated dependency ‘mime-types-data’ to address a logging related issue. (#1717)
Chef Manage 3.3.66
https://packages.chef.io/release-notes/manage/3.3.66.mdEnhancements
- Upgraded Ruby version to 3.0.3 and Rails version to 7.0.3 #1391 (antima-gupta)
Security Updates
The following version upgrades are now live with this release of Chef Manage:
omnibus-software
from9b0e605
to924d9cf
in /omnibus #1417 (dependabot[bot])veil
from51a81ad
toda6a693
in /src/chef-manage #1418 (dependabot[bot])- Updated the expeditor config to fix the wiki page failure #1414 (saghoshprogress)
newrelic_rpm
from 8.7.0 to 8.8.0 in /src/chef-manage #1416 (dependabot[bot])omnibus-software
froma9b13a0
to9b0e605
in /omnibus #1415 (dependabot[bot])asset_sync
from 2.15.1 to 2.15.2 in /src/chef-manage #1413 (dependabot[bot])veil
from660dca8
to51a81ad
in /src/chef-manage #1412 (dependabot[bot])berkshelf
from 8.0.1 to 8.0.2 in /omnibus #1411 (dependabot[bot])Update rack
from 2.2.3 to 2.2.3.1 #1410 (dheerajd-msys)omnibus
from8ecfecd
to78ad41d
in /omnibus #1400 (dependabot[bot])omnibus-software
from36f49ec
toc9447a3
in /omnibus #1399 (dependabot[bot])omnibus
from63be4f1
to8ecfecd
in /omnibus #1398 (dependabot[bot])omnibus-software
fromfe68016
to36f49ec
in /omnibus #1397 (dependabot[bot])berkshelf
from 8.0.0 to 8.0.1 in /omnibus #1396 (dependabot[bot])omnibus-software
from99b8d53
tofe68016
in /omnibus #1393 (dependabot[bot])omnibus-software
froma079a77
to99b8d53
in /omnibus #1392 (dependabot[bot])omnibus
from27c37fc
to63be4f1
in /omnibus #1387 (dependabot[bot])actionpack
andactionview
to 6.1.5.1 #1382 (dheerajd-msys)omnibus-software
fromff4c902
toa079a77
in /omnibus #1384 (dependabot[bot])omnibus-software
from9499b1c
toff4c902
in /omnibus #1383 (dependabot[bot])omnibus-software
fromebd14d3
to9499b1c
in /omnibus #1381 (dependabot[bot])newrelic_rpm
from 8.6.0 to 8.7.0 in /src/chef-manage #1379 (dependabot[bot])brakeman
from 5.2.2 to 5.2.3 in /src/chef-manage #1378 (dependabot[bot])berkshelf
from 7.2.2 to 8.0.0 in /omnibus #1376 (dependabot[bot])omnibus-software
from50d05bc
toebd14d3
in /omnibus #1375 (dependabot[bot])omnibus-software
from8f141a6
to50d05bc
in /omnibus #1373 (dependabot[bot])- combine dependabot prs/infsus-157 #1369 (RajeshPaul38)
excon
from 0.92.2 to 0.92.3 in /src/chef-manage #1371 (dependabot[bot])omnibus-software
from7d5c535
to50d05bc
in /omnibus #1370 (dependabot[bot])omnibus-software
from4af4298
to7d5c535
in /omnibus #1362 (dependabot[bot])omnibus-software
from518f3f8
to4af4298
in /omnibus #1361 (dependabot[bot])omnibus
from124d596
to27c37fc
in /omnibus #1360 (dependabot[bot])omnibus-software
from960cb6e
to518f3f8
in /omnibus #1359 (dependabot[bot])nokogiri
from 1.13.3 to 1.13.4 in /src/chef-manage #1358 (dependabot[bot])omnibus-software
from553d1e0
to960cb6e
in /omnibus #1355 (dependabot[bot])brakeman
from 5.2.1 to 5.2.2 in /src/chef-manage #1357 (dependabot[bot])newrelic_rpm
from 8.5.0 to 8.6.0 in /src/chef-manage #1356 (dependabot[bot])excon
from 0.92.1 to 0.92.2 in /src/chef-manage #1352 (dependabot[bot])- dependabot pr bundle/infsus 112 #1344 (RajeshPaul38)
- Combined dependabot PR's #1338 (pratixha)
- Update Rails to 6.1.4.6 #1323 (tas50)
newrelic_rpm
from 8.4.0 to 8.5.0 in /src/chef-manage #1325 (dependabot[bot])- Corrected failing specs for knife_rb #1327 (pratixha)
omnibus-software
froma4f4849
tof64a223
in /omnibus #1321 (dependabot[bot])omnibus
from55e74ac
to124d596
in /omnibus #1314 (dependabot[bot])chef
from 17.9.46 to 17.9.52 in /src/chef-manage #1317 (dependabot[bot])chef
from 17.9.42 to 17.9.46 in /src/chef-manage #1307 (dependabot[bot])config
from 3.1.1 to 4.0.0 in /src/chef-manage #1311 (dependabot[bot])omnibus-software
from91c1297
toa4f4849
in /omnibus #1312 (dependabot[bot])redis
from 4.5.1 to 4.6.0 in /src/chef-manage #1300 (dependabot[bot])omnibus-software
fromc7a43ec
to91c1297
in /omnibus #1309 (dependabot[bot])omnibus-software
from0c87f0b
toc7a43ec
in /omnibus #1303 (dependabot[bot])- Use lifecycle hook in omnibus kitchen config #1013 (tas50)
sidekiq
from 6.4.0 to 6.4.1 in /src/chef-manage #1305 (dependabot[bot])excon
from 0.90.0 to 0.91.0 in /src/chef-manage #1302 (dependabot[bot])- font-awsome-rails 3 to 4.7 #1284 (antima-gupta)
omnibus-software
from1c00b6d
to0c87f0b
in /omnibus #1299 (dependabot[bot])chef
from 17.9.26 to 17.9.42 in /src/chef-manage #1296 (dependabot[bot])brakeman
from 5.2.0 to 5.2.1 in /src/chef-manage #1297 (dependabot[bot])- Updated sidekiq gem #1298 (saghoshprogress)
newrelic_rpm
from 8.3.0 to 8.4.0 in /src/chef-manage #1292 (dependabot[bot])rspec-rails
from 5.0.2 to 5.1.0 in /src/chef-manage #1290 (dependabot[bot])omnibus
fromf077b40
to55e74ac
in /omnibus #1293 (dependabot[bot])omnibus-software
fromb646bed
to1c00b6d
in /omnibus #1294 (dependabot[bot])omnibus
from2bf77bb
tof077b40
in /omnibus #1287 (dependabot[bot])omnibus-software
fromdd555fa
tob646bed
in /omnibus #1288 (dependabot[bot])omnibus-software
from774125f
todd555fa
in /omnibus #1280 (dependabot[bot])
Bug Fixes
- update specs for capybara upgrade #1394 (msys-sgarg)
- CVE fix: Karma node module version upgrade #1337 (RajeshPaul38)
- Replace js-yaml with marked #1318 (dheerajd-msys)
- Update private_chef_addon to not break user setup #1257 (tas50)
- Disable the feedback button in Hosted Chef #1014 (tas50)
- Update the config comments with command information #1271 (tas50)
- Fix variable names in expeditor scripts #1295 (IanMadd)
- Add expeditor config for release notes #1283 (IanMadd)
Chef Manage 3.2.43
https://packages.chef.io/release-notes/manage/3.2.43.mdBug Fixes
This release resolves a regression in the previous 3.2.35 release, which resulted in icons not displaying in the Manage UI.
Chef Manage 3.2.35
https://packages.chef.io/release-notes/manage/3.2.35.mdBug Fixes and Improvements
- Resolved deprecation warnings when running chef-manage-ctl reconfigure.
Security Updates
Improved HTTP Headers
Added stricter HTTP headers for improved security.
Rails 6.1.4.3
Updated Rails to 6.1.4.3 to resolve CVE-2021-44528.
Chef Manage 3.2.20
https://packages.chef.io/release-notes/manage/3.2.20.mdSecurity
Ruby 2.7.5
Updated Ruby from 2.7.4 to 2.7.5 to resolve the following CVEs:
- CVE-2021-41817
- CVE-2021-41816
- CVE-2021-41819
Chef Manage 3.2.13
https://packages.chef.io/release-notes/manage/3.2.13.mdBug Fixes and Improvements
- Fixed rendering of the changelog from the Manage UI.
- Refreshed many icons throughout the UI.
Security Updates
Sidekiq 6.3.1
Upgraded the Sidekiq job queuing engine used in Chef Manage from 5.2.9 to 6.3.1 to resolve CVE-2021-30151.
Improved HTTP Headers
Chef Manage now includes Referrer-Policy
and Permissions-Policy
HTTP headers for improved security.
Chef Manage 3.1.83
https://packages.chef.io/release-notes/manage/3.1.83.mdBug fixes
- Fixed 500 error while loading change log url introduced in 3.1.80
Chef Manage 3.1.80
https://packages.chef.io/release-notes/manage/3.1.80.mdUpdates
The Chef Manage UI has received minor updates to branding, emails, and external URLs:
- Links lead to the latest pages
- Brand logos match Chef Infra Client / Chef Infra Server
- Community Slack replaces the link to the defunct IRC channel
- Chef Questions replaces the legacy mailing list
Package Improvements
Smaller Package Size
The Chef Manage packaging is optimized, reducing both the package and the on-disk install size by half.
RHEL 6 Package Removal
Chef Manage packages are no longer produced for EOL RHEL 6.
RPM Package Digests
The file digest in Chef Infra RPM packages is updated from M5 to SHA256 to prevent installation failures on some FIPS-enabled systems.
Security Enhancements
User Signup Enhancements
Users can no longer change their email during the signup process to avoid validation.
MTLS Support
Support MTLS in Chef Infra Server
E-mail Verification
User email verification is enforced for all user email address changes.
Ruby 2.7.4
Updated Ruby from 2.6.6 to 2.7.4 to resolve a large number of bugs as well as the following CVEs:
- CVE-2021-28966
- CVE-2021-28965
- CVE-2020-25613
- CVE-2021-31810
- CVE-2021-32066
- CVE-2021-31799
Rails 6.1.4.1
Updated the Rails framework used by Chef Manage from 5.2.4.4 to 6.1.4.1. This new release includes performance improvements, new capabilities, and resolves the following CVEs:
- CVE-2021-22902
- CVE-2021-22903
- CVE-2021-22885
- CVE-2021-22904
OpenSSL 1.0.2zb
Updated OpenSSL from 1.0.2w to 1.0.2zb to resolve issues with Let’s Encrypt certificates and to resolve CVE-2021-3712.
cacerts
Updated the cacerts bundle to the 2021-09-30 release, which removes older expired root certificates and adds the following new root certificates:
- AC RAIZ FNMT-RCM SERVIDORES SEGUROS
- GlobalSign Root R46
- GlobalSign Root E46
- GLOBALTRUST 2020
- ANF Secure Server Root CA
- Certum EC-384 CA
- Certum Trusted Root CA
nokogiri 1.12.5
Update the nokogiri gem to 1.12.5 to resolve CVE-2021-41098.
libarchive 3.5.2
Update the libarchive library from 3.4.3 to 3.5.2 to resolve security vulnerabilities in libarchive’s handling of symbolic links.
Chef Manage 3.0.16
https://packages.chef.io/release-notes/manage/3.0.16.mdBug Fixes
- Fixed issues adding cookbook constraints to an environment.
- Fixed errors when changing a node’s environment.
- Fixed incorrect cookbook versions being displayed in environments.
- Fixed a blank page being shown when refreshing the databag item page.
Ubuntu 20.04 Support
We added Ubuntu 20.04 packages and continue to support Ubuntu 16.04 and 18.04 packages.
Dependency Updates
- Embedded Chef Infra Client is upgraded from 14 to 15
- Sidekiq is upgraded from 4.2.10 to 5.2.9
Security Updates
Ruby 2.6
We updated Chef Manage’s Ruby installation from 2.5.5 to 2.6.6. This upgrade improves the performance of the application and resolves the following CVEs:
- CVE-2012-6708
- CVE-2015-9251
- CVE-2019-16255
- CVE-2019-16254
- CVE-2019-15845
- CVE-2019-16201
- CVE-2020-10663
- CVE-2020-10933
OpenSSL
We updated OpenSSL from 1.0.2u to 1.0.2w to resolve CVE-2020-1968.
Rack
We updated the Rack gem used in Chef Manage from 2.0.9 to 2.2.3 to resolve CVE-2020-8184.
Rails
We updated the Rails engine used in Chef Manage from 5.2.4.2 to 5.2.4.4 to resolve CVE-2020-15169.
Chef Manage 3.0.11
https://packages.chef.io/release-notes/manage/3.0.11.mdThis release includes important dependency updates and support for SSL connections to the Chef Infra Server.
Dependency Updates
- Rails is upgraded to 5.2.4
- Chef Infra Client is upgraded from 11 to 14
- Sidekiq is upgraded from 2.5 to 4 to improve the background processing
SSL Support
Chef Manage 3.0 now supports SSL communication between Chef Manage and Chef Infra Server. For compatibility with self-signed certificates which are commonly used on the Chef Infra Server, this feature defaults to off in this release.
Configuration
The SSL support is configured using these settings in the
/etc/chef-manage/manager.rb
configuration file. After any changes you must run
sudo chef-manage-ctl reconfigure
to apply the changes.
ssl_verify_mode
: Configure SSL verification for the connection to the Chef Infra
Server. By default this is set to :verify_none
. Setting this to :verify_peer
will require a Chef Manage to verify the SSL certificate of the Chef Infra Server.
trusted_certs_dir
: Provide a path to a directory containing trusted SSL
certificates. This is empty by default, but /etc/chef/trusted_certs
is the
most likely setting for reusing certificates installed by Chef Infra Client.
Bug Fixes
- Generating a Knife Config now produces a
config.rb
instead ofknife.rb
file. These files have the same format and contents, butconfig.rb
has been the preferred file name since Chef Infra Client 12.0. - Minor UI bug fixes
Supported Infra Server Versions
Chef Manage 3.0 is compatible with Chef Infra Server 12 and later. Users are always encouraged to stay up to date on Chef Infra Server releases to ensure they have the latest security updates.
Added Platform Support
- RHEL 7
- RHEL 8
- Ubuntu 16.04
- Ubuntu 18.04
Removed Platform Support
- Ubuntu 10.04
- Ubuntu 12.04
- Ubuntu 14.04
Chef Manage 2.5.16
https://packages.chef.io/release-notes/manage/2.5.16.mdDependency Updates
- Embedded Chef Infra Client upgraded from 12.19.36 to 12.22.5
Chef Manage 2.5.15
https://packages.chef.io/release-notes/manage/2.5.15.mdBug Fixes
- Replaced links to the legacy IRC channel with links to Chef Community Slack.
- Allow uppercase letters to be used in data bag names.
- Hide the reporting tab when Chef Reporting is not installed on the system.
Security Updates
- Added Strict-Transport-Security headers to all pages.
- Sanitized HTML errors in JSON error output to prevent possible reflected XSS in the case of script tags being passed in as part of the URL of a JSON request.
Chef Manage 2.5.8
https://packages.chef.io/release-notes/manage/2.5.8.mdThis release does not have any release notes.
Chef Manage 2.5.4
https://packages.chef.io/release-notes/manage/2.5.4.mdThis release does not have any release notes.
Chef Manage 2.5.3
https://packages.chef.io/release-notes/manage/2.5.3.mdThis release does not have any release notes.
Chef Manage 2.5.1
https://packages.chef.io/release-notes/manage/2.5.1.mdThis release does not have any release notes.
Chef Manage 2.5.0
https://packages.chef.io/release-notes/manage/2.5.0.mdThis release does not have any release notes.
Chef Manage 2.4.5
https://packages.chef.io/release-notes/manage/2.4.5.mdThis release does not have any release notes.
Chef Manage 2.4.4
https://packages.chef.io/release-notes/manage/2.4.4.mdThis release does not have any release notes.
Chef Manage 2.4.3
https://packages.chef.io/release-notes/manage/2.4.3.mdThis release does not have any release notes.
Chef Manage 2.4.2
https://packages.chef.io/release-notes/manage/2.4.2.mdThis release does not have any release notes.
Chef Manage 2.4.1
https://packages.chef.io/release-notes/manage/2.4.1.mdThis release does not have any release notes.
Chef Manage 2.4.0
https://packages.chef.io/release-notes/manage/2.4.0.mdThis release does not have any release notes.
Chef Manage 2.3.0
https://packages.chef.io/release-notes/manage/2.3.0.mdThis release does not have any release notes.
Chef Manage 2.2.1
https://packages.chef.io/release-notes/manage/2.2.1.mdThis release does not have any release notes.
Chef Manage 2.2.0
https://packages.chef.io/release-notes/manage/2.2.0.mdThis release does not have any release notes.
Chef Manage 2.1.2
https://packages.chef.io/release-notes/manage/2.1.2.mdThis release does not have any release notes.
Chef Manage 2.1.1
https://packages.chef.io/release-notes/manage/2.1.1.mdThis release does not have any release notes.
Chef Manage 2.1.0
https://packages.chef.io/release-notes/manage/2.1.0.mdThis release does not have any release notes.