Skip to main content

Chef Automate Release Notes

Warning

Chef Automate 4.x will not be available for download before the end of September 2022. We are working on making the upgrade process a seamless experience. Until then, you can download Chef Automate 3.0.49. Please get in touch with support for more information.

Chef Automate 4.2.59

Released on August 12, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.x
3.0.494.x

See the Chef Automate major upgrade documentation for more information.

Compliance Profile Updates

Compliance profiles are updated to version 1.0.0/20220722105137, which includes the new and improved profiles for:

  • CIS Apache HTTP Server 2.4 v2.0.0
  • CIS Windows Server 2022 v1.0.0
  • STIG Ubuntu 20.04 v1.2.0
  • CIS Windows Server 2016 v1.3.0
  • CIS MSSQL Server 2016 v1.3.0
  • CIS Oracle 12c v3.0.0
  • CIS Oracle 18c v1.0.0
  • CIS Oracle 19c v1.0.0

This update also includes fixes for:

  • CIS RHEL 8 v2.0.0 fix for control 6.2.7

Bug Fixes

  • The compliance reports node name search is now case insensitive. (#7310)

Maintenance

  • Updated the Habitat version to 1.6.521 (#4517)
  • Added support for SUSE Linux Enterprise Server 12 SP5 to Chef Automate HA.

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.521/20220603154827
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.18

Supported External Chef Products

This release supports the following external Chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

See the package manifest for the latest release.

Chef Automate 4.2.47

Released on August 1, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.x
3.0.494.x

Click here to know more.

Improvements

  • Ability to install Automate HA on instances configured to use a different SSH port other than the default one (#7261)
  • The upgrade process of Chef Automate HA has been improved (#7270).

Bug Fixes

  • To display the organization name in the breadcrumbs in Infra Server View (#7213)
  • To display the disclosure banner in the Automate UI (#7243)
  • To delete the corresponding Client when a Node is deleted in Infra Server View (#7271)
  • To display controls with special characters on the Compliance Report Controls page (#7289)

Maintenance

  • The downloadable Automate Airgapped Bundles will be retained for 60 days instead of 30 days.

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.51.1/20211201163039

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.18

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 4.2.22

Released on July 5, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.x
3.0.494.x

Click here to know more.

Improvements

  • Chef Automate can now check the proxy environment setting when you download the latest manifest (#7170).
  • Support for OpenSearch connectivity over HTTP (#7209).

Bug Fixes

  • The listing of requested reports for Project Editor and Viewer roles when Large Compliance Report ingestion is enabled is now fixed. (#7206)
  • The listing of profiles is fixed when the Passed, Failed or Skipped nodes tab is selected. (#7215)

Security

Security Improvements

(examples: new security configurations)

  • The Login id_token flow is modified not to use cookie but from the HTTP response (#7145).

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 4.2.10

Released on June 23, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.49
3.0.494.x

See the Chef Automate Major Upgrade documentation to learn more.

New Features

Improvements

  • Automate HA documentation improvements

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20220609120848, which includes the fixes for:
    • CIS RHEL 8 v2.0.0

Bug Fixes

  • Restricted SSH access to bastion nodes in Automate HA to the bastion server (#7186).

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

See the package manifest for the latest release.

Chef Automate 4.1.3

Released on June 17, 2022

Announcement

Chef Automate High Availability is now available with supported Public Documentation.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.49
3.0.494.x

Click here to know more.

New Features

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20220609120848, which includes the following profile changes:

RHEL 8 v 2.0.0
Mongo DB 3.6 v1.1.0

and Fixes for:

Windows 2016 Server 1607 v 1.3.0
Windows 10 Enterprise 1909 v1.8.1
Stig Windows 10
Stig Windows 12 r2 v3
Windows 2012 r2 v2.5.0
Windows 2019 v1.2.1

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 4.0.91

Released on June 9, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.49
3.0.494.x

Click here to know more.

Improvements

  • Automate supports substring search consistently in Compliance and Infra tabs (#7076).

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20220603123504, which includes the following profile changes:

RHEL 8 v 2.0.0
Mongo DB 3.6 v1.1.0

and Fixes for:

Windows 2016 Server 1607 v 1.3.0
Window 10 Enterprise 1909 v1.8.1
Stig Windows 10 Server Stig Windows 12 Server r2 v3
Windows 2012 Server r2 v 2.5.0
Windows 2019 Server v1.2.1

Security

Security Improvements

(examples: new security configurations)

  • Stop showing external OpenSearch credentials in plain text (#7024).

Security Updates

(examples: dependency updates, CVE fixes) OpenJDK is updated to 11.0.15_10 which fixes the following vulnerabilities:

  • CVE-2022-21426
  • CVE-2022-21434
  • CVE-2022-21443
  • CVE-2022-21449
  • CVE-2022-21476
  • CVE-2022-21496

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.56.22/20220517052126

Service Versions

This release uses:

  • Postgres:13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 4.0.54

Released on May 25, 2022

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.49
3.0.494.0.x

Click here to know more.

New Features

  • In Chef Automate a new security feature has been implemented to lock users on multiple failed attempts while logging in (#6923).
  • The Chef Automate bundle for airgapped customers is now available. Click here to download the bundle (#6973).

Improvements

  • Pagination has been implemented to show all the controls of the ListControl API (#6910).

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20220518045206, which includes the following profile changes:

Postgres 11 v1.0.0

Security

Security Updates

Updated url-parse to v1.5.10:

  • CVE-2022-0686
  • CVE-2022-0691
  • CVE-2022-0639
  • CVE-2022-0512
  • CVE-2021-3664

Updated minimize to 1.2.6

  • CVE-2021-44906

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.51.1/20211201163039

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 4.0.27

Released on May 13, 2022

Announcement

Elasticsearch support has been removed from this version (4.0.27) of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.49
3.0.494.0.x

Click here to know more.

Bug Fixes

  • Bug fix related to migration of PostgreSQL data after major upgrade #7013

Maintenance

  • Support for Embedded OpenSearch and External OpenSearch Version 1.2.4 added.

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.15.10/20220510065931
  • Chef InSpec version: 4.51.1/20211201163039

Service Versions

This release uses:

  • Postgres: 13.5
  • OpenSearch: 1.2.4
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 3.0.49

Released on April 25, 2022

Announcement

The upcoming release will be a Major Version Upgrade with support for Open Search. Chef Automate will not automatically upgrade to the major upgrade. Click here to know more.

Upgrade Journey

Chef lets you choose your Upgrade Journey based on your current version of Chef Automate. You have to manually upgrade to the major versions.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.x

Click here to know more.

Improvements

  • The Check-In history in node details will have an improved look and feel on desktop dashboard (#6702).
  • Included opt-in telemetry for Profiles search, Data Feed, Data Lifecycle, Identity Management, Access Management, and Node Management (#6840, #6863, #6864, #6903, #6913, #6917).

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20220422141333, which includes the following profile changes:

STIG Windows 2012R2 v3 release 1
STIG Windows 2016 2.1.0
CIS Windows 2012R2 2.5.0
CIS Windows 2012 2.3.0
Mac OS 11 1.2.0
Microsoft IIS
Windows 2016 1.3.0
CIS Windows 2019 1.2.1
Ubuntu 20.04 1.1.0
CIS Oracle Database 19c (Linux) 1.0.0
CIS AWS Linux 2 2.0.0
CIS Oracle Database 12c 3.0.0
RHEL 7 3.1.1
RHEL 8 1.0.1
Centos 8 1.0.1
Centos 7 3.1.2
RHEL 6 3.0.0
Ubuntu 18.04 2.1.0
Debian Linux 9 1.0.1
Windows 10 H2 1.10.0
Centos 6 3.0.0
Oracle Linux 7 3.1.1
Oracle 18c 1.0.0
STIG RHEL8 1.2.0
CIS MSSQL Server 2016 v1.3.0
IS MSSQL Server 2019 v1.2.0

Bug Fixes

  • The Infinite render loop in check-in history on the desktop dashboard has been fixed (#6756).
  • The 0-byte file download of Compliance Reports in Chrome/Edge has been fixed (#6824).
  • The visualization of the check-in time of nodes in the Nodes tab under Infra Server has been fixed(#6858).

Maintenance

  • Updated Inspec version to 4.56.22 (#6958)

Security

Security Improvements

(examples: new security configurations)

  • Enable Strict Transport Security header for Automate services (#6846)

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.13.42/20220228221324
  • Chef InSpec version: 4.56.22/20220423215911

Service Versions

This release uses:

  • Postgres: 13.5
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 3.0.23

Released on April 19, 2022

We are delighted to announce the availability of version 3.0.23 of Chef Automate.

Upgrade Journey

Chef lets you choose your upgrade journey based on your current version of Chef Automate. You can do all the version upgrades manually.

Your Current VersionUpgrade To
Any version before 2022032909144220220329091442
202203290914423.0.x

Click here to know more.

Maintenance

  • Support for Embedded PostgreSQL Version 13.5 added.

Chef Packaged Product Versions

This release uses:

  • Chef Habitat version:1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.13.42/20220228221324
  • Chef InSpec version: 4.51.1/20211201163039

Service Versions

This release uses:

  • Postgres: 13.5
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

Supported External Chef Products

This release supports the following external chef products:

  • Chef Infra Server version: 14.0.58+
  • Chef Inspec version: 4.3.2+
  • Chef Infra Client: 17.0.242+
  • Chef Habitat: 0.81+

View the package manifest for the latest release.

Chef Automate 20220329091442

Released on March 29, 2022

Announcement

This is the last release of the current series of releases. The upcoming release will be a Major Version Upgrade. Chef Automate will not upgrade automatically to the major upgrade. Click here to know more.

Bug Fixes

  • The License expiration issue of the banner being shown at the incorrect time has now been fixed (#6830).
  • Fixed chef-server-ctl test command for Chef Server running embedded with Chef Automate (#6726).

Improvements

  • Improved Telemetry Coverage for notifications under Settings page (#6812).

Chef Product Versions

This release uses:

  • Chef Habitat version:1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.13.42/20220228221324
  • Chef InSpec version: 4.51.1/20211201163039

Service Versions

This release uses:

  • Postgres: 9.6.24
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220322122400

Released on March 23, 2022

Improvements

  • The Internal Database Services can be skipped when it is externally configured to optimize host resources (#6606).
  • Improved telemetry coverage for Chef Infra Server Policy Files and Policy Groups under Infrastructure (#6797, #6805).

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.11.36/20211227114241
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.24
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220310123121

Released on March 14, 2022

Improvements

  • Improved telemetry coverage for Chef Infra Server Environments, Clients, Nodes and Data Bags under Infrastructure (#6740, #6749, #6760, #6775).

Bug Fixes

  • The backup timeout issue for the large data backups has been fixed (#6733).

Maintenance

  • Upgraded Postgres to 9.6.24 (#6759).

Security

Security Updates

Upgraded PostgreSQL to 9.6.24:

  • CVE-2021-23222
  • CVE-2021-23214

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.11.36/20211227114241
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.24
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220223121207

Released on February 28, 2022

Improvements

  • Improved telemetry coverage for Chef Infra Server Roles under Infrastructure (#6708)

Security

Security Improvements

  • Improved security by removing login tokens from URL strings and instead using an HTTP POST request. (#6716)

Chef Product Versions

This release uses:

  • Chef Habitat version:1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.11.36/20211227114241
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220209045542

Released on February 9, 2022

Bug Fixes

  • Chef Automate can now run compliance cloud scans on any AWS API resource outside of a private cloud using proxy settings. (#6641)
  • chef-server-ctl commands like cleanup-bifrost, grant-server-admin-permissions, etc., will work with external Postgres as well. (#6643)
  • Fixed a notification service integration failure. (#6638)

Security

Security Improvements

Security Updates

  • CVE-2021-23017 - Upgraded Nginx to 1.21.3 for Chef Habitat builder-api-proxy.

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 9978/20211221122808
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220121191356

Released on January 27, 2022

Security

Security Updates

Upgraded Elasticsearch to 6.8.23:

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres:9.6.11
  • ElasticSearch: 6.8.23
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220113154113

Released on January 17, 2022

Improvements

  • Added two new CLI options:
    • complianceResourceRunCount will return a CSV file with the number of unique compliance resources reporting to Chef Automate within a range of dates. (#6448)
    • complianceResourceRunReport will return a CSV file that contains data about compliance resources reported to Chef Automate within a range of dates. (#6448)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.11.36/20211227114241
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.22
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20220103112354

Released on January 5, 2022

Improvements

  • Chef Automate now supports externally deployed PostgreSQL 13 (#6491).

See our documentation for steps on upgrading an external PostgreSQL database from 9.6 to 13.

Maintenance

  • Upgraded the embedded version of Chef Infra Server to 14.11.36 (#6183)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.11.36/20211227114241
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.22
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211220104140

Released on December 20, 2021

Improvements

Added two new CLI options:

  • uniqNodeRunReport returns the number of unique nodes reporting to Chef Automate within a range of dates. (#6355)
  • nodeRunReport returns a CSV file that contains data about nodes that have reported to Chef Automate within a range of dates. (#6355)

Bug Fixes

  • Fixed an issue where compliance profiles would not upload in ZIP format. (#6146)

Security

Security Updates

Upgraded Elasticsearch to 6.8.22:

Upgraded AdoptOpenJDK version to 11.0.13+8 :

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.22
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211201164433

Released on December 1, 2021

Bug Fixes

  • The last release caused high CPU usage and ingestion failures, described in (#6295). This release reverts the code changes made in compliance and ingest-service.

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211125063136

Released on November 29, 2021

Improvements

  • New global events have been added to understand Node Summary Count (#5810).
  • You can enable Content-Security-Policy Header (#5757).
  • You can search Node Managers by name and filter Node Managers by Cloud Provider in Settings -> Node-Integration (#6039).
  • You can now modify the number of items in a page for Infrastructure -> Infra-Server page (#6074, #6196).

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20211110062104, which includes the following profile changes:

Window 2016 v1.2.0

Bug Fixes

  • Blank page while adding new credentials has been fixes. Navigate to the page by: Compliance -> scan job -> Nodes Added (#6073).
  • Improper display of Webhook Type has been fixed. Navigate to the page by: Settings -> Notifications (#6104).
  • The issue with the Save button for Reset Credentials under Settings -> Node Credential has been fixed (#6147).

Maintenance

  • Upgraded Ruby to v3.0 (#5852)
  • Upgraded OpenJDK to 11.0.12+7 (#5405)

Security

Security Improvements

(examples: new security configurations)

  • Added more request id validation in the authentication module (#6085)

Security Updates

(examples: dependency updates, CVE fixes)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.21.3
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211102170523

Released on November 10, 2021

Improvements

  • You can now easily use accordion to select credentials and add nodes under Compliance -> Scan Jobs (#5788)
  • Azure Compliance Scan now allows you to filter subscriptions based on tags (#5870)

Bug Fixes

  • Automate allows you to add organisations of same name but in different Chef Server under Infrastructure->Infra Server (#6017)

Security

Security Updates

(examples: dependency updates, CVE fixes)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211020062000

Released on October 26, 2021

New Features

  • Data Feed is now made GA. Data Feed supports 2 types of Integrations:

    • Webhook Integration - Supports 4 kinds of RESTful API based webhook integrations.
      • ServiceNow
      • Splunk
      • ELK
      • Custom Webhook
    • Storage Integration - Supports 2 kinds of storage types.
      • AWS S3
      • Minio

    For detailed documentation please refer to docs.chef.io

Security

Security Improvements

(examples: new security configurations)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20211007102429

Released on October 12, 2021

Improvements

  • We’ve made UI Improvements for Chef Infra Server (#5819, #5837)
  • Azure API scan can now run on multiple subscription ids. (#5792)

Compliance Profile Updates

Compliance profiles are updated to version 1.0.0/20211007053103, which includes the following profile changes:

RHEL 8 V1.0.0 fixed for removing extra escape characters
Apple Mac OS 11 Profile V1.2.0

Bug Fixes

  • Chef Automate can now accommodate more than 100 nodes for Compliance Scan. (#5761)

Security

Security Improvements

(examples: new security configurations)

  • Changes are made to mask user credentials in Data Feed Debug Logs. (#5845)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210923171324

Released on September 27, 2021

Improvements

  • Manage Telemetry options from your Profile (#5729)
  • Add a Chef Infra Server using either a FQDN or an IP address (#5724)
  • Encrypted data bags cannot be edited in Automate.(#5754)

Bug Fixes

  • The Edit Attributes form for Chef Infra Servers > Organizations > Your Org closes correctly. (#5255)

Security Improvements

  • Added host header validation to secure the HTTP endpoint from attacks using DNS rebinding to bypass any IP or firewall-based access restrictions. (#5647)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210907035717

Released on September 13, 2021

New Features

  • You can now check the details of Runlist Dependencies in the Policyfiles details page. Navigate to the Policyfile tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles > PolicyFile > Runlist (#5619)
  • You can now view the Details of the Nodes a Policy Group is associated with. Navigate to the Policy Group: Infrastructure > Chef Infra Server > Server Name > Organization > policygroups > PolicyGroup > Node (#5630)

Improvements

  • Chef Automate will now validate the availability of Chef Infra Server while adding. (#5643)
  • We’ve made the navigation to the ServiceNow integration docs more intuitive. Find them on docs.chef.io by navigating to Chef Automate > Integrations > ServiceNow

Compliance Profile Updates

Compliance profiles are updated to version 1.0.0/20210902061132, which includes the following profile changes:

CentOS 6 IPV6 fixes
Centos 6 control 6.2.6 Ensure root path fix
CentOS 7 IPV6 fixes
Centos 7 control 6.2.6 Ensure root path fix
Centos 8 Boot loader EFI fix
CentOS 8 - test to ensure base chains exist updated
RHEL 7 v2.2.0 IPV6 fixes
RHEL 6 IPV6 fixes
RHEL 7 v2.1.1 IPV6 fixes
Ubuntu 16.04 IPV6 fixes
CIS Ubuntu 20.04 v1.0.0
Stig windows server 2019 v1.1.0 few controls with incorrect logic updated

Bug Fixes

  • Chef Automate now gets updated in Roles without description getting validated in Chef Infra Server. (#5648)

Security

Security Updates

(examples: dependency updates, CVE fixes)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210824134201

Released on August 27, 2021

New Features

  • LDAP and SAML Chef Automate users can now set Time Format across the Chef Automate. Navigate to the TIme Format: Profile > Time Format. (#5432)
  • You can now check the details of Cookbook Dependencies in the Policyfiles details page. Navigate to the Policyfile tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles > PolicyFile > Cookbook Dependencies (#5484)
  • You can check the details of Policy Group and the list of Policyfiles which are part of the Policy Group. Navigate to the Policy Group: Infrastructure > Chef Infra Server > Server Name > Organization > policygroups > PolicyGroup (#5498)

Improvements

  • You can now set the Log out time duration if your system is idle upto a specific time. (#5362)

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210823105624, which includes the following profile changes:

Ubuntu 18.04 fix for SSHD Configuration MACs
Centos 7 fix for SSHD Configuration MACs
Rhel-7 v2.2.0 fix for SSHD Configuration MACs
Centos 6 fix for SSHD Configuration MACs
Rhel 6 fix for SSHD Configuration MACs
Rhel-7 v2.1.1 fix for SSHD Configuration MACs
Ubuntu 16.04 fix for SSHD Configuration MACs

Bug Fixes

  • Automate Report Details API now returns the available Profile tags. (#5483)
  • Changes the default Time Format for Chef Automate to include the Timestamp. (#5574)

Security

Security Improvements

(examples: new security configurations)

  • Logout from Automate UI disables the session token usage (#5433)

Security Updates

(examples: dependency updates, CVE fixes)

  • Upgraded package handlebars to 4.7.7
  • Upgrade package tar to 4.4.15

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210813114337

Released on August 18, 2021

New Features

  • You can now check the Included Policies, Cookbook Dependencies and Revisions in the Policyfiles details page. Navigate to the Policyfile tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles > PolicyFile (#5398)
  • You can view and search the list of Policy Group on the Policy Groups page. Navigate to the Policy Groups tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policy Groups (#5409)
  • Local Chef Automate users can set the Time Format across the Automate UI by setting it from: Profile > Time Format. (#5378)

Improvements

  • Data feed service can now process 50k+ nodes in a given feed.

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210806131012, which includes the following profile changes: (#5406)

Bootloader permission check for CIS CentOS Linux 8 ver-1.0.0
CIS windows 10 enterprise 1909 v1.8.1
Update azure-inspec version for azure foundation profile
Ensure no unconfined services exist fails to check for unconfined_service_t

Bug Fixes

  • The filtering out nodes using tags for Azure VMs in scan Job -> Create Job page is fixed. (#5355)
  • The frequent logouts for /refresh api failures has been fixed. (#5395)
  • The serial number for windows platform will be fetched correctly. (#5445)

Security

Security Improvements

(examples: new security configurations)

  • CVE-2021-23362 - updated hosted-git-info to 2.8.9
  • Upgrade prismjs to version 1.24.0
  • CWE-1333 - updated addressable to 2.8.0
  • Upgrade the tar version to 3.2.3

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210727104144

Released on August 2, 2021

New Features

  • You can now check the Policyfiles from Chef Infra Server. Navigate to the Policyfiles tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles > PolicyFile. (#5327, #5374, #5377)

Improvements

  • Login Landing Page will now be displayed for all types of login. (#5375)

Compliance Profile Updates:

  • Compliance profiles are updated to version 1.0.0/20210720091254, which includes the following profile changes: (#5367):

STIG Windows 10 v2.1.0
Fix for - ASLR check in CIS

Bug Fixes

  • Fixed the pagination in Compliance Report. (#5360)

Security

Security Improvements

  • We have made the following security improvements (Examples: New Security Configurations): (#5363)

Added SameSite=Lax to the Session Cookie

Security Updates

The node modules are updated to fix the following CVE issues:

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210720135142

Released on July 20, 2021

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210714100005, which includes the following profile (#5356):

STIG Windows 10 v2.1.0
Fix for - ASLR check in CIS CentOS 8

Bug Fixes

  • The black screen when logging in using SAML has been removed. (#5368)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres:9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210713164523

Released on July 19, 2021

New Features

  • You can now search and delete the Policyfiles from Chef Infra Server. Navigate to the Policyfiles tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles. (#5321, #5307)

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210707133250, which includes the following profile (#5297):

Server motd regular expression bug fix - centOS 8.
Fix for - RHEL 7 v 2.2.0 - 5.3.1 control.
Fix for - Tomcat 8 V 1.1.0 - Bug Fix (Fixed Nokogiri dependency ).
Fix for - Server does not find files in /etc/sudoers.d - CentOS 8.
Fix for - Expand user shell timeout check to scan files in /etc/profiles.d - CentOS 8.
STIG Windows 2012/2012 R2 Domain Controller v3.1.0.

Bug Fixes

  • Fixed the User Preference Settings in Chef Automate (#5284)

Security Improvements

We have made the following security improvements (Examples: New Security Configurations): (#5286)

Enabled Strict-Transport-Security header in API
Enabled Cross-site scripting (XSS) filters in browsers
Disabled Content Sniffing
Enabled X-Content-Type-Options header
Enabled X-XSS-Protection header
Enabled HTTP Strict-Transport-Security header

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210629161835

Released on July 5, 2021

New Features

  • The Chef Automate allows you to add Disclosure Text to the login page. (#5106)
  • You can add a Banner or a warning message across the Chef Automate Interface. (#5106)
  • You can now check all the Policy Files from Chef Infra Server. Navigate to the Policy files tab: Infrastructure > Chef Infra Server > Server Name > Organization > Policyfiles. (#5277)

Improvements

  • In the Chef Infra Server, the Create and Save buttons get enabled only when you are done and ready to save. (#5276)
  • A subscription id is added in Node Integration for Azure API in Settings > Node Integration > Azure > API (#5291)
  • We have made various changes like button alignment and unnecessary spaces to improve your user experience while working on Chef Automate Interface.

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210625122945, which includes the following profile (#5292)

Bug Fix - CentOS 8 v1.0.0

Bug Fixes

  • Removed the ability to change the data bag id on the Edit Data Bag model. (#5249)
  • Fixed extra node creation in Chef Automate Interface while running Node Scans. (#5290)

Security

Security Updates

The node modules are updated to fix the following CVE issues:

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210616033549

Released on June 21, 2021

New Features

  • You can now check and update the node attributes from Chef Infra Server. Navigate to the Attributes tab: Infrastructure > Chef Infra Server > Server Name > Organization > Nodes. (#5194)

Improvements

  • The Edit functionality of Roles in Environment has been disabled. (#5201)
  • A spinner has been added to every delete operation performed in Chef Infra Server. (#5234)

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210605110738, which includes the following profiles (#5195):

CIS sles15 v1.0.0 - Optimisation and code clean

CIS Mssql server 2017 V1.2.0

Bug Fixes

  • The page redirection has been fixed while adding node credentials from the Scan Job tab on the Compliance page. (#5009)
  • The Chef Environment Attributes capitalization has been fixed. (#5205)

Maintenance

  • Chef Infra Server is updated from 14.1.0 to 14.4.4 which has the following changes (#5213):
    • Error pages no longer display the running version of OpenResty.
    • The opscode user which runs Chef Infra Server is no longer configured with an interactive shell.
    • Reindexing will now gracefully fail if there is not 2.2x the current ElasticSearch data available on disk before attempting the reindex
    • The HTTP Strict-Transport-Security (HSTS) max-age value for the default Chef Infra Server website can now be configured. Set the new node[‘private_chef’][’nginx’][‘hsts_max_age’] to define the time in seconds the browser should remember that a site is only to be accessed using HTTPS. This configuration defaults to 31536000 (1 year) and accepts a maximum value of 63072000 (2 years).
    • The Bifrost service was previously exposed externally on port 9683. This service is no longer required externally and is now only exposed to the local system to improve security.
    • Chef Infra Server now defaults to supporting only TLS 1.2 for API communication. This new default may require upgrading older releases of Chef Infra Client, which do not support TLS 1.2. On Linux/Unix/macOS systems TLS 1.2 is supported in Chef Infra Client 10.16.4 and later. On Windows systems, TLS 1.2 is supported on Chef Infra Client 12.8 or later.

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.4.4/20210520120637
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210601124849

Released on June 7, 2021

New Features

  • You can check and update the run list of the nodes from Chef Infra Server. Navigate to the run list tab: Infrastructure > Chef Infra Server > Server Name > Organization > Nodes. (#5086)
  • Reset the client key for a node from the Chef Infra Server page. (#5088)
  • Add tags to specific nodes by selecting Manage Tags from the node list options (Find it in the “more information” ellipses ...). (#5108)

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210527104155, which includes the following profiles:

CIS Windows 10 2004 v1.9.1

CIS MSSQL Server 2019 V1.1.0

Bug Fixes

  • The Chef Environment Cookbooks constraints capitalization has been fixed. (#5089)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210526024943

Released on May 31, 2021

Improvements

  • You can now search data Bags by specifying the name under the Data Bags tab in Chef Infra Server. You can search it at: Infrastructure » Chef Infra Server » Server Name » Organization » Data Bags.

Compliance Profile Updates

  • Compliance profiles are updated to version 1.0.0/20210519101158 which includes the following profiles:
  • Stig Windows 2016 v2.1.0
  • Stig windows Server 2019 v2.1.0
  • CIS SLES 15 V1.0.0
  • CIS MongoDB 3.6 v1.0.0

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210518074441

Released on May 24, 2021

New Features

  • A new tab Nodes has been included in the Chef Infra Server, which allows you to search for a specific node, view the list of nodes, and delete a node. You can access it at: Infrastructure » Chef Infra Server » Server Name » Organization. (#5018) (#5042)

  • In addition, selecting a specific node lets you view and update the information on Metadata, and Associated Tags for the selected node. (#5071)

Improvements

  • An improved text validation has been included in the text fields of the roles, data bags, clients, and environment in Chef infra Server. (#5026)

Bug Fixes

  • The empty event feed in Chef Automate with an embedded Chef Server enabled has been fixed. (#5052)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210504084406

Released on May 10, 2021

New Features

  • You can manage, create and modify roles directly in Chef Automate using Infra Server tab. #4948, #4991

Bug Fixes

  • We fixed the button for creating Chef Infra Servers so it stays the same size when you use it. #4987.
  • We increased the time limit for downloading large Client Run reports to five minutes, giving you more time to export your reports from Chef Automate. #5002.

Compliance Profile Updates

  • 1.0.0/20210428072809

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210420090302

Released on April 26, 2021

Improvements

  • Chef Infra Server UI has been improved and updated with more features.
  • The UX of the Data Bags and Environments has been improved in Chef Infra Server (#4954) .

Bug Fixes

  • The content tab data can now be loaded on the Cookbook details page (#4927).
  • The message will now be shown if the admin key is invalid and the loading is active (#4946) .

Compliance Profile Updates

  • 1.0.0/20210415075651

Maintenance

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210406040048

Released on April 12, 2021

Improvements

  • UI Improvements have been made around Chef Server management (#4888)

Bug Fixes

  • Removed the 5 character restriction on TLD in FQDN while adding Chef Infra Servers (#4890)

Compliance Profile Updates

  • 1.0.0/20210324103413

Maintenance

  • Dependent node modules updated (#4835)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210324172345

Released on March 30, 2021

New Features

  • This release lets you manage more of your Chef Infra Server directly from Chef Automate. You can:
  • Create and update environments and data bags (along with data bag items).(4801, 4803)
  • Create clients and reset client keys.(4813)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.181/20201030172917
  • Chef Habitat Builder version: 8997/20200812161534
  • Chef Infra Server version: 14.1.0/20210225010013
  • Chef InSpec version: 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210309093358

Released on March 15, 2021

New Features

Chef Infra Servers can now be deleted from Automate User Interface. The Infra Server gets deleted along with it’s associated Organisations and Cookbooks, Roles, Environments, Data-Bags and clients.

Ability to create Clients.

Improvements

  • Compliance Profiles have been updated (#4724).
  • Elasticsearch is upgraded to 6.8.14 (#4761).
  • OpenJDK 11.0.2 is moved to AdoptOpenJDK version 11.0.10+9 (#4761).
  • Chef Server updated to version 14.1 (#4780).

Bug Fixes

  • The connectivity of the Elasticsearch Service cluster nodes has been fixed (#4769).

Known Issues

There are some investigated UI issues, listed here (#4808):

  • Create Client button is misaligned.
  • Delete popup modal width needs to be increased.
  • Roles List page is misaligned.

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.1.0/20210225010013
  • Chef InSpec version 4.24.32/20210112215549

Service Versions

This release uses:

  • Postgres: 9.6.11
  • ElasticSearch: 6.8.14
  • Nginx: 1.19.2
  • Haproxy: 2.2.2

View the package manifest for the latest release.

Chef Automate 20210219171521

Released on March 1, 2021

New Features

  • The updated Infrastructure tab lets you add Chef Infra Servers, giving you a comprehensive view of your Chef-managed systems.
  • Add organizations to each server.
  • View cookbooks, roles, environments, data bags, and clients for each organization.
  • Search and find roles, environments, data bag items, and clients from Chef Automate.

Improvements

  • Upgraded to Ruby version 2.6 (4425).
  • Added IDs on the Project and Role pages in the Settings tab (4393).
  • Added capability to create a backup from AWS ES service to AWS S3 (4664)

Bug Fixes

  • Chef Infra Server will proxy data-collector requests to Chef Automate (internal or external) instead of localhost. (4711).
  • Chef Infra Server will startup even if the local Chef Automate instance is stopped or if the external Chef Automate fails to resolve. (4684)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.65/20201020065137
  • Chef InSpec version 4.24.32/20210112215549

Chef Automate 20210129162733

Released on February 8, 2021

Winter 2021 Self-Care Release

We resolved some internal technical debt in this release. Reduced technical debt strongly correlates with increased developer well-being, and happier devs are already at work improving Chef Automate for the next release.

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.65/20201020065137
  • Chef InSpec version 4.23.4/20200909235900

View the package manifest for the latest release.

Chef Automate 20210125155346

Released on January 25, 2021

Improvements

  • We made Chef Automate more secure by moving the credentials from your user configuration into a secrets store (#4571):
    • Supports LDAP and MSAD bind passwords in the secrets field
    • You can pass secrets as environment variables
    • The config show terminal output is secrets-free

Bug Fixes

  • Fixed a bug in the 20210116175706 release that caused the deployment-service to crash with the migration of LDAP and MSAD passwords to an encrypted format.

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.65/20201020065137
  • Chef InSpec version 4.23.4/20200909235900

View the package manifest for the latest release.

Chef Automate 20210112001354

Released on January 14, 2021

Improvements

  • We added a button to make downloading compliance node details easier. (#4513)

Compliance Profiles

We added:

Bug Fixes

  • Selecting a specific date from the trend graph on the Compliance Tab loads the compliance data for that day. (#4536)
  • Selecting the pie chart on the Compliance Tab opens the corresponding report. (#4536)
  • Selecting “3 months” or “1 year” from the drop-down on the services sidebar loads data on the trend graph. (#4489)
  • We made the services sidebar easier to navigate by limiting the page-picker load to a maximum of five pages at one time. (#4508)
  • ServiceNow request failures give you a notification. (#4500)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.65/20201020065137
  • Chef InSpec version 4.23.4/20200909235900

View the package manifest for the latest release.

Chef Automate 20201230192246

Released on January 11, 2021

Improvements

  • Filter service instances in the Applications Dashboard by their connected or disconnected status. (#4452)
  • Visualize waived nodes and controls in the Reports Overview graphs. (#4456)
  • The Event Feed displays the Policyfile cookbook names in updates. (#4469)
  • Dynamically resolve externally deployed ElasticSearch and PostgreSQL hostnames using resolvers/Dynamic Name Servers. (#4454, #4486, and #4502)

Bug Fixes

  • The log message displays an error instead of a warning when all Elasticsearch publishers are full. (#4443)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.65/20201020065137
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20201127104018

Released on December 7, 2020

Improvements

  • The Chef Automate Compliance APIs show data for the last 24 hours by default unless an end_time is specified. (#4310)
  • Select the Last 24 hours option in the Reports search bar to view scan results for the last 24 hours. Select Choose Date (UTC) to see scan results from a selected day based on UTC timestamps. (#4358, #4437, and #4448)

Bug Fixes

  • Resolved pagination issues in the Client Runs Run History means that pagination should now appear as expected. (#4441)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.181/20201030172917
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20201106153948

Released on November 23, 2020

Improvements

  • Customize whether your SAML sign-in session expires after the default 24 hours or a duration of your choice. (#4400)

Bug Fixes

  • Select different node status filters in Client Runs and experience smooth navigation without jarring page jumps. (#4392)
  • The search bar calendar appears over the Reports results tabs, no matter your browser’s zoom level. (#4412)

Chef Automate 20201020140427

Released on November 9, 2020

Improvements

  • The server name no longer appears in network response headers to prevent any potential security scan failure. (#4397)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.139/20200824142405
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20201012185603

Released on October 26, 2020

Improvements

  • Experience a better workflow when managing node credentials (Settings > Node Credentials) with improved creation and deletion windows. (#4323)
  • The Local User sign in option may be removed from the browser sign in window if no local users exist. (#4386)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.139/20200824142405
  • Chef Habitat Builder version 8997/20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20201005173827

Released on October 12, 2020

Improvements

  • All internal services now listen only on localhost. (#4338)
  • The Node Detail view for Reports shows a “No tests were executed” results message when applicable. (#4352)
  • Filter in Applications with case-insensitive health filters. (#4388)
  • A confirmation screen appears when deleting a Node Integration. (#4348)
  • Delete a Node Integration and their associated nodes are also deleted. (#4348)

Bug Fixes

  • The rule name, not the rule ID, appears in the notification banner after creating an ingest rule for a project. (#4331)
  • The Report Metadata display in Reports no longer needs a horizontal scrollbar. (#4356)
  • The controls in the Reports scan results sidebar correctly map to their respective nodes. (#4357)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.139/20200824142405
  • Chef Habitat Builder version 20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20200922182722

Released on September 28, 2020

Improvements

  • The Go representation of Chef Automate’s external API is now available as a self-contained Go module. (#4298)
  • Filter for all connected Applications services when querying the Chef Automate API. (#4339)
  • Filter secrets by name when querying the Chef Automate API. (#4341)

Bug Fixes

  • Fixed a bug where a harmless browser console error appeared if you had any pending project edits and viewed Project Details for any project. (#4362)
  • Add User and Cancel correctly appear separate from a full list of users when adding users to a local team in the browser. (#4361)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.56/20200618202635
  • Chef Habitat Builder version 20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.23.4/20200909235900

Chef Automate 20200908235050

Released on September 9, 2020

Improvements

  • Presto Chango: Create Rule, Save Rule, and Add Condition in Settings > Projects > Project Details do not appear for users without the iam:projects:update permission. (#4316, #4317, and #4300)
  • Did You Know?: The user menu in the top navigation bar includes a link for Chef Patents. (#4283)

Bug Fixes

  • Focused: Only users with the relevant iam:projects:update permission may edit a project. (#4304 and #4301)
  • Softcoded: fakechefserver.eastus.cloudapp.azure.com no longer appears in the Desktop Dashboard’s Node Details display. (#4299)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.56/20200618202635
  • Chef Habitat Builder version 20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.22.22/20200826191347

Chef Automate 20200831163517

Released on September 1, 2020

New Features

  • Moving Day: The Chef Automate documentation has a new URL – docs.chef.io/automate – and the same design as the rest of our Chef documentation. You can still make pull requests for documentation changes in the Chef Automate repository, but the documentation directory has changed to github.com/chef/automate/components/docs-chef-io.
  • FYI: Lightweight Role-Based Access Control (RBAC) for Chef Habitat Builder is now here! Learn more about RBAC implementation. (#4269)

Improvements

  • Sunshine: See public packages under a public origin for Chef Habitat Builder with no browser-based authentication required. (#4269)
  • Expanded Horizons: Chef Infra Server included with Chef Automate now supports a wider range of TLS certificates when configured to send data collector data to an external Chef Automate server. (#4279)

Bug Fixes

  • New Location: data-feed-service moved from port 14001 to 10501 to be within our recommended ephemeral port range. (#4171)

Chef Product Versions

This release uses:

  • Chef Habitat version 1.6.56/20200618202635
  • Chef Habitat Builder API version 20200812161534
  • Chef Infra Server version 14.0.25/20200828081545
  • Chef InSpec version 4.22.8/20200804103652

Chef Automate 20200816214709

Released on August 24, 2020

Improvements

  • Server Found: Addressed sporadic 500 Internal Server errors from Chef Infra Server with a Chef Infra Server packages upgrade from 13.0.47 to 14.0.22. See Chef Infra Server PR #2064 for further details. (PR #4216)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.56/20200618202635
  • Chef Habitat Builder version: 20200601120044
  • Chef Infra Server version: 14.0.22/20200812153858
  • Chef InSpec version: 4.22.8/20200804103652

Known Issues

  • The Chef Infra Server included with Chef Automate may be unable to send data to the Data Collector endpoint of an external Chef Automate server. (#4264)

Chef Automate 20200811175306

Released on August 17, 2020

New Features

Bug Fixes

  • Entering “beta,” “lega,” or “feat” into a box no longer opens the feature flags window. (#4204)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.56/20200618202635
  • Chef Habitat Builder version: 20200601120044
  • Chef Infra Server version: 13.0.47/20200421235032
  • Chef InSpec version: 4.22.8/20200804103652

Chef Automate 20200807155122

Released on August 11, 2020

New Features

Improvements

  • No Matter How Far: Number inputs in Data Lifecycle adjust to show the entire value rather than limiting the display to two digits. #4121
  • Data Not Found: Desktop dashboard displays an empty state view when no data is available. #4156

Bug Fixes

  • Better Option: Creating a project no longer automatically creates local teams. #4149
  • High Availability: Adds and populates the bookshelf key pair, ensuring communication with the Chef Infra Server sandbox APIs. This is particularly important for bootstrapping HA deploys. #4161

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.56/20200618202635
  • Chef Habitat Builder version: 20200601120044
  • Chef Infra Server version: 13.0.47/20200421235032
  • Chef InSpec version: 4.22.8/20200804103652

Chef Automate 20200728181447

Released on July 30, 2020

Improvements

  • Live 24/7: The Desktop dashboard’s Node Details displays live data for all fields. (#4058)
  • Nifty: Customize your columns for the Filtered Desktop List in the Desktop dashboard. (#4083)
  • Beta Boom: Learn more about our Data Feed beta feature with our Data Feed documentation. (#3590)
  • More Context: Chef Automate now ingests reports generated from Chef InSpec runtime exceptions with the addition of status and root level status messages. (#4131)

Bug Fixes

  • Across the World: The date picker in Compliance Reports no longer switches to the day before the selected date for users in Australia and parts of Asia. (#4030)
  • Unlocked: Fixes to Chef Habitat Builder and backup-gateway address issues caused by an MinIO upgrade, where configuration became encrypted with an ephemeral key. (#4061)(#4077)
  • Better: Experience improved performance for control and control tag suggestions in the Reports search bar. (4134)
  • New Standard: The default maximum request size for the Chef Infra Server is now 4MB to minimize the chances of dropping large reports. This change only affects new installs. You can patch your configuration manually to get the same effect if seeing dropped reports when running an earlier version of the Chef Automate-deployed Chef Infra Server. (#4069)
  • Not From Around Here: Chef Automate now detects non-local Chef Habitat users and groups. (#4110) (#4122)

Chef Product Versions

This release uses:

  • Chef Habitat version: 1.6.56/20200618202635
  • Chef Habitat Builder version: 20200601120044
  • Chef Infra Server version: 13.0.47/20200421235032
  • Chef InSpec version: 4.21.3/20200702113741

Chef Automate 20200707173044

Released on July 13, 2020

Improvements

  • The Chef Automate Desktop dashboard list view features functional filters. (#3981)

Bug Fixes

  • Receive notifications for failed Chef Infra Client runs with no failed resources. (#4043)

Chef Product Versions

This release depends on:

  • Chef Habitat version: 20200601120044
  • Chef InSpec version: 4.21.3/20200702113741

Chef Automate 20200701215317

Released on July 6, 2020

Improvements

  • Vroom: Experience improved report ingestion speed!
  • Total Package: Chef Infra Server configuration now migrates with Chef Infra Server data as a part of the Chef Automate 1 migration process.
  • Beyond API: We expanded Applications Service Groups management to the browser! Look under the Data Lifecycle settings.

Bug Fixes

  • No Misdirection: Users no longer redirect to the Event Feed when trying to view the Scans list on a scheduled Scan Job with PR #3950.
  • Less Clicks: Chef Automate closes the “no license” pop-up window automatically within a few minutes for all users once a new license is applied, rather than requiring a manual browser refresh with PR #3949.
  • Unblocked: We restored functionality to Event Feed filters when filtering by Chef Infra Server, policyfiles, and cookbooks with PR #3985, PR #3986, and PR #3992.
  • Reactivate: You may now change an inactive API token to active in Token Details with PR #3991.
  • No More Blanks: Compliance Reports during exporting correctly account for control tag filters with a key and no value with PR #4001.

Chef Automate 20200617215626

Released on June 23, 2020

Improvements

  • Additional inspec runner logging means easier troubleshooting for “operation not permitted” errors with compliance profile installations.

Bug Fixes

  • A “could not get logged in user” error no longer displays for non-local users upon sign in.
  • Compliance Report nodes correctly filter by status when using Deep Filtering.

Chef Automate 20200610173731

Released on June 15, 2020

Improvements

  • The short of it: Truncated reports show the correct number of test results.
  • Closed and out: Optional configuration to sign-out users when they close the browser.

Bug Fixes

  • A11y: Accessibility fixes across Chef Automate.
  • Already there: GCP account scans won’t fail with “project_id must be included”.
  • Finer points: Significant refinements to the Applications page filters.
  • Scarequotes: Scans can handle tags with double-quotes.
  • Projecting: Consistently displays the complete list of projects associated with teams or tokens in Automate.

Chef Automate 20200603114954

Released on June 8, 2020

New Features

  • Automatically create admins, editors, and viewers teams during Project creation.

Improvements

  • An improved Policies drop-down list in the API Tokens creation window sorts and labels Chef-managed policies and custom policies.
  • Project filtering extends for scanned, manually-added nodes with an environment value that matches a project’s rules. Node lists from Scan Jobs and Compliance Reports will match where applicable.
  • Control results in the Node Detail display waived controls’ execution results if applicable.
  • Compliance Reports CSV exports include waived status, waiver justification, and waiver expiration date fields.

Bug Fixes

  • We fixed a number of accessibility bugs: all inputs now have labels, all headings are in sequence, and all small text increased to a minimum 11px font size.
  • We updated the Chef Habitat supervisor version to fix a memory leak issue.

Chef Automate 20200529133631

Released on June 2, 2020

Improvements

  • No Mouse: Navigate on-page filter controls by keyboard, such as the Health Status buttons in the Applications dashboard.
  • Keeping Tally: Compliance Report API includes a “removed_control_results” field, which shows how many failed/passed/skipped results are truncated when the report is too large. Learn more about these truncation settings in our Compliance Configuration documentation.

Bug Fixes

  • As Expected: Labels in the Applications Service Group Details sidebar wrap correctly in PR #3767. Fixes Issue #2150.
  • Abracadabra: Client Runs includes restored checkboxes and Delete Nodes in PR #3804. Fixes Issue #3802.

Chef Automate 20200520145933

Released on May 26, 2020

Improvements

  • Now Available: Filter your SAML groups as a part of your configuration settings.

Bug Fixes

  • Within Reach: Delete the last token on the API Tokens list with greater ease in PR #3591. Fixes Issue #2798.
  • On Auto: Window automatically closes after deleting a Notification in PR #3694. Fixes Issue #3659.
  • All in One Place: Compliance Reports no longer redistribute across multiple pages after applying a status filter in PR #3664. Fixes Issue #3144.
  • Streamlined: Selecting a second drop-down list during API Token creation causes the first open drop-down list to automatically close as expected in PR #3712. Fixes Issue #3533.
  • Expansion: We correctly support 64bit service IDs for the Applications dashboard in PR #3718.
  • Better Care: Most of our APIs no longer ignore unknown fields sent in JSON payloads. To opt out of this change, pass a Content-Type: application/json+lax request header to make the request behave as before, and to ignore and allow unknown fields. Fixed in PR #3690.

Chef Automate 20200513205422

Released on May 14, 2020

Improvements

  • Coordinated Universal Time: The time and date displays in Event Feed indicate their timezone value with the added “UTC” label.
  • Magic: The Dashboards tab in the top navigation bar appears only to users with the authorization access to view Event Feed.
  • Try It: Chef Automate works on smaller browser screens with responsive navigational displays.
  • Adjustable: Prevent system overload by specifying the maximum number of inflight data collector requests, which has a default value of sixty times the number of the machine’s available CPUs.

Bug Fixes

  • Expansion: Viewer Policy members export compliance reports by default in PR #3623.
  • Cartography: The values of when to label nodes as missing and to remove node data in Client Runs correctly map as of PR #3665. Fixes part of Issue #3651.
  • Less Shouting: Service Group channel names display as expected on the Applications dashboard rather than in all capital letters in PR 3650. Fixes Issue #3626.

Chef Automate 20200506172513

Released on May 11, 2020

Improvements

  • Quick Change: Adding a legacy data collector token automatically adds the created API token to the IAM Ingest Policy.
  • In Sight: Experience always visible user notifications, even if you scroll down the page!

Bug Fixes

  • Restoration: The /status API endpoint works as expected.
  • Limitless: We increased the maximum number of service IDs in the Applications dashboard, which provides one less reason for service-related outages.

Chef Automate 20200429153636

Released on May 4, 2020

New Features

  • Pick and Choose: Add policies when you make an API token with the new policy dropdown menu.
  • The Whole Nine Yards: Use the new chef-automate backup integrity command to validate your Chef Habitat Builder snapshots. This command includes subcommands to run validation checks and show snapshots’ validation status.

Improvements

  • What’s Not To Like?: Apply Changes in Project Filtering appears selectable in expected and appropriate situations.
  • Brownie Points: Take a look at our documented IAM Actions.
  • Heads Up: New Scan Jobs require a defined version for Chef Automate Profiles and validates this requirement at creation, which ensures the profile’s searchability and prevents profile malformation.
  • Make a Bee-Line: We added a “created_at” field for the Nodes API endpoint, so you can see when the node first reported into Chef Automate.

Bug Fixes

  • Easy as Pie: We fixed the breadcrumb navigation, so now you can navigate easily through pages in Compliance Reports with filters intact.
  • Know Your Onions: We fixed our API versioning, making the API Docs even more useful.
  • Rise and Shine: We restored SSM node scanning functionality for AWS EC2 and Azure VM Scan Jobs.
  • Bee’s Knees: Chef Automate allows buffer size configuration and rejects reports when too many messages exist in the buffer during ingestion.

Chef Automate 20200420162758

Released on April 27, 2020

Improvements

  • Advanced Sifting: Scan Job Reports support project filtering. When manually creating a node in Scan Jobs, tag the new node with an Environment value, which will pass into Compliance Reports, and the Compliance ingestion will use that environment for project assignment.

Chef Automate 20200416222158

Released on April 20, 2020

New Features

  • Template for Awesome: Chef Automate includes 2 custom IAM roles and 2 custom IAM policies for compliance-only access with its standard Chef-managed policies and roles.

Improvements

  • Stand and Deliver: The Clear Selection button in the Project filter clears only the selections made instead of clearing and applying the lack of Project selection.

Bug Fixes

  • Roster: The accurate list of remaining users on a team displays after removing a user.
  • As It Should: The loading screen disappears as expected if you navigate away from Compliance Profiles before the page finishes loading.
  • Moving Made Easy: Custom Identity and Access Management (IAM) v1 policies with a single-term resource, such as cfgmgmt, correctly migrate to IAM v2.
  • OK Backup: The Chef Automate-deployed Chef Infra Server’s /universe and /version endpoints handle correctly.
  • Toggle On: The active/inactive status of a token toggles successfully in the browser.
  • Act Locally: The Elasticsearch gateway is now only accessible on localhost.

Chef Automate 20200408145843

Released on April 13, 2020

New Features

  • Write This Down: In this release, users of Identity and Access Management v1 (IAM v1) automatically upgrade to Identity and Access Management v2 (IAM v2). All IAM v1 users, teams, tokens, and policies will migrate to IAM v2. Some details to keep in mind:
    • API Tokens created in the browser work differently in IAM v2. After creation, an API token will have zero permissions. Add the new API token to a policy to grant permissions.
    • Creating admin API Tokens from the CLI in IAM v2 uses a new command. The old CLI command will not work.
    • If your IAM v1 local team names contain non-alphanumeric characters other than hyphens and underscores, recreate these local teams and add them to policies for correct function in IAM v2.
    • Editor and Viewer roles change in IAM v2 from using the broad infra:* authorization action to more specific authorization actions, such as infra:nodeManagers:* and infra:nodes:*. We recommend updating the authorization actions for your custom roles accordingly.
  • Amazed: Set Data Lifecycle settings directly in the browser!
  • Every Morning: All appropriate views in Compliance Reports include Waiver information for nodes, profiles, and individual controls.

Bug Fixes

  • Believe: Compliance Reports appear and correctly filter by Job ID after you click on Report for a listed Scan Job on the Scan Jobs page.
  • Lately: Projects filter as expected when a page refreshes.
  • I Need to Know: Chef Habitat Builder deployed with Chef Automate completes backups without failing.
  • Someday: The previously scheduled time appears correctly when editing a Scan Job schedule.
  • No Scrubs: Status counts in Compliance Reports display accurate numbers regardless of status filters.

Backward Incompatibilities

  • From This Moment On: All API calls for removing or adding users to a team now expect membership_ids rather than user_ids.

Chef Automate 20200325163209

Released on March 30, 2020

Note

In the next Chef Automate release available on April 13th, 2020, users of Identity and Access Management v1 (IAM v1) will automatically upgrade to Identity and Access Management v2 (IAM v2). All IAM v1 users, teams, tokens, and policies will migrate to IAM v2. Some things to keep in mind:

  • If you want to upgrade to IAM v2 before this next release, see our upgrading to IAM v2 documentation, available until April 13th, 2020.
  • API Tokens created in the browser will work differently in IAM v2. After creation, an API token will have zero permissions. Add the new API token to a policy to grant permissions.
  • Check your scripts! Creating admin API Tokens from the CLI in IAM v2 uses a new command: chef-automate iam token create <your token name here> --admin.
  • If your IAM v1 local team names contain non-alphanumeric characters other than hyphens and underscores, these local teams will need to be recreated to function correctly in IAM v2.

Improvements

  • Good Times: The Elasticsearch gateway timeout default value increases from 5 minutes to 10 minutes to support installations with backups in Amazon S3.
  • That’s the Way: The Project Update banner respects a multi-user environment. All users’ browsers display pending edit notifications for projects and for project updates in progress.
  • Don’t Stop ‘Til You Get Enough: Check out our expanded IAM API documentation!
  • Stayin’ Alive: The “Your System is Compliant” banner appears when the scanned infrastructure’s status is waived on the Compliance Reports page.
  • Turn the Beat Around: Failed Compliance Scan Jobs return a more verbose error message.

Bug Fixes

  • Got to Be Real: The Project Update banner shows on all pages consistently.
  • Jump to It: The Project Details page updates correctly.
  • Second Time Around: The Save button on the IAM detail pages disables in a consistent manner when you return a value to its original state.
  • Stomp: IP addresses in a Compliance report no longer experience overwriting with incorrect values.
  • Celebration: The region value for an AWS Account scan populates correctly.

Chef Automate 20200316122114

Released on March 23, 2020

Improvements

  • If This Is It: Project update failures appear in the browser with an update banner that changes color and a clear failure message. Previously, a failed update showed the “edits pending” indicator with no explanation.
  • Time Will Reveal: Search for a Compliance report with time ranges and experience faster results!
  • Hello: Check out our expanded backup and restore documentation based on user feedback.

Bug Fixes

  • There’s No Stopping Us: Users may delete Applications services in batch without size limits using Chef Automate CLI.

Chef Automate 20200310163217

Released on March 16, 2020

Improvements

  • In Sync: Delete nodes on the Client Runs page and those nodes update as deleted in the Node Manager.
  • Time: Fetch a Compliance report faster in the browser or the API.
  • You Got It: Show Chef InSpec waiver information on Compliance report downloads, where applicable.
  • Little Things: See the estimated completion time sooner when you run a project update.

Bug Fixes

  • Never Gone: Editor and Viewer roles can view the Scan Jobs page and create a new scan job.
  • Roll With It: Fixed a bug where Elasticsearch backup deletions failed because Elasticsearch only allows one backup deleted at a time.
  • Step by Step: Experience increased resource efficiency when Elasticsearch performs a project update.

Chef Automate 20200303183409

Released on March 9, 2020

Improvements

  • Reference Section: Explore lots of new API Docs, which include API Tokens, IAM Policies, Scan Jobs, and Node Managers.
  • Ripple Effect: Mark nodes as Missing on the Chef Client Runs page, and their state will update to Missing with the Node Manager and for nodes found at the api/v0/nodes endpoint.

Bug Fixes

  • New Fix: IAM v2 users can now add a new data collector token when patching their existing configuration.
  • Clear: We resolved an issue where a large Chef Client Runs export would result in invalid JSON.

Backward Incompatibilities

  • Permanent Change: We removed all instances of /iam/v2beta/ in paths. We now exclusively use /iam/v2/.

Chef Automate 20200220011437

Released on February 24, 2020

Improvements

  • Update your projects in Access Management by selecting the Update Projects button that appears at the bottom of the page. A progress banner displays whenever an update is in progress.
  • Backups for Chef Habitat artifacts are now incremental. Only Chef Habitat artifacts that do not exist previously in the backup repository will be copied in full.
  • Chef Automate data backup includes Applications data.
  • Chef Automate Compliance backend supports Chef InSpec waivers.

Bug Fixes

  • We resolved bugs related to Chrome 80.0.3987.87 and modal windows in Chef Automate and in the Chef Automate API documentation.
  • We fixed a goroutine memory leak, which affected all services using the cereal-service library.
  • Chef Client Run reports with no entity_uuid field will now be rejected, which prevents bad report ingestion.
  • Failing profiles will be skipped and logged in an error message when migrating from Chef Automate 1 to Chef Automate 2, which allows the migration to complete instead of fail.
  • The Applications dashboard is now hidden if a user lacks the authorization for viewing.

Chef Automate 20200131232134

Released on February 10, 2020

New Features

  • Fresh: Use the now available compliance profiles for STIG updates:
    • RHEL 7 V2R6
    • RHEL 6 V1R26
    • Windows 2012 and 2012R2 Member Server V2R18
    • Windows 2016 V1R12

Improvements

  • Enhanced: The compliance profiles for CIS RHEL 8 include a number of improvements for logical correctness and readability.
  • Elective: Chef Habitat Builder may be deployed with only Chef Automate Authorization services rather than all of Chef Automate.

Bug Fixes

  • Better: Elasticsearch clusters managed externally to Chef Automate can now use Amazon S3 snapshots to successfully run back-ups.
  • Consistency: When users modify their display names, the display name updates in the User Menu.
  • Direct Effect: Deleting a project will be reflected immediately in the global project filter.

Known Issues and Workarounds

  • Alert!: If you use Chrome 80.0.3987.87, you may experience problems with modal windows. To resolve, navigate to a different page in Chef Automate, and then return the original page. We will have this issue fixed in the next release of Chef Automate. This modal window issue also affects our API Documentation, which should resolve by refreshing the page.

Chef Automate 20200127203438

Released on February 3, 2020

New Features

Improvements

  • One Less Step: Create and add users directly from a Team’s detail page.
  • Up-To-Date: Check out our refreshed Applications Dashboard documentation about how to see your Chef Habitat infrastructure in Chef Automate.

Chef Automate 20200123225613

Released on January 27, 2020

New Features

Improvements

  • Quicker Than Ever: We improved the 3-dot menu at the end of table rows, so the displays load much faster now.
  • See The Difference: The user management display features consistency improvements.
  • The More, The Better: We added more information to the output of the chef-automate backup show <backup_id> command to support debugging.
  • On The Same Page: The modified profiles search endpoint uses one (1) for the first page now, instead of zero, for consistency with other APIs.

Bug Fixes

  • Mended: We repaired a broken --patch-config flag for backup restores. Under most cases, this flag was being ignored and would result in a restore having the exact configuration as the backup.

Beta Features

Identity and Access Management v2

  • Prepare for Glory: We increased the project limit from 6 to 300.
  • Squashed: Fixed bug associated with using the browser back button after navigating from the Teams page to the Users page in Settings.
  • Targeted: The project filter and project assignment dropdown now features the ability to search for specific projects!
  • One Click: It’s now possible to clear all your project selections at once in the project filter.

Chef Automate 20200115001116

Released on January 21, 2020

New Features

  • Point of Reference: Check out our InSpec profiles for the CIS RHEL 8 v1.0.0 benchmark.

Improvements

  • Specific: Filtering by one or more control filters returns Compliance Reports with only the specified controls.

Bug Fixes

  • Less is More: Selecting the last day of the year on the Compliance Reports date filter no longer shows all data for the entire year.
  • How Stimulating: You may notice fixes for various minor display issues, which previously required refreshing the web browser to display properly.
  • Only the Guest List: The compliance profiles for CIS Azure Foundations v1.1.0 have a performance fix to control 1.3 that limits the query of AD users to only Guest users.
  • Full Report: Exported reports from the Client Runs page now includes full results, and matches the displayed results on the Client Runs page.
  • Enforced: You can now select policy_name as a filter in Compliance Reports page.
  • Dedupe: Adding an aws-ec2 integration no longer creates duplicate node records as Chef Automate now recognizes nodes already reported by chef-client.

Beta Features

Applications

  • More API Docs: We added Applications-related API docs for Service Groups and Services and for Service Management.
  • New Option: Filter service groups and services by disconnected status.
  • No More Switch: We removed the backend feature flag for the Applications Dashboard.

Identity and Access Management v2

  • Required Conditions: A project now needs to have zero ingest rules and be up-to-date in order to be deleted.
  • Better: Fixed a bug that caused errors to display poorly when adding users to teams or adding members to policies.
  • Accurate: Experience improved progress percentage calculation for project updates.
  • As Is: Underscores no longer change to hyphens when using the UI to create IDs for teams, tokens, and projects.
  • Correct Terminology: IAM-related error messages now use “members” instead of “subjects” to align with IAM v2.

Chef Automate 20191211163405

Released on December 16, 2019

New Features

  • Groundwork: We added some initial back-end and API support for Chef InSpec Waivers with more work to continue in the new year.

Improvements

  • Level Up: Chef Automate now uses Habitat 0.90.6, ElasticSearch 6.8.3, and OpenJDK 11.
  • Whack-a-mole: We resolved a few vulnerabilities that popped up from our periodic npm audit. (No actual moles were harmed.)
  • No Dawdling: Purges will now fail if each step of the purge does not happen within 10 minutes of scheduled execution.
  • Bite-sized: Compliance profiles now have server-side filtering and pagination! To maintain backward compatibility, only requests with the per_page parameter set to a non-default value, other than zero, will be paginated.
  • All the Metadata!: Client Run and Compliance Node detail views now display more metadata.
  • What’s Up, Doc?: The API docs feature a new section on our authentication header format, which follows the OpenAPI specifications for security definition objects.

Bug Fixes

  • Desensitized: The system now tolerates the final virgule in file paths, such as /path/to/backupid/. Previously, when passing a file path for backup purposes, only file paths with the last / removed would work, such as /path/to/backupid.
  • Rock On: We changed our configuration to avoid a low DefaultMaxTasks constraint for users on SUSE Linux Enterprise Server (SLES). Chef Automate failures with the error message “fork rejected by pids controller” should no longer appear.
  • Restored: Input styles on a random assortment of input fields resumed their normal, happy, and uniform styles after recent layout updates.
  • Working…: Menus in the top navigation no longer display behind the progress spinner overlay.
  • Permanent Marker: Users may no longer edit the name or tags on ingested nodes, or nodes with no manager, but other ingested nodes fields may be edited.
  • Noted: Clean up of the scanning functionality ensures that errors, when they exist, are always reported.

Beta Features

Applications

  • API It Up: The output of Habitat health checks is now exposed via the Applications APIs.
  • Expected Behavior: Selecting a health status filter with zero services in the Service Group Details sidebar no longer causes a new service group to be selected.
  • Steady: Selecting a new health status filter on the Service Group table will only change the Service Group Details sidebar if the new health status filter results do not include the currently selected Service Group.
  • Reversed: The Service Groups display used to switch current and previous health statuses when generating messages about health status changes, but we fixed this.
  • Keep It Simple: Note a small performance improvement by avoiding a double fetch of data.

Identity and Access Management v2

  • Speedy: Experience a substantially faster loading of the Projects List page, since we removed a network call per project.
  • Re-ordered: The percentage done display now progresses correctly after selecting the Update Projects button. Previously, the percentage done display would sometimes start at 100% and then quickly reset due to a minor race condition.
  • Stand Still: The Global Project Filter no longer auto-refreshes its project list while you select your project(s). Previously, users lost their selection due to the periodic auto-refresh of the displayed project list.

Chef Automate 20191129172405

Released on December 9, 2019

New Features

  • Knowledge is Power: API docs are live! Expect to see more documentation being added over the next few months.
  • New API endpoint: Export all historical reports for a node!
  • The Latest: Chef InSpec profiles for new Security Technical Implementation Guides (STIGs) are now available:
    • RHEL 6 V1R25
    • RHEL 7 V2R5
    • Windows 2012 and 2012 R2 (member server) V2R17
    • Windows Server 2016 V1R11
  • Ready: Check out our Chef InSpec profile for the CIS Debian Linux 9 v1.0.0 benchmark.

Improvements

  • Time Alignment: Experience improved labeling and adjusted UTC time display when selecting dates in Calendar displays and adding a new Schedule for Scan Jobs.
  • Keeping Tabs: A http /status endpoint is now available for monitoring a Chef Automate installation.
  • Quick: Authorization-related pages in the Chef Automate display will load much faster.
  • Compact: Compliance-related page displays now use the 3-dot control menu to improve the experience on smaller screens.
  • Synced: Event Feed now displays all dates and times in UTC.
  • Exit: Users now have the ability to sign out if their license has expired.
  • Nothing Here: Filter by a control tag that does not have any value in the Compliance Reports display.
  • Geography: Allow users to specify a default region to use when accessing the AWS API with an AWS Node Integration.

Bug Fixes

  • Corrected: Fixed an issue with control 4.1.6 in the CIS Ubuntu 18.04 compliance profile.
  • Fitting: Control 1.4.3 in the CIS CentOS 7 compliance profile will match either /usr/sbin/sulogin or /sbin/sulogin now.
  • Exam: Control 4.1.12 in the CIS CentOS 7 compliance profile now correctly tests auditd entries.
  • Boundaries Set: The compliance profile for CIS OSX 10.13 v1.0.0 no longer attempts to pull Chef InSpec resource code from GitHub.
  • Massive Edit: Compliance export fields with more than 32,000 characters in a cell will be truncated to avoid Excel reading errors.

Known Issues

  • In the Future: Formatting issues with the Profile Search input and Node Integration Create/Edit inputs will be resolved in the next release.

Beta Features

Applications

  • Organized: The newly refactored Applications API allows for consistency.
  • No More: The disconnected service CLI command is deleted.
  • Magic: We resolved the timewizard filtering bug.
  • Moved: You may noticed that we updated the Applications URL paths with our move away from beta.

Identity and Access Management v2

  • In An Instant: When creating a new project, owner, editor, and viewer policies are now automatically created.
  • Divine Design: It is now possible to configure the project limit.
  • At Once: Custom roles may now be deleted directly from the UI.
  • Squashed: Fixed bug that prevented email addresses from being used when adding member expressions in the UI.

Chef Automate 20191104205453

Released on November 12, 2019

Improvements

  • Adjustable: The default worker count for Scan Job workers will now be calculated based on available CPU. The new default is now equal to the number of CPUs plus two, so the minimum worker count is 2 and the maximum worker count is 10. Previously, the default was 10 unless user-configured otherwise.

Beta Updates

Applications

  • Squashed: Resolved bug where disconnected services were not reconnecting despite sending a new health check message.

Chef Automate 20191030224959

Released on November 4, 2019

New Features

  • Resourceful: IAM v2 Beta now includes resource-scoped access! We added resource-scoped access to the role-based access already present in Beta. Resource-scoped access allows you to create projects. When combined with policies, these projects refine your permissions around API Tokens, Teams, Roles, Policies, and ingested client run nodes and compliance nodes. Users with access to multiple projects can filter their view directly in the top navigation. Check out the updated IAM v2 user guide to learn more about our new features.

Improvements

  • Not Nothing: Within the API, you can now filter for an empty control tag value by requesting values with an empty string. This improvement will be expanded to the user interface (UI) in the near future.

Bug Fixes

  • Cited Sources: References on controls are now being read in correctly in Elasticsearch and are included on the full compliance report. References should be objects with a “ref” key/value, and a “uri” or “url” key/value. Anything not adhering to these standards will be ignored.
  • Time Travel: We resolved an issue on the Client Runs node history where all runs were listed as “a few seconds ago”. This field represents the duration of the run, which now has been updated for clarity.

Chef Automate 20191024135531

Released on October 28, 2019

New Features

  • Historical Record: A new API endpoint exists to download historical reports for a Client Runs node, and respects time filters.

Improvements

  • Capital: Filter suggestions on the Client Runs page now display names with accurate casing.
  • All Summed Up: The Controls tab on Compliance Reports page now shows the total amount of controls in the tab header.

Bug Fixes

  • Making Reality Happen: A bug caused some displays of local time to be labeled as UTC, but now the time correctly displays in UTC time.
  • Camouflage: We resolved a bug that caused nodes in the Client Runs page to not display their attributes.

Chef Automate 20191015190829

Released on October 21, 2019

New Features

  • Know More: Check out the newly added Controls List tab in the Compliance Reports page! Currently, you can view up to 100 controls at a time. Use the search bar filters, including control tag filters, to narrow down the list. We plan to expand the number of viewable controls to the total controls count in the near future.

Bug Fixes

  • Lens Fix: Resolved a bug where viewing Scan Results from the Profile Details view did not correctly apply the control filter and distorted the status results.

Chef Automate 20191007115919

Released on October 14, 2019

Improvements

  • Reset the Clock: The API Tokens, Node Credentials, and Node Integrations pages have been updated to follow our new standard for date/time values, such as Wed, 03 Jul 2019 17:08:53 UTC.
  • Enhanced: Wildcard search on the Compliance Reports page now supports full platform and full profile searches, so now you can search with the version number included.
  • Specific: Compliance Reports, whether viewed via download, scan results, or node details, will now only include controls matching the specified control tag filters when a control tag filter is applied.
  • Quality: The compliance profiles for STIG RHEL 7 now feature Code Compliance Inspector (CCI) reference tags.
  • More Control: The compliance profiles for STIG Windows Server 2019 now include control SV-103097r1 implemented.

Bug Fixes

  • Logical: Compliance profiles for STIG Windows 2016 incorporates a fix for the test logic in control SV-88161r1.
  • Rational: Compliance profiles for STIG RHEL7 V2R2 contains a fix for the test logic in control SV-86609r2.

Chef Automate 20191001203421

Released on October 7, 2019

New Features

  • Copy & Paste: Compliance Reports now saves the selected filters in the URL, which means a copied URL from Compliance Reports will reflect your applied filters!
  • Time Scale: You can now use the trend graph in Compliance Reports to select a date for the calendar filter. Simply find the preferred date on the trend graph, click, and watch the page update with the new date filter!
  • Try It Out: The Compliance Reports bubble graphs are now interactive! Click on one of the bubbles to apply the desired filter to the report.
  • Sorted: You can now filter by control tag in the Compliance Reports UI! We appreciate your patience with this new functionality as we continue to squash some small bugs.
  • New Entry: A new API endpoint is available for listing controls in compliance reporting with a2-url/compliance/reporting/controls
  • More!: Check out our new compliance profiles:
    • CIS Apple MacOS 10.13 v1.0.0
    • STIG Windows Server 2019 V1R1

Improvements

  • Consistency: Entering an invalid URL will now redirect users to the Event Feed page.
  • New, Yet the Same: The Compliance Reports search bar has been updated to use “Chef Organization” and “Chef Tag” instead of “Organization” and “Chef Tags,” which is consistent with the Client Runs search bar.
  • Are You Sure?: When deleting a node credential, a confirmation dialog box will appear before executing the delete query.
  • We’re sure: Release manifest signatures are verified during installation and upgrade.

Bug Fixes

  • Export Options: Chef tags are now exported in the Client Runs JSON export!
  • Ancient History: The Client Runs Run History panel no longer closes when filtering by date.
  • Improvement: Fixed several controls in the CIS Windows Server 2016 v1.1.0 compliance profile where REG_MULTI_SZ registry keys were not being correctly tested.
  • Squashed: Resolved a bug where stale user membership data would load briefly on the Team Details page.
  • Uncovered: Long profile titles and descriptions are no longer partially covered by action buttons.
  • Time Travel: Fixed an issue in Compliance Reports where clicking on a day in the previous or next month on the calendar widget incorrectly selected that day in the currently selected month.
  • Picture Perfect: Fixed a bug in restoring an Elasticsearch snapshot with many indices.
  • Stay With the Plan: Fixed a bug in executing data lifecycle scheduled jobs.

Chef Automate 20190904132002

Released on September 9, 2019

New Features

  • New!: Check out the now available compliance profiles for CIS MacOS 10.13 v1.0.0.
  • Level Up: Compliance profiles for CIS AWS v1.0.0 now provide both a Level 1 and Level 2 profile, and supersedes the previously released “Foundations” profile, which is no longer available in the Profiles page.

Improvements

  • Solid: Dex, part of Chef Automate’s authentication system, now uses a more secure set of TLS ciphers.

Bug Fixes

  • Sorted: Within the compliance reports’ Nodes tab, the Platform column now correctly sorts by both platform name and platform version.
  • Out of Order: For the CIS Windows 2016 v1.1.0 compliance profile, we fixed a bug where the security policy controls depended on a specific ordering of results when the ordering is not significant.
  • In Line: We matched CIS’s recommendations by fixing the following compliance profiles:
    • CIS RHEL 7 v2.2.0 compliance profile now has the expected result of control 4.1.12 and does not expect the option -S all
    • CIS Ubuntu 18.04 compliance profile features fixed logic in control 4.1.7
  • Render: We corrected the metadata for STIG compliance profiles, so that they use valid SemVer version strings.

Backward Incompatibilities

  • The data-lifecycle-service component has been removed. Data retention is now configured on a per-service and per-policy basis though remote procedure calls to individual services. During the upgrade to this version, any configured service retention settings will be migrated as is. After the upgrade has completed, configuration of data retention with chef-automate config will no longer be supported. See the data retention documentation for more information on configuring retention policies.
  • After the upgrade to this version, the following configuration keys will not be accepted:
    • compliance.v1.sys.retention.compliance_report_days
    • event_feed_service.v1.sys.service.purge_event_feed_after_days
    • ingest.v1.sys.service.purge_converge_history_after_days
    • ingest.v1.sys.service.purge_actions_after_days
    • data_lifecycle

Chef Automate 20190827222442

Released on September 3, 2019

Bug Fixes

  • Unblocked: Fixed results that were incorrectly reported as zero when filtering by scan job or profile event type in the Event Feed.
  • All Clear: Solved a bug where long certificate chains for external PostgreSQL might be erroneously rejected.
  • Decreased Static: Reduced some cases where PostgreSQL connection closings resulted in noisy log messages.

Chef Automate 20190820163418

Released on August 26, 2019

Improvements

  • Bumped: We updated the InSpec version included with Automate to version 4.12.0.

Bug Fixes

  • Searching for Something: We now prevent empty string suggestions from being returned for the ‘Error Message’ filter type in the Client Runs search.
  • No Detours: Clicking on a past Chef Infra run from Run History would incorrectly navigate the user back to the Client Runs nodes list rather than the Node Details page, but no longer!

Chef Automate 20190813170406

Released on August 19, 2019

New Features

  • Why Not Both?: You can now configure Automate to use both LDAP and SAML, rather than choosing between the two. You’re now able to choose up to one provider each for both LDAP and SAML.

Improvements

  • Top Navigation Changes: Event Feed moved to under the Dashboards tab, and Client Runs relocated to under the Infrastructure tab.
  • Better Fit: Chef Server Organization and Chef Server filters have been moved from the left-navigation menu to the on-page filter box for both the Event Feed and Client Runs pages. This change allows you to filter by multiple Server Organizations and Servers, and also to share and bookmark page URLs with filters still applied.
  • More Sorting: We added a filter box to the Event Feed page with options to filter by Chef Server Organization, Chef Server, and Event Type.
  • Status Check: The Nodes display under the Compliance tab now features filter buttons for Failed, Passed, and Skipped states.
  • Key Point: We improved keyboard accessibility on the Chef Automate Sign In page.

Bug Fixes

  • Resolved: We fixed an UI failure for older browsers without native customElements support.
  • Corrected: The “Mark Nodes Missing” data lifecycle job no longer runs with the wrong threshold.

Chef Automate 20190806202030

Released on August 12, 2019

Improvements

  • Teamwork: Look for an improved experience when managing local teams and their users.

Bug Fixes

  • Bugs Done-y: Periodic “Apply Rules” backend calls would return 403 errors for most users on IAM v1, but this no longer happens.
  • Don’t Be Buggin’: When migrating compliance data in ElasticSearch, incomplete reports are now skipped, which prevents service failures.

Chef Automate 20190729085402

Released on August 5, 2019

New Features

  • Login with SAML: You can now configure the name ID policy format to use. When left untouched, name ID policy format still defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent. Please consult the documentation for the list of accepted values.
  • Check It Out: The following compliance profiles are now available:
    • CIS Apple OSX 10.12, v1.0.0
    • CIS Apple OSX 10.11, v1.1.0
    • CIS Apple OSX 10.10, v1.2.0
    • CIS Apple OSX 10.9, v1.3.0
    • CIS Apple OSX 10.8, v1.3.0
    • CIS Apple OSX 10.6, v1.0.0
    • CIS Apple OSX 10.5, v1.1.0
    • CIS Ubuntu 18.04 LTS, v1.0.0

Improvements

  • Clear Your Mind: We removed the shadows from the top and left navigation menus to make Chef Automate easier on your eyes.
  • New Version: Chef InSpec has been upgraded to version 4.7.18.
  • Even More Suggestions: We increased the maximum number of suggestions on the Compliance page’s search bar to 100.
  • Better Sorting: We made improvements on how local users are filtered in the following Windows profiles:
    • CIS Microsoft Windows Server 2016, v1.1.0
    • CIS Microsoft Windows Server 2016, v1.0.0
    • CIS Microsoft Windows Server 2012, v2.0.1
    • CIS Microsoft Windows Server 2012 R2, v2.3.0
    • CIS Microsoft Windows Server 2012 R2, v2.2.1
    • STIG Microsoft Windows Server 2016, v001.009
    • STIG Microsoft Windows Server 2016, v001.006

Bug Fixes

  • Found: Our recent fix addresses some suggested values missing from the Compliance page’s search bar.
  • Getting Through: We squashed a bug where notifications were not being sent for some custom InSpec profiles.
  • No More Annoying Boxes: We turned off browser form autocompletion for both the Client Runs and Compliance pages’ search bars to save some sanity when entering a search filter.

Chef Automate 20190722200451

Released on July 29, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

Improvements

  • Consistency: The updated Compliance search bar now displays the same look as the Client Runs search bar.
  • Parallelize This!: Experience performance improvements for multi-ElasticSearch node setups when ingesting a high load of Chef Infra reports.
  • Profile Updates: The CIS RHEL 7 v2.2.0 and CIS Ubuntu 18.04 v1.0.0 compliance profiles feature numerous improvements. Changes include code readability improvements, and updates to the control logic that ensures controls pass and fail correctly for certain edge cases.

Bug Fixes

  • May I Suggest?: The Clients Runs search bar now will list all suggested cookbooks rather than limiting results when the suggested values exceeded 100 items.

Chef Automate 20190717161024

Released on July 22, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

Improvements

  • Easily Read: We have improved the readability of the CIS RHEL and Ubuntu compliance profiles.
  • Check It Out: CIS Ubuntu 16.04 v1.0.0 compliance profile features a number of fixes and improvements.
  • Keeps Going: chef-automate airgap bundle create now retries failed downloads of Habitat artifacts.
  • Security Detail: Our default cipher suite configuration no longer includes CBC-mode ciphers.
  • Default Try: chef-automate backup restore will attempt to restore the latest backup if no backup ID is given.

Bug Fixes

  • That’s Not My Name: Fixed an incorrect variable name in control SV-86877r3 of the STIG RHEL7 v002.003 compliance profile.
  • No More Mr. Mice Guy: chef-automate stop no longer hangs due to a bug.
  • Hugs not Bugs: A bug, related to HTTP_PROXY support in data-feed-service, previously prevented Automate from starting in some configurations, but we fixed that.

Chef Automate 20190711110747

Released on July 15, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

New Features

  • You Get a Compliance Update!: Compliance profiles are now available for the following platforms and versions:
    • STIG Red Hat Enterprise Linux 7, v2.2 (Cat 1, 2, and 3)
    • STIG Red Hat Enterprise Linux 7, v002.003 (Cat 1, 2, and 3)
    • STIG Red Hat Enterprise Linux 6, v001.023 (Cat 1, 2, and 3)
    • STIG Microsoft Windows Server 2012/2012 R2 MS, v002.015
    • STIG Microsoft Windows Server 2016, v001.009

Improvements

  • Filled In: An array of each profile’s basic metadata - name, version, sha, status - will now be included as part of each node entry, and available to retrieve via API.
  • Adjust as Needed: Each maximum number of bundled Chef Client Runs (CCR) and Chef server action messages during ingestion now can be configured in Automate.

Bug Fixes

  • Character Trouble: Duplicate node names with uppercase characters no longer cause the Client Runs export functionality to go into an infinite loop.

Chef Automate 20190628200755

Released on July 1, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

Improvements

  • In Detail: Client Run CSV export now includes the error message for failed runs.
  • Independent of Shift: Compliance Reports wildcard searching is now case-insensitive.
  • Search Improvement: Search and filter by InSpec version in Compliance Reports search.
  • Easy on The Eye: JSON export for Compliance features properly formatted JSON.
  • Beautify: Appending ?pretty to most API endpoints now returns a pretty-printed JSON response.
  • From the Top: The Compliance export endpoint now respects start time.
  • New Endpoint: /compliance/reporting/report-ids returns a list of report IDs, and is not limited by the Elasticsearch 10,000 pagination issue.

Bug Fixes

Chef Automate 20190617144820

Released on June 24, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

New Features

  • Not a Random Search: Compliance Reports search now features wildcard searching, which is currently case-sensitive.

Bug Fixes

  • Multiply: Chef Automate no longer chronically logs out when multiple tabs are open.

Chef Automate 20190610211245

Released on June 17, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

New Features

  • Detect Easier: Search by common error message on the Client Runs page to find which nodes are failing in the same way.
  • Compliance Updates, Part One: Compliance profiles for STIG Red Hat Enterprise Linux 6 v1.22 (Cat 1, 2, and 3) are now available.
  • Compliance Updates, Part Two: Compliance profiles for STIG Windows Server 2012 / 2012 R2 Member Server v2.14 (Cat 1, 2, and 3) are now available.

Improvements

  • Spelled Out: User Menu and CLI have been updated to include the major version number of Automate (2) alongside the build number.

Chef Automate 20190605190944

Released on June 10, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

New Features

  • New API support: Upon ingestion of a report from Chef Infra or Chef InSpec, metadata information about the node and status of the report will be sent to the nodes API. Make API calls to the api/v0/nodes/search endpoint to find out which of your nodes passed their penultimate scan and failed the most recent one. The same can be done for the ccr status, and filters can be combined. See the Nodes API documentation for more information and examples.

Improvements

  • The Feature Formerly Known As: The Asset Store page is now known as the Profiles page in Automate and its documentation.
  • Change of Address: The following pages and their paths now appear under the expanded Compliance tab in the top navigation bar:
    • Reports - compliance/reports
    • Scan Jobs - compliance/scan-jobs
    • Profiles - compliance/compliance-profiles
  • Bam!: New nodes can now be added directly from Node Integration page under the Settings tab.
  • Search Expansion: New fields were added to the Compliance Report search:
    • Chef-server
    • Organization
    • Chef tags
    • Policy group
    • Policy name
  • No More Magnifying Glass: The Event Feed page features larger text sizes for better readability.
  • Customize Notifications: Specify to only send ServiceNow InSpec scan failure notifications for critical control failures.
  • Search Multiplier: Filter nodes for a scan job using multiple tag key/value selections.
  • Error Feedback: If a report is too large to be ingested, the scan job will now fail and send an error message.
  • Narrow Down: Suggestions that appear in the Client Runs search bar are filtered to only show values from the nodes currently visible on the page.
  • Name Tags Not Required: Nodes added without a name via cloud integrations will now use their ids instead.

Bug Fixes

  • Replaced Filter: Wildcard filters of the same type in the Client Runs search bar are now treated as ‘OR’ filters.
  • Keep It Simple: Compliance will now use one ElasticSearch connection per compliance-service instance. By reducing the number of sockets being managed, this solves a problem of receiving could not get elastic connection errors in Compliance.
  • In Order: Search bar types under the Client Runs page are now sorted alphabetically.

Chef Automate 20190513175357

Released on May 28, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

New Features

  • Expanded Forecast: Test your Azure configuration with API scanning, and scan the nodes in your Azure cloud account with Azure VM scanning. You can also test your Google Cloud Platform nodes with API scanning.
  • Improved Inspection: The Node Details page in Compliance includes the ability to show InSpec version.

Improvements

  • Please Excuse Our Dust: The user menu in the top navigation bar features design consistency and accessibility improvements.

Bug Fixes

  • Refreshing: A node rerun no longer results in a No ssm plugin found for train error.
  • Analyze This!: Better error handling exists for remote (ssm) scan jobs.

Chef Automate 20190506101326

Released on May 13, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our Important Compliance Outage Announcement.

Bug Fixes

  • Token of Our Appreciation: You will not see the error message, The security token included in the request is invalid, when running the CIS AWS profile as a scan job in Automate and using only an AWS access key id and secret.
  • Won’t Leave You Hanging: Quickly running sequential backups no longer results in the backup process freezing.

Chef Automate 20190501153509

Released on May 6, 2019

Upgrade Impact

ICYMI: If you are upgrading from a version prior to 20190410001346, please read our important announcement.

Improvements

  • More Time(stamps): Scan Results Nodes list, viewable from the Compliance Reporting Profiles, now displays in descending order of end_time and shows when it was scanned in the Scan Results view.
  • CAPS LOCK ON: Case-insensitive search is available when using the Asset Store search functionality.
  • Hello, My Name Is: Names are now one of the available tags for filtering Azure-VM nodes when creating a scan job.
  • Customize This!: Any default configuration value for the Microsoft Active Directory (MSAD) integration now can be overridden without using the generic LDAP adapter as a workaround.
  • Improved Control and Handling: The compliance profiles for STIG RHEL 7 V2R1 have two additional controls (SV-86587r4 and SV-95719r1) implemented. These controls previously resulted in a “skipped” result.

Bug Fixes

  • Cleared Up: Sorting by control failures in the Compliance Reporting Nodes list view previously would cause a 400 issue.
  • Set Right: The overview page for skipped nodes in Compliance Reporting has more consistent statuses.
  • No Red Flags: The applications-service will now start when a feature flag is not enabled on the upstream events-service.

Chef Automate 20190422213145

Released on April 29, 2019

Upgrade Impact

If you are upgrading from a version prior to 20190410001346, please read our important announcement.

Announcements

Upgrade Today! The release of the 7.5.0 Audit cookbook brings new features for Automate. Use a version > 7.5.0 of the Audit cookbook with Automate to enable population of IP Address and FQDN fields for JSON and CSV reports in Compliance Reporting.

Chef Automate 20190415203801

Released on April 22, 2019

Upgrade Impact

If you are upgrading from a version prior to 20190410001346, please read our important announcement.

New Features

  • Deep Filtering: View the state of your infrastructure via the Compliance tab from the perspective of a single profile, or a single profile and one of its child controls.
  • Compliance Improvements: Compliance profiles for CIS Windows Server 2016 v1.1.0 (Domain Controller and Member Server) are now available in the Asset Store. In addition to the standard Level 1 and Level 2 profiles, we also include CIS’s newly defined Next Generation Windows Security profiles, an optional compliance standard to be used in addition to Level 1 or Level 2.

Improvements

  • So Fresh: Skipped Profiles under Compliance Reporting node details got a refresh! You will now see the bolded name of the profile first, followed by the skip message from InSpec if one exists.

Bug Fixes

  • Many Happy Returns: Previously, a scan job node read would fail with a 500 error if the credential was deleted. We now return the node object, regardless of the state of its associated credentials.
  • On the Button: The report button will only appear on the actual scans list for a recurring job, rather than erroneously for a completed recurring job.
  • Compliance Fix: Control 2.2.1.3 of the CIS CentOS 7 v2.2.0 compliance profile no longer depends on a /etc/sysconfig/ntpd file that does not exist on all systems and is not required by CIS’s specification.

Chef Automate 20190410001346

Released on April 16, 2019

Upgrade Impact

We’re preparing the way for two great new features in Chef Automate—deep filtering in Compliance reporting and IAM v2 Beta. We’re making changes to the format for compliance results, which means that we’re migrating your compliance results to the new format. For most users, this migration will happen quickly and in the background. However, if your system has tens of gigabytes of compliance results for the current day, the migration may take hours.

Migration Process

We’ll migrate your current day’s compliance data first, and then migrate your earlier compliance data.

We’re making some systems unresponsive during the current day data migration, in order to protect your data’s integrity. Once the migration for the current day’s data finishes, these systems will operate normally. You’ll be able to use all of Chef Automate while we migrate your earlier compliance data.

During the current day’s data migration:

  • Compliance APIs and UI (Compliance page, Scan Jobs, Asset Store) will not be responsive
  • Scan jobs and incoming scan reports (from audit cookbook or inspec exec) will not be processed

We’re promoting this release to Automate’s “current” channel—which means this upgrade goes live—at 00:01am UTC (5:01 PM PDT). For customers who have automatic upgrades enabled, this should reduce the amount of time needed for the data migration, because you should have very little data in the current day’s results. We recommend that customers without auto-upgrades configured run their manual upgrades upgrade at 00:01 UTC, or shortly thereafter, in order to minimize their downtime.

Upgrading manually

If your Chef Automate installation isn’t configured for auto-upgrades, you will need to upgrade manually. We recommend that you run your manual upgrade at 00:01 UTC or shortly after to minimize downtime.

During the current day’s data migration:

  • Compliance APIs and UI (Compliance page, Scan Jobs, Asset Store) will not be responsive
  • Scan jobs and incoming scan reports (from audit cookbook or inspec exec) will not be processed

Your chef-client runs will be unaffected by the data migration and you will have access to the Event Feed, Client Runs and Settings UI.

The length of time that your system is impacted by the data migration is determined solely by the amount of data in the current date and the throughput allocated (CPU, IO, etc.) to your environment. Additionally, you may see a performance impact while older data is migrated to the new format, depending on your hardware profile and the resources assigned to the various Automate services.

We recommend taking the following steps to ensure a painless experience:

  1. Ensure that your system has an appropriate amount of heap memory assigned to Elasticsearch: https://automate.chef.io/docs/configuration/#setting-elasticsearch-heap

  2. Schedule the upgrade as close to 00:01 UTC as possible to reduce the amount of data in the current day.
  3. Test the upgrade in a non-production environment prior to upgrading if you have more than a few GBs of data. Monitor your resource consumption to ensure you have enough throughput and, if necessary, allocate more resources to minimize the impact to your system.

  4. Disable other resource intensive processes (such as backups, re-indexing, etc.) during the upgrade, or schedule them run at different time before or after the upgrade

  5. If you have problems with this upgrade, contact support for help: https://www.chef.io/support/get-started/

New Features

  • Zoom and Enhance: New Detail View for Node Manager is now available. Navigating to a node manager’s detail view will display its status and a list of the nodes that belong to that node manager.

Improvements

  • Easier to ID: Client run exports now include an IP address column.
  • R-E-S-P-E-C-T: Compliance suggestions now show results that match with your selected filter.
  • Make it Better, Do it Faster: We changed the controls in the CIS Windows Server 2012R2 V2.2.1 compliance profiles to be faster and have less load on domain controller instances.

Bug Fixes

  • Once, Mice, Three Times an Exterminator: Fixed a number of controls in the CIS CentOS 7 v2.2.0 compliance profile:
    • Controls that check home directories now correctly exclude system accounts
    • Controls are now correctly marked as passed when previously marked as skipped in 6.2.10 and 6.2.13
    • Control in 6.2.10 now accounts for symlinks and directories starting with a . character
  • On Time: The compliance profiles for CIS Windows 2012, 2012R2, and 2016 should now expect a value in seconds for user lockout duration rather than minutes.

Chef Automate 20190325233053

Released on April 1, 2019

New Features

  • Work It!: Existing Workflow users have access to the Workflow dashboard and tools in Chef Automate.
  • Switch It!: Toggle chef-automate maintenance [on|off] to use the new load balancer maintenance configuration option. When in maintenance mode, the load balancer serves an HTTP 503 error page, which is helpful to some users (Lookin’ at you, OWCA friends) keep their data safe during a maintenance window.

Improvements

  • Check It!: Rewrote controls in the CIS Windows Server 2012R2 V2.2.1 and STIG Windows 2016 compliance profiles, so they execute faster and with loads on the target system. Domain Controller instances with large numbers of users and groups should see improvement and particular benefits with these changes.
  • Find It!: Find more with less using the improved matching options for designating credentials for nodes from cloud integrations. When specifying tag key/value matches for your node integration nodes, we now support wildcard matching for:
    • suffix - *foo
    • prefix - foo*
    • contains - *foo*
    • exact - foo
  • Tag It!: We have removed the restriction that prevented users from adding node tags with :, *, etc.
  • Filter It!: We’ve added a prefix wildcard search (foo*) for scan jobs for the Automate manager node names and AWS-EC2 integration tag value searches.

Bug Fixes

  • Clean It!: We were a little too conservative in our package cleanup mode—cleaning up only the first in the list of candidate packages—now we will clean up the entire set of obsolete Automate-installed packages.
  • Use It!: Node Integrations update fixed! You’ll now use your most recent credentials after updating a node integration, rather than re-using the older credentials.
  • Fail It!: Scan jobs without any nodes should fail noisily (instead of silently)!
  • Log It!: CIS compliance profiles for Windows Server won’t return a false negative for the EventLog Retention control when the registry setting on the target host is stored as the datatype REG_DWORD.
  • Spell It!: Event feed incorrectly displayed “keies,” but now displays “keys” when multiple client keys are updated.

Chef Automate 20190304193624