Latest Stories

Blog-Icon_7_100x385_Small

Ohai Chefs, Today we are releasing Chef Client 11.12.8 & 10.32.2-2 which include an updated version of OpenSSL that patches CVE-2014-0224. All installs of Chef Client should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Blog-Icon_4_100x385_Small

On Thursday June 5th at approximately 14:00 UTC, the CHEF engineering team was made aware of OpenSSL CVE-2014-0224. A bug in the OpenSSL framework could permit a MITM attack under certain circumstances using a carefully constructed request. Due to the nature of this vulnerabilty, we recommend that you upgrade your installations immediately.

Ian Garrison
Blog-S_Secure_100x385_Small

Open Source Chef Server 11.1.1 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Open Source Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Blog-Icon_2_100x385_Small

Enterprise Chef Server 11.1.6 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Blog-L_News_4_1283x494_Small

Enterprise Chef Server 1.4.11 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0224. All installs of Enterprise Chef should be upgraded immediately. This bug permits an attacker to execute an undetectable MITM attack on an otherwise secure connection.

Blog-Icon_1_100x385_Small

The Chef Community delivers yet again. John Ewart, a system architect, software developer, and lecturer based in California, recently published, “Managing Windows Servers with Chef” which can be purchased here.

Lucas Welch
Blog-Delivery_100x385_Small

Our good friends at Adobe have been awesome about providing technical insight into their use of Chef in the past. Yesterday, their lead security strategist Peleus Uhley, continued this trend with a very informative blog detailing Chef-automated security testing in Adobe’s private cloud infrastructure.

Lucas Welch
Blog-Icon_1_100x385_Small

Our friends at Riot Games have been awesome enough to tell their story at a number of Chef events, and even took us to school in a “Riot Rumble” here at Chef HQ last year. So it’s especially delightful to see Riot profiled in the Harvard Business Review.

Lucas Welch
Blog-S_Secure_-1_Small

We’re excited to announce the release of knife-hp  0.4.0, a major update to the plugin refactored to support the HP Helion Public Cloud version 13.5 release. HP’s API has changed to support a number of new OpenStack features (with many more to come), so the usage of the plugin has changed quite a bit.

Justin Fenton