From 2222996860eed7a1ffbbc90d48d328799f3fd02c Mon Sep 17 00:00:00 2001 From: jan shahid shaik Date: Fri, 2 Jun 2023 15:03:24 +0530 Subject: [PATCH 01/11] Updated license scout issues Signed-off-by: jan shahid shaik --- omnibus/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock index cc9322b568..af197f7263 100644 --- a/omnibus/Gemfile.lock +++ b/omnibus/Gemfile.lock @@ -192,7 +192,7 @@ GEM tomlrb (>= 1.2, < 3.0) tty-box (~> 0.6) tty-prompt (~> 0.20) - license_scout (1.3.5) + license_scout (1.3.6) ffi-yajl (~> 2.2) mixlib-shellout (>= 2.2, < 4.0) toml-rb (>= 1, < 3) From d55f1ceb0bc66348cbb3c50c16c9cf695e10a4a5 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Fri, 2 Jun 2023 14:15:53 +0000 Subject: [PATCH 02/11] Bump version to 15.6.12 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 7 ++++--- VERSION | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6aa2e9acd1..901016297d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,17 @@ # Chef Server Changelog - -## [15.6.11](https://github.com/chef/chef-server/tree/15.6.11) (2023-05-22) + +## [15.6.12](https://github.com/chef/chef-server/tree/15.6.12) (2023-06-02) #### Merged Pull Requests -- Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) +- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) ### Changes since 15.6.2 release #### Merged Pull Requests +- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) - Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) - Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot])) - Bump nokogiri from 1.14.2 to 1.14.3 in /src/oc-id [#3643](https://github.com/chef/chef-server/pull/3643) ([dependabot[bot]](https://github.com/dependabot[bot])) diff --git a/VERSION b/VERSION index 4464ec2a63..6b08d64564 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -15.6.11 \ No newline at end of file +15.6.12 \ No newline at end of file From 985dfee99044ff477dbc08462b6d69add70f8608 Mon Sep 17 00:00:00 2001 From: Vinay Satish Date: Tue, 16 May 2023 17:47:56 +0530 Subject: [PATCH 03/11] Updating the permission of local-mode-cache/backup Changing the backup property of the file and template resource would be a bigger change so changing the backup folder permission is a better option Signed-off-by: Vinay Satish --- .../infra-server/recipes/fix_permissions.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb index 989357c258..ff5a845b63 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb @@ -24,3 +24,18 @@ execute "find #{GEM_PATH} -perm /u=r,g=r,o=r ! -perm /u=x -exec chmod 644 {} \\;" do user 'root' end + +# We backup the files and templates in the folder /var/opt/opscode/local-mode-cache/backup +# the default vaule for the file and template resource is 5 i.e, there will be upto 5 backups of the +# files and templates that we use in the server-ctl cookbook. This includes the configs files also. +# To stop taking the backup, we need to explicitly mention the property backup as 'false' in all the +# usage of file and template resource in the server-ctl cookbook. +# We can secure the backups by changing the permission of /var/opt/opscode/local-mode-cache/backup +# to root user read only. (CVE-2023-28864) + +directory "/var/opt/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/local-mode-cache/backup" do + owner 'root' + group 'root' + mode '600' + recursive false +end From af0b0acd5c10b53c57678a549c892d8212edcb3f Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Mon, 12 Jun 2023 08:46:54 +0000 Subject: [PATCH 04/11] Bump version to 15.7.0 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 7 ++++--- VERSION | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 901016297d..2db84a044e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,17 @@ # Chef Server Changelog - -## [15.6.12](https://github.com/chef/chef-server/tree/15.6.12) (2023-06-02) + +## [15.7.0](https://github.com/chef/chef-server/tree/15.7.0) (2023-06-12) #### Merged Pull Requests -- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) +- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) ### Changes since 15.6.2 release #### Merged Pull Requests +- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) - Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) - Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) - Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot])) diff --git a/VERSION b/VERSION index 6b08d64564..dd6ecf975e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -15.6.12 \ No newline at end of file +15.7.0 \ No newline at end of file From 91086c96ccad812872fd682a9ebbb3ad3ddcc98b Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Wed, 14 Jun 2023 12:16:22 +0000 Subject: [PATCH 05/11] Update CHANGELOG.md to reflect the promotion of 15.7.0 Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 39 ++++++++++++++++++--------------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2db84a044e..5caab7d017 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,35 +1,32 @@ # Chef Server Changelog - -## [15.7.0](https://github.com/chef/chef-server/tree/15.7.0) (2023-06-12) - -#### Merged Pull Requests -- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) + - -### Changes since 15.6.2 release - -#### Merged Pull Requests -- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) -- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) -- Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) -- Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Bump nokogiri from 1.14.2 to 1.14.3 in /src/oc-id [#3643](https://github.com/chef/chef-server/pull/3643) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Update release process docs [#3631](https://github.com/chef/chef-server/pull/3631) ([lbakerchef](https://github.com/lbakerchef)) -- Bump pg from 1.4.5 to 1.4.6 in /src/chef-server-ctl [#3612](https://github.com/chef/chef-server/pull/3612) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Bump nokogiri from 1.14.0 to 1.14.2 in /src/oc-id [#3602](https://github.com/chef/chef-server/pull/3602) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Bump mixlib-install from 3.12.24 to 3.12.27 in /src/chef-server-ctl [#3591](https://github.com/chef/chef-server/pull/3591) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Bump activesupport from 7.0.4.1 to 7.0.4.2 in /oc-chef-pedant [#3588](https://github.com/chef/chef-server/pull/3588) ([dependabot[bot]](https://github.com/dependabot[bot])) -- Integrating with sonarcubes [#3628](https://github.com/chef/chef-server/pull/3628) ([vinay-satish](https://github.com/vinay-satish)) + +## [15.7.0](https://github.com/chef/chef-server/tree/15.7.0) (2023-06-14) + +#### Merged Pull Requests +- Integrating with sonarcubes [#3628](https://github.com/chef/chef-server/pull/3628) ([vinay-satish](https://github.com/vinay-satish)) +- Bump activesupport from 7.0.4.1 to 7.0.4.2 in /oc-chef-pedant [#3588](https://github.com/chef/chef-server/pull/3588) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump mixlib-install from 3.12.24 to 3.12.27 in /src/chef-server-ctl [#3591](https://github.com/chef/chef-server/pull/3591) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump nokogiri from 1.14.0 to 1.14.2 in /src/oc-id [#3602](https://github.com/chef/chef-server/pull/3602) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump pg from 1.4.5 to 1.4.6 in /src/chef-server-ctl [#3612](https://github.com/chef/chef-server/pull/3612) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Update release process docs [#3631](https://github.com/chef/chef-server/pull/3631) ([lbakerchef](https://github.com/lbakerchef)) +- Bump nokogiri from 1.14.2 to 1.14.3 in /src/oc-id [#3643](https://github.com/chef/chef-server/pull/3643) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Bump omnibus-software from `6a1c889` to `67a1705` in /omnibus [#3660](https://github.com/chef/chef-server/pull/3660) ([dependabot[bot]](https://github.com/dependabot[bot])) +- Add el-9 builder and tester to the pipelines [#3661](https://github.com/chef/chef-server/pull/3661) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) +- Updated license scout issues [#3666](https://github.com/chef/chef-server/pull/3666) ([jashaik](https://github.com/jashaik)) +- Setting file and template backup to false for the config files [#3659](https://github.com/chef/chef-server/pull/3659) ([vinay-satish](https://github.com/vinay-satish)) + + ## [15.6.2](https://github.com/chef/chef-server/tree/15.6.2) (2023-03-17) #### Merged Pull Requests - Update default OpenJRE to 11.0.18+10 [#3623](https://github.com/chef/chef-server/pull/3623) ([lbakerchef](https://github.com/lbakerchef)) - ## [15.6.1](https://github.com/chef/chef-server/tree/15.6.1) (2023-03-07) From c463061dd158796fdd43b0ae1343b60d411b3a11 Mon Sep 17 00:00:00 2001 From: Ian Maddaus Date: Tue, 20 Jun 2023 10:47:42 -0400 Subject: [PATCH 06/11] Update supported platforms page Signed-off-by: Ian Maddaus --- .../chef-server/adopted_platforms_server.md | 56 +++---------------- 1 file changed, 9 insertions(+), 47 deletions(-) diff --git a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md index 79b7f7a226..aeeec464d8 100644 --- a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md +++ b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md @@ -1,48 +1,10 @@ -The following table lists the commercially-supported platforms and versions for the Chef Infra Server: +The following table lists the commercially-supported platforms for Chef Infra Server: - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PlatformArchitectureVersion
Amazon Linux 2x86_642.x
CentOSx86_647.x, 8.x
Oracle Enterprise Linuxx86_647.x, 8.x
Red Hat Enterprise Linuxx86_647.x, 8.x
SUSE Linux Enterprise Serverx86_6412.x, 15.x
Ubuntux86_6416.04, 18.04, 20.04
+| Platform | Architecture | Version | +|------------------------------|--------------|---------------------------| +| Amazon Linux 2 | `x86_64` | `2.x` | +| CentOS | `x86_64` | `7.x`, `8.x` | +| Oracle Enterprise Linux | `x86_64` | `7.x`, `8.x` | +| Red Hat Enterprise Linux | `x86_64` | `7.x`, `8.x`, `9.x` | +| SUSE Linux Enterprise Server | `x86_64` | `12.x`, `15.x` | +| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04` | From 6ddcb5879eba304af8123dc98b4ddd12120a2992 Mon Sep 17 00:00:00 2001 From: Ian Maddaus Date: Tue, 20 Jun 2023 10:55:40 -0400 Subject: [PATCH 07/11] Add Ubuntu 22.04 Signed-off-by: Ian Maddaus --- .../chef-server/adopted_platforms_server.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md index aeeec464d8..e1f5ae09fe 100644 --- a/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md +++ b/docs-chef-io/layouts/shortcodes/chef-server/adopted_platforms_server.md @@ -1,10 +1,10 @@ The following table lists the commercially-supported platforms for Chef Infra Server: -| Platform | Architecture | Version | -|------------------------------|--------------|---------------------------| -| Amazon Linux 2 | `x86_64` | `2.x` | -| CentOS | `x86_64` | `7.x`, `8.x` | -| Oracle Enterprise Linux | `x86_64` | `7.x`, `8.x` | -| Red Hat Enterprise Linux | `x86_64` | `7.x`, `8.x`, `9.x` | -| SUSE Linux Enterprise Server | `x86_64` | `12.x`, `15.x` | -| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04` | +| Platform | Architecture | Version | +|------------------------------|--------------|-------------------------------------| +| Amazon Linux 2 | `x86_64` | `2.x` | +| CentOS | `x86_64` | `7.x`, `8.x` | +| Oracle Enterprise Linux | `x86_64` | `7.x`, `8.x` | +| Red Hat Enterprise Linux | `x86_64` | `7.x`, `8.x`, `9.x` | +| SUSE Linux Enterprise Server | `x86_64` | `12.x`, `15.x` | +| Ubuntu | `x86_64` | `16.04`, `18.04`, `20.04`, `22.04` | From 3acb58c2e04a6d542037b7021c11d0d3365abae2 Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Wed, 21 Jun 2023 12:24:32 +0000 Subject: [PATCH 08/11] Bump version to 15.7.1 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 12 ++++++++++-- VERSION | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5caab7d017..32f8337529 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,17 @@ # Chef Server Changelog - + +## [15.7.1](https://github.com/chef/chef-server/tree/15.7.1) (2023-06-21) + +#### Merged Pull Requests +- Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) - + +### Changes since 15.7.0 release + +#### Merged Pull Requests +- Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) diff --git a/VERSION b/VERSION index dd6ecf975e..d1a0eb1c34 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -15.7.0 \ No newline at end of file +15.7.1 \ No newline at end of file From dec13e756a933c6a0e416a4936207a1acc505473 Mon Sep 17 00:00:00 2001 From: Prajakta Purohit Date: Wed, 21 Jun 2023 05:33:49 -0700 Subject: [PATCH 09/11] Add steps to confirm docs update before release. Signed-off-by: Prajakta Purohit --- RELEASE_PROCESS.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/RELEASE_PROCESS.md b/RELEASE_PROCESS.md index 7e05e75f1b..25dc99be54 100644 --- a/RELEASE_PROCESS.md +++ b/RELEASE_PROCESS.md @@ -32,6 +32,10 @@ In order to release, you will need the following accounts/permissions: Upgrade Erlang dependencies via automated script. See https://github.com/chef/chef-server/blob/main/dev-docs/FrequentTasks.md#updating-erlang-dependencies-using-rebar3 . +### Update documentation + +Ensure documentation in [docs-site](https://docs.chef.io/) is updated for changes that would be included in the release. + ### Update Release Notes #### Pending Release Notes In Wiki From cdb1daf137e7030e785299498db831864c1287a6 Mon Sep 17 00:00:00 2001 From: Prajakta Purohit Date: Wed, 21 Jun 2023 05:45:56 -0700 Subject: [PATCH 10/11] minor verbiage changes Signed-off-by: Prajakta Purohit --- .../infra-server/recipes/fix_permissions.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb index ff5a845b63..96e6dba255 100644 --- a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb +++ b/omnibus/files/server-ctl-cookbooks/infra-server/recipes/fix_permissions.rb @@ -31,7 +31,7 @@ # To stop taking the backup, we need to explicitly mention the property backup as 'false' in all the # usage of file and template resource in the server-ctl cookbook. # We can secure the backups by changing the permission of /var/opt/opscode/local-mode-cache/backup -# to root user read only. (CVE-2023-28864) +# to read and write only for the root user. (CVE-2023-28864) directory "/var/opt/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/local-mode-cache/backup" do owner 'root' From 389da5d3e3f87cfc4de51496c064fc20b94aef1b Mon Sep 17 00:00:00 2001 From: Chef Expeditor Date: Wed, 21 Jun 2023 13:17:04 +0000 Subject: [PATCH 11/11] Bump version to 15.7.2 by Chef Expeditor Obvious fix; these changes are the result of automation not creative thinking. --- CHANGELOG.md | 7 ++++--- VERSION | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32f8337529..f07fdf5416 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,17 @@ # Chef Server Changelog - -## [15.7.1](https://github.com/chef/chef-server/tree/15.7.1) (2023-06-21) + +## [15.7.2](https://github.com/chef/chef-server/tree/15.7.2) (2023-06-21) #### Merged Pull Requests -- Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) +- Docs update [#3676](https://github.com/chef/chef-server/pull/3676) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) ### Changes since 15.7.0 release #### Merged Pull Requests +- Docs update [#3676](https://github.com/chef/chef-server/pull/3676) ([PrajaktaPurohit](https://github.com/PrajaktaPurohit)) - Update supported platforms page [#3675](https://github.com/chef/chef-server/pull/3675) ([IanMadd](https://github.com/IanMadd)) diff --git a/VERSION b/VERSION index d1a0eb1c34..0b363a8997 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -15.7.1 \ No newline at end of file +15.7.2 \ No newline at end of file