Skip to content

Commit f38ed89

Browse files
lbakerchefIanMaddlbarry316
authored
Add Chef Infra Server 15.10.108 release notes (#4655)
* Add Chef Infra Server 15.10.108 release notes - Security: JWT CVE-2026-45363, addressable CVE-2026-35611, Erlang 10x CVEs - Security: Reduced /version endpoint information disclosure - Bug fix: Bifrost crash.log rotation config - Bug fix: chef-server-ctl reconfigure inspec-core crash - Improvement: log_rotation_type config option - Improvement: local license file check (OC_LICENSE_PATH, default off) - Updated: Chef Infra Client 18.10.17, knife 19.0.105, knife-ec-backup 3.0.8 - Updated: PostgreSQL client 13→14, Rails 7.1.6 Jira: CHEF-32260 Signed-off-by: Lincoln Baker <51833247+lbakerchef@users.noreply.github.com> * Edit release notes Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Editing Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> * Updated the release date based on a message from Vikram in the Sync chat server.md Signed-off-by: lbarry316 <118758673+lbarry316@users.noreply.github.com> * Updated date format based on #4678 server.md Signed-off-by: lbarry316 <118758673+lbarry316@users.noreply.github.com> * Updated version (as confirmed by Vikram) server.md Signed-off-by: lbarry316 <118758673+lbarry316@users.noreply.github.com> --------- Signed-off-by: Lincoln Baker <51833247+lbakerchef@users.noreply.github.com> Signed-off-by: Ian Maddaus <ian.maddaus@progress.com> Signed-off-by: lbarry316 <118758673+lbarry316@users.noreply.github.com> Co-authored-by: Ian Maddaus <ian.maddaus@progress.com> Co-authored-by: lbarry316 <118758673+lbarry316@users.noreply.github.com>
1 parent f8f0008 commit f38ed89

1 file changed

Lines changed: 50 additions & 0 deletions

File tree

content/release_notes/server.md

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,56 @@ summary = "Chef Infra Server release notes"
1717
<!-- cSpell:disable -->
1818
<!-- vale off -->
1919

20+
## Chef Infra Server 15.10.114
21+
22+
Released on June 25, 2026
23+
24+
### Security
25+
26+
- Updated `jwt` from 3.1.2 to 3.2.0 in `oc-id` and `chef-server-ctl`.
27+
- Updated `addressable` from 2.8.7 to 2.9.0 in `oc-id` and `chef-server-ctl`.
28+
- Updated Erlang/OTP from 26.2.2 to 26.2.5.
29+
- Updated Rack from 3.2.4 to 3.2.6.
30+
- The `/version` API endpoint no longer exposes internal library names and version details.
31+
32+
### Bug fixes
33+
34+
- Fixed an incorrect log rotation configuration in the Bifrost service where the request logger
35+
was writing to `crash.log` instead of `requests.log`. ([#4188](https://github.com/chef/chef-server/pull/4188))
36+
- Fixed a crash in `chef-server-ctl reconfigure` that caused a `NameError: uninitialized constant
37+
Parser::AST::Processor::Mixin` when the `addressable 2.9.0` security pin was active.
38+
([#4195](https://github.com/chef/chef-server/pull/4195))
39+
40+
### Improvements
41+
42+
- Added a `log_rotation_type` configuration option to select between `rotate` and `wrap` style
43+
request logging. Default behavior is unchanged.
44+
([#4188](https://github.com/chef/chef-server/pull/4188))
45+
- Added support for a local license file check, controlled by the `OC_LICENSE_PATH` build-time
46+
macro. When the macro is unset (the default), Chef Infra Server uses the `chef-automate` CLI to check the license, which is the previous default behavior. When set to
47+
a file path, Chef Infra Server reads the license from that location at runtime. If the file is
48+
missing or invalid, a 90-day trial period begins from the time of upgrade.
49+
([#4152](https://github.com/chef/chef-server/pull/4152))
50+
51+
### Updated components
52+
53+
- Chef Infra Client updated from 18.8.46 to 18.10.17.
54+
- knife updated from 18.8.68 to 19.0.105.
55+
- knife-ec-backup updated from 3.0.5 to 3.0.8.
56+
- PostgreSQL client updated from version 13 to 14.
57+
- Rails updated from 7.1.5.2 to 7.1.6 (includes a pending security fix).
58+
59+
### Service versions
60+
61+
This release uses:
62+
63+
- OpenResty 1.27.1.2
64+
- OpenJRE 17.0.9+9
65+
- PostgreSQL 13.22.tuxcare.1.0.1
66+
- OpenSearch 1.3.20-tuxcare-1.0.2
67+
- Rack 3.2.6
68+
- Valkey 7.2.11
69+
2070
## Chef Infra Server 15.10.91
2171

2272
Released on February 10, 2026

0 commit comments

Comments
 (0)