It’s Chef release time again! This time, we’re skipping 0.8.12 and heading right to 0.8.14 due to a hiccup in our publishing process. Chef 0.8.14 has a huge amount of bug fixes and improvements, thanks to the tireless work of our awesome community. Most importantly, Chef 0.8.14 provides a fix for a privilege escalation vulnerability discovered and fixed by our community security guru, Tollef Fog Heen. The problem was that valid, non-administrator clients were able to edit their administrative status and become administrators. Users of previous versions should upgrade as soon as possible. In addition to this fix, the validation client created when you first install Chef server now only has enough privileges to register new nodes—it can no longer create admin clients. Knife’s configuration command has been updated to make this distinction much clearer.
Now, on to the fun stuff: two features we’re super proud of in this release are preliminary support for both the Windows platform and Ruby 1.9. Support for both Windows and Ruby 1.9 is limited to Chef client and Chef solo for now—Ruby 1.9 will be supported on Chef server when we upgrade to Merb 1.1.0.
On Windows, you are now able to use the file, directory, remote_file, remote_directory, template, and execute providers. We have also added a Windows service provider that allows you to stop, start and restart Windows services.
Our community was amazing as always during this release cycle. Your MVP for this release is Renaud Chaput. Renaud has been working with the FreeBSD Ruby team to get Chef running smoothly on FreeBSD, tackling a nasty bug where MRI’s threading implementation would cause Ruby to hang after forking a subprocess on FreeBSD. We are always excited about expanding platform support, so we are also tremendously excited about Renaud’s work to package Chef on FreeBSD.
Olivier Raginel added to our ever-expanding platform support with a patch that enables Chef to run correctly on Scientific Linux.
In addition to the security fixes I’ve already mentioned, Tollef Fog Heen contributed a ton of bug fixes and improvements, including the ability to purge remote directories of untracked files, improvements to our spec suite and more.
Matthew Kent fixed some particularly annoying bugs with Chef repo, and made sure Chef does everything in the right order when starting up as root and dropping privileges.
Farzad Farid fixed rake roles in Chef repo.
Bruce Krysiak fixed our user and group providers on Mac OS X 10.5.
Tim Harper contributed a patch to our revision deploy provider, allowing it to recover if its history cache was deleted. Thanks again, Tim.
Ben Standefer contributed a handy usability fix so Chef will reveal the culprit when a malformed metadata file is loaded.
Pierre Baillet added a text output format for knife for easier integration with shell scripts.
I’d also like to give a shout out to Kurt Yoder for catching a tricky bug right before release. We’d introduced a bug where knife would change its working directory to root, so commands like cookbook uploading would fail when given a relative path. This release is much better thanks to your testing, Kurt.
Also in this release, we’ve added some new knife commands to interact with cookbooks.opscode.com. `knife cookbook site download` downloads cookbooks (surprise!) and `knife cookbook site vendor` downloads a cookbook, then does some source control magic to stick that cookbook in a vendor branch. From there, you can tweak the cookbook for your environment, keep your changes in source control, and apply your patches to newer versions of the upstream cookbook when it is released. I’d like to thank everyone who contributed to the lively mailing list discussion that inspired this feature. We feel that sharing cookbooks is a big deal, and we’re happy you guys took the time to offer your thoughts and make sure we keep streamlining and improving this process.
Release Notes – Chef – Version 0.8.14