Chef Blogs

Enterprise Chef 11.1.2 and Private Chef 1.4.8: Security Release

Joseph Smith | Posted on | Releases

The following item is new for Enterprise Chef 11.1.2 and 1.4.8 and is a change from previous versions.

opscode-webui
Don’t log or email the Rails session or environment from the exception handler. Doing so can cause user-submitted form values like passwords to be logged and emailed to administrators of the Enterprise Chef server when exceptions occur on the Management Console.