Ohai Chefs, Yesterday (2014-04-08) at 22:39 UTC to 23:16 UTC, Hosted Enterprise Chef search API requests were returning 502 HTTP response codes. One of the “killer features” of using a Chef Server is the search capability, so I know many of our customers rely on that API.

Ohai Chefs! Today we’re releasing patched versions of Open Source Chef Server and Enterprise Chef that address the OpenSSL security vulnerability CVE-2014-0160, also known as Heartbleed. We recommend that you upgrade your Chef Server install immediately.

Enterprise Chef 1.4.9 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0160, also known as the Heartbleed bug. All installs of Enterprise Chef should be upgraded immediately. The result of this bug is a trivial exploit that allows an attacker to read secrets from the memory of a compromised server.

Enterprise Chef 11.1.3 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0160, also known as the Heartbleed bug. All installs of Enterprise Chef should be upgraded immediately. The result of this bug is a trivial exploit that allows an attacker to read secrets from the memory of a compromised server.

Chef Server 11.0.12 is a security release that includes an updated version of OpenSSL that patches CVE-2014-0160, also known as the Heartbleed bug. All installs of Chef Server should be upgraded immediately. The result of this bug is a trivial exploit that allows an attacker to read secrets from the memory of a compromised server.

Get ready for three days of stirring up delight! #ChefConf kicks off on Tuesday and promises to be everything you need to make IT delightful: technical workshops, keynotes from leaders in DevOps and IT automation, sessions goodness, the Awesome Community Chefs Awards and, of course, a party!

New this year for our third annual #ChefConf is a panel we hope all of you will join us for at 4 pm (PT) in the Seacliff room.

Ohai folks, Today we’ve released Chef Client 11.12.0 & 10.32.2 with new releases of ohai and mixlib-shellout. Due to a tagging mishap we have skipped 10.32.0. Chef Client 11.12.0 includes ohai 7.0.0 and mixlib-shellout 1.4.0. Chef Client 10.32.2 includes ohai 6.22.0. Important: These releases remediate the recently published OpenSSL Heartbleed vulnerability (more info here).

Good day Chefs! As some of you may know, CVE-2014-0160 (“Heartbleed”) announced a vulnerability in certain versions of OpenSSL. Chef uses OpenSSL in its platforms (both hosted and on premise). We take the security of our software and your data very seriously.