## Announcement We are delighted to announce that our continuous effort to improve the installation and deployment experience of Automate HA has enabled the following features: - Ability to generate deployment config in an interactive way - Perform verification checks before deployment - Control Automate HA cluster from a single central bastion system ## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## Improvements - The ability to patch Chef Server FQDN and Root-CA in Automate HA from Bastion. ([#8099](https://github.com/chef/automate/pull/8099)) - The habitat package versions of the services running on front-end nodes can be monitored using the `chef-automate service-versions` command from the bastion host in Automate HA. ([#8113](https://github.com/chef/automate/pull/8113)) - The habitat services data reporting to Automate can be managed using the `chef-automate applications` command from the bastion host in Automate HA. ([#8114](https://github.com/chef/automate/pull/8114)) - The internal root certificates of the Automate nodes can be managed using the `chef-automate internal-ca` command from the bastion host in Automate HA. ([#8115](https://github.com/chef/automate/pull/8115)) - Improve `external-os-s3-bucket-access-check` verification check to add index delete permission to the s3 bucket. ([#8119](https://github.com/chef/automate/pull/8119)) - The config generator is improved to bring in bug fixes and more abilities. ([#8122](https://github.com/chef/automate/pull/8122)) - The update and deployment process in Automate HA validates the configuration with the option to skip validation in case of failure. ([#8123](https://github.com/chef/automate/pull/8123)) - The config `verify` command is now improved to enhance the checks. ([#8138](https://github.com/chef/automate/pull/8138), [#8139](https://github.com/chef/automate/pull/8139), [#8140](https://github.com/chef/automate/pull/8140), [#8144](https://github.com/chef/automate/pull/8144), [#8149](https://github.com/chef/automate/pull/8149)) - More configurations available in the standalone Chef Server are also available to be patched from the Bastion host in Automate HA. Please refer to the [Chef Infra Configuration In Chef Automate](https://docs.chef.io/automate/chef_infra_in_chef_automate/) document. ([#8152](https://github.com/chef/automate/pull/8152), [#8160](https://github.com/chef/automate/pull/8160)) ## Compliance Profile Updates - Compliance profiles are updated to version 1.0.0/20230831114438, which includes the new and improved profiles for: > CIS Oracle Solaris 11.4 v1.0.0 ## Bug Fixes - Fixing issue to show Compliance Trend graph for more than 24 hours. ([#8106](https://github.com/chef/automate/pull/8106)) - The patched token will now be used instead of regenerating a new token during update/add/delete nodes from the Automate HA cluster. ([#8118](https://github.com/chef/automate/pull/8118)) - Stop cleaning up of a2 workspace by running the `cleanup` command from Bastion in the Automate HA cluster. ([#8154](https://github.com/chef/automate/pull/8154)) ## Security ### Security Improvements (examples: new security configurations) - Improve Automate API responses to be more actionable and more restrictive to safeguard against Server Side Security Request Forgery. ### Security Updates (examples: dependency updates, CVE fixes) Updated OpenJDK version to v11.0.20+8 which fixes the following CVEs: * CVE-2023-22036 * CVE-2023-22006 * CVE-2023-22041 * CVE-2023-22045 * CVE-2023-22049 * CVE-2023-21968 * CVE-2023-21967 * CVE-2023-21939 * CVE-2023-21938 * CVE-2023-21954 * CVE-2023-21937 * CVE-2023-21930 * CVE-2023-25193 ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 9497/20221221224518 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.29 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.20+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.