## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## Automate licensing The Chef Automate UI now notifies you if your Chef License is about to expire or has already expired. Enter a new license by selecting the link in the license notification at the top of the Automate UI and then paste your license in the **Apply new Chef Automate license** dialog. For more information, see the [Automate licensing documentation](https://docs.chef.io/automate/chef_automate_license/) or [contact your account team representative](https://www.chef.io/contact-us). ## Improvements - Password in backend nodes of Automate HA can be rotated from the Bastion system. - Removed ambiguity on the restriction of special characters in external database passwords ([#8308](https://github.com/chef/automate/pull/8308)). - Added a note in the Security Best Practices section so that users don't inadvertently update cache control headers in the configuration ([#8446](https://github.com/chef/automate/pull/8446)). - Remove database locking issue while restarting front end nodes and adding new nodes ([#8419](https://github.com/chef/automate/pull/8419), [#8444](https://github.com/chef/automate/pull/8444), [#8469](https://github.com/chef/automate/pull/8469), [#8475](https://github.com/chef/automate/pull/8475), [#8462](https://github.com/chef/automate/pull/8462), [#8481](https://github.com/chef/automate/pull/8481), [#8432](https://github.com/chef/automate/pull/8432)). - Use an external /hab volume instead of /tmp to solve cross device linking issues ([#8435](https://github.com/chef/automate/pull/8435), [#8436](https://github.com/chef/automate/pull/8436), [#8416](https://github.com/chef/automate/pull/8416)). - Updated Chef Automate Incident Creation app and Chef Automate Integration App to support ServiceNow Utah and Vancouver versions. ## Compliance Profile Updates - Compliance profiles are updated to version 1.0.0/20240704055643, which includes the new and improved profiles for: > * CIS AIX 7.2 v1.1.0 > * CIS Microsoft Windows Server 2012 R2 v3.0.0 > * CIS MariaDB 10.6 v1.0.0 > * CIS MacOS 13 Ventura v2.0.0 > * CIS Microsoft Windows 11 Enterprise v3.0.0 > * STIG Oracle Linux 8 v1.8.0 > * CIS RHEL 8 v3.0.0 > * CIS RHEL 7 v4.0.0 - This version improves the following profiles: > * CIS RHEL 7 v3.1.1 - code optimisation > * CIS CentOS Linux 7 v3.1.2 Benchmark Level 1 - Server controls were incorrect improved the password regex check - This version also fixes the following issues: > * CIS PostgresSQL v1.0.0 - removed default values from configuration. ## Bug Fixes - Fixed a bug to solve the scrolling issue in compliance reports ([#8392](https://github.com/chef/automate/pull/8392)) - Searching in Infrastructure report UI is now case insensitive ([#8395](https://github.com/chef/automate/pull/8395)) - Fixed a bug to improve the ease of filtering of nodes while doing wildcard search ([#8417](https://github.com/chef/automate/pull/8417)) - Fixed a bug to show filtered data in the event feed report after modifying the event feed date ([#8442](https://github.com/chef/automate/pull/8442)) - Fixed a bug to find the log file in Automate ([#8414](https://github.com/chef/automate/pull/8414)) ## Security ### Security Updates - Prototype pollution vulnerability has been solved to prevent exploitation during Javascript runtime: CVE-2022-46175, CVE-2022-24999 ([#8365](https://github.com/chef/automate/pull/8365), [#8337](https://github.com/chef/automate/pull/8337)) - Updated ansi-regex package version to fix CVE-2021-3807 ([#8365](https://github.com/chef/automate/pull/8365), [#8336](https://github.com/chef/automate/pull/8336)) - HA proxy package in Automate HA has been upgraded to solve CVE-2023-25725 ([#8380](https://github.com/chef/automate/pull/8380)) - Updated NATS server to solve CVE-2022-24450, CVE-2020-26892 ([#8423](https://github.com/chef/automate/pull/8423), [#8394](https://github.com/chef/automate/pull/8394)) - Solved a vulnerability in SAML connector to process SAML Signature validation: CVE-2020-27847 - Nullified shell escape sequence injection vulnerability in Rack components by solving CVE-2022-30123 ([#8385](https://github.com/chef/automate/pull/8385)) - Updated Nginx version to solve CVE-2022-41741 ([#8426](https://github.com/chef/automate/pull/8426)) - Updated OpenJDK to solve CVE-2023-22067, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952, CVE-2023-22081 and CVE-2023-22025 ([#8384](https://github.com/chef/automate/pull/8384)) - Updated Postgres database to solve CVE-2023-2454 and CVE-2023-39417 ([#8434](https://github.com/chef/automate/pull/8434), [#8412](https://github.com/chef/automate/pull/8412)) - Removed dependency from [polyfill.io](http://polyfill.io/) JS package to solve CVE-2024-38526 ([#8470](https://github.com/chef/automate/pull/8470)) ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 9497/20221221224518 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.14 - OpenSearch: 1.3.14 - Nginx: 1.25.4 - Haproxy: 2.2.29 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported framework versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.22+7 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.