## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## New Features - You now can rotate the passwords on OpenSearch in Automate ([#8300](https://github.com/chef/automate/pull/8300)). - Automate HA is supported on Red Hat Enterprise Linux 9 and Oracle Linux 9 operating systems ([#8310](https://github.com/chef/automate/pull/8310)). ## Improvements - Certificate rotation can now be done in all the Automate HA nodes using a single command ([#8261](https://github.com/chef/automate/pull/8261)). - Automate HA with this release will not need downtime to add a new node to the cluster ([#8275](https://github.com/chef/automate/pull/8275)). - Automate HA pre-deployment verification check now has the check to verify if all the nodes have the same hab uid ([#8290](https://github.com/chef/automate/pull/8290)). - Automate can show the Node Attributes in correct precedence in the Infra Server View tab ([#8319](https://github.com/chef/automate/pull/8319)). - To better understand product usage integrated with Pendo using a wrapper library ([#8299](https://github.com/chef/automate/pull/8299)). ## Bug Fixes - Fixed bug that was causing pre-deployment verification checks to fail in Automate HA for Kernel version 3.10 ([#8288](https://github.com/chef/automate/pull/8288)). - Fixed bug that was causing pre-deployment verification checks to fail in Automate HA for SSH access ([#8296](https://github.com/chef/automate/pull/8296)). - Automate can handle scenarios where Automate backup gateway service slowness to read backups causes failure while restoration ([#8297](https://github.com/chef/automate/pull/8297)). ## Security ### Security Improvements (examples: new security configurations) - Added Angular built-in sanitization. ([#8289](https://github.com/chef/automate/pull/8289)) ### Security Updates (examples: dependency updates, CVE fixes) - Updated DoorKeeper in ocid to resolve: > CVE-2020-10187 **Private Chef Supermarket users using this version of Automate must refresh their logins and re-authenticate Supermarket with Chef Identity** - Updated Dex library to v2.35 to resolve: > CVE-2022-39222 - Updated Minio to fix: > CVE-2023-28433 > CVE-2023-28432 > CVE-2023-28434 - Updated `moment.js` to v2.29.4 to resolve: > CVE-2022-31129 > CVE-2022-24785 - Updated `prismjs` to v1.29.0 to resolve: > CVE-2022-23647 - Updated `rule` to v2.7.2 to resolve: > CVE-2023-22467 - Updated `d3` to v7.8.5 to resolve: > CWE-400 ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 9497/20221221224518 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.29 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.20+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.