## Bug fixes - Fixed a bug when patching the backup path using `chef-automate config patch`. ([#8341](https://github.com/chef/automate/pull/8341)) ## Security ### Security improvements - Fixed a security issue that allows Chef tags to accept HTML text, URL, all special characters, and weak cipher. ([#8355](https://github.com/chef/automate/pull/8355)) ### Security updates - Updated OpenSearch to 1.3.14 to fix the following CVE issues: - CVE-2023-45807 - CVE-2023-31141 - CVE-2023-25806 - CVE-2023-23933 - CVE-2023-23613 - CVE-2023-23612 - CVE-2023-20860 - CVE-2023-20861 - Updated NodeJS to 14.21.3 to fix the following CVEs: - CVE-2023-23918 - CVE-2023-23919 - CVE-2023-23920 - CVE-2023-23936 - CVE-2023-24807 - Updated marked to version 4.0.10 to fix the following CVEs: - CVE-2022-21681 - CVE-2022-21680 - Updated expressJS version to 4.18.2 to fix the following CVEs: - CVE-2022-24999 - Update ansi-regex to 5.0.1 which fixes the following CVEs: - CVE-2021-3807 - Update rack to 2.2.6.4 which fixes the following CVEs: - CVE-2022-30123 - Update yaml.v2 to 2.4.0 which fixes the following CVEs: - CVE-2022-3064 ## Chef packaged product versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 9497/20221221224518 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.14 - Nginx: 1.21.3 - Haproxy: 2.2.29 - Dex: 2.27.0 ## Supported external Chef products This release supports the following external Chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported framework versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.20+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.