## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## Compliance Profile Updates - Compliance profiles are updated to version 1.0.0/20241128081652, which includes the new and improved profiles for: > * CIS Oracle Linux 9 v2.0.0(Audits) > * CIS Debian Linux 12 v1.0.1(Audits) > * CIS Debian Linux 11 v2.0.0(Audits) > * CIS Windows Server 2022 v3.0.0(Audits) > * CIS MSSQL Server 2022 v1.1.0(Audits) > * CIS RHEL 9 v2.0.0 (Audits) > * CIS Ubuntu 24.04 v1.0.0 (Audits) ## Bug Fixes - Fix a typo in the certificate template script for Automate HA. ([#8616](https://github.com/chef/automate/pull/8616)) - Fix to reflect node name in URL while filtering by node name in the Compliance page ([#8621](https://github.com/chef/automate/pull/8621)) - Fix to prevent Opensearch restart by preventing config changes during the upgrade add/remove the node. ([#8632](https://github.com/chef/automate/pull/8632)) - Fix to avoid log line misses in case of centralized logging. You can refer to https://docs.chef.io/automate/centralize_logs for more configurations. ([#8635](https://github.com/chef/automate/pull/8635)) - Fix to apply Postgres root-ca certificate in the PostgreSQL backend node through the certificate rotate template. ([#8637](https://github.com/chef/automate/pull/8637)) ## Maintenance - We have updated the embedded Chef Infra Server to 15.10.21. This Infra Server installed from this version of Automate would require the application of an Automate License before use. Please refer to https://docs.chef.io/automate/chef_automate_license/#chef-server-under-automate-license. ## Security ### Security Updates (examples: dependency updates, CVE fixes) - Updated Golang version to 1.22.5, which fixes CVE issues. There are a few things to note: > * CVE-2024-38513 > * CVE-2024-25124 > * CVE-2023-45128 > * CVE-2023-45141 > * CVE-2023-41338 - Updated OpenSearch to 1.3.19, which fixes the following CVEs: > * CVE-2024-29736 > * CVE-2024-32007 ## Chef Packaged Product Versions This release uses: * Chef Habitat version:1.6.521/20220603154827 * Chef Habitat Builder version: 9497/20221221224518 * Chef Infra Server version: 15.10.21/20241126093701 * Chef InSpec version: 4.56.61/20240809111842 ## Service Versions This release uses: * Postgres: 13.14 * OpenSearch: 1.3.19 * Nginx: 1.25.4 * Haproxy: 2.2.29 * Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: * Chef Infra Server version: 14.0.58+ * Chef Inspec version: 4.3.2+ * Chef Infra Client: 17.0.242+ * Chef Habitat: 0.81+ ## Supported framework versions This release is built on the following framework versions: * GoLang: 1.22.5 * OpenJDK: 11.0.22+7 * Angular: 17.3.0 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.