## Upgrade Journey

Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually.

| Your Current Version | Upgrade To |
| -------------------- | ---------- |
| Any version before 20220329091442| 20220329091442|
| 20220329091442| 3.0.x|
| 3.0.49| 4.x|

Click [here](/automate/major_upgrade/) to know more.

## New Features
- Disaster Recovery setup documentation for On-Prem deployment of Automate HA. ([#7425](https://github.com/chef/automate/pull/7425))
- Documented steps to add/remove/replace nodes in the existing Automate HA cluster. ([#7406](https://github.com/chef/automate/pull/7406))

## Improvements
- Updated contextual CLI messages for a seamless upgrade journey. ([#7377](https://github.com/chef/automate/pull/7377))
- Copying ElasticSearch configuration to equivalent OpenSearch configuration. ([#7377](https://github.com/chef/automate/pull/7377))
- Better disk space detection and improved shard allocation. ([#7377](https://github.com/chef/automate/pull/7377))
- Auto-deletion of old indexes which are no longer required. ([#7377](https://github.com/chef/automate/pull/7377))
- Auto-correction of old AWS S3 URL pattern for S3 backup. ([#7377](https://github.com/chef/automate/pull/7377))
- Added habitat package to ensure that **knife-ec-backup** can be performed on an air-gapped bundle and is available in the manifest file. ([#7424](https://github.com/chef/automate/pull/7424))
- Automation of backup configuration during On-Prem Deployment. ([#7410](https://github.com/chef/automate/pull/7410))

## Compliance Profile Updates

Compliance profiles are updated to version 1.11.1/20220809102847, which includes the new and improved profiles for:
- [CIS MS](http://1.ms/) Office 365 v1.4.0.
- CIS Microsoft Windows 2022 v1.0.0.
- CIS Oracle Linux 8 v2.0.0.
- CIS GKE v1.2.0.
- CIS Rocky Linux v1.0.0.
- STIG Ubuntu 20.04 v1R2.

**This update also includes fixes for:**

- CIS RHEL8 v2.0.0 control 6.2.7.
- CIS Windows Server 2012 v2.5.0 few controls title correction.
- CIS SQL Server 2019 v1.2.0 removes non ASCII characters from the title.

## Bug Fixes
- Better handle mismatch of controls and empty keys in the compliance report. ([#7379](https://github.com/chef/automate/pull/7379))
- Reduced failure possibility of data-collector API by ensuring that token is added to member policy.
- Improved search capability on client run reports to support node name search with ".". ([#7437](https://github.com/chef/automate/pull/7437))
- Fixed a bug related to using AWS S3 bucket access and secret key while deploying HA on AWS infrastructure. ([#7453](https://github.com/chef/automate/pull/7453))
- Fixed a bug related to Restore of Automate HA for Non-S3 Backup object store. ([#7446](https://github.com/chef/automate/pull/7446))

## Security

### Security Improvements
(examples: new security configurations)
- Content security policy headers (CSP headers) are added to Automate APIs ([#7458](https://github.com/chef/automate/pull/7458))
### Security Updates
(examples: dependency updates, CVE fixes)

## Chef Packaged Product Versions

This release uses:
- Chef Habitat version: 1.6.521/20220603154827
- Chef Habitat Builder version: 9978/20211221122808
- Chef Infra Server version: 14.15.10/20220510065931
- Chef InSpec version: 4.56.22/20220517052126

## Service Versions

This release uses:
- Postgres: 13.5
- OpenSearch: 1.2.4
- Nginx: 1.21.3
- Haproxy: 2.2.18

## Supported External Chef Products

This release supports the following external chef products:
- Chef Infra Server version: 14.0.58+
- Chef Inspec version: 4.3.2+
- Chef Infra Client: 17.0.242+
- Chef Habitat: 0.81+

View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.