## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| Click [here](https://docs.chef.io/automate/major_upgrade_4.x/) to know more. ## New Features - Ability to patch configurations from Bastion host of Automate HA ([#7470](https://github.com/chef/automate/pull/7470)) - Enhance Compliance Reporting APIs based on date range instead of a single date. Refer to the enhanced compliance report documentation. ([#7498](https://github.com/chef/automate/pull/7498)) - Added new Automate CLI command to uninstall Automate HA services from the nodes in On-Prem deployment of Automate HA ([#7481](https://github.com/chef/automate/pull/7481), [#7519](https://github.com/chef/automate/pull/7519)) - Support for AWS-managed database services for On-Prem deployment of Automate HA ([#7492](https://github.com/chef/automate/pull/7492)) - Ability to apply custom certificates to Automate services during deployment of Automate HA. Refer https://docs.chef.io/automate/ha_cert_deployment ([#7476](https://github.com/chef/automate/pull/7476), [#7500](https://github.com/chef/automate/pull/7500), [#7513](https://github.com/chef/automate/pull/7513)) - Ability to rotate certificates of Frontend and Backend nodes from the bastion node of Automate HA. Refer https://docs.chef.io/automate/ha_cert_rotation ([#7494](https://github.com/chef/automate/pull/7494), [#7522](https://github.com/chef/automate/pull/7522), [#7526](https://github.com/chef/automate/pull/7526), [#7536](https://github.com/chef/automate/pull/7536), [#7540](https://github.com/chef/automate/pull/7540), [#7541](https://github.com/chef/automate/pull/7541), [#7543](https://github.com/chef/automate/pull/7543), [#7544](https://github.com/chef/automate/pull/7544)) - Ability to capture journal logs at the custom path for Automate and each node of Automate HA. Refer https://docs.chef.io/automate/centralizing_log ([#7508](https://github.com/chef/automate/pull/7508), [#7542](https://github.com/chef/automate/pull/7542), [#7533](https://github.com/chef/automate/pull/7533)) - Ability to view configurations of all the nodes from Bastion host of Automate HA ([#7570](https://github.com/chef/automate/pull/7570)) - Added new Automate CLI command to add and delete frontend and backend nodes of Automate HA for On-Prem deployment ([#7563](https://github.com/chef/automate/pull/7563)) ## Improvements - Refactor the document for Backup and Restore of Automate HA ([#7433](https://github.com/chef/automate/pull/7433)) - Improved the documentation for On-Prem deployment of Automate HA ([#7493](https://github.com/chef/automate/pull/7493)) - Updated *knife-ec-backup* to version 3.0.1 ([#7505](https://github.com/chef/automate/pull/7505)) - Improved Automate HA troubleshooting document ([#7571](https://github.com/chef/automate/pull/7571)) - Updated Chef Automate Incident Creation app and Chef Automate Integration App to support ServiceNow San Diego and Tokyo versions - Improved Backup deletion command to validate backup id before operation ([#7641](https://github.com/chef/automate/pull/7641)) - Increased the default value of max shards to 2500([#7564](https://github.com/chef/automate/pull/7564)) - More configurations for Chef Server are now patchable when deployed with Automate and Automate HA. Refer the document for the complete list https://docs.chef.io/automate/chef_infra_in_chef_automate/ ([#7572](https://github.com/chef/automate/pull/7572)) ## Compliance Profile Updates Compliance profiles are updated to version 1.11.1/20221202074320, which includes the new and improved profiles for: * Rocky Linux 8 v1.1.0 * Oracle Linux 8 v2.0.0 * Alma Linux 8 v2.2.0 * Microsoft Sharepoint v1.1.0 * STIG RHEL 7 v3r8 * CIS Windows Server 2019 v1.3.0 * STIG Windows Server 2019 v2r2 * CIS RHEL 8 v2.2.0 control5.3.16 fix * CIS GKE v1.2.0 * CIS Windows 2016 v1.4.0 * CIS Azure Fundamental v1.0.0 ## Bug Fixes - Fix for Automate HA (v4.3.0) Backend node upgrade failure ([#7566](https://github.com/chef/automate/pull/7566)) - Fix for errors while fetching *gather-logs* data from faulty/inactive node ([#7525](https://github.com/chef/automate/pull/7525)) ## Maintenance ## Security ### Security Updates Updated OpenSearch version to 1.3.6 which fixes the following vulnerabilities: - CVE-2022-22971 - CVE-2022-35980 Updated OpenJDK version to 11.0.17+8 which fixes the following vulnerabilities: - CVE-2022-21619 - CVE-2022-21626 - CVE-2022-21624 - CVE-2022-21628 - CVE-2022-39399 - CVE-2022-21618 - CVE-2022-34169 - CVE-2022-21541 ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 10078/20220929100217 - Chef Infra Server version: 14.15.10/20220510065931 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.6 - Nginx: 1.21.3 - Haproxy: 2.2.18 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.15 - OpenJDK: 11.0.17+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.