## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## New Features - You can now get the status of all the nodes in Automate HA cluster using the `chef-automate status summary` command from Automate HA Bastion host. ([#7776](https://github.com/chef/automate/pull/7776)) - You can now run `chef-automate start` from the Bastion host of Automate HA. ([#7808](https://github.com/chef/automate/pull/7808)) - Automate deployed Chef Infra Server now supports S3 as cookbook storage. ([#7796](https://github.com/chef/automate/pull/7796)) - Adding Nginx API endpoint to expose Nginx metrics for Automate. ([#7846](https://github.com/chef/automate/pull/7846)) ## Improvements - Ability to pass Sudo Password using environment variable while running CLI commands in Automate HA Bastion node. ([#7774](https://github.com/chef/automate/pull/7774), [#7799](https://github.com/chef/automate/pull/7799)) - The `chef-automate cert-rotate` command now rotates checks for new certificates before applying them in the HA nodes ([#7700](https://github.com/chef/automate/pull/7700), [#7843](https://github.com/chef/automate/pull/7843)) - The `chef-automate info` command is refactored and written in Golang ([#7798](https://github.com/chef/automate/pull/7798)) - You can now run `iam` commands from Automate HA bastion node. ([#7695](https://github.com/chef/automate/pull/7695)) - You can now run `license` commands from Automate HA bastion node. ([#7768](https://github.com/chef/automate/pull/7768)) - The deploy command with unique CN for every node will deploy OpenSearch nodes with an updated list of Domain Names. ([#7771](https://github.com/chef/automate/pull/7771), [#7815](https://github.com/chef/automate/pull/7815)) - Automate HA deployment command won't show warning or error related to unused or unset terraform variables. ([#7702](https://github.com/chef/automate/pull/7702)) - The `chef-automate backup restore` shows all the errors properly when invoked from the Automate HA Bastion host. ([#7734](https://github.com/chef/automate/pull/7734)) - The `chef-automate config patch` can now reconfigure the OpenSearch backup location. ([#7744](https://github.com/chef/automate/pull/7744)) - Modified the `default_max_size` config for maximum request size to 4MB for Automate shipped Chef Server. ([#7783](https://github.com/chef/automate/pull/7783)) - Added `ssh_group_name` in the Automate HA deployment configuration to pass the customized ssh user group. ([#7819](https://github.com/chef/automate/pull/7819)) ## Bug Fixes - Fixed the bug to display Node Error log data for failed nodes in the client runs the report. ([#7705](https://github.com/chef/automate/pull/7705)) - Fixed the bug causing Automate to download zero-byte reports on the export of compliance and client-run reports for many nodes. ([#7707](https://github.com/chef/automate/pull/7707), [#7710](https://github.com/chef/automate/pull/7710)) - Fixed the bug which changes the assigned project of an Automate token on toggling the status ([#7720](https://github.com/chef/automate/pull/7720), [#7825](https://github.com/chef/automate/pull/7825)) - Fixed the bug to show the client-run report for scans older than a day for a node. ([#7724](https://github.com/chef/automate/pull/7724)) - Fixed the bug to apply the `fqdn` passed from the Automate HA Bastion host to the Automate HA frontend nodes during deployment and upgrade. ([#7729](https://github.com/chef/automate/pull/7729)) - Fixed the bug which abruptly stops `gather-logs` when invoked from Automate HA Bastion host. ([#7732](https://github.com/chef/automate/pull/7732)) - Fixed the bug to show proper error messages while testing data feed integration using S3. ([#7736](https://github.com/chef/automate/pull/7736)) - Fixed the bug to show the chef infra server name in the breadcrumb navigation bar of Infra Server nodes. ([#7737](https://github.com/chef/automate/pull/7737)) - Fixed the bug to list the correct nodes when searched using error suggestions through Client Run reports. ([#7745](https://github.com/chef/automate/pull/7745)) - Fixed the bug to display the trend graph of Compliance ingestions for ten days. ([#7748](https://github.com/chef/automate/pull/7748)) - Fixed the bug to allow multiple edits of notification service settings. ([#7752](https://github.com/chef/automate/pull/7752)) - Fixed the bug to show waived controls in the Compliance reports of a node. ([#7753](https://github.com/chef/automate/pull/7753), [#7841](https://github.com/chef/automate/pull/7841)) - Fixed the bug to filter events correctly by the timeline in the event-feed dashboard. ([#7756](https://github.com/chef/automate/pull/7756)) - Fixed the bug to allow scrolling to the top using the floating scroll button in the Client Run tab. ([#7791](https://github.com/chef/automate/pull/7791)) - Fixed the bug to retain the FQDN of a node after updating in Automate HA. ([#7834](https://github.com/chef/automate/pull/7834)) - Fixed the bug causing errors while adding nodes in the Automate HA cluster deployed in AWS. ([#7838](https://github.com/chef/automate/pull/7838)) - Fixed the bug to stop updating the admin password on an update of frontend nodes of Automate HA cluster ([#7851](https://github.com/chef/automate/pull/7851)) ## Compliance Profile Updates Compliance profiles are updated to version 1.0.0/20230414090134, which includes the new and improved profiles for: - CIS Oracle MySQL Community Server 5.7 v2.0.0 - CIS Azure Foundation v1.5.0 - CIS IBM AIX 7.1 v2.0.0 - CIS RHEL 8 v2.0.0 - CIS Oracle Linux 8 v2.0.0 ## Maintenance - Updated Elixir version to 1.14.0 for notification service. ([#7784](https://github.com/chef/automate/pull/7784)) ## Security ### Security Updates - Updated node package minimist to version 1.2.7 which fixes [CWE-1321](https://cwe.mitre.org/data/definitions/1321.html) - Updated node package karma to version 1.2.7 which fixes [CVE-2022-2421](https://nvd.nist.gov/vuln/detail/CVE-2022-2421) - Updated node package jsprim to version 2.0.2 which fixes [CVE-2021-3918](https://nvd.nist.gov/vuln/detail/CVE-2021-3918) - Updated node packages to fix [CVE-2022-37601](https://nvd.nist.gov/vuln/detail/CVE-2022-37601) ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 10078/20220929100217 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.18 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.15 - OpenJDK: 11.0.17+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.