## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## New Features - You can now set the configuration for a deployment from Automate HA bastion node using the `chef-automate config set` command. ([#7670](https://github.com/chef/automate/pull/7670)) - You can now add nodes in an AWS-deployed Automate HA cluster using `chef-automate node add` command. ([#7683](https://github.com/chef/automate/pull/7683)) ## Improvements - You can now fetch and apply certificates from a root or local location with read-only access. ([#7678](https://github.com/chef/automate/pull/7678)) - You can now use an existing AWS S3 bucket when configuring AWS deployment of Chef Automate. ([#7681](https://github.com/chef/automate/pull/7681)) ## Compliance Profile Updates Compliance profiles are updated to version 1.0.0/20230209124416, which includes the new and improved profiles for: - CIS RHEL 9 v1.0.0 ## Bug Fixes - The `chef-automate cleanup` command now removes the content of the directory `/hab` even if it is a symbolic link in Automate HA. ([#7679](https://github.com/chef/automate/pull/7679)) - Fixed the `chef-automate backup restore` command so it will restore a Chef Automate backup even when a front-end node is unhealthy. ([#7688](https://github.com/chef/automate/pull/7688)) - Fixed a bug where OpenSearch was consuming a lot of memory when ingesting compliance report data. ([#7704](https://github.com/chef/automate/pull/7704)) ## Security ### Security Improvements - Changes are made to fix CWE-409 vulnerability ([#7676](https://github.com/chef/automate/pull/7676)) ### Security Updates Updated OpenSearch to version 1.3.7, which fixes the following vulnerabilities: - CVE-2022-42889 ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 10078/20220929100217 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.18 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external Chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ ## Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.15 - OpenJDK: 11.0.17+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.