## Upgrade Journey Chef lets you choose your **upgrade journey** based on your current version of Chef Automate. You can do all the version upgrades manually. | Your Current Version | Upgrade To | | -------------------- | ---------- | | Any version before 20220329091442| 20220329091442| | 20220329091442| 3.0.x| | 3.0.49| 4.x| See the [Chef Automate 4.x upgrade documentation](https://docs.chef.io/automate/major_upgrade_4.x/) for more information. ## Announcement Automate has moved the product builds from Golang version 1.15 to 1.19 to keep the language features up to date. The change in the Golang version will impact the custom certificates used for interaction with external systems. The common name field of X.509 certificates will no longer be considered the hostname when the Subject Alternative Name (SAN) is absent. Please refer to the [Update Non-SAN certificates for 4.7.x update documentation](https://docs.chef.io/automate/upgrade_san_certificates/) for more information. ## Improvement - Updated Automate HA documentation to setup AWS OpenSearch and RDS clusters. ([#7898](https://github.com/chef/automate/pull/7898)) - Added documentation to benchmark the impact of DataLifeCycle Settings on OpenSearch `max_shards_per_node` value. ([#7906](https://github.com/chef/automate/pull/7906)) ## Bug Fixes - Fix the issue to allow upgrade of only frontend or backend nodes using `chef-automate upgrade` command in Automate HA. ([#7896](https://github.com/chef/automate/pull/7896), [#7926](https://github.com/chef/automate/pull/7926)) - The run-list tab for a node with policy files is now loading without any error in Infra Server view. ([#7900](https://github.com/chef/automate/pull/7900)) - The graceful removal of frontend node using `chef-automate node remove` command in Automate HA is now fixed. ([#7922](https://github.com/chef/automate/pull/7922)) - The PG and OpenSearch instance type is now no more mandatory for AWS deployment of Automate HA. ([#7939](https://github.com/chef/automate/pull/7939)) - The issue which stops from passing full path while running `chef-automate config patch` command from Bastion host in Automate HA is fixed. ([#7942](https://github.com/chef/automate/pull/7942)) ## Maintenance - Automate is now built using Golang version 1.19.3. This version of Golang has multiple improvements and security updates. Please refer the [Golang 1.19 Release Notes](https://go.dev/doc/go1.19) ## Security ### Security Updates (examples: dependency updates, CVE fixes) The update of Golang framework to 1.19.3 resolves the following CVE issues: > CVE-2021-41772 > CVE-2021-41771 > CVE-2021-38297 > CVE-2021-36221 > CVE-2021-34558 > CVE-2021-33198 > CVE-2021-33197 > CVE-2021-33196 > CVE-2021-33195 > CVE-2021-31525 > CVE-2021-29923 > CVE-2021-27919 > CVE-2021-27918 > CVE-2021-3114 > CVE-2020-28851 > CVE-2012-2666 > CVE-2022-23806 > CVE-2022-23772 > CVE-2022-23773 > CVE-2020-28367 > CVE-2020-28366 > CVE-2020-28362 > CVE-2017-15041 > CVE-2016-5386 ## Chef Packaged Product Versions This release uses: - Chef Habitat version: 1.6.521/20220603154827 - Chef Habitat Builder version: 10078/20220929100217 - Chef Infra Server version: 15.4.0/20230105061154 - Chef InSpec version: 4.56.22/20220517052126 ## Service Versions This release uses: - Postgres: 13.5 - OpenSearch: 1.3.7 - Nginx: 1.21.3 - Haproxy: 2.2.18 - Dex: 2.27.0 ## Supported External Chef Products This release supports the following external chef products: - Chef Infra Server version: 14.0.58+ - Chef Inspec version: 4.3.2+ - Chef Infra Client: 17.0.242+ - Chef Habitat: 0.81+ # Supported Framework Versions This release is built on the following framework versions: - GoLang: 1.19.3 - OpenJDK: 11.0.17+8 - Angular: 11.2.6 View the [package manifest](https://packages.chef.io/manifests/current/automate/latest_semver.json) for the latest release.