The following items are new for Chef server 12.11:

## New Endpoints

- **/organizations/ORGNAME/validate/PATH** accepts a signed request
    and validates it as if it had been sent to <span
    class="title-ref">PATH</span>. It returns 200 if the request is
    authentic and 401 if it is not.

- **/organizations/ORGNAME/data-collector** forwards requests for a
    data-collector service after authenticating the request using Chef
    Server's standard authentication headers. To use this endpoint,
    users must set both of the following options in
    /etc/opscode/chef-server.rb:

    ```ruby
    data_collector['token']
    data_collector['root_url']
    ```

- **/organizations/ORGNAME/owners/OWNER/compliance\[/PROFILE\]**
    forwards requests for compliance profiles to a user-configurable
    Chef Automate server after authenticating the request using Chef
    Server's standard authentication headers. To use this endpoint,
    users must set both of the following options in
    \`/etc/opscode/chef-server.rb\`:

    ```ruby
    profiles['root_url']
    data_collector['token']
    ```

## Security Updates

- The default allowed SSL ciphers now include AES256-GCM-SHA384 to
    ensure compatibility with AWS's Classic ELB health check tool.
- **chef-server-ctl psql** previously revealed the postgresql password
    via <span class="title-ref">ps</span>.