## Improvements/Bug Fixes - The `_status` endpoint now reports healthy even if the `data_collector` is down which will no longer cause unnecessary failovers. - Data collector proxy-header X-Forwarded is set as expected. -`chef-server-ctl` is no longer installed in the user path. Now only the appbundled version is installed in the user path. - Fixed an issue with Chef Support Zendesk sign-ins when a first name is not set in Hosted Chef. - `chef-server-ctl gather-logs` has been updated to provide better troubleshooting data and prevent failures gathering data. ## Packing Updates - We now produce packages for Chef Infra Server on Red Hat Enterprise Linux 8. - SLES 11 packages are no longer produced per our [platform policy](/platforms/#platform-end-of-life-policy), as upstream support ended in March of this year. ## Updates and Improvements - OpenResty 1.13.6.2 -\> 1.15.8.1 - Nokogiri 1.8.5 -\> 1.10.4 - Rebar3 -\> 3.12.0 - Updated erlang deps to be the latest - Erlang 18.3.4.9 -\> 20.3.8.9 - Ruby 2.5.5 -\> 2.6.3 ## Security ### bzip2 bzip has been updated from 1.0.6 to 1.0.8 to resolve the following CVEs - [CVE-2019-12900](https://nvd.nist.gov/vuln/detail/CVE-2019-12900) - [CVE-2016-3189](https://nvd.nist.gov/vuln/detail/CVE-2016-3189) ### Loofah Loofah has been updated from 2.2.3 to 2.3.1 to resolve [CVE-2019-15587](https://nvd.nist.gov/vuln/detail/CVE-2019-15587) ### OpenSSL OpenSSL has been updated from 1.0.2s to 1.0.2t to resolve the following CVEs: - [CVE-2019-1547](https://nvd.nist.gov/vuln/detail/CVE-2019-1547) - [CVE-2019-1563](https://nvd.nist.gov/vuln/detail/CVE-2019-1563) - [CVE-2019-1552](https://nvd.nist.gov/vuln/detail/CVE-2019-1552) ### Postgresql Postgresql has been updated from 9.6.10 to 9.6.15 to resolve the following CVEs: - [CVE-2019-10208](https://nvd.nist.gov/vuln/detail/CVE-2019-10208) - [CVE-2019-10130](https://nvd.nist.gov/vuln/detail/CVE-2019-10130) ### RabbitMQ RabbitMQ has been updated from 3.6.6 to 3.6.15 to resolve the following CVEs: - [CVE-2017-4967](https://nvd.nist.gov/vuln/detail/CVE-2017-4967) - [CVE-2017-4966](https://nvd.nist.gov/vuln/detail/CVE-2017-4966) - [CVE-2017-4965](https://nvd.nist.gov/vuln/detail/CVE-2017-4965)