## Platform support

Chef Infra Server is no longer supported on the following platforms:

- Red Hat Enterprise Linux 7
- CentOS 7

## License usage

We now collect aggregated and anonymized usage data to understand the Chef Infra Server adoption curve, operating systems that Infra Server runs on, deployed versions of Infra Server, and deployment patterns.
We have ensured that the collected data protects the end user while providing meaningful usage insights.
For more information, see the [Chef Infra Server License Usage documentation](https://docs.chef.io/server/license_usage/).

## Dependency updates

### Redis to KeyDB migration

We replaced Redis with KeyDB to resolve the following CVEs:

- CVE-2023-41056
- CVE-2023-45145
- CVE-2023-41053
- CVE-2022-24834
- CVE-2023-36824  
  
This change doesn't require any configuration change and the service name has been kept unchanged too.
For more information about KeyDB, see the [KeyDB documentation](https://docs.keydb.dev/).

### OpenJRE

Updated OpenJRE to 11.0.22+7 to resolve the following CVEs:

- CVE-2024-20918
- CVE-2024-20921
- CVE-2024-20919
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952 

### OpenSSL

Updated OpenSSL to 1.0.2zi to resolve the following CVEs:

- CVE-2022-0778
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-4304
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0464
- CVE-2023-0465
- CVE-2023-0466
- CVE-2023-3446
- CVE-2023-3817

### Node.js

Updated Node.js to 14.21.3 to resolve the following CVEs:

- CVE-2023-23918
- CVE-2023-23919
- CVE-2023-23920
- CVE-2023-23936
- CVE-2023-24807

### Rack

Updated Rack to 2.2.6.3 to resolve the following CVEs:

- CVE-2023-27530

### RDoc

Updated RDoc to 6.3.4.1 to resolve the following CVEs:

- CVE-2024-27281

### Rails

Updated Rails to 7.0.8.1 to resolve the following CVEs:

- CVE-2024-26143

### Nokogiri

Updated Nokogiri to 1.15.6 to resolve the following CVEs:

- CVE-2024-25062