## Bug Fixes - Fixed the `/search` API endpoint to properly return the `total` number of cookbooks when the result has been paginated. - Resolved failures when processing cookbook quality metrics. ## Enhancements ### GitHub Enterprise Support You can now set up Supermarket to use a corporate GitHub Enterprise installation in user profiles and to perform cookbook quality metrics scans instead of github.com. See the [Supermarket configuration documentation](https://docs.chef.io/config_rb_supermarket/) for more information on using this new functionality. ### Maintenance Message Banner Support You can now set a test string in Supermarket that will be displayed on login for all users. This is a great way to announce regulatory security requirements or to communicate planned maintenance windows. The content of the text can be set with the `default['supermarket']['announcement_text']` attribute. ### SPDX Licenses Supermarket cookbook pages now include links to the `spdx.dev` site describing the terms of each software license, so you can more easily evaluate cookbook licenses with your organizational requirements. See the [supermarket-ctl documentation](https://docs.chef.io/supermarket/ctl_supermarket/) for more information on new commands to process SPDX data for existing cookbooks. ### Cookbook Deprecation Reasons Users can now set the reason a cookbook is deprecated instead of setting a replacement cookbook when setting a cookbook to deprecated. ## Security ### Ruby 2.7.5 Updated Ruby from 2.7.4 to 2.7.5 to resolve the following CVEs: - CVE-2021-41817 - CVE-2021-41816 - CVE-2021-41819 ### Sidekiq 6.3.1 Updated the Sidekiq job queuing engine used to run cookbook quality evaluation jobs from 4.2.10 to 6.3.1 to resolve CVE-2021-30151. ### Redis 6.2.6 Updated the Redis database used for queuing quality metrics jobs from 6.2.5 to 6.2.6 to resolve the following CVEs: - CVE-2021-41099 - CVE-2021-32762 - CVE-2021-32687 - CVE-2021-32675 - CVE-2021-32672 - CVE-2021-32628 - CVE-2021-32627 - CVE-2021-32626 ### actionpack 6.1.4.4 Updated the `actionpack` gem used by Supermarket's Ruby on Rails engine to 6.1.4.4 to resolve CVE-2021-44528. ### CA Certificates 10-26-2021 Updated the bundled CA Certificates file to the 10-26-2021 release, which includes three new CA certs. ### Supermarket User The `supermarket` user account that runs Supermarket is now created as a system account without a working shell for added security. ### Improved HTTP Headers Set the `Permissions-Policy` HTTP header to disable a user's webcam and payment systems when browsing Supermarket. ## Packaging ### New Relic Removal Supermarket no longer ships with New Relic integration for administrators. ### RHEL 8 Build ID Chef Infra Server packages no longer install a build ID file that would prevent installing other Chef packages such as Infra Client.