summaryrefslogtreecommitdiff
path: root/RELEASE_NOTES.md
diff options
context:
space:
mode:
authorTim Smith <tsmith84@gmail.com>2021-08-27 11:39:39 -0700
committerTim Smith <tsmith84@gmail.com>2021-08-27 11:40:42 -0700
commitb5cf7fe5680f2381f540a2f787b943bec9bb4aca (patch)
tree0139503d3ebd0f390768cc7cff8e1b628ad3ec8c /RELEASE_NOTES.md
parentaa46bac4ef1382c4b58a059184e2cd818a8dd06b (diff)
downloadchef-b5cf7fe5680f2381f540a2f787b943bec9bb4aca.tar.gz
Add 17.4.38 noteshotfix
Signed-off-by: Tim Smith <tsmith@chef.io>
Diffstat (limited to 'RELEASE_NOTES.md')
-rw-r--r--RELEASE_NOTES.md31
1 files changed, 30 insertions, 1 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 9a279dc880..e442e40ebf 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,6 +1,35 @@
This file holds "in progress" release notes for the current release under development and is intended for consumption by the Chef Documentation team. Please see <https://docs.chef.io/release_notes/> for the official Chef release notes.
-## What's New in 17.4
+## What's New in 17.4.38
+
+### Bug fixes
+
+- Resolved a regression introduced in Chef Infra Client 17.4 that would cause HWRP-style resources inheriting from LWRPBase to fail.
+
+### Enhancements
+
+- Log output has been improved to better deliniate when the Infra Phase and Compliance Phase start and end.
+- Ohai data collection of Amazon EC2 metadata has been improved to collect additional data for some configurations.
+- Removed ERROR logs when retrying failed communication with the Chef Infra Server
+- The `archive_file` resource has been improved by upgrading the `libarchive` library it uses.
+ - Support for PWB and v7 binary CPIO formats.
+ - Support for the deflate algorithm in symbolic link decompression with zip files.
+ - Various bug fixes when working with CAB, ZIP, 7zip, and RAR files.
+
+### Security
+
+#### OpenSSL 1.1.1l
+
+OpenSSL has been updated from 1.1.1k to 1.1.1l on macOS systems to resolve the following CVEs:
+
+- [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)
+- [CVE-2021-3712](https://nvd.nist.gov/vuln/detail/CVE-2021-3712)
+
+#### libarchive 3.5.2
+
+The libarchive library which powers the archive_file resource has been updated from 3.5.1 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links.
+
+## What's New in 17.4.25
### Compliance Phase Improvements