Security Release: Fix oc-id CSRF

mmzyk released this 18 Dec 16:26

· 248 commits to master since this release

12.0.1

404c006

A CSRF vulnerability was found in the oc-id service that ships with the Chef Server (specifically in the doorkeeper gem that is used by the oc-id service). This release updates the gem.

Chef Server 12.0.1 and Enterprise Chef Server 11.2.6 contain the fix. Open Source Chef Server 11 does not need the fix, as it does not ship with the oc-id service.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Release: Fix oc-id CSRF