Supermarket Versions Save

Bug Fixes

• disambiguate columns used in query ordering #1893 (robbkidd)
• Fix exceptions thrown by displaying an error #1894 (robbkidd)
• [omnibus] use YAML.dump to serialize simple hashes to disk #1896 (robbkidd)

Security Fixes

• add HTTP strict transport security header when force SSL is enabled #1855 (robbkidd)

Maintenance Updates

• drop support for RHEL6 builds #1898 (robbkidd)

Security Fixes

These updates resolve CVE scanner audits. No vulnerabilities were found in Supermarket's use of these components.

• update deps: includes nginx 1.18.0 #1874 (tas50)
• update Ruby to 2.6.6 to resolve 2 CVEs #1877 (tas50)
• update actionview from 5.2.4.3 to 5.2.4.4 #1887 (dependabot-preview[bot])

Enhancements

• add support for enabling Server Side Encryption when storing cookbooks in AWS S3 #1888 (bdwyertech)
• add packages for Amazon Linux 2 to the pipeline #1875 (tas50)

Maintenance Updates

• update Foodcritic from 14.3 to 16.3 #1881 (tas50)
• update Cookstyle / Chefstyle to the latest #1882 (tas50)
• require Chef 14+ in omnibus now #1883 (tas50)

Security Fixes

• Rails 5.0 -> 5.1 -> 5.2 upgrade; adoption of ChefStyle #1867 (robbkidd)
• Bump rack from 2.0.8 to 2.2.2 in quality metrics engine #1858 (dependabot-preview[bot])
• Bump kaminari from 1.0.1 to 1.2.1 #1862 (dependabot-preview[bot])
• Bump rack from 2.2.2 to 2.2.3 #1868 (dependabot[bot])

Merged Pull Requests

• Remove bundler-audit from tests; we're auditing with GitHub #1861 (tas50)
• Resolve upcoming OpenSSL Ruby library deprecation of algorithm constants #1860 (tas50)

Security Fixes

• update rubyzip to address CVE-2019-16892 #1825 (robbkidd)
• Bump loofah from 2.2.3 to 2.3.1 #1830 (dependabot[bot])
• update for CVE-2019-13117 & CVE-2019-16782 #1833 (robbkidd)
• Bump rack from 2.0.7 to 2.0.8 in /omnibus #1834 (dependabot[bot])
• include secrets found in secrets.json in runtime omnibus config #1832 (robbkidd)
• Bump nokogiri from 1.10.7 to 1.10.9 #1848 (dependabot-preview[bot])
• Bump rake from 12.3.2 to 13.0.1 #1844 (dependabot-preview[bot])
• Bump omniauth from 1.9.0 to 1.9.1 #1851 (dependabot-preview[bot])
• generate secrets.json with warning messages #1849 (robbkidd)
• Prevent unsafe links to cross-origin destinations #1846 (cattywampus)

Merged Pull Requests

• add a version command to supermarket-ctl #1811 (robbkidd)
• avoid Double Bundler by pinning rubygems version #1835 (robbkidd)
• upgrade Ruby to 2.6.5 #1852 (robbkidd)

Security Fixes

• update packaged OpenSSL to 1.0.2s #1813 (robbkidd)
• update to use curl 7.65.0 #1814 (robbkidd)
• require POSTs during sign-in (CVE-2015-9284) #1815 (robbkidd)
• omnibus build fixes #1821 (robbkidd)
  • includes updated OpenSSL to 1.0.2t
  • includes updated curl to 7.65.1

Merged Pull Requests

• No more Ubuntu 14 builds. Canonical ended support for trusty in April 2019. #1818 (christopher-snapp)
• omnibus build fixes #1821 (robbkidd)

Security Fixes

• upgrade nokogiri (CVE-2019-11068) #1808 (robbkidd)

Bug Fixes

• fix upload error when cookbook tarball uid/gid is very large #1810 (robbkidd)

Enhancements

• add support for S3 storage using IAM roles (IAM user and a key no longer required) #1747 (pavel-kazhavets)

Bug Fixes

• pin inspec to fix '-ctl test' requiring license acceptance #1802 (robbkidd)

Merged Pull Requests

• upgrade omnibus-embedded nginx #1790 (robbkidd)
• upgrade OpenSSL, RubyGems, and Rails to address multiple CVEs #1798 (robbkidd)

Special thanks to Keith Walters of TapHere! Technology for help with the implementation and testing of running a Supermarket in a FIPSy environment!

Enhancements

• add FIPS 140-2 support #1768 (robbkidd & cattywampus)

Bonus

• remove unnecessary build cruft before packaging (reduces size ~20%) #1780 (Tim "Lose Weight with these 5 Easy Steps!" Smith)

3.1.96 (2018-12-13)

Security Fixes

• update Rails to 5.0.7.1 #1784 (robbkidd)
• update rack (& other gems) in the omnibus build environment #1785 (robbkidd)
• update rack for CVE-2018-16471 #1782 (robbkidd)
• RFC072 Artifact Yanking: disallow cookbook removal by owner #1789 (robbkidd)

Merged Pull Requests

• update omnibus to use latest enterprise cookbook #1788 (robbkidd)