Chef manages a major bump for console
Then immediately plugs XSS hole
Chef has pushed out a brace of updates for its management console, one of which fixes a newly unearthed vulnerability in the product.
The recipe-mongers described Manage 2.1.0 as a “major version” bump from 1.21.0 – though it added “the major change being that the package is now called “chef-manage” instead of “opscode-manage.”
This of course represents the obliteration of Chef's previous identity as...Opscode. It adopted the Chef moniker about two years ago.
Other than the name change, Chef’s blog flagged up email verification on signup. However, it added that “you shouldn’t find breaking changes or a major overhaul of the web interface”. Except for the name change of course. That could be really confusing.
This “major bump” was swiftly followed by Manage 2.1.1, which plugs a cross-site scripting vulnerability which was uncovered in previous versions of Manage – including 2.10.
You can get the full breakdown of the feature changes in the shift to 2.0 here. ®