This is a heads up to anyone upgrading to CFEngine 3.24.0 or newer versions, about a small change that can be considered a breaking change.
In CFEngine versions prior to 3.24.0, the CFEngine roles inventory attribute showed up in Mission Portal with the value policy_server for the hub, and as (Not reported) for all the other hosts (clients). The technical reason for this was that the policy_server class was tagged with inventory,attribute_name=CFEngine roles.
Today, we are pleased to announce the release of CFEngine 3.24.0! The code word for this release is consistency.
This release also marks an important event, the beginning of the 3.24 LTS series, which will be supported for 3 years.
Several new features have been added since the release of CFEngine 3.21 LTS, in the form of non-LTS releases. In this blog post we’ll highlight the most important features since the previous LTS release, even though some of them technically landed in intermediate non-supported releases.
We are pleased to announce two new patch releases for CFEngine, version 3.18.8 and 3.21.5! These patch releases contain bug fixes and dependency updates.
Changes We’d like to highlight one specific change in behavior, which some users will want to adjust to;
Change in behavior - depth_search can now be used (but warns) with an individual file as source Users of the depth_search attribute of file promises should be aware of this change in behavior.
We are pleased to announce two new patch releases for CFEngine, version 3.18.7 and 3.21.4! These patch releases contain bug fixes and dependency updates.
Changes We’d like to highlight one specific change in behavior, which some users will want to adjust to;
Change in behavior - New location for ignore_interfaces.rx Users who rely on the ignore_interfaces.rx file for ignoring certain network interfaces should be aware of its new preferred location. See the blog post on the topic for more details:
Today, we are pleased to announce the release of CFEngine 3.23.0! This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024).
The codename for this release is anniversary, as this year is CFEngine’s 30th anniversary. CFEngine was initially released in 1993, and to mark this special occasion we’ve created a limited edition anniversary coin:
We are pleased to announce two new patch releases for CFEngine, version 3.18.6 and 3.21.3! These patch releases contain bug fixes and dependency updates.
Changelogs As always, you can see a full list of changes and improvements in our changelogs:
3.18.6 Changelog for CFEngine Community 3.18.6 Changelog for CFEngine Enterprise 3.18.6 Changelog for Masterfiles Policy Framework 3.21.3 Changelog for CFEngine Community 3.21.3 Changelog for CFEngine Enterprise 3.21.3 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise.
Today, we are pleased to announce the release of CFEngine 3.22.0! The focus of this new version has been coordination. This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024).
What’s new New host filters The host filter from inventory reports have been upgraded. You can now add rules based on classes, such as linux, windows, redhat, ubuntu, xen, policy_server, cfengine_3_21, ipv4_172_31, etc:
We are pleased to announce two new patch releases for CFEngine, version 3.18.5 and 3.21.2! These releases mainly contain bug fixes, but there is one UI improvement to highlight here;
Adding columns in inventory reports This new window allows you to easily find the columns you want to add (among a large collection of inventory attributes), and also enables adding multiple columns and deleting columns at the same time.
Changelogs As always, you can see a full list of changes and improvements in our changelogs:
We are pleased to announce two new patch releases for CFEngine, version 3.18.4 and 3.21.1! These releases only contain security fixes for our recently discovered vulnerability; CVE-2023-26560.
Changelogs As always, you can see a full list of changes and improvements in our changelogs:
3.18.4 Changelog for CFEngine Community 3.18.4 Changelog for CFEngine Enterprise 3.18.4 Changelog for Masterfiles Policy Framework 3.21.1 Changelog for CFEngine Community 3.21.1 Changelog for CFEngine Enterprise 3.21.1 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise.
We are writing to inform you about a security issue that was discovered in CFEngine 3.6.0 and later versions. Our development team found the vulnerabiliy relating to inadequate access control / unauthorized access to system files. MITRE assigned the CVE identifier CVE-2023-26560. We have no indications that this vulnerability has been used or known outside of the CFEngine development team.
Explanation The issue is that Mission Portal users can access certain files through scheduled reports, as these reports are run with elevated privileges, without additional checks to limit what can be queried.
