Show posts by author:
Ole Herman Elgesem

CFEngine 3.18.4 and 3.21.1 released

We are pleased to announce two new patch releases for CFEngine, version 3.18.4 and 3.21.1! These releases only contain security fixes for our recently discovered vulnerability; CVE-2023-26560. Changelogs As always, you can see a full list of changes and improvements in our changelogs: 3.18.4 Changelog for CFEngine Community 3.18.4 Changelog for CFEngine Enterprise 3.18.4 Changelog for Masterfiles Policy Framework 3.21.1 Changelog for CFEngine Community 3.21.1 Changelog for CFEngine Enterprise 3.21.1 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise.

April 24, 2023


We are writing to inform you about a security issue that was discovered in CFEngine 3.6.0 and later versions. Our development team found the vulnerabiliy relating to inadequate access control / unauthorized access to system files. MITRE assigned the CVE identifier CVE-2023-26560. We have no indications that this vulnerability has been used or known outside of the CFEngine development team. Explanation The issue is that Mission Portal users can access certain files through scheduled reports, as these reports are run with elevated privileges, without additional checks to limit what can be queried.

April 24, 2023

Security holiday calendar - Part 2

Thank you for following along with our security themed holiday calendar. Today, we summarize the last half of the calendar, in case you missed some days. Part 1 recap (12/25) A couple of weeks ago, on the 12th of December, we posted a recap of the first 12 days: File integrity monitoring with CFEngine (13/25) On the 13th, we took a look at how you can use File Integrity monitoring in CFEngine for similar functionality to AIDE:

December 25, 2022

CFEngine 3.21 LTS released - Unification

Today, we are pleased to announce the release of CFEngine 3.21.0! The focus of this new version has been unification. Across our websites and UI, you should see that it’s a much more modern and unified experience, whether you’re reading this blog post on, browsing the new documentation site, looking for modules on the CFEngine Build website, or adding input to modules within Build in Mission Portal. This release also marks an important event, the beginning of the 3.

December 21, 2022

5 security hardening CFEngine policy examples

Throughout the security holiday calendar, we’ve looked at modules for enforcing security requirements. Writing the policy to achieve these security hardening goals is easy. By learning how, you can write policy (or modules) for any requirements, including those specific to your organization. In this blog post, we’ll take a look at five beginner-level examples to get you started, focusing on the most common resources to manage with CFEngine; files and packages.

December 19, 2022

Security holiday calendar - Part 1

As it was well received last year, we decided to do another security-focused holiday calendar this year. The concept was roughly the same, but instead of only adding security hardening modules, we’ve also added in some other security advice and blog posts to improve the variety. Now that we’re halfway through to 24 (or 25), let’s recap the first half of the calendar. The problematic remote shell (rsh) (1/25) Remote shell (rsh) allows you to log in and send commands to another computer over the network.

December 12, 2022

Updates, upgrades, and uptime

All software of any significant size has bugs, vulnerabilities, and other weaknesses. This includes the operating system (OS), libraries, command line tools, services and graphical applications. Across your infrastructure, you should have an overview of what operating systems and software you have installed. Additionally, automated ways of upgrading the OS, as well as packages are desirable. Finally, ways of highlighting problematic hosts (with old operating systems and software) and prioritizing them helps your efforts to upgrade and secure your machines.

December 2, 2022

CFEngine 3.15.7 and 3.18.3 released

We are pleased to announce two new patch releases for CFEngine, version 3.15.7 and 3.18.3! These releases mainly contain bug fixes and dependency updates. 3.15: Last release and end of life 3.15.7 is the last planned release for the 3.15 LTS series, which is supported until December 2022. Please reach out to support if you need help with upgrading or need to purchase extended support; on January 1st 2023, 3.15 is no longer supported.

November 14, 2022

Scary stories you won't believe until they happen to you!

For halloween this year, we wanted to share some scary scenarios along with security recommendations to help avoid them. All the names, companies and characters are made up, but the events and experiences are based on things which could happen, or have happened in the real world. 1. Horrors of the logging library Mary the sysadmin looks over at her monitoring system, noticing an increase in requests with special characters. She recognizes the strings as log4shell vulnerability exploit attempts.

October 27, 2022
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.