The latest updates about everything CFEngine

CFEngine 3.23 released - Anniversary

Today, we are pleased to announce the release of CFEngine 3.23.0! This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024). The codename for this release is anniversary, as this year is CFEngine’s 30th anniversary. CFEngine was initially released in 1993, and to mark this special occasion we’ve created a limited edition anniversary coin:

December 6, 2023

Show Notes: The Agent is In - Episode 31 - Sneak Peek of 3.23.0

Join the team for a sneak peek of what’s coming in 3.23.0. Herman joins Cody, Craig and Nick to discuss what’s new in the upcoming release of CFEngine 3.23.0. We look at improvements to Groups in Mission Portal with easier ways to specify specific hosts that should or should not be part of the group based on reported attributes. This new functionality makes it much easier to affect change across a set of hosts without touching policy.

Posted by Nick Anderson
November 30, 2023

Change in behavior: ignore_interfaces.rx prefers a new location

ignore_interfaces.rx can be populated with regular expressions that match network interface names. When an interface matches CFEngine will ignore the interface. In the upcoming release of 3.23.0, and in the future release of 3.21.4 there is a change in behavior with respect to the preferred location of ignore_interfaces.rx from $(sys.inputdir) (typically /var/cfengine/inputs) to $(sys.workdir) (typically /var/cfengine). The change from $(sys.inputdir) to $(sys.workdir) makes it easier to ignore different interfaces on different hosts.

Posted by Nick Anderson
November 16, 2023

Change in behavior: self upgrade now defaults to hub binary version

In the upcoming release of 3.23.0, there is a change in behavior with respect to the self upgrade policy. Beginning with 3.23.0 the self upgrade policy will default to the binary version that is running on the hub instead of the version of the policy framework that is executing. When upgrading CFEngine1 there are three major steps: Upgrade the Masterfiles Policy Framework (MPF) Upgrade the hub binaries Upgrade the client binaries Generally it’s desirable that the MPF version is equal to or greater than the hub binary version and the hub binary version is equal to or greater than the client binary version.

Posted by Nick Anderson
November 15, 2023

Efficient synchronization of tabular data white paper

To manage large infrastructures, efficient solutions for both making changes and observing the current state are necessary. As most information (inventory) about hosts is quite predictable and static, there are many opportunities for optimizations in terms of compression and avoiding re-transmission of the same data. In the CFEngine team, we are improving our reporting systems with a focus on correctness and low bandwidth consumption. This will benefit many users, both large data centers where bandwidth (networking equipment) is costly, as well as small IoT devices with limited connectivity.

Posted by Lars Erik Wik
November 14, 2023

CVE-2023-45684 - Mission Portal SQL injection vulnerability

We want to bring to your attention a critical security matter recently identified in CFEngine Enterprise version 3.6.0 and subsequent releases. This vulnerability pertains to a A03:2021 - Injection flaw within the CFEngine Enterprise web UI, Mission Portal, which can lead to unauthorized access to the underlying database. The CVE identifier CVE-2023-45684 has been assigned to this issue. At present, there is no evidence to suggest that this vulnerability has been exploited or that it was known beyond the CFEngine development team and the customer who brought it to our attention.

Posted by Lars Erik Wik
November 13, 2023

Migrating from Travis to Github Actions

For CFEngine we manage several public and private repositories of code in GitHub for our Open Source and Enterprise products. In order to ensure quality we run many checks on the code both with nightly builds as well as on each pull request. We use a Jenkins server for nightlies which also includes more extensive deployment tests on all of the platforms we support. Previously we had used Travis for many of these checks but that system started to show its age and limitations.

Posted by Craig Comstock
October 30, 2023

Show Notes: The Agent is In - Episode 30 - Profiling CFEngine policy

Imagine having the power to identify the exact lines of your CFEngine policy that are slowing down your executions. In this episode, we’ll guide you through the art of profiling CFEngine policy for improved performance. In Episode 30 of “The Agent is In,” Nick and team dives into the topic of profiling CFEngine policy. We explore tools and techniques to identify performance bottlenecks and optimize CFEngine deployments. The episode covers the following main points:

Posted by Nick Anderson
October 19, 2023

libntech 1.0: now available to more projects

The license of our in-house C utility and compatibility library libntech was recently changed from GPLv3 to Apache License Version 2.0 which makes the library suitable for more projects thanks to the more permissive license. While GPLv3 practically required any project using libntech to be licensed under GPLv3 as well, the Apache License v2.0 allows any open source as well as proprietary software to utilize our utility library, keeping the copyright attributions.

October 12, 2023

CFEngine 3.18.6 and 3.21.3 released

We are pleased to announce two new patch releases for CFEngine, version 3.18.6 and 3.21.3! These patch releases contain bug fixes and dependency updates. Changelogs As always, you can see a full list of changes and improvements in our changelogs: 3.18.6 Changelog for CFEngine Community 3.18.6 Changelog for CFEngine Enterprise 3.18.6 Changelog for Masterfiles Policy Framework 3.21.3 Changelog for CFEngine Community 3.21.3 Changelog for CFEngine Enterprise 3.21.3 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise.

October 6, 2023
Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your email address being stored and used to receive newsletters about CFEngine. We use tracking in our newsletter emails to improve our marketing content.