We want to bring to your attention a critical security matter recently identified in CFEngine Enterprise version 3.6.0 and subsequent releases. This vulnerability pertains to a A03:2021 - Injection flaw within the CFEngine Enterprise web UI, Mission Portal, which can lead to unauthorized access to the underlying database. The CVE identifier CVE-2023-45684 has been assigned to this issue. At present, there is no evidence to suggest that this vulnerability has been exploited or that it was known beyond the CFEngine development team and the customer who brought it to our attention.
For CFEngine we manage several public and private repositories of code in GitHub for our Open Source and Enterprise products. In order to ensure quality we run many checks on the code both with nightly builds as well as on each pull request. We use a Jenkins server for nightlies which also includes more extensive deployment tests on all of the platforms we support. Previously we had used Travis for many of these checks but that system started to show its age and limitations.
Imagine having the power to identify the exact lines of your CFEngine policy that are slowing down your executions. In this episode, we’ll guide you through the art of profiling CFEngine policy for improved performance.
In Episode 30 of “The agent is in,” Nick and team dives into the topic of profiling CFEngine policy. We explore tools and techniques to identify performance bottlenecks and optimize CFEngine deployments. The episode covers the following main points:
The license of our in-house C utility and compatibility library libntech was recently changed from GPLv3 to Apache License Version 2.0 which makes the library suitable for more projects thanks to the more permissive license. While GPLv3 practically required any project using libntech to be licensed under GPLv3 as well, the Apache License v2.0 allows any open source as well as proprietary software to utilize our utility library, keeping the copyright attributions.
We are pleased to announce two new patch releases for CFEngine, version 3.18.6 and 3.21.3! These patch releases contain bug fixes and dependency updates.
Changelogs As always, you can see a full list of changes and improvements in our changelogs:
3.18.6 Changelog for CFEngine Community 3.18.6 Changelog for CFEngine Enterprise 3.18.6 Changelog for Masterfiles Policy Framework 3.21.3 Changelog for CFEngine Community 3.21.3 Changelog for CFEngine Enterprise 3.21.3 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise.
Ever been curious about Docker details or the cruft that has built up and could be cleared out?
Craig, Cody, and Nick chat about some of the work Craig has been doing recently, using Docker in development and CI. Craig shows how to develop policy to inventory various Docker details like image names, counts of dangling images, and reclaimable disk space.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
Have you been interested in automating the testing of your CFEngine policy?
Cody, Craig and Nick follow up on the Policy Examples episode and dive a bit deeper into testing. Nick walks through some policy and related tests that leverage lib/testing.cf from the Masterfiles Policy Framework and Craig walks through implementing a GitHub Workflow to run the tests in a Docker container for each Pull Request.
Video The video recording is available on YouTube:
This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions.
Given the following JSON, how can I get a list containing just the values of name?
[ { "name": "Aurora", "description": "Illuminating" }, { "name": "Orion", "description": "Stellar" }, { "name": "Luna", "description": "Serene" }, { "name": "Phoenix", "description": "Resilient" }, { "name": "Atlas", "description": "Strong" } ] Using maparray() The most concise and direct way to achieve something like this is to use the maparray() function.
This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions.
Testing is an important part of the software life-cycle. Writing tests for your CFEngine policy can help to bring improved assurance that your policy behaves as expected. Follow along and write your first test policy.
Test stages When writing tests there are three or four basic stages that typically need to be handled.
Initialization - Set up the necessary conditions for the test, e.
Unlock the power of CFEngine with expert insights and get your burning policy questions.
Cody, Craig and Nick discuss and answer CFEngine policy questions submitted by users.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.
Questions These are the questions and policy used during the episode but each question has a separate blog post that goes into more detail.
