The latest updates about everything CFEngine

CVE-2023-45684 - Mission Portal SQL injection vulnerability

We want to bring to your attention a critical security matter recently identified in CFEngine Enterprise version 3.6.0 and subsequent releases. This vulnerability pertains to a A03:2021 - Injection flaw within the CFEngine Enterprise web UI, Mission Portal, which can lead to unauthorized access to the underlying database. The CVE identifier CVE-2023-45684 has been assigned to this issue. At present, there is no evidence to suggest that this vulnerability has been exploited or that it was known beyond the CFEngine development team and the customer who brought it to our attention.

Posted by Lars Erik Wik
November 13, 2023

Migrating from Travis to Github Actions

For CFEngine we manage several public and private repositories of code in GitHub for our Open Source and Enterprise products. In order to ensure quality we run many checks on the code both with nightly builds as well as on each pull request. We use a Jenkins server for nightlies which also includes more extensive deployment tests on all of the platforms we support. Previously we had used Travis for many of these checks but that system started to show its age and limitations.

Posted by Craig Comstock
October 30, 2023

Show notes: The agent is in - Episode 30 - Profiling CFEngine policy

Imagine having the power to identify the exact lines of your CFEngine policy that are slowing down your executions. In this episode, we’ll guide you through the art of profiling CFEngine policy for improved performance. In Episode 30 of “The agent is in,” Nick and team dives into the topic of profiling CFEngine policy. We explore tools and techniques to identify performance bottlenecks and optimize CFEngine deployments. The episode covers the following main points:

Posted by Nick Anderson
October 19, 2023

libntech 1.0: now available to more projects

The license of our in-house C utility and compatibility library libntech was recently changed from GPLv3 to Apache License Version 2.0 which makes the library suitable for more projects thanks to the more permissive license. While GPLv3 practically required any project using libntech to be licensed under GPLv3 as well, the Apache License v2.0 allows any open source as well as proprietary software to utilize our utility library, keeping the copyright attributions.

October 12, 2023

CFEngine 3.18.6 and 3.21.3 released

We are pleased to announce two new patch releases for CFEngine, version 3.18.6 and 3.21.3! These patch releases contain bug fixes and dependency updates. Changelogs As always, you can see a full list of changes and improvements in our changelogs: 3.18.6 Changelog for CFEngine Community 3.18.6 Changelog for CFEngine Enterprise 3.18.6 Changelog for Masterfiles Policy Framework 3.21.3 Changelog for CFEngine Community 3.21.3 Changelog for CFEngine Enterprise 3.21.3 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.

October 6, 2023

Show notes: The agent is in - Episode 29 - Basic Docker inventory with CFEngine

Ever been curious about Docker details or the cruft that has built up and could be cleared out? Craig, Cody, and Nick chat about some of the work Craig has been doing recently, using Docker in development and CI. Craig shows how to develop policy to inventory various Docker details like image names, counts of dangling images, and reclaimable disk space. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
September 28, 2023

Show notes: The agent is in - Episode 28 - Automating CFEngine policy testing

Have you been interested in automating the testing of your CFEngine policy? Cody, Craig and Nick follow up on the Policy Examples episode and dive a bit deeper into testing. Nick walks through some policy and related tests that leverage lib/testing.cf from the Masterfiles Policy Framework and Craig walks through implementing a GitHub Workflow to run the tests in a Docker container for each Pull Request. Video The video recording is available on YouTube:

Posted by Nick Anderson
August 31, 2023

How can I get a list of specific key values from an array of objects in JSON?

This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions. Given the following JSON, how can I get a list containing just the values of name? [ { "name": "Aurora", "description": "Illuminating" }, { "name": "Orion", "description": "Stellar" }, { "name": "Luna", "description": "Serene" }, { "name": "Phoenix", "description": "Resilient" }, { "name": "Atlas", "description": "Strong" } ] Using maparray() The most concise and direct way to achieve something like this is to use the maparray() function. It iterates over a list or data container applying a pattern based on $(this.k) and $(this.v) of the currently iterated element to produce a list.

Posted by Nick Anderson
July 27, 2023

How can I test CFEngine policy?

This question was covered in The agent is in, Episode 27 - CFEngine Q&A: Policy questions. Testing is an important part of the software life-cycle. Writing tests for your CFEngine policy can help to bring improved assurance that your policy behaves as expected. Follow along and write your first test policy. Test stages When writing tests there are three or four basic stages that typically need to be handled. Initialization - Set up the necessary conditions for the test, e.g. create some files to be edited. Testing - Running the policy whose behavior you wish to test. Checking - Inspecting the results of the test policy to see if they conform with expectations. Cleanup - You might need to cleanup artifacts produced by the test if your testing system does not handle it for you. These stages map well to a sequence of bundles. So, a simple test template could look like this:

Posted by Nick Anderson
July 27, 2023

Show notes: The agent is in - Episode 27 - CFEngine Q&A: Policy questions

Unlock the power of CFEngine with expert insights and get your burning policy questions. Cody, Craig and Nick discuss and answer CFEngine policy questions submitted by users. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
July 27, 2023