CFEngine LTS 3.10.5 released

Posted by:

16 Nov 2018

Today we are very happy to announce the maintenance release of CFEngine 3.10.5. This is an update to the LTS 3.10 series, adding improved stability, several bug fixes and increased performance.

3.10 LTS is the successor of 3.7 LTS that, since August 2018, is no longer supported. We recommend everyone still using CFEngine 3.7 to upgrade to either 3.10 or 3.12. We are available to support you with such an upgrade if you need it.

3.10.5 LTS is a maintenance release (also known as a patch release), with the goal to increase the stability and reliability for CFEngine users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases.

Looking at the CFEngine release schedule, we can see that

  • 3.10 LTS is maintained and supported until December 27th, 2019

Do you want to start contributing but are unsure how?


Improvements and fixes

We have introduced a number of smaller fixes to CFEngine Core in this release.

Notably, we fixed a bug that has slightly changed how Mustache templates in policy files are being processed to adhere to the mustache specification, as detailed in CFE-2125. This further improves the CFEngine mustache capability and makes it easier to create templates using Mustache in CFEngine.

We have fixed an issues where in a few cases not all cf-serverd instances were restarting properly after upgrading from 3.7 to 3.10, we have fixed an issue where the queue size of cf-serverd listen() was too small, and we have fixed a potential security issues by falling back to denying traffic to any hostname if the reverse lookup for that hostname fails.

As of late, we have put a lot of focus on code quality and fixed several memory leaks. We have enforced the stricter use of Valgrind to avoid introducing any new memory leaks.

In CFE-2896 we have added a new inventory attribute, namely the physical memory available. We also made it simpler to monitor more values from dmidecode without modifying our Masterfiles, as well as added UUID as a default value that CFEngine adds to the inventory.

Also worth mentioning is that we have added support for Ubuntu 18.04 to CFEngine 3.10.5 LTS.


In CFEngine Enterprise, we have also fixed several minor issues.

Now only the specific CFEngine components that were running before an upgrade are restarted and run after the upgrade.

In Mission Portal, we have made several improvements. We have resolved an issue that prevented some users from exporting reports as CSV, we have fixed a bug that caused some custom notification scripts not to fire, fixed a bug that caused alerts not to show up in the Mission Portal Events Log on some platforms and made it possible for multiple users to create independent reports with the same name, something that was causing some issues previously.

On Windows, we have also solved a few specific issues, such as improved the newline sequence handling and sorted out a minor bug that caused installation problems under certain conditions.

You can see a list of the issues fixed in our public Jira for 3.10.5 here.

For more details please see the relevant ChangeLog entries:

As usual, we have updated dependencies in order to get the latest security, performance and reliability improvements.

libacl 2.2.52 2.2.53
libattr 2.4.47 2.4.48
libcurl 7.59.0 7.61.1
redis 3.2.11 3.2.12
php 5.6.35 5.6.38
postgresql 9.6.8 9.6.10
apache 2.4.33 2.4.35
apr-util 1.5.4 1.6.1
apr 1.5.2 1.6.5
libyaml 0.1.7 0.2.1
openssl 1.0.2o 1.0.2p


If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for 3.10 for guidelines to make the process as smooth as possible.

We are always happy to assist our customers with upgrading! You can contact sales to receive a fixed-price quote for upgrading your CFEngine infrastructure, and get more out of CFEngine!


Get it!

CFEngine Enterprise packages can be downloaded here or you can take a quick spin with the CFEngine Enterprise Vagrant environment for 3.10.

Community Edition is released as source codepackages, and Linux package repositories — to make installation as easy as possible!

We hope you enjoy the new release, and we look forward to hearing about your experience in the CFEngine Google Group!


Learn CFEngine!

If you would like to refresh your CFEngine knowledge or are learning it from scratch, you can attend one of our training sessions. Now, we have the following event scheduled in Prague, Czech Republic, from January 14th.

There is also an updated version of the Learning CFEngine book by Diego Zamboni available.

Nils Christian Roscher-Nielsen