## Updated Components ### Updated Chef Command Line This release lays the ground work for massive speed improvements to the chef command. A new native binary chef command will allow us to slowly replace code with significantly faster native code. Stay tuned for more announcements in the coming months. ### Chef Infra Client Chef Infra Client has been updated from 15.3 to 15.4 with updated resources and several significant fixes to `knife bootstrap`. See the [Chef Infra Client 15.4 Release Notes](https://discourse.chef.io/t/chef-infra-client-15-4-45-released/16081) for a complete list of the new and improved functionality. ### Chef InSpec Chef InSpec has been updated from 4.16 to 4.18 with the following changes: #### New Features - We have released our beta Chef InSpec plug-in for HashiCorp Vault. Check it out in our [inspec-vault GitHub repo](https://github.com/inspec/inspec-vault) and let us know what you think -- or better yet, start jumping in and contributing with us on it. - Waivers, our new beta feature, was added to Chef InSpec! Waivers allows you to better manage compliance failures. We would love to hear your feedback on this! See the [InSpec Waivers documentation](https://www.inspec.io/docs/reference/waivers/) for more details. #### Improvements - The `interface` resource now has a name property. - Expanded `user` resource to include the passwordage, maxbadpasswords, and badpasswordattempts properties with Windows. - The `sys_info` resource now supports ip_address, fqdn, domain, and short options when giving a version of the hostname. - Sped up initial load/response time for all commands by removing pre-leading of resources on invocation of inspec. - If an error occurs when using the `json` resource with a command source, you will now get the error message from STDERR returned in the report. - We improved the formatting of the usage help, so what you see when you type `inspec exec --help` should look better! ### Cookstyle Cookstyle has been updated from 5.6.2 to 5.9.3, which includes 13 new Chef cops, improved detection in existing cops, and improved autocorrection. See the [Cookstyle 5.7, 5.8, and 5.9 release notes](https://github.com/chef/cookstyle/blob/master/RELEASE_NOTES.md) for additional information on the new cops. ### knife-google knife-google was updated from 3.3.7 to 4.2.0 with support for bootstrapping nodes with Chef Infra Client 15 and adding multiple local SSD interfaces to a new instance. ### knife-vsphere knife-vsphere was updated from 4.0.1 to 4.0.3, which resolves a bug in determining the state of instances. ### knife-vcenter knife-vcenter was updated from 2.0.3 to 2.0.6 to fix vm clone operations. ### kitchen-digitalocean kitchen-digital has been updated from 0.10.4 to 0.10.5 to add Debian-10 and FreeBSD-12 image aliases. ## Security Updates ### Ruby Ruby has been updated from 2.6.4 to 2.6.5 in order to resolve the following CVEs: - [CVE-2019-16255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255): A code injection vulnerability of Shell#[] and Shell#test - [CVE-2019-16254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254): HTTP response splitting in WEBrick (Additional fix) - [CVE-2019-15845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845): A NUL injection vulnerability of File.fnmatch and File.fnmatch? - [CVE-2019-16201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16201): Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication