## New features ### Kitchen OpenStack Chef Workstation now ships with Kitchen OpenStack so you can test your Chef Infra cookbooks using instances in OpenStack clouds. See the [Kitchen Openstack GitHub repo](https://github.com/test-kitchen/kitchen-openstack) for usage information. Thanks [@ramereth](https://github.com/ramereth) for all the work getting this driver ready to ship in Workstation. ### Ubuntu 20.04 Packages Chef Workstation packages are now created for Ubuntu 20.04! See the Workstation Downloads Page for a complete list of platforms we produce packages for. ## Updated Components ### Chef Infra Client 15.10 Chef Infra Client has been updated from 15.8 to 15.10 which includes improvements to resources, additional cookbook helpers, and critical bug fixes for bootstrapping nodes using `knife bootstrap` and SSHing to nodes with `ed25519` keys from Windows hosts. For a complete list of changes, see the [Chef Infra Client 15.10 release notes](https://docs.chef.io/release_notes/#whats-new-in-1510) ### Cookstyle 6.3 Cookstyle has been updated from 5.22 to 6.3. This new release includes an updated RuboCop engine which includes a large number of autocorrection improvements and bug fixes, plus compatibility with Ruby 2.7. Cookstyle also ships with a large number of autocorrection improvements and 18 new Chef Infra cops. Included in the new cops are cops to get your cookbooks ready for Chef Infra Client 16. Note: The updated RuboCop engine has renamed many of the out-of-the-box Ruby cops which may require updating cop names in your .rubocop.yml config. Additionally, this release will now fail Cookstyle runs if any of the `ChefDeprecations` department cops that shipped at the time of Cookstyle 5.22 alert. Any new cops we add will be added at the warning level until Cookstyle 7.0 ships. This gives you time to update your cookbooks using the latest Cookstyle releases without immediately failing CI builds. ### Fauxhai 8.1 Fauxhai has been updated from 7.6 to 8.1. Fauxhai is the engine that provides ChefSpec with mocked Ohai data, allowing you to writes ChefSpecs for multiple platforms. This release updates all of the mocked Ohai data to be generated with Chef Infra Client 16. It also updates the list of platforms that are included in the mocked data. We've added new platforms and removed deprecated platforms that have generated warnings for the last year. To avoid deprecation warnings in your ChefSpecs in the future, you can avoid specifying the minor versions of releases and instead let ChefSpec choose the latest platform for you. For example, instead of specifying `platform: 'centos', version: '7.7.1908'` you can instead set `platform: 'centos'` or `platform: 'centos', version: '7'`. #### New Platforms * Ubuntu 20.04 * openSUSE 15.1 * Raspbian 10 * Fedora 31 * Redhat 7.7 * CentOS 7.7.1908 #### Removed Platforms * Raspbian 8.0 * Debian 9.2 / 9.3 / 9.4 / 9.5 / 9.6 * Fedora 26/27/28 * FreeBSD 10.4 * macOS 10.11 / 10.12 * openSUSE 42.2 / 42.3 * CentOS 6.8 / 7.3.1611 / 7.4.1708 * Debian 7.11 * FreeBSD 10.4 * Oracle Linux 6.8 / 7.3 / 7.4 * Redhat 6.8 / 7.3 * SUSE 11.4 / 12.1 / 12.2 * Ubuntu 17.10 ### Chef InSpec 4.18.111 Chef InSpec has been updated from 4.18.100 to 4.18.108. This update includes the following fixes and improvements: * Resolved a regression that prevented the `service` resource from working correctly on Windows. Thanks [@Axuba](https://github.com/Axuba) * Implemented VMware and Hyper-V detection on Linux systems * Implemented VMware, Hyper-V, Virtualbox, KVM and Xen detection on Windows systems * Added helpers `virtual_system?` and `physical_system?`. Thanks [@tecracer-theinen](https://github.com/tecracer-theinen) ### Chef CLI The Chef CLI has been updated from 2.0 to 2.0.10. This fixes `chef update` to properly add cookbooks from `include_policies` to the PolicyFile lockfile. This release also supports new Chef Infra 16 YAML recipes in the `chef install` command. ### Test Kitchen Test Kitchen itself has been updated to from 2.4.0 to 2.5.0. This release includes support for Ohai plugins stored in the `ohai` directory of cookbooks and also resolves failures using the PowerShell provisioner. Thanks [@SAPDanJoe](https://github.com/SAPDanJoe) and [@alanghartJC](https://github.com/alanghartJC) for these improvements. #### Kitchen AzureRM The Kitchen AzureRM driver was updated from 0.15.1 to 1.0. This release fixes several failures from running the Kitchen Azurerm driver. It also includes support for Azure Marketplace plans and Managed Service Identity (MSI). Thanks [@jasonwbarnett](https://github.com/jasonwbarnett), [@zanecodes](https://github.com/zanecodes), [@albertvaka](https://github.com/albertvaka), and [@KSerrania](https://github.com/KSerrania) for these improvements. #### Kitchen Hyper-V The Kitchen Hyper-V driver has been updated from 0.5.3 to 0.5.4 which resolves failures from getting the default VM Switch if there were spaces in the name. Thanks [@kdoores](http://github.com/kdoores) for this improvement. #### Kitchen DigitalOcean The Kitchen DigitalOcean driver has been updated from 0.10.5 to 0.10.6. This release adds slugs for RHEL 8 / Fedora 31 support and updates the default instance memory size to 1GB. Thanks [@zmaupin](https://github.com/zmaupin) and [@tolland](https://github.com/tolland) for these improvements. #### Kitchen EC2 The Kitchen EC2 driver has been updated from 3.3 to 3.5. This release lets the driver cleanly exit if the test instance was destroyed outside of the Test Kitchen run, either by automation or in the console. Test Kitchen will also now select the subnet with the most available IPs to better distribute systems across multiple Availability Zones. Thanks [@bdwyertech](http://github.com/bdwyertech) and [@kamaradclimber](http://github.com/kamaradclimber) for these improvements. #### Kitchen InSpec The Kitchen InSpec verifier has been updated to allow setting Chef InSpec plugins for use during the verification. This new functionality can be enabled by adding `load_plugins: true` to your InSpec verifier config. Thanks [@tecracer-theinen](https://github.com/tecracer-theinen) for this improvement. #### Kitchen vCenter The Kitchen vCenter driver has been updated from 2.6.4 to 2.7.0 which adds the ability to define transformations for VM IPs that are used in 1:1 NAT environments. This release also includes improved fallback for DC lookups to use methods that may work with less privileged users. Thanks [@tecracer-theinen](https://github.com/tecracer-theinen) and [@jasonwbarnett](https://github.com/jasonwbarnett) for these improvements. #### Kitchen Dokken The Kitchen Dokken driver has been updated from 2.8.1 to 2.9.0. This release adds a new provisioning configuration, `clean_dokken_sandbox`, that does not require cleaning the Chef Infra and Test Kitchen files between converges. This configuration will speed up repeatedly converging systems. This defaults to `true` which maintains the existing behavior. Thanks [@chrisUsick](https://github.com/chrisUsick) ### Knife Plugins #### Knife Tidy Knife Tidy has been updated from 2.0.9 to 2.0.12 which provides compatibility with Chef Infra Client 15 and improves error handling in JSON parsing. #### Knife Azure Knife Azure was updated from 2.0.13 to 2.0.17 which resolves issues from loading plugin requirements. #### Knife EC2 Knife EC2 has been updated from 1.0.32 to 1.0.36. This update resolves failures from bootstrapping nodes in classic EC2 and avoids attempting to bootstrap nodes using private DNS which may not be accessible from the node running the bootstrap command. ## Security Updates ### Git Git was updated from 2.24.1 to 2.26.2 to resolves the following CVEs: - [CVE-2020-5260](https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-5260/): Heap exposure vulnerability in the socket library - [CVE-2020-11008](https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-11008/): Heap exposure vulnerability in the socket library ### libarchive libarchive was updated from 3.4.0 to 3.4.2 to resolve the following CVEs: - [CVE-2019-19221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19221): archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call - [CVE-2020-9308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308): archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header ### Ruby Ruby was updated from 2.6.5 to 2.6.6 to resolve the following CVEs: - [CVE-2020-16255](https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/): Unsafe Object Creation Vulnerability in JSON (Additional fix) - [CVE-2020-10933](https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/): Heap exposure vulnerability in the socket library