## Support for managing Chef EULA required products We have updated the included products to be able to manage remote installations of Chef EULA required products: * Test Kitchen * `chef-run` * `knife bootstrap` ## New Policy File Functionality `include_policy` now supports `:remote` policy files. This new functionality allows you to include policy files over http. Remote policy files require remote cookbooks and `install` will fail otherwise if the included policy file includes cookbooks with paths. Thanks [@mattray](https://github.com/mattray)! ## Security Updates ### Rubygems 2.7.9 Rubygems has been updated from 2.7.8 to 2.7.9 to resolves the following CVEs: - CVE-2019-8320: Delete directory using symlink when decompressing tar - CVE-2019-8321: Escape sequence injection vulnerability in verbose - CVE-2019-8322: Escape sequence injection vulnerability in gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution - CVE-2019-8325: Escape sequence injection vulnerability in errors ### curl 7.65.0 - CVE-2019-5435: Integer overflows in curl_url_set - CVE-2019-5436: tftp: use the current blksize for recvfrom() - CVE-2018-16890: NTLM type-2 out-of-bounds buffer read - CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow - CVE-2019-3823: SMTP end-of-response out-of-bounds read ## Updated Components and Tools ### Chef 14.12.3 ChefDK now ships with Chef 14.13.11. See [Chef 14.14 release notes](https://docs.chef.io/release_notes.html) for more information on what's new. It also updates `knife bootstrap` to support installing and managing Chef Infra Client 15 on remote nodes. See [Accepting the Chef EULA](https://docs.chef.io/chef_license_accept.html#workstation-products) general instructions for accepting the license (command line flag, environment variable or configured in `~/.chef/config.rb`). ### InSpec 3.9.0 ChefDK now ships with InSpec 3.9.0. See [InSpec 3.9.0 release details](https://github.com/inspec/inspec/releases/tag/v3.9.0) for more information on what's new. ### Ruby 2.5.5 Ruby has been updated from 2.5.3 to 2.5.5, which includes a large number of bug fixes. ###Test Kitchen 1.25 Test Kitchen has been updated to 1.25 with backports of many non-breaking Test Kitchen 2.0 features: * Support for accepting the Chef 15 license in Test Kitchen runs. See Accepting the Chef License for usage details. * A new --fail-fast command line flag for use with the concurency flag. With this flag set, Test Kitchen will immediatly fail when any converge fails instead of continuing to test additional instances. * The policyfile_path config option now accepts relative paths. * A new berksfile_path config option allows specifying Berkshelf files in non-standard locations. * Retries are now honored when using SSH proxies ### kitchen-hyperv kitchen-hyperv has been updated to 0.5.3, which now automatically disables snapshots on the VMs and properly waits for the IP to be set. ### kitchen-vagrant kitchen-vagrant has been updated to 1.5.1, which adds support for using the new bento/amazonlinux-2 box when setting the platform to amazonlinux-2. ### kitchen-ec2 kitchen-ec2 has been updated to 2.5.0 with support for Amazon Linux 2.0 image searching using the platform 'amazon2'. This release also adds supports Windows Server 1709 and 1803 image searching. ### kitchen-dokken kitchen-dokken has been updated to 2.7.0: * The Chef Docker image is now pulled by default so that locally cached latest or curent container versions will be compared to those available on DockerHub. See the readme for instructions on reverting to the previous behavior. * User namespace mode can be disabled when running privileged containers with a new userns_host config option. See the readme for details. * You can now disable pulling the platform Docker images for local platform image testing or air gapped testing. See the readme for details. ### knife-vsphere knife-vsphere has been updated to 2.1.3, which adds support for knife's `bootstrap_template` flag and removes the legacy `distro` and `template_file` flags. ### `chef-run` The Chef Apply gem has been updated to 0.2.13, which adds support for installing and managing Chef Infra Client 15 on remote nodes. See [Accepting the Chef EULA](https://docs.chef.io/chef_license_accept.html#workstation-products) general instructions for accepting the license (command line flag or environment variable). Additionally the license can be accepted in the `~/.chef-workstation/config.toml` by adding: ``` [chef] chef_license = "accept" ``` ### Push Jobs Client Push Jobs Client has been updated to 2.5.6, which includes significant optimizations and minor bug fixes. ### Other updates * `openssl`: 1.0.2r -> 1.0.2s (bugfix only release) * `cacerts`: 2019-01-23 -> 2019-05-15 * `kitchen-vagrant`: 1.5.1 -> 1.5.2 * `mixlib-install`: 3.11.12 -> 3.11.18 * `ohai`: 14.8.11 -> 14.8.12