## Security Updates ### OpenSSL 1.0.2w OpenSSL has been updated to 1.0.2w, which includes a fix for [CVE-2020-1968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1968). ### False Positive `chef.exe` Malware Detection Recently we received reports that `chef.exe` was triggering users' anti-virus software. We confirmed that we are shipping the latest security patches that we can and are not shipping malware to users. This is a false positive and we submitted a report as such to Microsoft. They corrected their security definitions and are no longer marking `chef.exe` as malware. If you get errors trying to run the `chef` command in PowerShell or have issues starting the Chef Workstation shell shortcut, most likely Windows Defender already quarantined your `chef.exe` executable. You can either un-quarantine that file or reinstall Chef Workstation to fix this issue. We also submitted a false positive report to McAfee, but have yet to hear back from them. ## Improvements ### Chef Infra Client Chef Infra Client has been updated from 16.4.41 to 16.5.77. This release includes two new resources, updates to 10 existing resources, and the following CLI improvements: * The client license acceptance logic has been improved to provide helpful error messages when an incorrect value is passed and to accept license values in any text case. * A new `chef-client` process exit code of 43 has been added to signal that an invalid configuration was specified. Thanks [@NaomiReeves ](https://github.com/NaomiReeves)! * The `knife vault` commands now output properly formatted text when using `-f json` or `-f yaml` formatters. * The `knife ssh` command no longer hangs when connecting to Windows nodes over SSH. * The `knife config` commands have been renamed to make them shorter and table output has been improved: * `knife config get-profile` -> `knife config use` * `knife config use-profile [NAME]` -> `knife config use [NAME]` * `knife config list-profiles` -> `knife config list` * `knife config get` -> `knife config show` ### Cookstyle Cookstyle has been updated from 6.16.10 to 6.19.5. This release includes eight new Chef Infra cops and twelve new Ruby cops to help you identify deprecations and invalid code in your cookbooks. It also includes several performance and memory usage improvements to speed up Cookstyle scans. ### Chef InSpec InSpec has been updated from 4.22.22 to 4.23.11. This release includes a `--no-diff` CLI option to suppress diff output for textual tests, a `--sort_results_by` CLI option to sort control output, and implements a sensitive mechanism to hide sensitive output. ### knife-opc The `knife-opc` plugin has been updated from 0.4.6 to 0.4.7. This release includes a new `--all-info` flag for use with the `knife opc user list` command. This flag provides additional details on each listed user: ``` antima_gupta: display_name: Antima Gupta email: agupta@example.com first_name: Antima last_name: Gupta pivotal: display_name: Chef Server Superuser email: root@localhost.localdomain first_name: Chef last_name: Server ``` ### kitchen-azurerm The `kitchen-azurerm` plugin has been updated from 1.2.0 to 1.4.0. This release includes multiple bug fixes, as well as a new `use_fqdn_hostname` config option that forces using the instance's FQDN for all communication. ### kitchen-dokken The `kitchen-dokken` plugin has been updated from 2.10.0 to 2.11.0. This release works with newer Docker API releases and resolves Ruby 2.7 compatibility warnings. ### kitchen-ec2 The `kitchen-ec2` plugin has been updated from 3.7.1 to 3.7.2. This release now avoids beta releases of Red Hat when searching for AMIs to converge. ### kitchen-inspec The `kitchen-inspec` plugin has been updated from 2.0.0 to 2.2.1. This release includes the ability to disable input caching in InSpec, as well as a fix for using the `junit` reporter under Test Kitchen. ### kitchen-vcenter The `kitchen-vcenter` gem has been updated from 2.7.12 to 2.8.2. This release includes the ability to enable IP customization using DHCP, as well as minor performance improvements. ## Performance Improvements We made updates to `kitchen-azurerm` and Chef Infra Client, various knife gems to autoload dependencies. This should reduce the startup time of these gems by not trying to load a gazillion files on program startup. If these performance improvements function well, we plan to continue rolling this autoloading pattern to more gems to continue performance improvements. ## Bug Fixes ### Chef CLI The `chef install` command will no longer fail if a `Policyfile.lock.json` file exists, but no `Policyfile.rb` exists. ### Test Kitchen Test Kitchen has been updated from 2.6.0 to 2.7.2. This release fixes a bug when trying to use concurrency. Some plugins did not support concurrency and would raise an exception when run concurrently. Plugins now run concurrently by default, and known non-concurrent ones are being marked as such. In this case that plugin will run serially. For example, the InSpec verifier is not concurrent. If used with the AWS driver (for example) the machines would be created in parallel but verified serially.