## Bug Fixes ### Knife - Resolved failures running `knife ssh` on hosts that require a PTY with a new `--pty` flag. - Resolved `knife bootstrap` of Windows nodes from Chef Workstation on Linux/macOS incorrectly setting the file cache config. - Resolved `knife bootstrap` of Linux nodes from Chef Workstation on macOS creating a `/Users` directory. ## Updated Components ### InSpec 4.38.9 InSpec has been updated from 4.38.3 to 4.38.9: #### New Features - The mssql_session resource now allows named connections by no longer forcing a port. - The PostgreSQL resources (postgres_session, postgres_conf, postgres_hba_conf, and postgres_ident_conf) now work with Windows. #### Bug Fixes - Fixed a bug where the year in an expiration date was misinterpreted in waiver files. ### Chef Infra Client 17.3.48 Chef Infra Client has been updated from 17.2.29 to 17.3.48. This new release includes large improvements to Policyfiles, 9 new built-in resources, and initial support for fetching secrets from AWS Secrets Manager and Azure Key Vault. See the [17.3 release notes](https://docs.chef.io/release_notes_client/#whats-new-in-173) for more information. ### Habitat 1.6.351 Habitat has been updated from 1.6.319 to 1.6.351 with updated internal libraries. ## Security ### Addressable We've updated the addressable gem from 2.7 to 2.8 to resolve [CVE-2021-32740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32740). ### Ruby We've upgraded Ruby from 3.0.1 to 3.0.2. This upgrade resolves bugs and also resolves the following CVEs: - [CVE-2021-31810](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31810) - [CVE-2021-32066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32066) - [CVE-2021-31799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31799) ### curl We've updated the bundled curl CLI from 7.76 to 7.77 to resolve the following CVEs: - [CVE-2021-22901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901) - [CVE-2021-22898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898) - [CVE-2021-22897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897)