## Updated Components ### Chef Infra Client 17.4 Chef Infra Client has been updated from 17.3.48 to 17.4.38. This new release includes a large number of improvements to the Infra Client Compliance Phase, simplifies fetching secrets with the `secrets` helper, and improves a large number of built-in resources. For a complete list of everything new in this release, see the [Chef Infra Client 17.4 Release Notes](https://docs.chef.io/release_notes_client/#whats-new-in-174) ### InSpec 4.41.20 Chef InSpec has been updated from 4.38.9 to 4.41.20 with the following enhancements: - Updated the git fetcher to handle profiles that have a default git branch that is not `master`. - Added support for Alibaba Cloud Linux 3 to the Chef InSpec service resource. - Replaced the WMI command-line (WMIC) utility in the Chef InSpec security_identifier resource with Common Information Model (CIM) cmdlets as the WMIC utility will be deprecated soon. - Adjusted the exit code to Normal when attempting to install a plugin that is already installed. - Added new Open Policy Agent resources opa_cli and opa_api. - Added new mongodb_session resource. - The mssql_session resource now allows named connections by no longer forcing a port. - The PostgreSQL resources (postgres_session, postgres_conf, postgres_hba_conf, and postgres_ident_conf) now work with Windows. - Fixed a bug where the year in an expiration date was misinterpreted in waiver files. - Fixed range-based filtering in filter tables. - Fixed an issue in the Chef InSpec apache_conf resource when the ServerRoot is not specified in the Apache configuration file. - Fixed an issue when testing files with `chef exec` where the `--insecure` flag doesn't bypass SSL verification when downloading profiles over HTTPS. - Fixed the `inspec --chef-license=accept` invocation to only show the license acceptance message and not show the InSpec CLI help command output. - Fixed an error in the Chef InSpec postgres_session resource where the resource could not connect to a database. - Fixed an error in the Chef InSpec apache_conf resource where it would overwrite any Apache configurations from the main Apache configuration file with configurations from any included configuration files. - Fixed an error where the Chef InSpec `security_policy` resource returned a comma-separated string of local groups (rather than SIDs) instead of an array. - Fixed a regression related to processing tags in certain formats using the `--tags` CLI option. ### Knife Knife has been updated to 17.4.47 to resolve an error running `knife client create`. Thanks for this fix [@jasonwbarnett](https://github.com/jasonwbarnett)! ### chef-run The chef-run command for ad-hoc execution of Chef Infra Client on remote systems has been updated to support running on Solaris systems. chef-run can now remotely manage Linux, macOS, Windows, and Solaris systems, with AIX support coming soon! ### Cookstyle 7.24.1 Cookstyle has been updated from 7.15.4 to 7.24.1 with an updated RuboCop engine for improved performance as well as 18 new autocorrecting Chef Infra Cops: - Chef/Correctness/MetadataMalformedDepends - Chef/Correctness/PowershellFileExists - Chef/Deprecations/DependsOnChefNginxCookbook - Chef/Deprecations/DependsOnChefReportingCookbook - Chef/Deprecations/DependsOnOmnibusUpdaterCookbook - Chef/Deprecations/DeprecatedSudoActions - Chef/Modernize/ClassEvalActionClass - Chef/Modernize/DependsOnChefVaultCookbook - Chef/Modernize/DependsOnChocolateyCookbooks - Chef/Modernize/DependsOnKernelModuleCookbook - Chef/Modernize/DependsOnLocaleCookbook - Chef/Modernize/DependsOnOpensslCookbook - Chef/Modernize/DependsOnTimezoneLwrpCookbook - Chef/Modernize/DependsOnWindowsFirewallCookbook - Chef/Modernize/UnnecessaryDependsChef15 - Chef/Modernize/UseChefLanguageCloudHelpers - Chef/Modernize/UseChefLanguageEnvHelpers - Chef/Modernize/UseChefLanguageSystemdHelper ### Test Kitchen Several Test Kitchen drivers received important updates to improve their reliability on specific hypervisors and clouds. #### VMware vCenter The Test Kitchen driver for VMware VCenter has been updated to avoid targeting ESXi systems in maintenance mode and to provide better errors when resources are not found or the client lacks permissions on the cluster. Thanks for these improvements [@tecracer-theinen](https://github.com/tecracer-theinen)! #### Microsoft Hyper-V The Test Kitchen driver for Microsoft Hyper-V received updates to allow specifying remote Hyper-V hosts. See the [driver documentation](https://github.com/test-kitchen/kitchen-hyperv#using-remote-hyper-v-servers) for more details on specifying remote hosts. Thanks for this new feature [@tecracer-theinen](https://github.com/tecracer-theinen)! #### HashiCorp Vagrant The Test Kitchen driver for HashiCorp Vagrant has been updated to allow specifying existing VM disk images. Thanks for the initial pull request for this work [@stissot](https://github.com/stissot)! #### Microsoft Azure The Test Kitchen driver for Microsoft Azure has been updated to allow creating Virtual Machines with a maximum volume size of up to 2048GB. Thanks for this improvement [@jasonwbarnett](https://github.com/jasonwbarnett)! ## Security ### OpenSSL 1.1.1l/1.0.2za Updated OpenSSL to 1.1.1l on macOS and 1.0.2za on all other platforms to resolve the following CVEs: - [CVE-2021-3712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712) - [CVE-2021-3711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711) ### libarchive 3.5.2 Updated the libarchive library that powers the archive_file resource from 3.5.1 to 3.5.2 to resolve security vulnerabilities in libarchive's handling of symbolic links. ## Improvements The Chef Workstation CLI command `chef -v` has been optimised to fetch the component version details faster across all platforms.