## Improvements - Replaced the previous Chef Workstation logo and icons with the new Progress Chef logo and updated the copyright date. - Improved performance of `chef` CLI commands when using multiple cookbooks stored in Git repositories. Thanks [adsr](https://github.com/adsr)! ([#223](https://github.com/chef/chef-cli/pull/223)) ## Components ### Chef Infra Client Updated Chef Infra Client from 18.2.7 to 18.3.0. See the [Chef Infra Client release notes](https://docs.chef.io/release_notes_client/) for a full list of improvements and features. ### Chef InSpec Updated Chef InSpec from 5.22.3 to 5.22.36. This update overhauls the `inspec check` and `inspec export` commands to improve security and addresses [CVE-2023-42658](https://www.cvedetails.com/cve/CVE-2023-42658/). See the [InSpec release notes](https://docs.chef.io/release_notes_inspec/) for more information. ### knife-vshpere Updated knife-vsphere to [v5.2.0](https://github.com/chef/knife-vsphere/blob/main/CHANGELOG.md#v520-2023-11-06) to fix [CVE-2019-17383](https://github.com/advisories/GHSA-49pj-69vf-c689) ### Berkshelf Updated Berkshelf to 8.0.9 which resolves an issue where `berks install` fails due to a cert already being in the hash table. ### Test Kitchen Updated Test Kitchen to [v3.6.0](https://github.com/test-kitchen/test-kitchen/releases/tag/v3.6.0). Updated the following Test Kitchen drivers: - Updated kitchen-azurerm to [v1.13.0](https://github.com/test-kitchen/kitchen-azurerm/pull/264), which adds support for configurable VM prefix. - Updated kitchen-digitalocean to [v0.16.0](https://github.com/test-kitchen/kitchen-digitalocean/blob/main/CHANGELOG.md#0160-2023-11-27), which exposes api_url of droplet_kit client as an environment variable. Thanks [biox](https://github.com/biox)! - Updated kitchen-dokken to [v2.20.3](https://github.com/test-kitchen/kitchen-dokken/blob/main/CHANGELOG.md#2203-2023-11-28) - Updated kitchen-google to [v2.5.0](https://github.com/test-kitchen/kitchen-google/blob/main/CHANGELOG.md#250-2023-11-28), which adds support for guest accelerator(s) configuration. Thanks [estedev](https://github.com/estedev)! - Updated kitchen-hyperv to [v0.10.0](https://github.com/test-kitchen/kitchen-hyperv/blob/main/CHANGELOG.md#0100-2023-11-27). - Updated kitchen-vra to [v3.3.2](https://github.com/test-kitchen/kitchen-vra/pull/66), which adds support for unique naming configuration for the deployments. Thanks [Rupesh0688](https://github.com/Rupesh0688)! ## Bug Fixes - Fixed an issue with bundling the win32-security gem on Windows. - Fixed an installation issue with the ruby-shadow gem. - Fixed an error when installing Chef Workstation on D drive. ## Security ### Go Updated Go from 1.19.5 to 1.21.3. ### OpenSSL Updated OpenSSL to 3.0.11. ### Git Updated Git from 2.34.1 to 2.39.3, which resolves the following CVEs: - [CVE-2023-29007](https://www.cvedetails.com/cve/CVE-2023-29007/) - [CVE-2023-25652](https://www.cvedetails.com/cve/CVE-2023-25652/) - [CVE-2023-23946](https://www.cvedetails.com/cve/CVE-2023-23946/) - [CVE-2022-41953](https://www.cvedetails.com/cve/CVE-2022-41953/) - [CVE-2022-41903](https://www.cvedetails.com/cve/CVE-2022-41903/) - [CVE-2022-39260](https://www.cvedetails.com/cve/CVE-2022-39260/) - [CVE-2022-24975](https://www.cvedetails.com/cve/CVE-2022-24975/) - [CVE-2022-24765](https://www.cvedetails.com/cve/CVE-2022-24765/) - [CVE-2022-23521](https://www.cvedetails.com/cve/CVE-2022-23521/) - [CVE-2023-38545](https://www.cvedetails.com/cve/CVE-2023-38545/) ### curl Updated curl from 7.85.0 to 8.4.0 to resolve the following CVEs: - [CVE-2022-32221](https://www.cvedetails.com/cve/CVE-2022-32221/) - [CVE-2022-42915](https://www.cvedetails.com/cve/CVE-2022-42915/) - [CVE-2022-42916](https://www.cvedetails.com/cve/CVE-2022-42916/) - [CVE-2022-43551](https://www.cvedetails.com/cve/CVE-2022-43551/) - [CVE-2023-23914](https://www.cvedetails.com/cve/CVE-2023-23914/) - [CVE-2023-27533](https://www.cvedetails.com/cve/CVE-2023-27533/) - [CVE-2023-27534](https://www.cvedetails.com/cve/CVE-2023-27534/) - [CVE-2023-28319](https://www.cvedetails.com/cve/CVE-2023-28319/) - [CVE-2023-38039](https://www.cvedetails.com/cve/CVE-2023-38039/) ### libarchieve Updated libarchieve from 3.5.2 to 3.6.2 to resolve the following CVE: - [CVE-2022-36227](https://www.cvedetails.com/cve/CVE-2022-36227/) ### libxml2 Updated libxml2 from 2.9.13 to 2.10.4 to resolve the following CVEs: - [CVE-2022-40303](https://www.cvedetails.com/cve/CVE-2022-40303/) - [CVE-2022-40304](https://www.cvedetails.com/cve/CVE-2022-40304/) ### ncurses Updated ncureses from 6.3 to 5.6 to resolve the following CVEs: - [CVE-2023-29491](https://www.cvedetails.com/cve/CVE-2023-29491/) - [CVE-2022-29458](https://www.cvedetails.com/cve/CVE-2022-29458/) ### zlib Updated zlib from 1.2.11 to 1.3 to resolve the following CVEs: - [CVE-2023-45853](https://www.cvedetails.com/cve/CVE-2023-45853/) - [CVE-2022-37434](https://www.cvedetails.com/cve/CVE-2022-37434/) - [CVE-2018-25032](https://www.cvedetails.com/cve/CVE-2018-25032/)