Release Date: 18 December, 2024. ## Components - Updated Chef Infra Client from v18.5.0 to v18.6.2 and Knife from v18.5.0 to v18.6.2. See the [Chef Infra Client release notes](https://docs.chef.io/release_notes_client/#18.6.2) for a full list of improvements and features. - Updated Chef InSpec from v5.22.55 to v5.22.65. See the [InSpec release notes](https://docs.chef.io/release_notes_inspec/#5.22.65) for more information. - Updated kitchen-dokken to v2.20.7. ## Improvements - Updated the chef-cli gem from v5.6.14 to v5.6.16 so users can connect to JFrog Artifactory with an access token. ([#239](https://github.com/chef/chef-cli/pull/239)) ### Licensing These changes prepare users for new license requirements in Chef Infra Client 19. ([#14669](https://github.com/chef/chef/pull/14669)) The knife bootstrap command now validates your license key and downloads from [Chef's new download APIs](https://docs.chef.io/download). If you don't have a license, Knife falls back to the older Omnitruck API and returns a warning to add a license. We added the following commands to manage licenses with Knife: - `knife license` - `knife license list` - `knife license add` See the Chef [licensing documentation](https://docs.chef.io/licensing/) and [download API documentation](https://docs.chef.io/download) for more information. ## Security - Updated OpenSSL from v3.0.12 to v3.0.15 to resolve the following CVEs: - [CVE-2024-5535](https://www.cvedetails.com/cve/CVE-2024-5535/) - [CVE-2024-6119](https://www.cvedetails.com/cve/CVE-2024-6119/) - [CVE-2024-4741](https://www.cvedetails.com/cve/CVE-2024-4741/) - Updated libxml2 from v2.12.5 to v2.12.7 to resolve the following CVE: - [CVE-2024-34459](https://www.cvedetails.com/cve/CVE-2024-34459/) - Updated libarchive from v3.7.4 to v3.7.5 to resolve the following CVEs: - [CVE-2024-37407](https://www.cvedetails.com/cve/CVE-2024-37407/) - [CVE-2024-48957](https://www.cvedetails.com/cve/CVE-2024-48957/) - [CVE-2024-48958](https://www.cvedetails.com/cve/CVE-2024-48958/) - Updated git-windows from v2.41.0 to v2.47.0 to resolve the following CVE: - [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/cve-2023-38545) - Updated ruby and ruby-msys2-devkit from v3.1.2 to v3.1.6 to resolve the following CVE: - [CVE-2023-38545](https://nvd.nist.gov/vuln/detail/cve-2023-38545) - Updated RDoc to v6.4.1.1 to resolve the following CVE: - [CVE-2024-27281](https://nvd.nist.gov/vuln/detail/cve-2024-27281)