Release Date: May 27, 2025. ## Components ### Chef Infra Client - Updated Chef Infra Client to v18.7.10. See the [Chef Infra Client release notes](https://docs.chef.io/release_notes_client/) for a full list of improvements and features. ### InSpec - Updated Chef InSpec to v5.22.80. See the [InSpec release notes](https://docs.chef.io/release_notes_inspec/#5.22.80) for more information. ### Knife - Updated Knife to v18.7.9. ### Test Kitchen - Updated Test Kitchen to v3.7.0. ## Security - Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9. - Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE: - [CVE-2025-0725](https://www.cvedetails.com/cve/CVE-2025-0725/) - [CVE-2024-9681](https://www.cvedetails.com/cve/CVE-2024-9681/) - [CVE-2023-46219](https://www.cvedetails.com/cve/CVE-2023-46219/) - [CVE-2023-46218](https://www.cvedetails.com/cve/CVE-2023-46218/) - Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE: - [CVE-2025-27113](https://www.cvedetails.com/cve/CVE-2025-27113/) - [CVE-2025-24928](https://www.cvedetails.com/cve/CVE-2025-24928/) - [CVE-2024-56171](https://www.cvedetails.com/cve/CVE-2024-56171/) - [CVE-2024-40896](https://www.cvedetails.com/cve/CVE-2024-40896/) - Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE: - [CVE-2024-55549](https://nvd.nist.gov/vuln/detail/CVE-2024-55549) - [CVE-2025-24855](https://nvd.nist.gov/vuln/detail/cve-2025-24855) - Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE: - [CVE-2024-48615](https://www.cvedetails.com/cve/CVE-2024-48615/) - Updated REXML to v3.4.1 to address [CVE-2024-49761](https://nvd.nist.gov/vuln/detail/CVE-2024-49761) - Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life. We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts: - Berkshelf was updated from v8.0.9 to v8.0.22. - Chef CLI was updated from v5.6.16 to v5.6.21. - Ohai was updated from v18.1.18 to v18.2.6. - Fauxhai was updated from v9.3.16 to v9.3.26. - Chef Vault was updated from v4.1.11 to v4.1.23. ## Bug Fixes - Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife. - Resolved unexpected kitchen doctor errors appearing during kitchen test runs. - Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19. - Resolved Windows pipeline failures in the chef-vault repository during verification steps. ## Packaging - We no longer build packages for macOS 11 Big Sur. - We now build packages for macOS 13 and 14 on aarch64.