## Compliance Phase Improvements ### CLI Output Chef Infra Client will now always show the Compliance Phase output on the CLI when run. ### Interval Runs You can now run the Compliance Phase at less frequent intervals than the main Chef Infra Client Infra Phase. This is helpful if compliance scans impact the system performance and are only necessary on a less frequent cadence. To enable interval runs, set the following attributes: * `node['audit']['interval']['enabled']`: Set to true to enable interval runs. * `node['audit']['interval']['time']`: The time in minutes between Compliance Phase execution. This defaults to 1440 (once a day). ### InSpec 4.50.3 Chef InSpec has been updated from 4.49.0 to 4.50.3 which adds Windows support to the http resource. ## Resource Updates ### All Resources Updated the `umask` common property to accept both Strings and Integers, restoring pre-Chef Infra Client 17 behavior on several resources. ### chef_client_launchd Updated the `chef_client_launchd` resource to properly handle restarting the Chef Infra Client service when a configuration change is made. ### chef_gem Updated the `chef_gem` resource with significant performance improvements, especially on Windows hosts. ### dnf_package The `dnf_package` resource now supports the `allow_downgrade` property. This removes the previous deprecation warning when using the `allow_downgrade` property with `dnf_package`. ### dpkg_package The `dpkg_package` resource now properly compares versions with the `:upgrade` action to prevent package installation on each Chef Infra Client run. ### macos_userdefaults Updated the `macos_userdefaults` resource to resolve failures from coercing certain data types in properties. ### mount Updated the `mount` resource to converge idempotently on Linux with loopback mounts. Thanks for reporting this issue [@Blorpy](https://github.com/Blorpy)! ### powershell_package Refactored the `powershell_package` package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed. ### rhsm_register Updated the `rhsm_register` resource with the following new properties for managing how a node is registered with RHSM: - `server_url` - `base_url` - `service_level` - `release` See the [rhsm_register resource documentation](https://docs.chef.io/resources/rhsm_register/) for more information on using these new properties. ### windows_feature_powershell Refactored the `windows_feature_powershell` package to improve performance, especially on subsequent Chef Infra Client runs where no changes need to be performed. ### zypper_package Updated the `zypper_package` resource to prevent failures when removing packages that do not exist on the system or in available Zypper repositories. ## Packaging ### coreutils Dependency Chef Infra Client RPMs now depend on coreutils. This resolves an issue where Chef Infra Client may install before `coreutils` when used in a kickstart script, causing the installation of the chef-client symlink to fail. ### macOS 10.14 Package Removal With the release of macOS 12, our N-2 macOS release policy now includes macOS 12, 11, and 10.15. macOS 10.14 packages will no longer be produced. ## Security ### Ruby 3.0.3 Ruby has been updated from 3.0.2 to 3.0.3 to resolve the following CVEs: - CVE-2021-41817 - CVE-2021-41816 - CVE-2021-41819