## Security - Updated OpenSSL to 3.0.9 for all platforms except macOS and Windows. - Amazon Linux and Ubuntu now support FIPS on ARM processors. ## Resource Updates ### chef_client_config resource - Fixed the ERB template used to generate `client.rb` files with the chef_client_config resource. When the the `policy_persist_run_list` and `minimal_ohai` properties were set to `false`, the template would return a `NoMethodError`. ([#14255](https://github.com/chef/chef/pull/14255)) ([#14465](https://github.com/chef/chef/pull/14465)) ### chef_client_systemd_timer resource - Added the `service_umask` property to the chef_client_systemd_timer resource. This allows you to define a custom umask for files or directories created by Chef Infra Client. ([#14238](https://github.com/chef/chef/pull/14238)) ### chocolatey_package resource - Fixed the `use_choco_list` property in the chocolatey_package resource. When set to `false` it was still using `choco list` to return a list of installed chocolatey packages. Thanks [jaymzjulian](https://github.com/jaymzjulian)! ([#14227](https://github.com/chef/chef/pull/14227)) - Fixed the chocolatey_package resource for customers using the licensed version of Chocolatey. Users with the licensed version of Chocolatey who were trying to install `chocolatey.extension` using the chocolatey_package resource would get a license error because chocolatey_package resource would run `choco --version` before installing a package, but Chocolatey requires that `chocolatey.extension` is installed before running that command. ([#14320](https://github.com/chef/chef/pull/14320)) - Fixed the chocolatey_package resource which would return an error when installing or upgrading multiple packages with the same action. Thanks [jaymzjulian](https://github.com/jaymzjulian)! ([#14327](https://github.com/chef/chef/pull/14327)) ### habitat_install resource Fixed the habitat_installer resource so that it correctly uses the system bash to install Chef Habitat instead of another command-line shell. ([#14298](https://github.com/chef/chef/pull/14298)) ### powershell_package resource Added the `allow_clobber` property to the powershell_package resource. This overrides warning messages when installing packages with conflicting commands. Thanks [mikef-nl](https://github.com/mikef-nl)! ([#14382](https://github.com/chef/chef/pull/14382)) ### sysctl resource Updated the `comment` property of the sysctl resource so that property does not define system state. Thanks [drdev](https://github.com/drdev)! ([#14309](https://github.com/chef/chef/pull/14309)) ### windows_service resource Reverted an earlier change to the `description` property in the windows_service resource. This changed returned `NoMethodError` when used with the win32-service Gem. ([#14334](https://github.com/chef/chef/pull/14334)) ### zypper_package resource - Reverted an [earlier change to the zypper_package resource](https://github.com/chef/chef/pull/13691) included in Chef Infra Client 18.3.0. After this change, the zypper_package resource was throwing an error if a package isn't available in a repository, but its capability is provided by another package. For example the systemd-bash-completion package doesn't exist, but its functionality is provided by systemd package. Chef Infra Client now correctly handles valid packages. ([#14408](https://github.com/chef/chef/pull/14408)) ## Improvements - Added the `hyperv?` helper method to check if a node is a Hyper-V guest. ([#14359](https://github.com/chef/chef/pull/14359)) ## Performance improvements - Added a variety of performance improvements thanks to [dafyddcrosby](https://github.com/dafyddcrosby). ## Bug fixes - Removed the EOL warning for Chef Infra Client 18 because there is no longer a specific timeline for major version releases. ([#14366](https://github.com/chef/chef/pull/14366)) - Replaced the hardcoded Chef trademark with the distribution name in deprecation warnings. ([#14279](https://github.com/chef/chef/pull/14279)) - Client now uses the correct log level using `log_level` in the Credentials file or config.rb file and `verbose_logging` isn't set. Previously it would use `warn` if `verbose_logging` wasn't set and `log_level` was set. ([#14294](https://github.com/chef/chef/pull/14294)) - Fixed a Windows UTF-8 encoding error when retrieving data from the Windows registry. ([#14449](https://github.com/chef/chef/pull/14449)) ([Ruby Patches](https://github.com/chef/omnibus-software/pull/1914)) ## Packaging - We no longer build packages for macOS 10.15. ([#14291](https://github.com/chef/chef/pull/14291)) ## Dependencies - Upgraded Ruby 3.1 from 3.1.2 to 3.1.4. This also upgrades curl to version 8.0.1 and Perl to version 5.36. - Upgraded the vault gem to 0.18.2 [#14423](https://github.com/chef/chef/pull/14423)