Release Date: 13 December, 2024. ## Security - Upgraded Ruby and Ruby Devkit for Windows to address CVEs for Perl, CGI, and curl. ([#138](https://github.com/chef/chef-foundation/pull/138)) and ([#1939](https://github.com/chef/omnibus-software/pull/1939)) - Upgraded Rake to address CVE-2020-8130. ([#14604](https://github.com/chef/chef/pull/14604)) - Upgraded Webrick 1.8.1 to 1.8.2 to address CVE-2024-47220. ([#14695](https://github.com/chef/chef/pull/14695)) - Upgrade the RDoc gem to address CVE-2024-27281. ([#14550](https://github.com/chef/chef/pull/14550)) ## Improvements - Updated the homebrew_cask, homebrew_tap, and homebrew_update resources to support ARM processors. ([#14545](https://github.com/chef/chef/pull/14545)) - We added a conditional install of OpenSSL on macOS to prevent conflicts with the built-in version. ([#14584](https://github.com/chef/chef/pull/14584)) - Updated the umask setting to 022 when running Chef Infra Client on hardened systems. Previously, it would default to 077 on hardened systems and had to be manually set to 022. ([#14699](https://github.com/chef/chef/pull/14699)) ### Licensing These changes prepare users for new license requirements in Chef Infra Client 19. ([#14669](https://github.com/chef/chef/pull/14669)) The `knife bootstrap` command now validates your license key and downloads from [Chef's new download APIs](https://docs.chef.io/download). If you don't have a license, Knife falls back to the older Omnitruck API and returns a warning to add a license. We added the following commands to manage licenses with Knife: - `knife license` - `knife license list` - `knife license add` See the Chef [licensing documentation](https://docs.chef.io/licensing/) and [download API documentation](https://docs.chef.io/download) for more information. ### Compliance phase - Updated Chef Inspec to v5.22.58. ([#14622](https://github.com/chef/chef/pull/14622)) ## Bug Fixes - We fixed the `policy_persist_run_list` property in the chef_client_config resource. Previously, users would get a NoMethodError when using that property. ([#14465](https://github.com/chef/chef/pull/14465)) - The windows_user_privilege resource now correctly removes a user with the `:remove` action. Previously, an unresolved SID was left behind, which must be removed by other means. ([#14575](https://github.com/chef/chef/pull/14575)) ## Dependency updates - Updated Ruby to 3.1.6 and OpenSSL to 3.0.9. ([#14627](https://github.com/chef/chef/pull/14627)) - Updated Ohai to 18.2.4. ([#14619](https://github.com/chef/chef/pull/14619)) - Updated license_scout to 1.3.15. ([#14606](https://github.com/chef/chef/pull/14606)) ([#14680](https://github.com/chef/chef/pull/14680)) - Updated Chef Foundation to 3.2.12 ([#14722](https://github.com/chef/chef/pull/14722)) - Updated Train-Core to 3.12.7. ([#14670](https://github.com/chef/chef/pull/14670)) ## Packages - We no longer build packages for Windows Server 2012. ([#14683](https://github.com/chef/chef/pull/14683))