Release date: March 31, 2025 ## Security - Updated REXML to 3.4.0 to address CVE-2024-49761. ([#14823](https://github.com/chef/chef/pull/14823)) ## Improvements - Updated `Chef::Util::Powershell::PSCredential` to avoid leaking credentials as plaintext in resources. ([#14897](https://github.com/chef/chef/pull/14897)) - Improved performance when fetching remote cookbooks using `Chef::Cookbook::RemoteFileVendor`. Thanks [@dafyddcrosby](https://github.com/dafyddcrosby)! ([#14829](https://github.com/chef/chef/pull/14829)) ### Resource improvements - In the `apt_repository` resource, we added the `signed_by` property. If set to `true` and a key is supplied, apt_repository uses the key in the Signed-By option to verify the authenticity of packages. If set to a string, apt_repository passes it to the Signed-By option. The default value is `true`. Thanks @[tmccombs](https://github.com/tmccombs)! ([#14131](https://github.com/chef/chef/pull/14131)) - In the `registry_key` resource, we added the `only_record_changes` option, which suppresses the reporting of the current value of sibling values in a registry key. The default value is `true`. ([#14883](https://github.com/chef/chef/pull/14883)) - In the `dnf_package` resource, we fixed the `:remove` action in cases where a package is version locked. Previously, `:remove` would attempt to uninstall the package manager if the specified package is version locked. Thanks [@vmagro](https://github.com/vmagro)! ([#14821](https://github.com/chef/chef/pull/14821)) ### Licensing - We updated the Chef licensing warning message with more information. ([#14795](https://github.com/chef/chef/pull/14795)) ### Compliance phase - Updated Chef Inspec to v5.22.72. ([#14841](https://github.com/chef/chef/pull/14841)) - The `quiet` attribute in Compliance Phase now correctly suppresses CLI output when set to `true`. ([#14817](https://github.com/chef/chef/pull/14817)) ## Bug Fixes - We fixed an error where the Windows Chef Infra Client Habitat package stated that Microsoft Visual C++ is missing and is a required dependency. ([#14906](https://github.com/chef/chef/pull/14906)) - We fixed a licensing issue when running `knife bootstrap` in air-gapped environments. If a Chef Local Licensing Service or license isn't set, it would attempt to connect to Chef's licensing server and return an error instead of a warning. ([#14777](https://github.com/chef/chef/pull/14777)) - We fixed a "No such file or directory" error when Chef Infra Client is installed as a gem on Windows. ([#14780](https://github.com/chef/chef/pull/14780)) ## Packages - We no longer build packages for macOS 11 Big Sur. ([#14782](https://github.com/chef/chef/pull/14782)) ## Dependency updates - Pinned `mixlib-log` to >= 2.0.3, <= 3.1.1. ([#14905](https://github.com/chef/chef/pull/14905)) - Updated Chef Zero to 15.0.17. ([#14904](https://github.com/chef/chef/pull/14904)) - Updated Chef Foundation to v3.2.15. ([#14907](https://github.com/chef/chef/pull/14907)) - Removed the RDoc pin for ~> 6.4.1 since Ruby 3.1.6 already has the updated version. ([#14857](https://github.com/chef/chef/pull/14857)) - Updated Train-WinRM to ~> 0.2.17. ([#14842](https://github.com/chef/chef/pull/14842)) - Limit `ffi` gem to be no later than 1.17.0. ([#14809](https://github.com/chef/chef/pull/14809)) ### Bundled dependencies - Bundled `ohai` updated from `18.2.4` to `18.2.5`. - Bundled `ffi (~> 1.9)` replaced with `ffi (~> 1.9, <= 1.17.0)`. - Bundled `activesupport (7.0.8.7)`. - Bundled `aws-partitions` updated from `1.981.0` to `1.1048.0`. - Bundled `aws-sdk-core` updated from `3.209.1` to `3.218.1`. - Bundled `aws-sdk-kms` updated from `1.94.0` to `1.98.0`. - Bundled `aws-sdk-s3` updated from `1.166.0` to `1.180.0`. - Bundled `aws-sdk-secretsmanager` updated from `1.108.0` to `1.112.0`. - Bundled `aws-sigv4` updated from `1.10.0` to `1.11.0`. - Bundled `bigdecimal` updated from `3.1.8` to `3.1.9`. - Bundled `gyoku (1.4.0)` replaced with `chef-gyoku (1.4.1)`. - Bundled `chef-zero` updated from `15.0.11` to `15.0.17`. - Bundled `winrm (2.3.9)` replaced with `chef-winrm (2.3.11)`. - Bundled `winrm-elevated (1.2.3)` replaced with `chef-winrm-elevated (1.2.5)`. - Bundled `winrm-fs (1.3.5)` replaced with `chef-winrm-fs (1.3.7)`. - Bundled `cheffish` updated from `17.1.7` to `17.1.8`. - Bundled `concurrent-ruby` updated from `1.3.4` to `1.3.5`. - Bundled `date` updated from `3.3.4` to `3.4.1`. - Bundled `erubi` updated from `1.13.0` to `1.13.1`. - Bundled `faraday` updated from `2.12.0` to `2.12.2`. - Bundled `faraday-net_http` updated from `3.3.0` to `3.4.0`. - Bundled `http-cookie` updated from `1.0.7` to `1.0.8`. - Bundled `i18n (1.14.7)`. - Bundled `inspec-core` updated from `5.22.58` to `5.22.72`. - Bundled `inspec-core-bin` updated from `5.22.58` to `5.22.72`. - Bundled `json` updated from `2.7.2` to `2.10.0`. - Bundled `mime-types` updated from `3.5.2` to `3.6.0`. - Bundled `mime-types-data` updated from `3.2024.0903` to `3.2025.0204`. - Bundled `mime-types` updated from `3.5.2` to `3.6.0`. - Bundled `minitest (5.25.5)`. - Bundled `mixlib-log` updated from `3.0.9` to `3.1.1`. - Bundled `mixlib-shellout` updated from `3.2.8` to `3.3.6`. - Bundled `net-ftp` updated from `0.3.7` to `0.3.8`. - Bundled `net-http` updated from `0.4.1` to `0.6.0`. - Bundled `net-scp` updated from `4.0.0` to `4.1.0`. - Bundled `net-ssh` updated from `7.2.3` to `7.3.0`. - Bundled `nori` updated from `2.7.1` to `2.7.0`. - Bundled `parser` updated from `3.3.5.0` to `3.3.7.1`. - Bundled `plist` updated from `3.7.1` to `3.7.2`. - Bundled `rack` updated from `2.2.9` to `3.1.12`. - Removed `psych (4.0.2)`. - Bundled `regexp_parser (2.10.0)`. - Bundled `rspec-its` updated from `1.3.0` to `1.3.1`. - Bundled `rubocop-ast` updated from `1.32.3` to `1.38.0`. - Bundled `rubyzip` updated from `2.3.2` to `2.4.1`. - Bundled `rubyzip` updated from `2.3.2` to `2.4.1`. - Removed `stringio (3.0.1.1)`. - Bundled `time` updated from `0.4.0` to `0.4.1`. - Bundled `timeout` updated from `0.4.1` to `0.4.3`. - Bundled `train-winrm` updated from `0.2.13` to `0.2.17`. - Bundled `tzinfo (2.0.6)`. - Bundled `uri` updated from `0.13.1` to `1.0.2`. - Bundled `webmock` updated from `3.23.1` to `3.25.0`. - Bundled `webrick` updated from `1.8.2` to `1.9.1`.