## End User License Agreement We've updated the Chef End User License Agreement (EULA). The terms of the EULA are the same as they were before, but we've created three licensing tiers: Free, Trial, and Commercial. The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time. The Trial tier allows trial users to scan unlimited targets for 30 days. The Commercial tier gives users the features and benefits that come with the subscription they've purchased. Contact [Chef Support](https://community.progress.com/s/products/chef) for more information. ## Security Updates Updates in this release provide fixes for the following CVE(s): - CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile (#[6720](https://github.com/inspec/inspec/pull/6720)) ## Bug Fixes - Fixed resolving dependent profiles so that it works regardless of what version scheme you use for version pinning, not just semver (#[6471](https://github.com/inspec/inspec/pull/6471)) - Fixed the `service` resource to prevent negative status from crashing launchd resource ([#6751](https://github.com/inspec/inspec/pull/6751)) - Fixed the `inspec exec` command so that it can fetch a profile from a repository that isn't managed with Git and doesn't have a `.git` directory. ([#6750](https://github.com/inspec/inspec/pull/6750)) - Fixed the `inspec json` command so that inputs specified in an `inspec.yml` file are included in the output JSON file. ([#6059](https://github.com/inspec/inspec/pull/6059)) - Fixed an issue where a profile that includes different versions of a dependency would only list one of the versions in the reporter output. ([#6163](https://github.com/inspec/inspec/pull/6163)) ### InSpec resources - Fixed the `mongodb_session` resource to log the info level instead of the debug level in profile run results. ([#6752](https://github.com/inspec/inspec/pull/6752)) - Fixed a bug with the `service` resource when run on Amazon Linux 2022 where InSpec would try to run initctl instead of systemd. ([#6017](https://github.com/inspec/inspec/pull/6017)) - Fixed the `processes` resource to consider processes without paths on Windows. ([#6130](https://github.com/inspec/inspec/pull/6130)) ## Backward Incompatibilities - Upgraded to Ruby 3.1 and removed Ruby 2.7, which is EOL. ([#6713](https://github.com/inspec/inspec/pull/6713))