## New features

- Added the sshd_active_config resource, which finds and tests configuration data for the OpenSSH daemon. ([#7070](https://github.com/inspec/inspec/pull/7070))
- Added the ssh_key resource which verifies the following SSH key types: RSA, ECDSA, DSA, and Ed25519. ([#6656](https://github.com/inspec/inspec/pull/6656))
- Added telemetry reporting for free and trial users. ([#6012](https://github.com/inspec/inspec/pull/6012))

## Enhancement

- Added C shell support to the sybase_session resource. ([#7069](https://github.com/inspec/inspec/pull/7069))

## Improvements

- Improved the InSpec Parallel status reporter, which was blinking when reporting the status of a profile with a lot of options. ([#6693](https://github.com/inspec/inspec/pull/6993))
- Updated the output of the `cmp` matcher when a control fails while using a negation such as 'should_not'. ([#6862](https://github.com/inspec/inspec/pull/6862))

  For example, if the value of `key` is `3`, then this fails:
  
  ```ruby
  its(key) { should_not cmp "3" }
  ```
  
  and returns this output:
  
  ```plain
  expected: 3
       got: 3
  ```
  
  The updated output returns:
  
  ```plain
  expected it not to be == "3"
       got: 3
  ```

  Thanks [@Taknok](https://github.com/Taknok)!

## Security improvements

- Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. ([#7078](https://github.com/inspec/inspec/pull/7078))
- Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. ([#7077](https://github.com/inspec/inspec/pull/7077))
- Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. ([#7079](https://github.com/inspec/inspec/pull/7079))

## Bug fixes

- The URL fetcher no longer uses the `git ls-remote` command without the `--symref` option. This was removed due to an incompatibility on Ubuntu 16 and RHEL 7 platforms. ([#7043](https://github.com/inspec/inspec/pull/7043))
- Fixed the `Uninitialized constant Parser::AST::Processor::Mixin` error with the Parser gem dependency. ([#7030](https://github.com/inspec/inspec/pull/7030))
- Fixed an error with the URL fetcher, which failed to work when executing from a directory that's not a Git repository. ([#7023](https://github.com/inspec/inspec/pull/7023))
- Removed the "Unrecognized feature name" warning when executing a profile with a custom InSpec reporter plugin. ([#6988](https://github.com/inspec/inspec/pull/6988))
- Fixed the `virtualization.virtual_system?` helper in the virtualization resource to correctly return `true` if run against a Podman container. ([#6947](https://github.com/inspec/inspec/pull/6947))
- Fixed the streaming reporter so that it captures InSpec scan progress correctly. ([#6912](https://github.com/inspec/inspec/pull/6912))
- Chef InSpec now correctly waives controls when run in Chef Infra Client Compliance Phase. ([#6919](https://github.com/inspec/inspec/pull/6919))
- Removed dependency on the activesupport Gem by removing the `blank?` method. ([#6914](https://github.com/inspec/inspec/pull/6914))
- Fixed the reporter integration used in Chef Infra Client Compliance Phase, which returned an undefined method error. ([#6859](https://github.com/inspec/inspec/pull/6859))