Hey Everyone,
We're happy to announce the release of Chef v14.11.21! This release includes updated resources, a new InSpec release, as well as security updates for the libraries we bundle with Chef.
Updated Resources
chocolatey_package
The chocolatey_package resource now uses the provided options to fetch information on available packages, which allows installation packages from private sources. Thanks @astoltz for reporting this issue.
openssl_dhparam
The openssl_dhparam resource now supports updating the dhparam file's mode on subsequent chef-client runs. Thanks @anewb for the initial work on this fix.
mount
The mount resource now properly adds a blank line between entries in fstab to prevent mount failures on AIX.
windows_certificate
The windows_certificate resource now supports importing Base64 encoded CER certificates and nested P7B certificates. Additionally, private keys in PFX certificates are now imported along with the certificate.
windows_share
The windows_share resource has improved logic to compare the desired share path vs. the current path, which prevents the resource from incorrectly converging during each Chef run. Thanks @Xorima for this fix.
windows_task
The windows_task resource now properly clears out arguments that are no longer present when updating a task. Thanks @nmcspadden for reporting this.
InSpec 3.7.1
InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improvements to the plugin system, a new config file system, and improvements to multiple resources. Additionally, profile attributes have also been renamed to inputs to prevent confusion with Chef attributes, which weren't actually related in any way.
Updated Components
- bundler 1.16.1 -> 1.17.3
- libxml2 2.9.7 -> 2.9.9
- ca-certs updated to 2019-01-22 for new roots
Security Updates
OpenSSL
OpenSSL has been updated to 1.0.2r in order to resolve CVE-2019-1559
RubyGems
RubyGems has been updated to 2.7.9 in order to resolve the following CVEs:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
Get the Build
As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command line utility:
$ mixlib-install download chef -v 14.11.21
Alternatively, you can install Chef using one of the following command options:
# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 14.11.21
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 14.11.21
If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:
provisioner:
product_name: chef
product_version: 14.11.21
Enjoy,
Tim