Chef 14.11.21 Released!


#1

Hey Everyone,

We're happy to announce the release of Chef v14.11.21! This release includes updated resources, a new InSpec release, as well as security updates for the libraries we bundle with Chef.

Updated Resources

chocolatey_package

The chocolatey_package resource now uses the provided options to fetch information on available packages, which allows installation packages from private sources. Thanks @astoltz for reporting this issue.

openssl_dhparam

The openssl_dhparam resource now supports updating the dhparam file's mode on subsequent chef-client runs. Thanks @anewb for the initial work on this fix.

mount

The mount resource now properly adds a blank line between entries in fstab to prevent mount failures on AIX.

windows_certificate

The windows_certificate resource now supports importing Base64 encoded CER certificates and nested P7B certificates. Additionally, private keys in PFX certificates are now imported along with the certificate.

windows_share

The windows_share resource has improved logic to compare the desired share path vs. the current path, which prevents the resource from incorrectly converging during each Chef run. Thanks @Xorima for this fix.

windows_task

The windows_task resource now properly clears out arguments that are no longer present when updating a task. Thanks @nmcspadden for reporting this.

InSpec 3.7.1

InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improvements to the plugin system, a new config file system, and improvements to multiple resources. Additionally, profile attributes have also been renamed to inputs to prevent confusion with Chef attributes, which weren't actually related in any way.

Updated Components

  • bundler 1.16.1 -> 1.17.3
  • libxml2 2.9.7 -> 2.9.9
  • ca-certs updated to 2019-01-22 for new roots

Security Updates

OpenSSL

OpenSSL has been updated to 1.0.2r in order to resolve CVE-2019-1559

RubyGems

RubyGems has been updated to 2.7.9 in order to resolve the following CVEs:

  • CVE-2019-8320: Delete directory using symlink when decompressing tar
  • CVE-2019-8321: Escape sequence injection vulnerability in verbose
  • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
  • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  • CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
  • CVE-2019-8325: Escape sequence injection vulnerability in errors

Get the Build

As always, you can download binaries directly from downloads.chef.io or by using the mixlib-install command line utility:

$ mixlib-install download chef -v 14.11.21

Alternatively, you can install Chef using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 14.11.21

# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -project chef -version 14.11.21

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

provisioner:
  product_name: chef
  product_version: 14.11.21

Enjoy,
Tim


#2

If you're interested in 32-bit ARM builds, I've got 14.11 packages and the process for building them here:
https://mattray.github.io/2019/03/08/chef-14-on-arm.html