Chef 14.11.21 Released!


Hey Everyone,

We're happy to announce the release of Chef v14.11.21! This release includes updated resources, a new InSpec release, as well as security updates for the libraries we bundle with Chef.

Updated Resources


The chocolatey_package resource now uses the provided options to fetch information on available packages, which allows installation packages from private sources. Thanks @astoltz for reporting this issue.


The openssl_dhparam resource now supports updating the dhparam file's mode on subsequent chef-client runs. Thanks @anewb for the initial work on this fix.


The mount resource now properly adds a blank line between entries in fstab to prevent mount failures on AIX.


The windows_certificate resource now supports importing Base64 encoded CER certificates and nested P7B certificates. Additionally, private keys in PFX certificates are now imported along with the certificate.


The windows_share resource has improved logic to compare the desired share path vs. the current path, which prevents the resource from incorrectly converging during each Chef run. Thanks @Xorima for this fix.


The windows_task resource now properly clears out arguments that are no longer present when updating a task. Thanks @nmcspadden for reporting this.

InSpec 3.7.1

InSpec has been updated from 3.4.1 to 3.7.1. This new release contains improvements to the plugin system, a new config file system, and improvements to multiple resources. Additionally, profile attributes have also been renamed to inputs to prevent confusion with Chef attributes, which weren't actually related in any way.

Updated Components

  • bundler 1.16.1 -> 1.17.3
  • libxml2 2.9.7 -> 2.9.9
  • ca-certs updated to 2019-01-22 for new roots

Security Updates


OpenSSL has been updated to 1.0.2r in order to resolve CVE-2019-1559


RubyGems has been updated to 2.7.9 in order to resolve the following CVEs:

  • CVE-2019-8320: Delete directory using symlink when decompressing tar
  • CVE-2019-8321: Escape sequence injection vulnerability in verbose
  • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
  • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  • CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
  • CVE-2019-8325: Escape sequence injection vulnerability in errors

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command line utility:

$ mixlib-install download chef -v 14.11.21

Alternatively, you can install Chef using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 14.11.21

# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 14.11.21

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 14.11.21



If you're interested in 32-bit ARM builds, I've got 14.11 packages and the process for building them here: