Chef Infra Client 16.4.35 released!

Hey folks,

We have a great new release of Chef Infra Client out with tons of optimizations, security improvements, and critical bug fixes. Be sure to give it a try!

Important Bugfixes

  • We've resolved an issue with knife bootstrap that prevented bootstrapping Windows nodes from a non-Windows workstation
  • Resources that have ignore_failure true set will now report failures to Automate

Resource Updates


The chef_client_systemd_timer resource has been updated to prevent failures running the :remove action.

openssl resource

The various openssl_* resources were refactored to better report the changed state of the resource to Automate or other handlers.


The osx_profile resource has been refactored as a custom resource internally. This update also better reports the changed state of the resource to Automate or other handlers and no longer silently continues if the attempts to shellout fail.


The powershell_package_source resource no longer requires the url property to be set when using the :unregister action. Thanks for this fix @kimbernator!


The powershell_script resource has been refactored to better report the changed state of the resource to Automate or other handlers.


The windows_feature resource has been updated to allow installing features that have been removed if a source location is provided. Thanks for reporting this @stefanwb!


The windows_font resource will no longer fail on newer releases of Windows if a font is already installed. Thanks for reporting this @bmiller08!


The windows_workgroup resource has been updated to treat the password property as a sensitive property. The value of the password property will no longer be shown in logs or handlers.


CA Root Certificates

The included cacerts bundle in Chef Infra Client has been updated to the 7-22-2020 release. This new release removes 4 legacy root certificates and adds 4 additional root certificates.

Reduced Dependencies

We've audited the included dependencies that we ship with Chef Infra Client to reduce the 3rd party code we ship. We've removed many of the embedded binaries that shipped with the client in the past, but were not directly used. We've also reduced the feature set built into many of the libraries that we depend on, and removed several Ruby gem dependencies that were no longer necessary. This reduces the future potential for CVEs in the product and reduces package size at the same time.

Get the Build

As always, you can download binaries directly from or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 16.4.35

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl | sudo bash -s -- -P chef -v 16.4.35

# In Windows Powershell
. { iwr -useb } | iex; install -project chef -version 16.4.35

If you want to give this version a spin in Test Kitchen, create or add the following to your kitchen.yml file:

  product_name: chef
  product_version: 16.4.35