Chef Infra Client 17.10.95 Released!

Chef Release Announcements
1

We are delighted to announce the availability of version 17.10.95 of Chef Infra Client.

Backports

This release backports several features and fixes from Chef Infra Client 18.

Resource Updates

This release backports the following resource updates from Chef Infra Client 18:

  • Added a rubygems_url property to the chef_client_config resource that allows users to specify URI as a source for Ruby gems. This could be an internal mirror of RubyGems for airgapped environments. (#12978)
  • Updated the rhsm_register resource so that it flushes the internal package cache after registering with Red Hat Satellite. (#12909)
  • Updated the chocolatey_package resource to handle changes introduced in Chocolatey CLI v2.0. (#13928)

Security

This release backports the following security updates from Chef Infra Client 18:

  • Fixed an issue where properties with desired_state: false and sensitive: true would report data to the resource reporter. (#13817)
  • Add the ability to set a default secret service and secret service configuration in the Secrets Manager. (#12856)

OpenSSL

Updated OpenSSL to 1.0.2zi (#13911, #14046) to address the following CVEs :

  • CVE-2022-2068
  • CVE-2023-3446
  • CVE-2023-3817
  • CVE-2023-2650
  • CVE-2023-0465
  • CVE-2023-0466
  • CVE-2023-0464
  • CVE-2023-0286
  • CVE-2023-0215
  • CVE-2022-4304

Bug fixes

This release backports the following bug fixes from Chef Infra Client 18:

  • Fixed an issue where a PEM file is not generated when a new user created with knife user create. (#12772)
  • Fixed a performance issue when reading attributes from nodes. (#12743)
  • Fixed missing X-Vault-AWS-IAM-Server-ID header in the Secrets Management Integration helper when using AWS IAM to fetch secrets from HashiCorp Vault. (#12957)
  • Fixed a bug where ChefSpec fails to load Compliance Profiles in Compliance Phase that contain an InSpec profile. (#12872)

Resource fixes

  • Fixed the chef_client_config resource which was rendering duplicate ohai_disabled_plugins and ohai_optional_plugins properties in the client.rb template. (#12826)
  • Fixed the macos_userdefaults resource where the user property was not being used when host property wasn’t passed. This update sets default values for user and host as the current user and any host. (#12825)
  • Fixed the locale resource which was regenerating locales on every Chef Infra run. (#12905)

Windows Certificates

We fixed an issue with private keys that are encrypted in the certificate store on a Windows node that is under management by two or more users or by an admin and the SYSTEM account.
The private key could not be decrypted by a user other than the user that bootstrapped the node because the password is user-specific.
We now use an initialization vector to encrypt the private key, which is stored in the Windows registry.
This allows multiple users to decrypt a private key. (#13552)

Packaging

  • Removed support for Debian 9. (#13738)
  • Removed support for i386 platforms. (#13694)
  • Removed support for Freebsd 11. (#12870)
  • Added support for Rocky Linux 8 and 9. (#14048)

Dependencies

  • Bump dependencies for net-ssh 7.x for RHEL 9 and Ubuntu 22.04. (#13332)
  • Bump chef-vault to 4.1.11. (#13583)

Get the Build

As always, you can download binaries directly from chef.io/downloads or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 17.10.95

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 17.10.95
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex