Chef Infra Client 18.2.7 Released!

Chef Release Announcements
1

We are delighted to announce the availability of version 18.2.7 of Chef Infra Client.

NOTE: This release does not include Infra Client packages for AIX systems.

New Resources

selinux_user and selinux_login resources

Added the new selinux_user and selinux_login resources. (#13511)

The selinux_user resource allows you to manage the security level, security range, and roles for a given SELinux user.

The selinux_login resource allows you to manage the security range and associated SELinux user mapping for a given OS login.

Thanks wheatevo!

Resource Updates

macos_userdefaults resource

We fixed an issue in the macos_userdefaults resource where the user property was not being used when host property wasn't passed. This update sets default values for user and host as the current user and any host. (#12791)

launchd resource

Updated the associated_bundle_identifiers property in the macOS launchd resource to accept an array instead of just a hash of values. Thanks Arequ! (#13477)

apt_repository resource

Updated the apt_repository resource so that the apt-keys are updated if the expiration of a key is updated without changing the fingerprint. Thanks tmccombs! (#13535).

Packaging

This release does not include Infra Client packages for AIX systems.

Bundled Dependencies

  • Bundled ohai updated from 18.0.26 to 18.1.3
  • Bundled proxifier (1.0.3) is replaced with proxifier2 (1.1.0)
  • Bundled inspec-core updated from 5.18.14 to 5.21.29
  • Bundled aws-partitions updated from 1.681.0 to 1.731.0
  • Bundled aws-sdk-core updated from 3.168.4 to 3.170.1
  • Bundled aws-sdk-kms updated from 1.61.0 to 1.63.0
  • Bundled aws-sdk-s3 updated from 1.117.2 to 1.119.1
  • Bundled aws-sdk-secretsmanager updated from 1.68.0 to 1.73.0
  • Bundled chef-vault updated from 4.1.10 to 4.1.11
  • Bundled concurrent-ruby updated from 1.1.10 to 1.2.2
  • Bundled erubi updated from 1.11.0 to 1.12.0
  • Bundled faraday updated from 1.4.3 to 2.7.4
  • Bundled inspec-core-bin updated from 5.18.14 to 5.21.29
  • Bundled mime-types-data updated from 3.2022.0105 to 3.2023.0218.1
  • Bundled multipart-post updated from 2.2.3 to 2.3.0
  • Bundled net-ssh updated from 7.0.1 to 7.1.0
  • Bundled parser updated from 3.1.3.0 to 3.2.1.1
  • Bundled plist updated from 3.6.0 to 3.7.0
  • Bundled rack updated from 2.2.4 to 2.2.6.4
  • Bundled regexp_parser updated from 2.6.1 to 2.7.0
  • Bundled timeout updated from 0.3.1 to 0.3.2
  • Bundled webrick updated from 1.7.0 to 1.8.1

Bug fixes

We fixed a bug in the Chef Omnibus pre-install script that sometimes led to EBUSY errors during upgrades.(#13562)

The "FFI::Yajl" errors (#13380) have been resolved by an update to chef-powershell (chef-powershell-shim#187)

Security

Test Certificates

As part of ongoing work, we updated new Digicert-based certificates for testing. These need to be updated sporadically, and we're updating you here in case this impacts your own testing. (#13625)

Windows Certificates

We fixed an issue with private keys that are encrypted in the certificate store on a Windows node
that is under management by two or more users or by an admin and the SYSTEM account.
The private key could not be decrypted by a user other than the user that bootstrapped the node because the password is user-specific.
We now use an initialization vector to encrypt the private key, which is stored in the Windows registry.
This allows multiple users to decrypt a private key. (#13552)

Get the Build

As always, you can download binaries directly from chef.io/downloads or by using the mixlib-install command-line utility:

$ mixlib-install download chef -v 18.2.7

Alternatively, you can install Chef Infra Client using one of the following command options:

# In Shell
$ curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -P chef -v 18.2.7
# In Windows Powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex