Hello InSpec friends!
We are delighted to announce the availability of version 4.56.58 of Chef InSpec. Changes include:
End User License Agreement
We've updated the Chef End User License Agreement (EULA).
The terms of the EULA are the same as they were before, but we've created three licensing tiers: Free, Trial, and Commercial.
The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time.
The Trial tier allows trial users to scan unlimited targets for 30 days.
The Commercial tier gives users the features and benefits that come with the subscription they've purchased.
Contact Chef Support for more information.
Security Updates
Updates in this release provide fixes for the following CVE(s):
- CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile (#6720)
Bug Fixes
- Fixed resolving dependent profiles so that it works regardless of what version scheme you use for version pinning, not just semver (#6471)
- Fixed the
serviceresource to prevent negative status from crashing launchd resource (#6751) - Fixed the
inspec execcommand so that it can fetch a profile from a repository that isn't managed with Git and doesn't have a.gitdirectory. (#6750) - Fixed the
inspec jsoncommand so that inputs specified in aninspec.ymlfile are included in the output JSON file. (#6059) - Fixed an issue where a profile that includes different versions of a dependency would only list one of the versions in the reporter output. (#6163)
InSpec resources
- Fixed the
mongodb_sessionresource to log the info level instead of the debug level in profile run results. (#6752) - Fixed a bug with the
serviceresource when run on Amazon Linux 2022 where InSpec would try to run initctl instead of systemd. (#6017) - Fixed the
processesresource to consider processes without paths on Windows. (#6130)
Backward Incompatibilities
- Upgraded to Ruby 3.1 and removed Ruby 2.7, which is EOL. (#6713)
Get the Build
You can download binaries directly from Chef Downloads.