Chef InSpec 6.8.1 Released!

Chef Release Announcements
1

Hello InSpec friends!
We are delighted to announce the availability of version 6.8.1 of Chef InSpec. Changes include:

Bug Fixes

  • Fixed the progress-bar reporter so the progress of an InSpec execution that includes an its block is displayed correctly. (#6936)
  • Fixed an issue where waivers were ignored when they were sent by Chef Infra Client in Compliance Phase using InSpec inputs. (#6920)
  • Removed dependency on the activesupport Gem by removing the blank? method. (#6916)

Get the Build

You can download binaries directly from Chef Downloads.

2

Corrected Release Notes for 6.8.1

Through an automation error, the above release notes were posted incomplete. Following are the complete release notes for 6.8.1:

New features

  • Added the sshd_active_config resource, which finds and tests configuration data for the OpenSSH daemon. (#7070)
  • Added the ssh_key resource which verifies the following SSH key types: RSA, ECDSA, DSA, and Ed25519. (#6656)
  • Added telemetry reporting for free and trial users. (#6012)

Enhancement

  • Added C shell support to the sybase_session resource. (#7069)

Improvements

  • Improved the InSpec Parallel status reporter, which was blinking when reporting the status of a profile with a lot of options. (#6693)

  • Updated the output of the cmp matcher when a control fails while using a negation such as 'should_not'. (#6862)

    For example, if the value of key is 3, then this fails:

    its(key) { should_not cmp "3" }

    and returns this output:

    expected: 3
     got: 3

    The updated output returns:

    expected it not to be == "3"
     got: 3

    Thanks @Taknok!

Security improvements

  • Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
  • Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
  • Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)

Bug fixes

  • The URL fetcher no longer uses the git ls-remote command without the --symref option. This was removed due to an incompatibility on Ubuntu 16 and RHEL 7 platforms. (#7043)
  • Fixed the Uninitialized constant Parser::AST::Processor::Mixin error with the Parser gem dependency. (#7030)
  • Fixed an error with the URL fetcher, which failed to work when executing from a directory that's not a Git repository. (#7023)
  • Removed the "Unrecognized feature name" warning when executing a profile with a custom InSpec reporter plugin. (#6988)
  • Fixed the virtualization.virtual_system? helper in the virtualization resource to correctly return true if run against a Podman container. (#6947)
  • Fixed the streaming reporter so that it captures InSpec scan progress correctly. (#6912)
  • Chef InSpec now correctly waives controls when run in Chef Infra Client Compliance Phase. (#6919)
  • Removed dependency on the activesupport Gem by removing the blank? method. (#6914)
  • Fixed the reporter integration used in Chef Infra Client Compliance Phase, which returned an undefined method error. (#6859)