Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)
Bug fixes
The URL fetcher no longer uses the git ls-remote command without the --symref option. This was removed due to an incompatibility on Ubuntu 16 and RHEL 7 platforms. (#7043)
Fixed the Uninitialized constant Parser::AST::Processor::Mixin error with the Parser gem dependency. (#7030)
Fixed an error with the URL fetcher, which failed to work when executing from a directory that's not a Git repository. (#7023)
Removed the "Unrecognized feature name" warning when executing a profile with a custom InSpec reporter plugin. (#6988)
Fixed the virtualization.virtual_system? helper in the virtualization resource to correctly return true if run against a Podman container. (#6947)
Fixed the streaming reporter so that it captures InSpec scan progress correctly. (#6912)
Chef InSpec now correctly waives controls when run in Chef Infra Client Compliance Phase. (#6919)
Removed dependency on the activesupport Gem by removing the blank? method. (#6914)
Fixed the reporter integration used in Chef Infra Client Compliance Phase, which returned an undefined method error. (#6859)