Chef InSpec 6.8.1 Released!

Hello InSpec friends!
We are delighted to announce the availability of version 6.8.1 of Chef InSpec. Changes include:

Bug Fixes

  • Fixed the progress-bar reporter so the progress of an InSpec execution that includes an its block is displayed correctly. (#6936)
  • Fixed an issue where waivers were ignored when they were sent by Chef Infra Client in Compliance Phase using InSpec inputs. (#6920)
  • Removed dependency on the activesupport Gem by removing the blank? method. (#6916)

Get the Build

You can download binaries directly from Chef Downloads.

Corrected Release Notes for 6.8.1

Through an automation error, the above release notes were posted incomplete. Following are the complete release notes for 6.8.1:


New features

  • Added the sshd_active_config resource, which finds and tests configuration data for the OpenSSH daemon. (#7070)
  • Added the ssh_key resource which verifies the following SSH key types: RSA, ECDSA, DSA, and Ed25519. (#6656)
  • Added telemetry reporting for free and trial users. (#6012)

Enhancement

  • Added C shell support to the sybase_session resource. (#7069)

Improvements

  • Improved the InSpec Parallel status reporter, which was blinking when reporting the status of a profile with a lot of options. (#6693)

  • Updated the output of the cmp matcher when a control fails while using a negation such as 'should_not'. (#6862)

    For example, if the value of key is 3, then this fails:

    its(key) { should_not cmp "3" }
    

    and returns this output:

    expected: 3
         got: 3
    

    The updated output returns:

    expected it not to be == "3"
         got: 3
    

    Thanks @Taknok!

Security improvements

  • Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
  • Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
  • Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)

Bug fixes

  • The URL fetcher no longer uses the git ls-remote command without the --symref option. This was removed due to an incompatibility on Ubuntu 16 and RHEL 7 platforms. (#7043)
  • Fixed the Uninitialized constant Parser::AST::Processor::Mixin error with the Parser gem dependency. (#7030)
  • Fixed an error with the URL fetcher, which failed to work when executing from a directory that's not a Git repository. (#7023)
  • Removed the "Unrecognized feature name" warning when executing a profile with a custom InSpec reporter plugin. (#6988)
  • Fixed the virtualization.virtual_system? helper in the virtualization resource to correctly return true if run against a Podman container. (#6947)
  • Fixed the streaming reporter so that it captures InSpec scan progress correctly. (#6912)
  • Chef InSpec now correctly waives controls when run in Chef Infra Client Compliance Phase. (#6919)
  • Removed dependency on the activesupport Gem by removing the blank? method. (#6914)
  • Fixed the reporter integration used in Chef Infra Client Compliance Phase, which returned an undefined method error. (#6859)