Hello InSpec friends!
We are delighted to announce the availability of version 6.8.11 of Chef InSpec. Changes include:

Enhancement

• Added C shell support to the sybase_session resource. (#7069)

Security improvements

• Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
• Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
• Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)

Get the Build

You can download binaries directly from Chef Downloads.

Corrected Release Notes for 6.8.11

Through an automation error, the above release notes were posted incomplete. Following are the complete release notes for 6.8.11:

Enhancement

• Improved error handling when evaluating Chef InSpec licenses. (#7121)
• Improved license & entitlement management and disabled telemetry for InSpec under Test Kitchen. (#7168)

Improvements

• Improved regular expressions used to load README files from InSpec profiles. (#7198)

Bug fixes

• The oracledb_session resource has the following bug fixes:
  • The oracledb_session resource now correctly executes profiles against Oracle Database 12 on Solaris.
  • The oracledb_session resource now correctly passes queries with certain special characters and escape backslashes to Oracle SQL. Previously, queries with special characters like , or $ that were escaped using a double backslash (for example, \\,) were converted by oracledb_session to have four backslashes (for example \\\\,). (#7136)
• The postgres_session resource now correctly returns an error when password authentication fails. (#7154)