Chef InSpec 6.8.24 Released!

chef-ci · January 29, 2025, 7:22am

Hello InSpec friends!
We are delighted to announce the availability of version 6.8.24 of Chef InSpec. Changes include:
Release Date: 29 January, 2025.

New Features

Deprecation notice about moving core resource packs to their individual gems after the next major release (#7219)
Added the --legacy flag to the inspec automate upload command. (#7200)

The inspec automate upload command runs inspec check and inspec export, which were updated in Chef InSpec 5.22.36. This update led to a bug with InSpec profiles with =begin =end.

Use the --legacy flag with profiles where the newer export and check methods may fail to parse older profiles correctly, particularly due to limitations in AST parsing.

CVEs

Fixes HTTP Request Smuggling in ruby webrick CVE-2024-47220. (#7214)
Fixes the REXML denial of service vulnerability CVE-2024-43398. (#7199)
Fixes the REXML ReDoS vulnerability CVE-2024-49761. (#7199)

Improvements

Use of a better cryptographic hashing algorithm on sensitive data. (#7261)
Improvements in the error handling of the plugin installation error. (#7161)
Fixed the encoding issues with special characters in passwords for Postgres Session resource (#7277)

Get the Build

You can download binaries directly from Chef Downloads.

Topic		Replies	Views
Chef InSpec 5.22.65 Released! Chef Release Announcements	0	40	December 13, 2024
Chef InSpec 4.37.0 Released! Chef Release Announcements	0	357	May 5, 2021
Chef InSpec 6.8.1 Released! Chef Release Announcements	1	69	August 1, 2024
Chef InSpec 5.22.36 Released! Chef Release Announcements	0	755	November 14, 2023
InSpec v1.29.0 released! Chef Release Announcements	0	495	June 22, 2017

Chef InSpec 6.8.24 Released!

New Features

CVEs

Improvements

Get the Build

Related topics