Chef Workstation 0.10.41 Released!

We are delighted to announce the availability of version 0.10.41 of Chef Workstation.

Updated Components

Updated Chef Command Line

This release lays the ground work for massive speed improvements to the chef command. A new native binary chef command will allow us to slowly replace code with significantly faster native code. Stay tuned for more announcements in the coming months.

Chef Infra Client

Chef Infra Client has been updated from 15.3 to 15.4 with updated resources and several significant fixes to knife bootstrap. See the Chef Infra Client 15.4 Release Notes for a complete list of the new and improved functionality.

Chef InSpec

Chef InSpec has been updated from 4.16 to 4.18 with the following changes:

New Features

  • We have released our beta Chef InSpec plug-in for HashiCorp Vault. Check it out in our inspec-vault GitHub repo and let us know what you think -- or better yet, start jumping in and contributing with us on it.
  • Waivers, our new beta feature, was added to Chef InSpec! Waivers allows you to better manage compliance failures. We would love to hear your feedback on this! See the InSpec Waivers documentation for more details.


  • The interface resource now has a name property.
  • Expanded user resource to include the passwordage, maxbadpasswords, and badpasswordattempts properties with Windows.
  • The sys_info resource now supports ip_address, fqdn, domain, and short options when giving a version of the hostname.
  • Sped up initial load/response time for all commands by removing pre-leading of resources on invocation of inspec.
  • If an error occurs when using the json resource with a command source, you will now get the error message from STDERR returned in the report.
  • We improved the formatting of the usage help, so what you see when you type inspec exec --help should look better!


Cookstyle has been updated from 5.6.2 to 5.9.3, which includes 13 new Chef cops, improved detection in existing cops, and improved autocorrection. See the Cookstyle 5.7, 5.8, and 5.9 release notes for additional information on the new cops.


knife-google was updated from 3.3.7 to 4.2.0 with support for bootstrapping nodes with Chef Infra Client 15 and adding multiple local SSD interfaces to a new instance.


knife-vsphere was updated from 4.0.1 to 4.0.3, which resolves a bug in determining the state of instances.


knife-vcenter was updated from 2.0.3 to 2.0.6 to fix vm clone operations.


kitchen-digital has been updated from 0.10.4 to 0.10.5 to add Debian-10 and FreeBSD-12 image aliases.

Security Updates


Ruby has been updated from 2.6.4 to 2.6.5 in order to resolve the following CVEs:

  • CVE-2019-16255: A code injection vulnerability of Shell# and Shell#test
  • CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
  • CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
  • CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

Get the Build

If you are running the experimental application you can download this version from the menu after the app next update check. You can also download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!