Chef Workstation 0.14.16 Released!

We are delighted to announce the availability of version 0.14.16 of Chef Workstation.

Workstation App on Windows

The Chef Workstation App is now installed by default on Windows and is no longer considered experimental. If you would like to run this application at boot to ensure your system stays up to date, you can select this option during the installation.

Smaller Size

We continue to optimize the size of the Chef Workstation package with this release taking up 9% less space on disk and containing nearly 5,000 fewer files.

Updated Components


The chef-vault gem has been updated to 4.0.1. This release includes bug fixes from @MarkGibbons and @jeremy-clerc as well as a new way to update existing keys to sparse-mode by running knife vault update --keys_mode sparse thanks to @jeunito.


knife-ec2 has been updated to 1.0.26 with multiple bug fixes for provisioning new systems in EC2.


kitchen-ec2 has been updated to 3.3.0. This new version improves how we search for security groups by tags, improves the logic that detects usage of the chef Test Kitchen provisioner, and improves security group and spot instance logic. Thanks @slapvanilla and @bdwyertech for these enhancements.

Cookstyle 5.19

Cookstyle has been updated from 5.16 to 5.19. This new release contains 7 new Chef Cops and a large number of detection and autocorrection improvements for existing cops:


The ChefRedundantCode/GroupingMetadata cop removes the legacy grouping metadata from the metadata.rb file. This metadata was never consumed by any Chef Infra services and does not need to be defined.


The ChefStyle/OverlyComplexSupportsDependsMetadata cop cleans up overly complex methods of declaring supports or depends metadata via an array. This rule will detect and correct the array or each form of declaring this metadata when there are fewer than three items.

Overly complex metadata:

%w(windows apt).each |cb|
  depends cb

Simpler form:

depends 'apt'
depends 'windows'


The ChefModernize/ResourceForcingCompileTime cop detects hostname, build_essential, chef_gem, and ohai_hint resources that are being set to run at compile-time by forcing an action on the resource block. These resources include compile-time properties which should be set to force the resources to run at compile-time.


The ChefModernize/ExecuteSysctl detects the usage of execute to load sysctl values. Chef Infra Client 14.0+ includes the sysctl resource which should be used to idempotently add or remove sysctl values without the need for chaining file and execute resources.


The ChefModernize/DslIncludeInResource cop detects resources and providers that include either the Chef::DSL::Recipe or Chef::DSL::IncludeRecipe classes. Starting with Chef Infra Client 12.4+, this is done automatically for each resource and provider.


The ChefRedundantCode/AptRepositoryNotifiesAptUpdate cop detects apt_repository resources that notify an execute resource to run apt-get update. Updating apt cache is performed automatically when the apt_repository makes any updates to the repository config and doesn't need to be performed again afterward.


The ChefRedundantCode/AptRepositoryDistributionDefault cop detects apt_repository resources that set the distribution property to node['lsb']['codename'] which is the default and does not need to be set in cookbook code.

Security Updates


OpenSSL has been updated to 1.0.2u to resolve CVE-2019-1551


The embedded git client has been updated to 2.24.1 to resolve the following CVEs:

Get the Build

If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!