Chef Workstation 0.3.2 Released!

We are delighted to announce the availability of version 0.3.2 of Chef Workstation.

Support for managing Chef EULA required products

We have updated the included products to be able to manage remote installations of Chef EULA required products:

  • Test Kitchen
  • chef-run
  • knife bootstrap

New Policy File Functionality

include_policy now supports :remote policy files. This new functionality allows you to include policy files over http. Remote policy files require remote cookbooks and install will fail otherwise if the included policy file includes cookbooks with paths. Thanks @mattray!

Security Updates

Rubygems 2.7.9

Rubygems has been updated from 2.7.8 to 2.7.9 to resolves the following CVEs:

  • CVE-2019-8320: Delete directory using symlink when decompressing tar
  • CVE-2019-8321: Escape sequence injection vulnerability in verbose
  • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
  • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
  • CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
  • CVE-2019-8325: Escape sequence injection vulnerability in errors

curl 7.65.0

  • CVE-2019-5435: Integer overflows in curl_url_set
  • CVE-2019-5436: tftp: use the current blksize for recvfrom()
  • CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
  • CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
  • CVE-2019-3823: SMTP end-of-response out-of-bounds read

Updated Components and Tools

Chef 14.12.3

ChefDK now ships with Chef 14.13.11. See Chef 14.14 release notes for more information on what's new.

It also updates knife bootstrap to support installing and managing Chef Infra Client 15 on remote nodes. See Accepting the Chef EULA general instructions for accepting the license (command line flag, environment variable or configured in ~/.chef/config.rb).

InSpec 3.9.0

ChefDK now ships with InSpec 3.9.0. See InSpec 3.9.0 release details for more information on what's new.

Ruby 2.5.5

Ruby has been updated from 2.5.3 to 2.5.5, which includes a large number of bug fixes.

###Test Kitchen 1.25

Test Kitchen has been updated to 1.25 with backports of many non-breaking Test Kitchen 2.0 features:

  • Support for accepting the Chef 15 license in Test Kitchen runs. See Accepting the Chef License for usage details.
  • A new --fail-fast command line flag for use with the concurency flag. With this flag set, Test Kitchen will immediatly fail when any converge fails instead of continuing to test additional instances.
  • The policyfile_path config option now accepts relative paths.
  • A new berksfile_path config option allows specifying Berkshelf files in non-standard locations.
  • Retries are now honored when using SSH proxies


kitchen-hyperv has been updated to 0.5.3, which now automatically disables snapshots on the VMs and properly waits for the IP to be set.


kitchen-vagrant has been updated to 1.5.1, which adds support for using the new bento/amazonlinux-2 box when setting the platform to amazonlinux-2.


kitchen-ec2 has been updated to 2.5.0 with support for Amazon Linux 2.0 image searching using the platform 'amazon2'. This release also adds supports Windows Server 1709 and 1803 image searching.


kitchen-dokken has been updated to 2.7.0:

  • The Chef Docker image is now pulled by default so that locally cached latest or curent container versions will be compared to those available on DockerHub. See the readme for instructions on reverting to the previous behavior.
  • User namespace mode can be disabled when running privileged containers with a new userns_host config option. See the readme for details.
  • You can now disable pulling the platform Docker images for local platform image testing or air gapped testing. See the readme for details.


knife-vsphere has been updated to 2.1.3, which adds support for knife's bootstrap_template flag and removes the legacy distro and template_file flags.


The Chef Apply gem has been updated to 0.2.13, which adds support for installing and managing Chef Infra Client 15 on remote nodes. See Accepting the Chef EULA general instructions for accepting the license (command line flag or environment variable). Additionally the license can be accepted in the ~/.chef-workstation/config.toml by adding:

chef_license = "accept"

Push Jobs Client

Push Jobs Client has been updated to 2.5.6, which includes significant optimizations and minor bug fixes.

Other updates

  • openssl: 1.0.2r -> 1.0.2s (bugfix only release)
  • cacerts: 2019-01-23 -> 2019-05-15
  • kitchen-vagrant: 1.5.1 -> 1.5.2
  • mixlib-install: 3.11.12 -> 3.11.18
  • ohai: 14.8.11 -> 14.8.12

Get the Build

If you are running the experimental application you can download this version from the menu after the app next update check. You can also download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!

This was posted by a bot so I cannot edit the original post. Instead, here are my updates. I incorrectly listed some different versions. knife bootstrap from Chef Infra Client 14 also cannot manage Chef Infra Client 15 on a node. Updating the information posted here to reflect that.