Chef Workstation 20.9.158 Released!

We are delighted to announce the availability of version 20.9.158 of Chef Workstation.

Security Updates

OpenSSL 1.0.2w

OpenSSL has been updated to 1.0.2w, which includes a fix for CVE-2020-1968.

False Positive chef.exe Malware Detection

Recently we received reports that chef.exe was triggering users' anti-virus software. We confirmed that we are shipping the latest security patches that we can and are not shipping malware to users. This is a false positive and we submitted a report as such to Microsoft. They corrected their security definitions and are no longer marking chef.exe as malware. If you get errors trying to run the chef command in PowerShell or have issues starting the Chef Workstation shell shortcut, most likely Windows Defender already quarantined your chef.exe executable. You can either un-quarantine that file or reinstall Chef Workstation to fix this issue.

We also submitted a false positive report to McAfee, but have yet to hear back from them.


Chef Infra Client

Chef Infra Client has been updated from 16.4.41 to 16.5.77. This release includes two new resources, updates to 10 existing resources, and the following CLI improvements:

  • The client license acceptance logic has been improved to provide helpful error messages when an incorrect value is passed and to accept license values in any text case.
  • A new chef-client process exit code of 43 has been added to signal that an invalid configuration was specified. Thanks @NaomiReeves !
  • The knife vault commands now output properly formatted text when using -f json or -f yaml formatters.
  • The knife ssh command no longer hangs when connecting to Windows nodes over SSH.
  • The knife config commands have been renamed to make them shorter and table output has been improved:
    • knife config get-profile -> knife config use
    • knife config use-profile [NAME] -> knife config use [NAME]
    • knife config list-profiles -> knife config list
    • knife config get -> knife config show


Cookstyle has been updated from 6.16.10 to 6.19.5. This release includes eight new Chef Infra cops and twelve new Ruby cops to help you identify deprecations and invalid code in your cookbooks. It also includes several performance and memory usage improvements to speed up Cookstyle scans.

Chef InSpec

InSpec has been updated from 4.22.22 to 4.23.11. This release includes a --no-diff CLI option to suppress diff output for textual tests, a --sort_results_by CLI option to sort control output, and implements a sensitive mechanism to hide sensitive output.


The knife-opc plugin has been updated from 0.4.6 to 0.4.7. This release includes a new --all-info flag for use with the knife opc user list command. This flag provides additional details on each listed user:

  display_name: Antima Gupta
  first_name:   Antima
  last_name:    Gupta
  display_name: Chef Server Superuser
  email:        root@localhost.localdomain
  first_name:   Chef
  last_name:    Server


The kitchen-azurerm plugin has been updated from 1.2.0 to 1.4.0. This release includes multiple bug fixes, as well as a new use_fqdn_hostname config option that forces using the instance's FQDN for all communication.


The kitchen-dokken plugin has been updated from 2.10.0 to 2.11.0. This release works with newer Docker API releases and resolves Ruby 2.7 compatibility warnings.


The kitchen-ec2 plugin has been updated from 3.7.1 to 3.7.2. This release now avoids beta releases of Red Hat when searching for AMIs to converge.


The kitchen-inspec plugin has been updated from 2.0.0 to 2.2.1. This release includes the ability to disable input caching in InSpec, as well as a fix for using the junit reporter under Test Kitchen.


The kitchen-vcenter gem has been updated from 2.7.12 to 2.8.2. This release includes the ability to enable IP customization using DHCP, as well as minor performance improvements.

Performance Improvements

We made updates to kitchen-azurerm and Chef Infra Client, various knife gems to autoload dependencies. This should reduce the startup time of these gems by not trying to load a gazillion files on program startup. If these performance improvements function well, we plan to continue rolling this autoloading pattern to more gems to continue performance improvements.

Bug Fixes

Chef CLI

The chef install command will no longer fail if a Policyfile.lock.json file exists, but no Policyfile.rb exists.

Test Kitchen

Test Kitchen has been updated from 2.6.0 to 2.7.2. This release fixes a bug when trying to use concurrency. Some plugins did not support concurrency and would raise an exception when run concurrently. Plugins now run concurrently by default, and known non-concurrent ones are being marked as such. In this case that plugin will run serially. For example, the InSpec verifier is not concurrent. If used with the AWS driver (for example) the machines would be created in parallel but verified serially.

Get the Build

If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!

1 Like