We are delighted to announce the availability of version 23.12.1055 of Chef Workstation.
Improvements
- Substituted the previous chef-workstation logo and icons with the new Progress chef logo and updated the copyright date.
Components
Chef Infra Client
Updated the Chef Infra Client from 18.2.7 to 18.3.0. See the Chef Infra Client release notes for a full list of improvements and features.
InSpec
Updated the InSpec from 5.22.3 to 5.22.36. See the full changelog for more information.
Test-kitchen
Test-kitchen has been updated to v3.6.0.
Kitchen-azurerm
Updated kitchen-azurerm to v1.13.0 which adds support for configurable vm prefix.
Kitchen-dokken
Updated kitchen-dokken to v2.20.3
Kitchen-google
Updated kitchen-google to v2.5.0 which adds support for guest accelerator(s) configuration. Thanks estedev!
Kitchen-vra
Updated it to v3.3.2 which adds support for unique naming configuration for the deployments. Thanks Rupesh0688!
Kitchen-digitalocean
Updated the kitchen-digitalocean to v0.16.0 which exposes api_url of droplet_kit client as an env var. Thanks biox!
Kitchen-hyperv
This driver has been updated to v0.10.0.
Knife-vshpere
Updated the knife-vsphere to v5.2.0 which eliminates the vulnerability CVE-2019-17383
Berkshelf
Updated berkshelf to 8.0.9 which resolves an issue where berks install fails due to a cert already being in the hash table.
Bug Fixes
- Fixed an issue with bundling the win32-security gem in the Windows platform.
- Fixed the installation issue of the ruby-shadow gem.
- Fixed an error when installing Chef Workstation on D Drive.
- Improved the memoization of the chef-cli commands.
Security
InSpec
- CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile.
- Overhauled the
inspec check
andinspec export
commands to use the parser library to improve security.
Go 1.21.3
Go has been updated from 1.19.5 to 1.21.3.
OpenSSL
OpenSSL has been updated to 3.0.11.
Git
Git has been updated from 2.34.1 to 2.39.3, which resolves the following CVEs:
- CVE-2023-29007
- CVE-2023-25652
- CVE-2023-23946
- CVE-2022-41953
- CVE-2022-41903
- CVE-2022-39260
- CVE-2022-24975
- CVE-2022-24765
- CVE-2022-23521
Curl
Curl has been updated from 7.85.0 to 8.4.0 to resolve the following CVEs:
- CVE-2022-32221
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-43551
- CVE-2023-23914
- CVE-2023-27533
- CVE-2023-27534
- CVE-2023-28319
- CVE-2023-38039
- CVE-2023-38545
Libarchieve
Updated Libarchieve from 3.5.2 to 3.6.2 to resolve the following CVE:
Libxml2
Libxml2 has been updated from 2.9.13 to 2.10.4 which resolves the following CVEs:
Ncurses
Updated from 6.3 to 5.6
Zlib
Zlib has been updated from 1.2.11 to 1.3 to resolve the following CVEs:
Get the Build
If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from downloads.chef.io.
As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!