Chef Workstation 23.12.1055 Released!

We are delighted to announce the availability of version 23.12.1055 of Chef Workstation.

Improvements

• Substituted the previous chef-workstation logo and icons with the new Progress chef logo and updated the copyright date.

Components

Chef Infra Client

Updated the Chef Infra Client from 18.2.7 to 18.3.0. See the Chef Infra Client release notes for a full list of improvements and features.

InSpec

Updated the InSpec from 5.22.3 to 5.22.36. See the full changelog for more information.

Test-kitchen

Test-kitchen has been updated to v3.6.0.

Kitchen-azurerm

Updated kitchen-azurerm to v1.13.0 which adds support for configurable vm prefix.

Kitchen-dokken

Updated kitchen-dokken to v2.20.3

Kitchen-google

Updated kitchen-google to v2.5.0 which adds support for guest accelerator(s) configuration. Thanks estedev!

Kitchen-vra

Updated it to v3.3.2 which adds support for unique naming configuration for the deployments. Thanks Rupesh0688!

Kitchen-digitalocean

Updated the kitchen-digitalocean to v0.16.0 which exposes api_url of droplet_kit client as an env var. Thanks biox!

Kitchen-hyperv

This driver has been updated to v0.10.0.

Knife-vshpere

Updated the knife-vsphere to v5.2.0 which eliminates the vulnerability CVE-2019-17383

Berkshelf

Updated berkshelf to 8.0.9 which resolves an issue where berks install fails due to a cert already being in the hash table.

Bug Fixes

• Fixed an issue with bundling the win32-security gem in the Windows platform.
• Fixed the installation issue of the ruby-shadow gem.
• Fixed an error when installing Chef Workstation on D Drive.
• Improved the memoization of the chef-cli commands.

Security

InSpec

• CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile.
• Overhauled the inspec check and inspec export commands to use the parser library to improve security.

Go 1.21.3

Go has been updated from 1.19.5 to 1.21.3.

OpenSSL

OpenSSL has been updated to 3.0.11.

Git

Git has been updated from 2.34.1 to 2.39.3, which resolves the following CVEs:

• CVE-2023-29007
• CVE-2023-25652
• CVE-2023-23946
• CVE-2022-41953
• CVE-2022-41903
• CVE-2022-39260
• CVE-2022-24975
• CVE-2022-24765
• CVE-2022-23521

Curl

Curl has been updated from 7.85.0 to 8.4.0 to resolve the following CVEs:

• CVE-2022-32221
• CVE-2022-42915
• CVE-2022-42916
• CVE-2022-43551
• CVE-2023-23914
• CVE-2023-27533
• CVE-2023-27534
• CVE-2023-28319
• CVE-2023-38039
• CVE-2023-38545

Libarchieve

Updated Libarchieve from 3.5.2 to 3.6.2 to resolve the following CVE:

• CVE-2022-36227

Libxml2

Libxml2 has been updated from 2.9.13 to 2.10.4 which resolves the following CVEs:

• CVE-2022-40303
• CVE-2022-40304

Ncurses

Updated from 6.3 to 5.6

• CVE-2023-29491
• CVE-2022-29458

Zlib

Zlib has been updated from 1.2.11 to 1.3 to resolve the following CVEs:

• CVE-2023-45853
• CVE-2022-37434
• CVE-2018-25032

---

Get the Build

If you are running the Chef Workstation toolbar application you can download this version from the menu after the app next update check. You can also download binaries directly from downloads.chef.io.

As always, we welcome your feedback and invite you to contact us directly or share your email. Thanks for using Chef Workstation!