ChefDK 3.12.10 Released!

tas50 · November 6, 2019, 9:52pm

Hey everyone,

Today we shipped a new bug fix / security release for ChefDK with a few new features as an added bonus.

Updated Components

Chef Infra Client has been updated to 14.14.29 with the following bug fixes:

Fixed an error with the service and systemd_unit resources which would try to re-enable services with an indirect status.
The systemd_unit resource now logs at the info level.
Fixed knife config when it returned a TypeError: no implicit conversion of nil into String error.

kitchen-digitalocean has been updated to 0.10.5 which adds new image aliases for Debian-10 and FreeBSD-12.

kitchen-dokken has been updated to 2.8.0. This will make the CI and TEST_KITCHEN environmental variables match the behavior of kitchen-vagrant.

libxslt has been updated to 1.1.34 to resolve CVE-2019-13118.

Ruby has been updated from 2.5.6 to 2.5.7 in order to resolve the following CVEs:

CVE-2019-16255: A code injection vulnerability of Shell# and Shell#test
CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication

Enjoy,
Tim

Topic	Replies	Views
ChefDK 3.11.3 Released! Chef Release Announcements	600	May 31, 2019
ChefDK 3.9 Released! Chef Release Announcements	580	April 16, 2019
ChefDK 4.12 Released! Chef Release Announcements	407	October 21, 2020
ChefDK 3.13.1 Released! Chef Release Announcements	706	January 17, 2020
ChefDK 2.5.13 Released! Chef Release Announcements	569	August 9, 2018