Hello Everyone,
Today we made what will more than likely be our final maintenance release of ChefDK 3 to resolve CVEs in the embedded git client and openssl library. Given that this version of ChefDK becomes end-of-life in April we decided to add a few more fixes and enhancements as a parting gift. As always we really hope you can upgrade to Chef Workstation as soon as possible for the best possible Chef Infra development experience. Until then enjoy this (probably final) ChefDK 3 release.
Updated Components
chef-vault
The chef-vault gem has been updated to 4.0.1. This release includes bug fixes from @MarkGibbons and @jeremy-clerc as well as a new way to update existing keys to sparse-mode by running knife vault update --keys_mode sparse thanks to @jeunito.
kitchen-azurerm
kitchen-azurerm has been updated from 0.14.9 to 0.15.1 with the following improvements:
- Enable the WinRM HTTP listener by default. Thanks @sean-nixon
- Allow overriding of the
subscription_idby setting theAZURE_SUBSCRIPTION_IDENV variable. - Add a new
nic_nameconfig. Thanks @libertymutual - Support for creating VM with Azure KeyVault certificate. Thanks @javgallegos
kitchen-dokken
kitchen-dokken has been updated to 2.8.1 which fixes a bug that prevented ENV vars from being passed into containers.
knife-tidy
knife-tidy has been updated from 2.0.1 to 2.0.6 to resolve issues if an org was named cookbooks and to improve error messages.
mixlib-install
mixlib-install has been updated from 3.11.21 to 3.11.24 and will now properly identify Windows 2019 hosts.
Performance Improvements
This release of ChefDK ships with several optimizations to our Ruby installation to improve the performance of loading the various commands bundled with ChefDK. These improvements are particularly noticeable on non-SSD hosts and on Windows.
Smaller Size
We continue to optimize the size of the ChefDK package with this release taking up 11% less space on disk and containing nearly 5,000 fewer files.
Platform Support
ChefDK packages are no longer produced for Windows 2008 R2 as this release reached its end of life on Jan 14th, 2020.
Security Updates
OpenSSL
OpenSSL has been updated to 1.0.2u to resolve CVE-2019-1551
Git
The embedded git client has been updated to 2.24.1 to resolve the following CVEs:
- CVE-2019-1348
- CVE-2019-1349
- CVE-2019-1350
- CVE-2019-1351
- CVE-2019-1352
- CVE-2019-1353
- CVE-2019-1354
- CVE-2019-1387
- CVE-2019-19604
Get the Build
You can download binaries directly from downloads.chef.io
As always, we welcome your feedback and invite you to contact us directly or share your email.
Enjoy,
Tim