ChefDK 3.13.1 Released!

Hello Everyone,

Today we made what will more than likely be our final maintenance release of ChefDK 3 to resolve CVEs in the embedded git client and openssl library. Given that this version of ChefDK becomes end-of-life in April we decided to add a few more fixes and enhancements as a parting gift. As always we really hope you can upgrade to Chef Workstation as soon as possible for the best possible Chef Infra development experience. Until then enjoy this (probably final) ChefDK 3 release.

Updated Components


The chef-vault gem has been updated to 4.0.1. This release includes bug fixes from @MarkGibbons and @jeremy-clerc as well as a new way to update existing keys to sparse-mode by running knife vault update --keys_mode sparse thanks to @jeunito.


kitchen-azurerm has been updated from 0.14.9 to 0.15.1 with the following improvements:

  • Enable the WinRM HTTP listener by default. Thanks @sean-nixon
  • Allow overriding of the subscription_id by setting the AZURE_SUBSCRIPTION_ID ENV variable.
  • Add a new nic_name config. Thanks @libertymutual
  • Support for creating VM with Azure KeyVault certificate. Thanks @javgallegos


kitchen-dokken has been updated to 2.8.1 which fixes a bug that prevented ENV vars from being passed into containers.


knife-tidy has been updated from 2.0.1 to 2.0.6 to resolve issues if an org was named cookbooks and to improve error messages.


mixlib-install has been updated from 3.11.21 to 3.11.24 and will now properly identify Windows 2019 hosts.

Performance Improvements

This release of ChefDK ships with several optimizations to our Ruby installation to improve the performance of loading the various commands bundled with ChefDK. These improvements are particularly noticeable on non-SSD hosts and on Windows.

Smaller Size

We continue to optimize the size of the ChefDK package with this release taking up 11% less space on disk and containing nearly 5,000 fewer files.

Platform Support

ChefDK packages are no longer produced for Windows 2008 R2 as this release reached its end of life on Jan 14th, 2020.

Security Updates


OpenSSL has been updated to 1.0.2u to resolve CVE-2019-1551


The embedded git client has been updated to 2.24.1 to resolve the following CVEs:

Get the Build

You can download binaries directly from

As always, we welcome your feedback and invite you to contact us directly or share your email.