We're happy to announce the release of ChefDK 3.9, including the latest version of Chef as well as updated Kitchen and Knife plugins.
Updated Components and Tools
ChefDK now ships with Chef 14.12.3. See https://docs.chef.io/release_notes.html for more information on what's new.
ChefDK now ships with Inspec 3.9.0. See https://github.com/inspec/inspec/releases/tag/v3.9.0 for more information on what's new.
Ruby has been updated from 2.5.3 to 2.5.5, which includes a large number of bug fixes.
kitchen-hyperv has been updated to 0.5.3 which now automatically disables snapshots on the VMs and properly waits for the IP to be set.
kitchen-vagrant has been updated to 1.5.1 which adds support for using the new bento/amazonlinux-2 box when setting the platform to amazonlinux-2.
kitchen-ec2 has been updated to 2.5.0 with support for Amazon Linux 2.0 image searching using the platform 'amazon2'. This release also adds supports Windows Server 1709 and 1803 image searching.
knife-vsphere has been updated to 2.1.3, which adds support for knife's
bootstrap_template flag and removes the legacy
Push Jobs Client
Push Jobs Client has been updated to 2.5.6 which includes a significant optimizations and minor bug fixes.
Rubygems has been updated from 2.7.8 to 2.7.9 to resolves the following CVEs:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in verbose
- CVE-2019-8322: Escape sequence injection vulnerability in gem owner
- CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors