ChefDK 4.4.27 Released!

Hey Everyone,

We have a nice Monday present for you with a new version of ChefDK ready to go.

Chef Infra Client

Chef Infra Client has been updated from 15.2 to 15.3 with updated resources, a new way to write streamlined custom resources, and updated platform support! See the Chef Infra Client 15.3 Release Notes for a complete list of the new and improved functionality.

Chef InSpec

Chef InSpec has been updated from 4.10.4 to 4.16.0 with the following changes:

  • A new postfix_conf has been added for inspecting Postfix configuration files.
  • A new plugins section has been added to the InSpec configuration file which can be used to pass secrets or other configurations into Chef InSpec plugins.
  • The service resource now includes a new startname property for determining which user is starting the Windows services.
  • The groups resource now properly gathers membership information on macOS hosts.

See the Chef InSpec 4.16.0 Release Notes for more information.


Cookstyle has been updated from 5.1.19 to 5.6.2. This update brings the total number of Chef cops to 94 and divides the cops into four separate departments. The new departments make it easier to search for specific cops and to enable and disable groups of cops. Instead of just "Chef", we now have the following departments:

  • ChefDeprecations: Cops that detect (and in many cases correct) deprecations that will prevent cookbooks from running on modern versions of Chef Infra Client.
  • ChefStyle: Cops that will help you improve the format and readability of your cookbooks.
  • ChefModernize: Cops that will help you modernize your cookbooks by including features introduced in new releases of Chef Infra Client.
  • ChefEffortless: Cops that will help you migrate your cookbooks to the Effortless pattern. These are disabled by default.

You can run cookstyle with just a single department:

cookstyle --only ChefDeprecations

You can also exclude a specific department from the command line:

cookstyle --except ChefStyle

You can also disable a specific department by adding the following to your .rubocop.yml config:

  Enabled: false

See the Cookstyle cops documentation for a complete list of cops included in Cookstyle 5.6.

Going forward, Cookstyle will be our sole Ruby and Chef Infra cookbook linting tool. With the release of Cookstyle 5.6, we're officially deprecating Foodcritic and will not be shipping Foodcritic in the next major release of Chef Workstation (April 2020). See our Goodbye, Foodcritic blog post for more information on why Cookstyle is replacing Foodcritic.


kitchen-ec2 has been updated from 3.1.0 to 3.2.0. This adds support for Windows Server 2019 and adds the ability to look up security group by subnet_filter in addition to subnet_id.


kitchen-inspec has been updated from 1.1.0 to 1.2.0. This renames the attrs key to input_files and attributes key to inputs to match InSpec 4. The old names are still supported but issue a warning.


knife-ec2 has been updated from 1.0.12 to 1.0.16. This resolves the following issues:

Test Kitchen

Test Kitchen has been updated from 2.2.5 to 2.3.2 with the following changes:

  • Add keepalive_maxcount setting for better control of ssh connection timeouts.
  • Add lifecycle_hooks information to kitchen diagnose output.


The knife-google plugin has been updated to 4.1.0 with support for bootstrapping Chef Infra Client 15 and also includes a new knife google image list command which lists project and public images.

For example knife google image list --gce_project "chef-msys":

 NAME                             PROJECT        FAMILY         DISK SIZE  STATUS
 kpl-w-image                      chef-msys      windows        60 GB      READY 
 centos-6-v20190916               centos-cloud   centos-6       10 GB      READY 
 centos-7-v20190916               centos-cloud   centos-7       10 GB      READY 
 coreos-alpha-2261-0-0-v20190911  coreos-cloud   coreos-alpha   9 GB       READY 
 coreos-beta-2247-2-0-v20190911   coreos-cloud   coreos-beta    9 GB       READY 

Security Updates


Git has been updated from 2.20.0 to 2.23.0 on Windows and from 2.14.1 to 2.23.0 on non-Windows systems. This brings the latest git workflows to our users who do not have it installed another way and fixes two CVEs:


Nokogiri has been updated from 1.10.2 to 1.10.4 in order to resolve CVE-2019-5477


OpenSSL has been updated from 1.0.2s to 1.0.2t in order to resolve CVE-2019-1563 and CVE-2019-1547.


Ruby has been updated from 2.6.3 to 2.6.4 in order to resolve CVE-2012-6708 and CVE-2015-9251.

Platform Support Updates

macOS 10.15 Support

Chef Workstation is now validated against macOS 10.15 (Catalina). Additionally, Chef Workstation will no longer be validated against macOS 10.12.

Get the Build

If you are running the experimental application you can download this version from the menu after the app next update check. You can also download binaries directly from