ChefDK 4.5.0 Released!

Hey Folks,

ChefDK 4.5.0 has been released with updated Chef Infra Client and InSpec along with a number of updated knife plugins. Give it a try!

Habitat Packages

We are now publishing Habitat packages for ChefDK 4. See chef/chef-dk on Habitat Depot for a complete list of available versions.

Updated Components

Chef Infra Client

Chef Infra Client has been updated from 15.3 to 15.4 with updated resources and several significant fixes to knife bootstrap. See the Chef Infra Client 15.4 Release Notes for a complete list of the new and improved functionality.

Chef InSpec

Chef InSpec has been updated from 4.16 to 4.18 with the following changes:

New Features

  • We have released our beta Chef InSpec plug-in for HashiCorp Vault. Check it out in our inspec-vault GitHub repo and let us know what you think -- or better yet, start jumping in and contributing with us on it.
  • Waivers, our new beta feature, was added to InSpec! Waivers allows you to better manage compliance failures. We would love to hear your feedback on this! See the InSpec Waivers documentation for more details.


  • The interface resource now has a name property.
  • Expanded user resource to include the passwordage, maxbadpasswords, and badpasswordattempts properties with Windows.
  • The sys_info resource now supports ip_address, fqdn, domain, and short options when giving a version of the hostname.
  • Sped up initial load/response time for all commands by removing pre-leading of resources on invocation of inspec.
  • If an error occurs when using the json resource with a command source, you will now get the error message from STDERR returned in the report.
  • We improved the formatting of the usage help, so what you see when you type inspec exec --help should look better!


Cookstyle has been updated from 5.6.2 to 5.9.3, which includes 13 new Chef cops, improved detection in existing cops, and improved autocorrection. See the Cookstyle 5.7, 5.8, and 5.9 release notes for additional information on the new cops.


knife-google was updated from 4.1.0 to 4.2.0 with support for adding multiple local SSD interfaces to a new instance.


knife-vsphere was updated from 4.0.1 to 4.0.3, which resolves a bug in determining the state of instances.

Security Updates


Ruby has been updated from 2.6.4 to 2.6.5 in order to resolve the following CVEs:

  • CVE-2019-16255: A code injection vulnerability of Shell# and Shell#test
  • CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
  • CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
  • CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication