Chef Workstation 25.13.7$$$Release Date: March 5; 2026.$$$$$$Component updates$$$Updated Chef Infra Client to v18.10.17.$$$Updated InSpec to v5.24.7$$$Updated Knife to v18.10.18$$$Updated ohai to v18.2.8$$$Updated knife-google to v5.0.15$$$Updated knife-windows to v5.0.7$$$Updated the following Test Kitchen drivers:$$$$$$Updated kitchen-azurerm to v1.13.6.$$$Updated kitchen-ec2 to v3.22.1.$$$Updated kitchen-hyperv to v0.10.3.$$$Updated kitchen-inspec to v3.1.0.$$$Dependencies$$$Updated kitchen-dokken from v2.20.8 to v2.22.2 to address CI pipeline failures resulting from Docker 29.x incompatibility with the previously bundled plugin version.$$$$$$Security$$$Updated aws-partitions from v1.1161.0 to v1.1220.0$$$$$$Updated aws-sdk-core from v3.232.0 to v3.242.0$$$$$$Updated aws-sdk-kms from v1.112.0 to v1.122.0$$$$$$Updated aws-sdk-s3 from v1.199.0 to v1.213.0$$$$$$Updated faraday from v1.10.4 to v1.10.5$$$$$$Updated rack from v3.2.4 to v3.2.5$$$$$$Updated chef-analyze from v0.1.187 to v0.1.192$$$$$$Updated golang.org/x/sys from v0.38.0 to v0.41.0

Chef Workstation 25.12.1102$$$Release Date: December 15; 2025.$$$$$$Component Updates$$$Test Kitchen$$$Updated Test Kitchen to v3.9.1.$$$Knife$$$Updated Knife from v18.8.13 to v18.8.68 to address code scanning alerts.$$$chef-cli$$$Updated chef-cli from v5.6.21 to v5.6.23 to to address code scanning alerts$$$Security$$$Updated cURL from v8.14.1 to v8.16.0 to resolve the following CVE:$$$$$$CVE-2025-10148$$$Updated OpenSSL from v3.2.4 to v3.2.6 to resolve the following CVE:$$$$$$CVE-2025-9230$$$CVE-2025-9231$$$CVE-2025-9232$$$Updated libxml2 from v2.13.8 to v2.14.4 to resolve the following CVE:$$$$$$CVE-2025-6021$$$Updated git-windows from v2.47.0 to v2.48.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$Updated REXML to v3.4.4 to address CVE-2025-58767$$$Updated google-protobuf to v3.25.5 to address CVE-2024-7254$$$Updated rack to v3.2.4 to address CVE-2025-61919$$$Updated net-imap to v0.2.5 to address CVE-2025-43857$$$Updated resolv to v0.2.3 to address CVE-2025-24294$$$Updated golang.org/x/text ( Go ) to v 0.3.8 to address CVE-2022-32149$$$Updated golang.org/spf13/cobra from v1.10.1 to v1.10.2.$$$Updated golang.org/x/sys from v0.28.0 to v0.38.0.$$$Updated the chef-zero Ruby gem to v15.0.26.$$$Updated the activesupport Ruby gem to v7.0.10.$$$Updated the kitchen-vagrant Ruby gem to v2.2.0.$$$Updated the license_scout Ruby gem to 1.4.1.$$$Updated the uri Ruby gem to 1.0.4.$$$$$$Bug Fixes$$$Updated Test Kitchen to v3.9.1 to resolve a Windows convergence issue introduced in v3.9.0. The issue prevented Chef configuration files (client.rb; dna.json; and cookbooks) from being detected on the guest system.$$$Packaging$$$We no longer build packages for:$$$$$$macOS 12 x86-64$$$macOS 12 ARM64

Chef Workstation 25.12.1102$$$Release Date: December 15; 2025.$$$$$$Component Updates$$$Test Kitchen$$$Updated Test Kitchen to v3.9.1.$$$Knife$$$Updated Knife from v18.8.13 to v18.8.68 to address code scanning alerts.$$$chef-cli$$$Updated chef-cli from v5.6.21 to v5.6.23 to to address code scanning alerts$$$Security$$$Updated cURL from v8.14.1 to v8.16.0 to resolve the following CVE:$$$$$$CVE-2025-10148$$$Updated OpenSSL from v3.2.4 to v3.2.6 to resolve the following CVE:$$$$$$CVE-2025-9230$$$CVE-2025-9231$$$CVE-2025-9232$$$Updated libxml2 from v2.13.8 to v2.14.4 to resolve the following CVE:$$$$$$CVE-2025-6021$$$Updated git-windows from v2.47.0 to v2.48.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$Updated REXML to v3.4.4 to address CVE-2025-58767$$$Updated google-protobuf to v3.25.5 to address CVE-2024-7254$$$Updated rack to v3.2.4 to address CVE-2025-61919$$$Updated net-imap to v0.2.5 to address CVE-2025-43857$$$Updated resolv to v0.2.3 to address CVE-2025-24294$$$Updated golang.org/x/text ( Go ) to v 0.3.8 to address CVE-2022-32149$$$Updated golang.org/spf13/cobra from v1.10.1 to v1.10.2.$$$Updated golang.org/x/sys from v0.28.0 to v0.38.0.$$$Updated the chef-zero Ruby gem to v15.0.26.$$$Updated the activesupport Ruby gem to v7.0.10.$$$Updated the kitchen-vagrant Ruby gem to v2.2.0.$$$Updated the license_scout Ruby gem to 1.4.1.$$$Updated the uri Ruby gem to 1.0.4.$$$$$$Bug Fixes$$$Updated Test Kitchen to v3.9.1 to resolve a Windows convergence issue introduced in v3.9.0. The issue prevented Chef configuration files (client.rb; dna.json; and cookbooks) from being detected on the guest system.$$$Packaging$$$We no longer build packages for:$$$$$$macOS 12 x86-64$$$macOS 12 ARM64

Chef Workstation 25.12.1102$$$Release Date: December 15; 2025.$$$$$$Component Updates$$$Test Kitchen$$$Updated Test Kitchen to v3.9.1.$$$Knife$$$Updated Knife from v18.8.13 to v18.8.68 to address code scanning alerts.$$$chef-cli$$$Updated chef-cli from v5.6.21 to v5.6.23 to to address code scanning alerts$$$Security$$$Updated cURL from v8.14.1 to v8.16.0 to resolve the following CVE:$$$$$$CVE-2025-10148$$$Updated OpenSSL from v3.2.4 to v3.2.6 to resolve the following CVE:$$$$$$CVE-2025-9230$$$CVE-2025-9231$$$CVE-2025-9232$$$Updated libxml2 from v2.13.8 to v2.14.4 to resolve the following CVE:$$$$$$CVE-2025-6021$$$Updated git-windows from v2.47.0 to v2.48.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$Updated REXML to v3.4.4 to address CVE-2025-58767$$$Updated google-protobuf to v3.25.5 to address CVE-2024-7254$$$Updated rack to v3.2.4 to address CVE-2025-61919$$$Updated net-imap to v0.2.5 to address CVE-2025-43857$$$Updated resolv to v0.2.3 to address CVE-2025-24294$$$Updated golang.org/x/text ( Go ) to v 0.3.8 to address CVE-2022-32149$$$Updated golang.org/spf13/cobra from v1.10.1 to v1.10.2.$$$Updated golang.org/x/sys from v0.28.0 to v0.38.0.$$$Updated the chef-zero Ruby gem to v15.0.26.$$$Updated the activesupport Ruby gem to v7.0.10.$$$Updated the kitchen-vagrant Ruby gem to v2.2.0.$$$Updated the license_scout Ruby gem to 1.4.1.$$$Updated the uri Ruby gem to 1.0.4.$$$$$$Bug Fixes$$$Updated Test Kitchen to v3.9.1 to resolve a Windows convergence issue introduced in v3.9.0. The issue prevented Chef configuration files (client.rb; dna.json; and cookbooks) from being detected on the guest system.$$$Packaging$$$We no longer build packages for:$$$$$$macOS 12 x86-64$$$macOS 12 ARM64

Chef Workstation 25.9.1094$$$Release Date: September 30; 2025.$$$$$$New features$$$Updated Test Kitchen to 3.9.0. This adds support for using SSH transport on Windows platforms.$$$Component updates$$$Updated Chef Infra Client to v18.8.11. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec to v5.22.95. See the InSpec release notes for more information.$$$Updated Knife to v18.8.13.$$$Updated Test Kitchen to v3.9.0.$$$Updated chef-vault from 4.1.23 to 4.2.5$$$Updated knife-tidy from 2.1.6 to 2.3.2$$$Updated kitchen-vagrant from 2.0.1 to 2.1.2$$$Updated kitchen-dokken from 2.20.7 to 2.20.8$$$Updated kitchen-ec2 from 3.19.0 to 3.20.0$$$Security updates$$$Updated ruby and ruby-msys2-devkit from 3.1.6 to 3.1.7$$$$$$Updated Go from 1.23.9 to 1.23.12 to resolve the following CVE:$$$$$$CVE-2025-0913$$$Updated git from 2.39.3 to 2.43.7 to resolve the following CVE:$$$$$$CVE-2025-48384$$$Updated cURL from 8.12.1 to 8.14.1 to resolve the following CVEs:$$$$$$CVE-2025-5025$$$CVE-2025-4947$$$Updated libxml2 from 2.12.10 to 2.13.8 to resolve the following CVEs:$$$$$$CVE-2025-32415$$$CVE-2025-32414$$$Updated libarchive from 3.7.9 to 3.8.1 to resolve the following CVEs:$$$$$$CVE-2025-5914$$$CVE-2025-5915$$$CVE-2025-5916$$$CVE-2025-5917$$$CVE-2025-5918$$$Updated Berkshelf from 8.0.22 to 8.1.6 to address code scanning and dependabot alerts.$$$$$$Packaging$$$We now build Windows packages for:$$$$$$Windows 2019$$$We no longer build packages for:$$$$$$Windows 8$$$Windows Server 2012$$$Windows Server 2012 R2.

**Not scanned for VT due to size **$$$Chef Workstation 25.5.1084$$$Release Date: May 27; 2025.$$$$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.7.10. See the Chef Infra Client release notes for a full list of improvements and features.$$$InSpec$$$Updated Chef InSpec to v5.22.80. See the InSpec release notes for more information.$$$Knife$$$Updated Knife to v18.7.9.$$$Test Kitchen$$$Updated Test Kitchen to v3.7.0.$$$Security$$$Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9.$$$$$$Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$CVE-2024-9681$$$CVE-2023-46219$$$CVE-2023-46218$$$Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE:$$$$$$CVE-2025-27113$$$CVE-2025-24928$$$CVE-2024-56171$$$CVE-2024-40896$$$Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE:$$$$$$CVE-2024-55549$$$CVE-2025-24855$$$Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE:$$$$$$CVE-2024-48615$$$Updated REXML to v3.4.1 to address CVE-2024-49761$$$$$$Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life.$$$$$$We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts:$$$$$$Berkshelf was updated from v8.0.9 to v8.0.22.$$$Chef CLI was updated from v5.6.16 to v5.6.21.$$$Ohai was updated from v18.1.18 to v18.2.6.$$$Fauxhai was updated from v9.3.16 to v9.3.26.$$$Chef Vault was updated from v4.1.11 to v4.1.23.$$$Bug Fixes$$$Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife.$$$Resolved unexpected kitchen doctor errors appearing during kitchen test runs.$$$Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19.$$$Resolved Windows pipeline failures in the chef-vault repository during verification steps.$$$Packaging$$$We no longer build packages for macOS 11 Big Sur.$$$We now build packages for macOS 13 and 14 on aarch64.

Chef Workstation 25.9.1094$$$Release Date: September 30; 2025.$$$$$$New features$$$Updated Test Kitchen to 3.9.0. This adds support for using SSH transport on Windows platforms.$$$Component updates$$$Updated Chef Infra Client to v18.8.11. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec to v5.22.95. See the InSpec release notes for more information.$$$Updated Knife to v18.8.13.$$$Updated Test Kitchen to v3.9.0.$$$Updated chef-vault from 4.1.23 to 4.2.5$$$Updated knife-tidy from 2.1.6 to 2.3.2$$$Updated kitchen-vagrant from 2.0.1 to 2.1.2$$$Updated kitchen-dokken from 2.20.7 to 2.20.8$$$Updated kitchen-ec2 from 3.19.0 to 3.20.0$$$Security updates$$$Updated ruby and ruby-msys2-devkit from 3.1.6 to 3.1.7$$$$$$Updated Go from 1.23.9 to 1.23.12 to resolve the following CVE:$$$$$$CVE-2025-0913$$$Updated git from 2.39.3 to 2.43.7 to resolve the following CVE:$$$$$$CVE-2025-48384$$$Updated cURL from 8.12.1 to 8.14.1 to resolve the following CVEs:$$$$$$CVE-2025-5025$$$CVE-2025-4947$$$Updated libxml2 from 2.12.10 to 2.13.8 to resolve the following CVEs:$$$$$$CVE-2025-32415$$$CVE-2025-32414$$$Updated libarchive from 3.7.9 to 3.8.1 to resolve the following CVEs:$$$$$$CVE-2025-5914$$$CVE-2025-5915$$$CVE-2025-5916$$$CVE-2025-5917$$$CVE-2025-5918$$$Updated Berkshelf from 8.0.22 to 8.1.6 to address code scanning and dependabot alerts.$$$$$$Packaging$$$We now build Windows packages for:$$$$$$Windows 2019$$$We no longer build packages for:$$$$$$Windows 8$$$Windows Server 2012$$$Windows Server 2012 R2.

**Not scanned for VT due to size **$$$Chef Workstation 25.5.1084$$$Release Date: May 27; 2025.$$$$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.7.10. See the Chef Infra Client release notes for a full list of improvements and features.$$$InSpec$$$Updated Chef InSpec to v5.22.80. See the InSpec release notes for more information.$$$Knife$$$Updated Knife to v18.7.9.$$$Test Kitchen$$$Updated Test Kitchen to v3.7.0.$$$Security$$$Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9.$$$$$$Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$CVE-2024-9681$$$CVE-2023-46219$$$CVE-2023-46218$$$Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE:$$$$$$CVE-2025-27113$$$CVE-2025-24928$$$CVE-2024-56171$$$CVE-2024-40896$$$Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE:$$$$$$CVE-2024-55549$$$CVE-2025-24855$$$Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE:$$$$$$CVE-2024-48615$$$Updated REXML to v3.4.1 to address CVE-2024-49761$$$$$$Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life.$$$$$$We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts:$$$$$$Berkshelf was updated from v8.0.9 to v8.0.22.$$$Chef CLI was updated from v5.6.16 to v5.6.21.$$$Ohai was updated from v18.1.18 to v18.2.6.$$$Fauxhai was updated from v9.3.16 to v9.3.26.$$$Chef Vault was updated from v4.1.11 to v4.1.23.$$$Bug Fixes$$$Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife.$$$Resolved unexpected kitchen doctor errors appearing during kitchen test runs.$$$Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19.$$$Resolved Windows pipeline failures in the chef-vault repository during verification steps.$$$Packaging$$$We no longer build packages for macOS 11 Big Sur.$$$We now build packages for macOS 13 and 14 on aarch64.

Chef Workstation 25.9.1094$$$Release Date: September 30; 2025.$$$$$$New features$$$Updated Test Kitchen to 3.9.0. This adds support for using SSH transport on Windows platforms.$$$Component updates$$$Updated Chef Infra Client to v18.8.11. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec to v5.22.95. See the InSpec release notes for more information.$$$Updated Knife to v18.8.13.$$$Updated Test Kitchen to v3.9.0.$$$Updated chef-vault from 4.1.23 to 4.2.5$$$Updated knife-tidy from 2.1.6 to 2.3.2$$$Updated kitchen-vagrant from 2.0.1 to 2.1.2$$$Updated kitchen-dokken from 2.20.7 to 2.20.8$$$Updated kitchen-ec2 from 3.19.0 to 3.20.0$$$Security updates$$$Updated ruby and ruby-msys2-devkit from 3.1.6 to 3.1.7$$$$$$Updated Go from 1.23.9 to 1.23.12 to resolve the following CVE:$$$$$$CVE-2025-0913$$$Updated git from 2.39.3 to 2.43.7 to resolve the following CVE:$$$$$$CVE-2025-48384$$$Updated cURL from 8.12.1 to 8.14.1 to resolve the following CVEs:$$$$$$CVE-2025-5025$$$CVE-2025-4947$$$Updated libxml2 from 2.12.10 to 2.13.8 to resolve the following CVEs:$$$$$$CVE-2025-32415$$$CVE-2025-32414$$$Updated libarchive from 3.7.9 to 3.8.1 to resolve the following CVEs:$$$$$$CVE-2025-5914$$$CVE-2025-5915$$$CVE-2025-5916$$$CVE-2025-5917$$$CVE-2025-5918$$$Updated Berkshelf from 8.0.22 to 8.1.6 to address code scanning and dependabot alerts.$$$$$$Packaging$$$We now build Windows packages for:$$$$$$Windows 2019$$$We no longer build packages for:$$$$$$Windows 8$$$Windows Server 2012$$$Windows Server 2012 R2.

**Not scanned for VT due to size **$$$Chef Workstation 25.5.1084$$$Release Date: May 27; 2025.$$$$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.7.10. See the Chef Infra Client release notes for a full list of improvements and features.$$$InSpec$$$Updated Chef InSpec to v5.22.80. See the InSpec release notes for more information.$$$Knife$$$Updated Knife to v18.7.9.$$$Test Kitchen$$$Updated Test Kitchen to v3.7.0.$$$Security$$$Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9.$$$$$$Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$CVE-2024-9681$$$CVE-2023-46219$$$CVE-2023-46218$$$Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE:$$$$$$CVE-2025-27113$$$CVE-2025-24928$$$CVE-2024-56171$$$CVE-2024-40896$$$Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE:$$$$$$CVE-2024-55549$$$CVE-2025-24855$$$Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE:$$$$$$CVE-2024-48615$$$Updated REXML to v3.4.1 to address CVE-2024-49761$$$$$$Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life.$$$$$$We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts:$$$$$$Berkshelf was updated from v8.0.9 to v8.0.22.$$$Chef CLI was updated from v5.6.16 to v5.6.21.$$$Ohai was updated from v18.1.18 to v18.2.6.$$$Fauxhai was updated from v9.3.16 to v9.3.26.$$$Chef Vault was updated from v4.1.11 to v4.1.23.$$$Bug Fixes$$$Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife.$$$Resolved unexpected kitchen doctor errors appearing during kitchen test runs.$$$Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19.$$$Resolved Windows pipeline failures in the chef-vault repository during verification steps.$$$Packaging$$$We no longer build packages for macOS 11 Big Sur.$$$We now build packages for macOS 13 and 14 on aarch64.

Chef Workstation 25.9.1094$$$Release Date: September 30; 2025.$$$$$$New features$$$Updated Test Kitchen to 3.9.0. This adds support for using SSH transport on Windows platforms.$$$Component updates$$$Updated Chef Infra Client to v18.8.11. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec to v5.22.95. See the InSpec release notes for more information.$$$Updated Knife to v18.8.13.$$$Updated Test Kitchen to v3.9.0.$$$Updated chef-vault from 4.1.23 to 4.2.5$$$Updated knife-tidy from 2.1.6 to 2.3.2$$$Updated kitchen-vagrant from 2.0.1 to 2.1.2$$$Updated kitchen-dokken from 2.20.7 to 2.20.8$$$Updated kitchen-ec2 from 3.19.0 to 3.20.0$$$Security updates$$$Updated ruby and ruby-msys2-devkit from 3.1.6 to 3.1.7$$$$$$Updated Go from 1.23.9 to 1.23.12 to resolve the following CVE:$$$$$$CVE-2025-0913$$$Updated git from 2.39.3 to 2.43.7 to resolve the following CVE:$$$$$$CVE-2025-48384$$$Updated cURL from 8.12.1 to 8.14.1 to resolve the following CVEs:$$$$$$CVE-2025-5025$$$CVE-2025-4947$$$Updated libxml2 from 2.12.10 to 2.13.8 to resolve the following CVEs:$$$$$$CVE-2025-32415$$$CVE-2025-32414$$$Updated libarchive from 3.7.9 to 3.8.1 to resolve the following CVEs:$$$$$$CVE-2025-5914$$$CVE-2025-5915$$$CVE-2025-5916$$$CVE-2025-5917$$$CVE-2025-5918$$$Updated Berkshelf from 8.0.22 to 8.1.6 to address code scanning and dependabot alerts.$$$$$$Packaging$$$We now build Windows packages for:$$$$$$Windows 2019$$$We no longer build packages for:$$$$$$Windows 8$$$Windows Server 2012$$$Windows Server 2012 R2.

**Not scanned for VT due to size **$$$Chef Workstation 25.5.1084$$$Release Date: May 27; 2025.$$$$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.7.10. See the Chef Infra Client release notes for a full list of improvements and features.$$$InSpec$$$Updated Chef InSpec to v5.22.80. See the InSpec release notes for more information.$$$Knife$$$Updated Knife to v18.7.9.$$$Test Kitchen$$$Updated Test Kitchen to v3.7.0.$$$Security$$$Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9.$$$$$$Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$CVE-2024-9681$$$CVE-2023-46219$$$CVE-2023-46218$$$Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE:$$$$$$CVE-2025-27113$$$CVE-2025-24928$$$CVE-2024-56171$$$CVE-2024-40896$$$Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE:$$$$$$CVE-2024-55549$$$CVE-2025-24855$$$Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE:$$$$$$CVE-2024-48615$$$Updated REXML to v3.4.1 to address CVE-2024-49761$$$$$$Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life.$$$$$$We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts:$$$$$$Berkshelf was updated from v8.0.9 to v8.0.22.$$$Chef CLI was updated from v5.6.16 to v5.6.21.$$$Ohai was updated from v18.1.18 to v18.2.6.$$$Fauxhai was updated from v9.3.16 to v9.3.26.$$$Chef Vault was updated from v4.1.11 to v4.1.23.$$$Bug Fixes$$$Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife.$$$Resolved unexpected kitchen doctor errors appearing during kitchen test runs.$$$Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19.$$$Resolved Windows pipeline failures in the chef-vault repository during verification steps.$$$Packaging$$$We no longer build packages for macOS 11 Big Sur.$$$We now build packages for macOS 13 and 14 on aarch64.

**Not scanned for VT due to size **$$$Chef Workstation 25.2.1075$$$Release Date: 5 February; 2025.$$$$$$Components$$$Knife$$$Important Notice: Upcoming Omnitruck API Deprecation$$$$$$We updated Knife from v18.6.2 to v18.6.13. This release introduces a warning message when running knife bootstrap that notifies users about the upcoming Omnitruck API deprecation.$$$$$$To ensure uninterrupted downloads and remove this warning:$$$$$$For connected environments: Activate your Chef license and Knife automatically uses the new download APIs.$$$For air-gapped environments: Set up a local Chef licensing service and configure the CHEF_LICENSE_SERVER environment variable to point to its URL. For more information; see the Chef Local License Service documentation.$$$Activating your Chef license ensures a smooth transition to the new download mechanism before the Omnitruck API is deprecated.$$$$$$Chef Habitat$$$Updated Chef Habitat from v1.6.1041 to v1.6.1243. See the Habitat release notes for more information.$$$Improvements$$$To improve security and mitigate vulnerabilities; we replaced Kernel.open with File.open and IO.read with File.read.$$$Security$$$Updated expat from v2.5.0 to v2.6.4 to resolve the following CVEs:$$$$$$CVE-2023-52425$$$CVE-2023-52426$$$CVE-2024-45492

**Not scanned for VT due to size **$$$Chef Workstation 24.12.1073$$$Release Date: 18 December; 2024.$$$$$$Components$$$Updated Chef Infra Client from v18.5.0 to v18.6.2 and Knife from v18.5.0 to v18.6.2. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec from v5.22.55 to v5.22.65. See the InSpec release notes for more information.$$$Updated kitchen-dokken to v2.20.7.$$$Improvements$$$Updated the chef-cli gem from v5.6.14 to v5.6.16 so users can connect to JFrog Artifactory with an access token. ([#239] (https://github.com/chef/chef-cli/pull/239))$$$Licensing$$$These changes prepare users for new license requirements in Chef Infra Client 19. (#14669)$$$$$$The knife bootstrap command now validates your license key and downloads from Chef’s new download APIs. If you don’t have a license; Knife falls back to the older Omnitruck API and returns a warning to add a license.$$$$$$We added the following commands to manage licenses with Knife:$$$$$$knife license$$$knife license list$$$knife license add$$$See the Chef licensing documentation and download API documentation for more information.$$$$$$Security$$$Updated OpenSSL from v3.0.12 to v3.0.15 to resolve the following CVEs:$$$$$$CVE-2024-5535$$$CVE-2024-6119$$$CVE-2024-4741$$$Updated libxml2 from v2.12.5 to v2.12.7 to resolve the following CVE:$$$$$$CVE-2024-34459$$$Updated libarchive from v3.7.4 to v3.7.5 to resolve the following CVEs:$$$$$$CVE-2024-37407$$$CVE-2024-48957$$$CVE-2024-48958$$$Updated git-windows from v2.41.0 to v2.47.0 to resolve the following CVE:$$$$$$CVE-2023-38545$$$Updated ruby and ruby-msys2-devkit from v3.1.2 to v3.1.6 to resolve the following CVE:$$$$$$CVE-2023-38545$$$Updated RDoc to v6.4.1.1 to resolve the following CVE:$$$$$$CVE-2024-27281

**Not scanned for VT due to size **$$$$$$Chef Workstation 24.8.1068$$$Bug Fixes$$$Calls to chef_vault_item in Test Kitchen now converge correctly.$$$Components$$$Updated Chef Infra Client from v18.4.12 to v18.5.0 and Knife from v18.4.2 to v18.5.0. See the Chef Infra Client release notes for a full list of improvements and features.$$$$$$Updated Chef InSpec from v5.22.50 to v5.22.55. See the InSpec release notes for more information.$$$$$$Updated the following Test Kitchen drivers:$$$$$$Updated kitchen-azurerm to v1.13.1.$$$Updated kitchen-digitalocean to v0.16.1.$$$Updated kitchen-dokken to v2.20.6.$$$Updated kitchen-ec2 to v3.19.0.$$$Updated kitchen-google to v2.6.1.$$$Updated kitchen-hyperv to v0.10.1.$$$Updated kitchen-openstack to v6.2.1.$$$Updated kitchen-vra to v3.3.3.$$$Updated kitchen-vagrant to v2.0.1.$$$Security$$$Updated libarchive from 3.6.2 to 3.7.4 to resolve the following CVE:$$$$$$CVE-2024-37407$$$Updated Go from 1.21.5 to 1.22.5 to resolve the following CVEs:$$$$$$CVE-2024-24790$$$CVE-2024-24791

**Not scanned for VT due to size **$$$$$$Chef Workstation 24.6.1066$$$Improvements$$$Added the Ruby implementation of c_rehash script to Chef Workstation. In the past; we’ve included c_rehash as a Perl script; but we stopped including Perl with Chef Workstation. (#3234)$$$Bug Fixes$$$Fixed an error where the Chef Workstation App remains open in the tray icon after it is uninstalled on macOS.$$$Components

Chef Workstation 24.4.1064$$$Improvements$$$Added support for FIPS in OpenSSL v3.$$$Bug Fixes$$$Fixed an issue with the Chef Workstation tray icon.$$$Security$$$Libxml2$$$Updated the libxml2 to v2.12.5 to address the following CVE:$$$$$$CVE-2024-25062$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.4.12. See the Chef Infra Client release notes for a full list of improvements and features.$$$$$$Fauxhai$$$Updated fauxhai-chef to v9.3.16. See the fauxhai changelogs for more information.$$$$$$kitchen-dokken$$$Updated kitchen-dokken to v2.20.4.$$$$$$kitchen-google$$$Updated kitchen-google to v2.6.0; which replaces the google-api-client Ruby gem with google-apis-compute-v1.$$$$$$kitchen-vagrant$$$Updated kitchen-vagrant to v2.0.0. See the changelogs for more information.$$$$$$knife-ec2$$$Updated knife-ec2 to v2.1.6; which adds support for the gp3 and io2 volume types.

Chef Workstation 24.2.1058$$$Packaging$$$Amazon Linux 2023 packages$$$We now produce Amazon Linux 2023 packages for Chef Workstation for x86_64 and AArch64 architectures.$$$$$$Note: Chef Habitat is not bundled with Chef Workstation for Amazon Linux 2023 AArch64 architectures.$$$$$$Components$$$InSpec$$$Updated Chef InSpec from 5.22.36 to 5.22.40. See the InSpec release notes for more information.$$$$$$Cookstyle$$$Updated Cookstyle to v7.32.7.$$$$$$Security$$$Go$$$Updated Go from 1.21.3 to 1.21.5; which resolves the following CVEs:$$$$$$CVE-2023-45285$$$CVE-2023-45283$$$zlib$$$Updated zlib from 1.3 to 1.3.1; which resolves the following CVEs:$$$$$$CVE-2023-45853$$$OpenSSL$$$Updated OpenSSL from 3.0.11 to 3.0.12; which resolves the following CVEs:$$$$$$CVE-2023-5363$$$

Chef Workstation Release Notes$$$Chef Workstation 23.12.1055$$$$$$Improvements$$$Replaced the previous Chef Workstation logo and icons with the new Progress Chef logo and updated the copyright date.$$$Improved performance of chef CLI commands when using multiple cookbooks stored in Git repositories. Thanks adsr! (#223)$$$$$$Bug Fixes$$$Fixed an issue with bundling the win32-security gem on Windows.$$$Fixed an installation issue with the ruby-shadow gem.$$$Fixed an error when installing Chef Workstation on D drive.$$$$$$For complete details refer - https://docs.chef.io/release_notes_workstation/?_ga=2.143546165.161612401.1707277966-1590178962.1707277966#23.12.1055