All-in-one installer for the tools you need to manage your Chef infrastructure

**Not scanned for VT due to size **$$$Chef Workstation 25.5.1084$$$Release Date: May 27; 2025.$$$$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.7.10. See the Chef Infra Client release notes for a full list of improvements and features.$$$InSpec$$$Updated Chef InSpec to v5.22.80. See the InSpec release notes for more information.$$$Knife$$$Updated Knife to v18.7.9.$$$Test Kitchen$$$Updated Test Kitchen to v3.7.0.$$$Security$$$Updated OpenSSL from v3.0.15 to v3.2.4 while maintaining FIPS algorithm support from v3.0.9.$$$$$$Updated cURL from v8.4.0 to v8.12.1 to resolve the following CVE:$$$$$$CVE-2025-0725$$$CVE-2024-9681$$$CVE-2023-46219$$$CVE-2023-46218$$$Updated libxml2 from v2.12.7 to v2.12.10 to resolve the following CVE:$$$$$$CVE-2025-27113$$$CVE-2025-24928$$$CVE-2024-56171$$$CVE-2024-40896$$$Updated libxslt from v1.1.39 to v1.1.43 to resolve the following CVE:$$$$$$CVE-2024-55549$$$CVE-2025-24855$$$Updated libarchive from v3.7.5 to v3.7.9 to resolve the following CVE:$$$$$$CVE-2024-48615$$$Updated REXML to v3.4.1 to address CVE-2024-49761$$$$$$Updated Go from v1.22.5 to v1.23.9 as support for the 1.22 series is nearing end-of-life.$$$$$$We updated several components to address critical security issues identified through Dependabot and GitHub code scanning alerts:$$$$$$Berkshelf was updated from v8.0.9 to v8.0.22.$$$Chef CLI was updated from v5.6.16 to v5.6.21.$$$Ohai was updated from v18.1.18 to v18.2.6.$$$Fauxhai was updated from v9.3.16 to v9.3.26.$$$Chef Vault was updated from v4.1.11 to v4.1.23.$$$Bug Fixes$$$Fixed a bootstrap failure on Windows caused by an incorrect URL in Knife.$$$Resolved unexpected kitchen doctor errors appearing during kitchen test runs.$$$Fixed knife-vsphere failures caused by licensing changes introduced in Chef Infra Client 19.$$$Resolved Windows pipeline failures in the chef-vault repository during verification steps.$$$Packaging$$$We no longer build packages for macOS 11 Big Sur.$$$We now build packages for macOS 13 and 14 on aarch64.

All-in-one installer for the tools you need to manage your Chef infrastructure

**Not scanned for VT due to size **$$$Chef Workstation 25.2.1075$$$Release Date: 5 February; 2025.$$$$$$Components$$$Knife$$$Important Notice: Upcoming Omnitruck API Deprecation$$$$$$We updated Knife from v18.6.2 to v18.6.13. This release introduces a warning message when running knife bootstrap that notifies users about the upcoming Omnitruck API deprecation.$$$$$$To ensure uninterrupted downloads and remove this warning:$$$$$$For connected environments: Activate your Chef license and Knife automatically uses the new download APIs.$$$For air-gapped environments: Set up a local Chef licensing service and configure the CHEF_LICENSE_SERVER environment variable to point to its URL. For more information; see the Chef Local License Service documentation.$$$Activating your Chef license ensures a smooth transition to the new download mechanism before the Omnitruck API is deprecated.$$$$$$Chef Habitat$$$Updated Chef Habitat from v1.6.1041 to v1.6.1243. See the Habitat release notes for more information.$$$Improvements$$$To improve security and mitigate vulnerabilities; we replaced Kernel.open with File.open and IO.read with File.read.$$$Security$$$Updated expat from v2.5.0 to v2.6.4 to resolve the following CVEs:$$$$$$CVE-2023-52425$$$CVE-2023-52426$$$CVE-2024-45492

**Not scanned for VT due to size **$$$Chef Workstation 24.12.1073$$$Release Date: 18 December; 2024.$$$$$$Components$$$Updated Chef Infra Client from v18.5.0 to v18.6.2 and Knife from v18.5.0 to v18.6.2. See the Chef Infra Client release notes for a full list of improvements and features.$$$Updated Chef InSpec from v5.22.55 to v5.22.65. See the InSpec release notes for more information.$$$Updated kitchen-dokken to v2.20.7.$$$Improvements$$$Updated the chef-cli gem from v5.6.14 to v5.6.16 so users can connect to JFrog Artifactory with an access token. ([#239] (https://github.com/chef/chef-cli/pull/239))$$$Licensing$$$These changes prepare users for new license requirements in Chef Infra Client 19. (#14669)$$$$$$The knife bootstrap command now validates your license key and downloads from Chef’s new download APIs. If you don’t have a license; Knife falls back to the older Omnitruck API and returns a warning to add a license.$$$$$$We added the following commands to manage licenses with Knife:$$$$$$knife license$$$knife license list$$$knife license add$$$See the Chef licensing documentation and download API documentation for more information.$$$$$$Security$$$Updated OpenSSL from v3.0.12 to v3.0.15 to resolve the following CVEs:$$$$$$CVE-2024-5535$$$CVE-2024-6119$$$CVE-2024-4741$$$Updated libxml2 from v2.12.5 to v2.12.7 to resolve the following CVE:$$$$$$CVE-2024-34459$$$Updated libarchive from v3.7.4 to v3.7.5 to resolve the following CVEs:$$$$$$CVE-2024-37407$$$CVE-2024-48957$$$CVE-2024-48958$$$Updated git-windows from v2.41.0 to v2.47.0 to resolve the following CVE:$$$$$$CVE-2023-38545$$$Updated ruby and ruby-msys2-devkit from v3.1.2 to v3.1.6 to resolve the following CVE:$$$$$$CVE-2023-38545$$$Updated RDoc to v6.4.1.1 to resolve the following CVE:$$$$$$CVE-2024-27281

**Not scanned for VT due to size **$$$$$$Chef Workstation 24.8.1068$$$Bug Fixes$$$Calls to chef_vault_item in Test Kitchen now converge correctly.$$$Components$$$Updated Chef Infra Client from v18.4.12 to v18.5.0 and Knife from v18.4.2 to v18.5.0. See the Chef Infra Client release notes for a full list of improvements and features.$$$$$$Updated Chef InSpec from v5.22.50 to v5.22.55. See the InSpec release notes for more information.$$$$$$Updated the following Test Kitchen drivers:$$$$$$Updated kitchen-azurerm to v1.13.1.$$$Updated kitchen-digitalocean to v0.16.1.$$$Updated kitchen-dokken to v2.20.6.$$$Updated kitchen-ec2 to v3.19.0.$$$Updated kitchen-google to v2.6.1.$$$Updated kitchen-hyperv to v0.10.1.$$$Updated kitchen-openstack to v6.2.1.$$$Updated kitchen-vra to v3.3.3.$$$Updated kitchen-vagrant to v2.0.1.$$$Security$$$Updated libarchive from 3.6.2 to 3.7.4 to resolve the following CVE:$$$$$$CVE-2024-37407$$$Updated Go from 1.21.5 to 1.22.5 to resolve the following CVEs:$$$$$$CVE-2024-24790$$$CVE-2024-24791

**Not scanned for VT due to size **$$$$$$Chef Workstation 24.6.1066$$$Improvements$$$Added the Ruby implementation of c_rehash script to Chef Workstation. In the past; we’ve included c_rehash as a Perl script; but we stopped including Perl with Chef Workstation. (#3234)$$$Bug Fixes$$$Fixed an error where the Chef Workstation App remains open in the tray icon after it is uninstalled on macOS.$$$Components

Chef Workstation 24.4.1064$$$Improvements$$$Added support for FIPS in OpenSSL v3.$$$Bug Fixes$$$Fixed an issue with the Chef Workstation tray icon.$$$Security$$$Libxml2$$$Updated the libxml2 to v2.12.5 to address the following CVE:$$$$$$CVE-2024-25062$$$Components$$$Chef Infra Client$$$Updated Chef Infra Client to v18.4.12. See the Chef Infra Client release notes for a full list of improvements and features.$$$$$$Fauxhai$$$Updated fauxhai-chef to v9.3.16. See the fauxhai changelogs for more information.$$$$$$kitchen-dokken$$$Updated kitchen-dokken to v2.20.4.$$$$$$kitchen-google$$$Updated kitchen-google to v2.6.0; which replaces the google-api-client Ruby gem with google-apis-compute-v1.$$$$$$kitchen-vagrant$$$Updated kitchen-vagrant to v2.0.0. See the changelogs for more information.$$$$$$knife-ec2$$$Updated knife-ec2 to v2.1.6; which adds support for the gp3 and io2 volume types.

Chef Workstation 24.2.1058$$$Packaging$$$Amazon Linux 2023 packages$$$We now produce Amazon Linux 2023 packages for Chef Workstation for x86_64 and AArch64 architectures.$$$$$$Note: Chef Habitat is not bundled with Chef Workstation for Amazon Linux 2023 AArch64 architectures.$$$$$$Components$$$InSpec$$$Updated Chef InSpec from 5.22.36 to 5.22.40. See the InSpec release notes for more information.$$$$$$Cookstyle$$$Updated Cookstyle to v7.32.7.$$$$$$Security$$$Go$$$Updated Go from 1.21.3 to 1.21.5; which resolves the following CVEs:$$$$$$CVE-2023-45285$$$CVE-2023-45283$$$zlib$$$Updated zlib from 1.3 to 1.3.1; which resolves the following CVEs:$$$$$$CVE-2023-45853$$$OpenSSL$$$Updated OpenSSL from 3.0.11 to 3.0.12; which resolves the following CVEs:$$$$$$CVE-2023-5363$$$

Chef Workstation Release Notes$$$Chef Workstation 23.12.1055$$$$$$Improvements$$$Replaced the previous Chef Workstation logo and icons with the new Progress Chef logo and updated the copyright date.$$$Improved performance of chef CLI commands when using multiple cookbooks stored in Git repositories. Thanks adsr! (#223)$$$$$$Bug Fixes$$$Fixed an issue with bundling the win32-security gem on Windows.$$$Fixed an installation issue with the ruby-shadow gem.$$$Fixed an error when installing Chef Workstation on D drive.$$$$$$For complete details refer - https://docs.chef.io/release_notes_workstation/?_ga=2.143546165.161612401.1707277966-1590178962.1707277966#23.12.1055