Chef InSpec Release Notes
Chef InSpec 6.8.1
https://packages.chef.io/release-notes/inspec/6.8.1.mdNew features
- Added the sshd_active_config resource, which finds and tests configuration data for the OpenSSH daemon. (#7070)
- Added the ssh_key resource which verifies the following SSH key types: RSA, ECDSA, DSA, and Ed25519. (#6656)
- Added telemetry reporting for free and trial users. (#6012)
Enhancement
- Added C shell support to the sybase_session resource. (#7069)
Improvements
Improved the InSpec Parallel status reporter, which was blinking when reporting the status of a profile with a lot of options. (#6693)
Updated the output of the
cmp
matcher when a control fails while using a negation such as ‘should_not’. (#6862)For example, if the value of
key
is3
, then this fails:its(key) { should_not cmp "3" }
and returns this output:
expected: 3 got: 3
The updated output returns:
expected it not to be == "3" got: 3
Thanks @Taknok!
Security improvements
- Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
- Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
- Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)
Bug fixes
- The URL fetcher no longer uses the
git ls-remote
command without the--symref
option. This was removed due to an incompatibility on Ubuntu 16 and RHEL 7 platforms. (#7043) - Fixed the
Uninitialized constant Parser::AST::Processor::Mixin
error with the Parser gem dependency. (#7030) - Fixed an error with the URL fetcher, which failed to work when executing from a directory that’s not a Git repository. (#7023)
- Removed the “Unrecognized feature name” warning when executing a profile with a custom InSpec reporter plugin. (#6988)
- Fixed the
virtualization.virtual_system?
helper in the virtualization resource to correctly returntrue
if run against a Podman container. (#6947) - Fixed the streaming reporter so that it captures InSpec scan progress correctly. (#6912)
- Chef InSpec now correctly waives controls when run in Chef Infra Client Compliance Phase. (#6919)
- Removed dependency on the activesupport Gem by removing the
blank?
method. (#6914) - Fixed the reporter integration used in Chef Infra Client Compliance Phase, which returned an undefined method error. (#6859)
Chef InSpec 6.6.0
https://packages.chef.io/release-notes/inspec/6.6.0.mdChef licensing
Chef InSpec now requires a license key to run. Before you can execute scans with InSpec, you must accept the Chef EULA and add a license key.
Commercial users can find their license key in Chef Support Hub. Users can request a Free or Trial license that comes with product limitations. See the license tiers section below.
For more information on adding a license key to InSpec and Chef licenses, see Chef InSpec’s licensing documentation and Chef licensing documentation.
License tiers
We’ve updated the Chef End User License Agreement (EULA). The terms of the EULA are the same as they were before, but we’ve created three license tiers: Free, Trial, and Commercial.
The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time. The Trial tier allows trial users to scan unlimited targets for 30 days. The Commercial tier gives users the features and benefits that come with the subscription they’ve purchased.
Users who would like to try Chef InSpec 6 can request a free or trial license, which comes with product limitations.
See our licensing documentation or contact Chef Support for more information.
New features
InSpec Parallel
The new inspec parallel
command allows you to simultaneously run multiple audits on multiple cloud or on-prem targets.
This can speed up audits and allow you to remediate problems more quickly.
For more information, see the InSpec Parallel documentation
Audit Logging (Preview)
Audit Logging logs the commands and file accesses made through the underlying Train connection.
To enable this feature, set the environment variable CHEF_PREVIEW_AUDIT_LOGGING
to any non-empty value and Chef InSpec will write logs to ~/.inspec/logs/inspec-audit-TIMESTAMP-PID.log
in JSON format.
This is a preview feature with limited capabilities. We are seeking user feedback for future feature development. For more details, see InSpec Audit Log.
Mandatory Profile Signing (Preview)
If you set the environment variable CHEF_PREVIEW_MANDATORY_PROFILE_SIGNING
to any non-empty value, Chef InSpec 6 will only execute signed profiles for all profile executions.
Signed profiles, or .iaf
files, are digital artifacts created using the inspec sign
command.
They can be used to create a chain of trust between your content author and your compliance target.
For more information on the feature, which is in preview in Chef InSpec 6 but will be enabled in a future major version, please see InSpec Signing.
Bug Fixes
Waiver files
We improved how InSpec handles malformed waiver files. (6644)
Previously, InSpec would run until it finished processing a profile and then return an error if there was a problem with a waiver file. Error messages could be quite long and it could take InSpec hours to complete large profiles, wasting users’ time.
Now InSpec exits immediately and returns an error if it detects a malformed waiver file. This includes waiver files missing required parameters and YAML files that fail linting.
InSpec Check and InSpec Export
We overhauled the inspec check
and inspec export
commands to use the parser library to improve security. (6849)
Breaking Changes
- We no longer support Ruby 2.7 since it became end-of-life (EOL) in March 2023.
Chef InSpec 5.22.58
https://packages.chef.io/release-notes/inspec/5.22.58.mdImprovements
- Upgraded the minimum version of Ruby version from 2.4.0 to 3.0.3. (#6790)
Bug Fixes
The oracledb_session resource has the following bug fixes:
- oracledb_session resource now correctly executes profiles against Oracle Database 12 on Solaris
- The oracledb_session resource now correctly passes queries
with certain special characters and escape backslashes to Oracle SQL.
Previously queries with special characters like
,
or$
that were escaped using a double backslash (for example,\\,
) were converted by oracledb_session to have four backslashes (for example\\\\,
).
(#7136)
The postgres_session resource now correctly returns an error when the password authentication fails. (#7154)
Chef InSpec 5.22.55
https://packages.chef.io/release-notes/inspec/5.22.55.mdEnhancement
- Added C shell support to the sybase_session resource. (#7069)
Security improvements
- Improved the security of the nftables and oracledb_session resources when handling potentially malicious strings. (#7078)
- Improved the security of the InSpec CLI when potentially malicious strings are passed as arguments. (#7077)
- Improved the security of InSpec when handling strings that define a file path or URI of a fetched resource. (#7079)
Chef InSpec 5.22.50
https://packages.chef.io/release-notes/inspec/5.22.50.mdBug Fixes
- Fixed the
virtualization.virtual_system?
helper in the virtualization resource to correctly returntrue
if run against a Podman container. (#6949) - Silenced warnings about transforming the URL fetcher into the git fetcher when executing profiles from a Git repository. This message is now added to the debug log. (#6956)
- Fixed the
Uninitialized constant Parser::AST::Processor::Mixin
error with the Parser gem dependency. (#7036) - Fixed an error with the URL fetcher which failed to work when the current directory is not a Git repository. (#7023)
Improvements
Updated the output of the
cmp
matcher when a control fails while using a negation such as ‘should_not’. (#6986)For example, if the value of
key
is3
, then this fails:its(key) { should_not cmp "3" }
and returns this output:
expected: 3 got: 3
The updated output returns:
expected it not to be == "3" got: 3
Thanks @Taknok!
Chef InSpec 5.22.40
https://packages.chef.io/release-notes/inspec/5.22.40.mdBug Fixes
- Fixed the progress-bar reporter so the progress of an InSpec execution that includes an
its
block is displayed correctly. (#6936) - Fixed an issue where waivers were ignored when they were sent by Chef Infra Client in Compliance Phase using InSpec inputs. (#6920)
- Removed dependency on the activesupport Gem by removing the
blank?
method. (#6916)
Chef InSpec 5.22.36
https://packages.chef.io/release-notes/inspec/5.22.36.mdBug Fixes
- Overhauled the
inspec check
andinspec export
commands to use the parser library to improve security. (6849) - Fixed the security_policy resource, which was returning an array instead of a string for single values. (6854)
- Fixed the
html2
reporter. The HTML output was improperly hiding controls when clicking checkboxes if a profile was inherited. (#6811) - Fixed the
inspec json
command, which failed to read CLI options properly. (#6814) - Fixed an issue with Chef Infra Client Compliance Phase in which the reporter integration was broken. (6860)
Chef InSpec 5.22.29
https://packages.chef.io/release-notes/inspec/5.22.29.mdEnd User License Agreement
We’ve updated the Chef End User License Agreement (EULA). The terms of the EULA are the same as they were before, but we’ve created three licensing tiers: Free, Trial, and Commercial.
The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time. The Trial tier allows trial users to scan unlimited targets for 30 days. The Commercial tier gives users the features and benefits that come with the subscription they’ve purchased.
Contact Chef Support for more information.
Security Updates
Updates in this release provide fixes for the following CVE(s):
- CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile (#6721)
Improvements
- Updated the Docker base image to support Ubuntu 22.04. (#6526)
- Updated the Docker base image to support Mac M1 (#6541)
- Updated the
--reporter
and--config
CLI options so that reporter options in a config file are merged with reporter options set with the--reporter
CLI option. (#6568)
Bug Fixes
- Fixed controls in waiver files that were not getting waived if the control failed. (#6588)
- Fixed
inspec exec
so that it can correctly fetch a profile from a repository that isn’t managed with Git and doesn’t have a.git
directory. (#6640) - Fix for missing nil check for control variable in formatter’s base. (#6629)
Chef InSpec 5.22.3
https://packages.chef.io/release-notes/inspec/5.22.3.mdNew Features
train-kubernetes
The train-kubernetes plugin now ships with Chef InSpec. This plugin allows you to perform compliance checks with the Kubernetes API. (#6512)
See the documentation on train plugins for more information about using train with Chef InSpec. See the train-kubernetes repository for more information on train-kubernetes.
New resources
Added the new nftables InSpec audit resource. This allows you to test IP packet filtering rules that are defined with nftables. (#6499)
Improvements
- Added support to the
postgres_session
resource for custom ports with a socket connection to the . (#6494)
Packaging
RHEL 9
Added support for installing Chef InSpec on RHEL 9. Scanning support already existed. (#6403)
Bug Fixes
- Fix for a profile gem dependency loading issue when a dependent gem is required inside profile libraries. (#6408)
- Fix for when a version of a profile dependency is specified that doesn’t follow SemVer format. (6410)
- Fix for configuring headers in the http resource on Windows using remote transport. (#6484)
- Fix for host resource to resolve multiple IP addresses on Windows. (#6481)
Chef InSpec 5.21.29
https://packages.chef.io/release-notes/inspec/5.21.29.mdNew Features
- Added the
--enhanced-outcomes
option to the InSpec CLI. (#6145) - Added support for waiver files in CSV and JSON file formats. (#6369)
- Added new Podman resources for testing containers, images, pods, volumes, and networks. (#6183)
- Added the
only_applicable_if
keyword to the InSpec DSL. This allows you to mark a control as “not applicable” if theonly_applicable_if
block evaluates tofalse
. (#6229)
Enhancements
- Enhanced the
lxc
resource to test properties (#6243)
Bug Fixes
- Fixed the
inspec sign
command which would break if a period was included in the profile name. (#6261) - Fixed compatibility issues with the
oracledb_session
resource when run on AIX with C shell. (#6257) - Fixed the
launchd_service
resource so that a negative status does not make it crash. (#6262) - Fixed an issue when installing the train-kubernetes plugin. (#6334)
- Fixed an undefined method error when running an InSpec command in airgrapped environments. (#6337)
- Update Ruby from 2.7.4 to 3.1.2 for omnibus builds. This fixes two CVEs (CVE-2021-41819 and CVE-2021-41816). (#6341)
- Fixed a bug in profiles that have a dependency that includes a dash followed by a release version (e.g. 2.2.0-13). (#6377)
Chef InSpec 5.18.14
https://packages.chef.io/release-notes/inspec/5.18.14.mdNew Features
- Added
inspec sign
command to enable creation of signed IAF files. (#5995) - Aliased the
inspec json
to theinspec export
command. (#5995) - Added support for
resource_id
to all core resources. (#6126, #6119, #6115, #6112, #6111, #6110, #6109, #6108, #6107, #6106, #6105, #6103, #6102, #6101) - Added support for Podman. (#6159)
Enhancements
- Enhanced the x509_certificate resource with new properties and matchers. (#6041)
Bug Fixes
- Fixed the processes resource to consider processes without paths on Windows. (#6100)
- Fixed a situation in which having a dependency on the same profile at different versions could lead to misleading results. (#6074)
Chef InSpec 5.17.4
https://packages.chef.io/release-notes/inspec/5.17.4.mdNew Features
- Added
zfs
resource (#6004)
Bug Fixes
- Fixed
service
resource onamazonlinux2022
(#5998) - Fixed
inspec json
command failing to populate theinputs
field for the profile (#6056) - Fixed profile gem dependency installation failure when gem version is not specified (#6057)
Chef InSpec 5.14.0
https://packages.chef.io/release-notes/inspec/5.14.0.mdNew Features
Improvements
- Enhanced
file
resource, addingbe_immutable
matcher,content_as_yaml
andcontent_as_json
properties (#5986). - Enhanced
service
resource withbe_monitored_by
andhave_start_mode
matchers (#5981). - Enhanced
group
resource withhave_gid
matcher (#5987).
Bug Fixes
- By default, make cookstyle checks for
inspec check
optional (#5989).
Chef InSpec 5.12.2
https://packages.chef.io/release-notes/inspec/5.12.2.mdNew Features
Improvements
- Enhancements to output of progress-bar reporter (#5966)
- Enhanced
docker_container
resource withhave_volume
matcher (#5944) - Enhanced
docker_image
resource with low-level “inspection” properties. (#5945) - Enhanced
user
resource with new matchers and properties (#5959)
Bug Fixes
- Fixed the
service
resource on BSD to ensure installed: true isn’t always returned. (#5948) - Updated Cisco XE device detection (train #728)
Chef InSpec 5.10.5
https://packages.chef.io/release-notes/inspec/5.10.5.mdNew Features
- Added linux container resource
lxc
. (#5921) - Re-added
ppa
resource. (#5931) - Added
cgroup
resource. (#5935)
Improvements
- Added the ability to detect Kubernetes and Podman containers to the
virtualization
resource. (#5796) - Description added to
inspec plugin list
andsearch
commands. (#5936)
Bug Fixes
- Fixed
postgres_session
resource to allow query errors to be tested rather than treated as control failures. (#5937) - Fixed
oracledb_session
resource when query has empty result. (#5938) - Fixed command timeout ignored when used with sudo on ssh transport. (train #727)
Chef InSpec 5.7.9
https://packages.chef.io/release-notes/inspec/5.7.9.mdNew Features
- Enable SSL-based authentication over WinRM. (#5793)
- Added
resource_id
property in the base class resources and also added to the JSON-based reporters. (#5875, #5890) - Added the
ipnat
resource. (#5883) - Added the
ipfilter
resource. (#5880) - Added
progress-bar
real-time reporter. (#5863) - Added ability to declare and install
gem
dependencies part of the profile metadata file. (#5871) - Added the
cron
resource, a compatibility alias for thecrontab
resource. (#5891) - Added a resource code generator,
inspec init resource
. (#5913)
Improvements
- Added
target_id
sourced fromtrain
to the reporter interface. (#5895) - Added new properties and matchers to the
firewalld
resources. (#5597) - Added
lazy_instance
option toFilterTable
, allowing plural resource definitions to conveniently access the resource instance with the lazy-loading columns. (#5916)
Bug Fixes
- Fixed
--no-diff
option when the message contains a newline. (#5884) - Fixed the
inspec automate version
command to work properly. (#5893)
Breaking Changes
- InSpec is now based on Ruby 3. You may need to reinstall plugins and
gem
dependencies of plugins. - Removed legacy AWS and Azure resources from InSpec core. Since 2018, active development on these resources was part of the resource packs, and these old versions are not maintained. (#5915)
- Deprecated the
--target-id
CLI option. (#5918)
Chef InSpec 4.56.58
https://packages.chef.io/release-notes/inspec/4.56.58.mdEnd User License Agreement
We’ve updated the Chef End User License Agreement (EULA). The terms of the EULA are the same as they were before, but we’ve created three licensing tiers: Free, Trial, and Commercial.
The Free tier allows personal/non-commercial users to scan 10 targets for an unlimited period of time. The Trial tier allows trial users to scan unlimited targets for 30 days. The Commercial tier gives users the features and benefits that come with the subscription they’ve purchased.
Contact Chef Support for more information.
Security Updates
Updates in this release provide fixes for the following CVE(s):
- CVE-2023-42658 InSpec archive command vulnerable to maliciously crafted profile (#6720)
Bug Fixes
- Fixed resolving dependent profiles so that it works regardless of what version scheme you use for version pinning, not just semver (#6471)
- Fixed the
service
resource to prevent negative status from crashing launchd resource (#6751) - Fixed the
inspec exec
command so that it can fetch a profile from a repository that isn’t managed with Git and doesn’t have a.git
directory. (#6750) - Fixed the
inspec json
command so that inputs specified in aninspec.yml
file are included in the output JSON file. (#6059) - Fixed an issue where a profile that includes different versions of a dependency would only list one of the versions in the reporter output. (#6163)
InSpec resources
- Fixed the
mongodb_session
resource to log the info level instead of the debug level in profile run results. (#6752) - Fixed a bug with the
service
resource when run on Amazon Linux 2022 where InSpec would try to run initctl instead of systemd. (#6017) - Fixed the
processes
resource to consider processes without paths on Windows. (#6130)
Backward Incompatibilities
- Upgraded to Ruby 3.1 and removed Ruby 2.7, which is EOL. (#6713)
Chef InSpec 4.56.20
https://packages.chef.io/release-notes/inspec/4.56.20.mdBug Fixes
- Updated Cisco XE device detection (train #728)
- Make cookstyle checks for
inspec check
optional by default (#5992)
Chef InSpec 4.56.19
https://packages.chef.io/release-notes/inspec/4.56.19.mdBug Fixes
- Fixed
postgres_session
resource to allow query errors to be tested rather than treated as control failures. (#5942) - Fixed
oracledb_session
resource when query has empty result. (#5943) - Fixed command timeout ignored when used with sudo on ssh transport. (train #727)
Chef InSpec 4.56.17
https://packages.chef.io/release-notes/inspec/4.56.17.mdNew Features
- Added
timezone
resource. (#5758) - Added
user_permissions
property andbe_inherited
matcher to theregistry_key
resource. (#5778) - Added
user_permissions
property andbe_inherited
matcher to thefile
resource for Windows. (#5775) - Added
kernel_parameters
resource. (#5782) - Added support for streaming reporter plugins. (#5829)
Improvements
- Added
esx
platform support to thebash
resource. (#5785) - Added ability to check whether a package is latest in the
package
resource. (#5771) - Added option to ignore rule comments in the
ip_table
resource. (#5777) - Simplify inheritance of core resources into custom resources. (#5816)
- Added
target_id
sourced fromtrain
back to the reporter interface. (#5917) - Added new properties and matchers to the
firewalld
resources. (#5919) - Added
lazy_instance
option toFilterTable
, allowing plural resource definitions to conveniently access the resource instances with the lazy-loading columns. (#5922)
Bug Fixes
- Fixed parsing of multiline results in the
mssql_session
resource. (#5776) - Fixed an issue with the
package
resource when matching certain version numbers. (#5797) - Ensure that the CLI option,
--insecure
works with dependent profiles loaded with self-signed SSL certificates. (#5799) - Fixed
grub_conf
resource to capture non-indented grub conf values. (#5810) - Fixed
sestatus: command not found
error on Amazon Linux 2. (#5828) - Fixed
--no-diff
option when the message contains only one newline. (#5884) - Fixed the
inspec automate version
command to work properly. (#5893)
Breaking Changes
- Drop testing support for EOL Ruby 2.5. (#5783)
Chef InSpec 4.52.9
https://packages.chef.io/release-notes/inspec/4.52.9.mdNew Features
- Added remote target support for Alpine Linux. (#5744)
- Added a CLI option for executing profiles from private Supermarkets. (#5749)
- Added the ability to specify a proxy as a parameter in the
http
resource. (#5757) - Added a CLI option to set an SSH configuration file path for SSH transport. (#5759)
- Added support for TLS 1.3 to the
ssl
resource. (#5762)
Bug Fixes
- Fixed an edge case in the
service
resource where InSpec may falsely detect services as enabled on FreeBSD if that service is the suffix of another enabled service. (#5606) - Fixed the
ibmdb2_session
resource so that it now correctly accepts queries with clauses. (#5742) - Fixed the
oracledb_session
resource to properly handle nil in the query output. (#5717) - Fixed the
packages
resource to correctly list only installed packages on Alpine Linux. (#5765)
Chef InSpec 4.50.3
https://packages.chef.io/release-notes/inspec/4.50.3.mdNew Features
- Add Windows support to the http resource. (#5697)
Bug Fixes
- Add Rake as a runtime dependency to fix an issue with Cookstyle integration when running under Habitat. (#5722)
Backward Incompatibilities
- Temporarily disable non-functional Cookstyle integration on Windows (#5724)
Chef InSpec 4.49.0
https://packages.chef.io/release-notes/inspec/4.49.0.mdNew Features
- Added support for testing Cassandra DB configurations and CQL commands. (#5683)
- Added the CLI option
--filter-waived-controls
to increase execution speed when using waivers. (#5327) - Integrated
inspec check
with Cookstyle. (#5618)
Enhancements
- Restored support for Ubuntu 16.04 packages and testing. (#5689)
Bug Fixes
- Resolved case-sensitivity issue for Windows
users
andgroup
resources. (#5667) - Fixed the oracledb_session resource when invoking a query using OS user and DB role.(#5702)
- Additional oracledb_session resource fixes. (#5706)
Chef InSpec 4.46.13
https://packages.chef.io/release-notes/inspec/4.46.13.mdEnhancements
- Added
rocky
andalmalinux
Linux distributions toservice
resource. (#5604) - Added the ability to handle files without headers in the
csv
resource. (#5665) - Added the option to establish connection using a UNIX socket in the
postgres_session
resource. (#5664) - We now build packages for Debian 11, macos 12, and Windows 11/2022. (#5675)
Bug Fixes
- Fixed the –tags filter for dependent profiles. (#5657)
- Fixed the –controls filter for dependent profiles. (#5656)
- Fixed the
opa_cli
andopa_api
resources so they are able to verify an empty result. (#5671)
Chef InSpec 4.41.20
https://packages.chef.io/release-notes/inspec/4.41.20.mdImprovements
- Added support for Alibaba Cloud Linux 3 to the Chef InSpec service resource. (#5578)
- Replaced the WMI command-line (WMIC) utility in the Chef InSpec security_identifier resource with Common Information Model (CIM) cmdlets as the WMIC utility will be deprecated soon. (#5636)
- Adjusted the exit code to Normal when attempting to install a plugin that is already installed. (#5625)
Bug Fixes
- Fixed range based filtering in filter tables (#5598)
- Fixed an issue in the Chef InSpec apache_conf resource when the ServerRoot is not specified in the Apache configuration file. (#5601)
- Fixed an issue when testing files with
chef exec
where the--insecure
flag doesn’t bypass SSL verification when downloading profiles over HTTPS. (#5600) - Fixed the
inspec --chef-license=accept
invocation to only show the license acceptance message and not show the InSpec CLI help command output. (#5609) - Fixed an error in the Chef InSpec
postgres_session
resource where the resource was unable to connect to a database. (#5619) - Fixed an error in the Chef InSpec apache_conf resource where it would overwrite any Apache configurations from the main Apache configuration file with configurations from any included configuration files. (#5623)
- Updated the default branch from
master
tomain
in the Git URL for theinspec-aws
repository, which is used when runninginspec init
. (#5637) - Updated the default branch from
master
tomain
in theinspec-gcp
andinspec-azure
repos. (#5642) - Fixed an error where the Chef InSpec
security_policy
resource returned a comma-separated string of local groups (rather than SIDs) instead of an array. (#5629) - Updated the git fetcher to handle profiles that have a default git branch that is not
master
. (#5638) - Fixed a regression related to processing tags in certain formats using the
--tags
CLI option. (#5643)
Chef InSpec 4.41.2
https://packages.chef.io/release-notes/inspec/4.41.2.mdNew Features
- Added support for Open Policy Agent: added resources
opa_cli
andopa_api
. (#5592)
Improvements
- Added
mongodb_session
resource and docs. (#5572) - Added
--tags
option to CLI exec command to filter controls by tag. (#5596)
Bug Fix
- Pinned mongo gem to 2.13.2 to avoid broken symlink #5615 (clintoncwolfe)
Chef InSpec 4.38.9
https://packages.chef.io/release-notes/inspec/4.38.9.mdEnhancements
- The
mssql_session
resource now allows named connections by no longer forcing a port. (#5584) - The PostgreSQL resources (postgres_session, postgres_conf, postgres_hba_conf, and postgres_ident_conf) now work with Windows. (#5576)
Bug Fixes
- Fixed a bug that caused the year in an expiration date to be misinterpreted in waiver files. (#5586)
Backward Incompatibilities
- Reverted adding the x25519 gem which adds the ED25519 SSH key exchange algorithm because it was causing segmentation faults. (#5590)
Chef InSpec 4.38.3
https://packages.chef.io/release-notes/inspec/4.38.3.mdNew Features
- Added a new mongodb_conf resource. (#5562)
Bug Fixes
- Corrected the
AWS_SECRET_ACCESS_KEY
environment variable name in the documentation. (#5566) - Changed the Windows local pipe server connection to retry once on EPIPE. (train #694)
- Exceptions are now handled correctly in the
oracledb_session
resource. (#5567)
Chef InSpec 4.37.30
https://packages.chef.io/release-notes/inspec/4.37.30.mdImprovements
- Added support for Ed25519-based SSH key exchange algorithms. (#5563)
Bug Fixes
- Fixed the mysql_session resource to raise an exception if there is an error in a connection or query. (#5551)
- Fixed the postgres_session resource to raise an exception if there is an error in a connection or query. (#5553)
Chef InSpec 4.37.25
https://packages.chef.io/release-notes/inspec/4.37.25.mdBug Fixes
- Fixed the
inspec shell
to allow loading profiles that have their own dependent profiles. (#5547) - Docs correction:
sshd_config
is for daemon, not client. Thanks for this fix, @jblaine! (#5549)
Chef InSpec 4.37.23
https://packages.chef.io/release-notes/inspec/4.37.23.mdImprovements
Updated the
inspec init plugin
command (#5536) with the following changes:- The values of flags passed to the
inspec init plugin
command are now wrapped in double quotes instead of single quotes. - Template files are now ERB files.
- The
activator
flag replaces thehook
flag, which is now an alias.
- The values of flags passed to the
Added Ubuntu to the list of FIPS-enabled platforms. (#5533)
Backward Incompatibilities
- Removed support for Chef Compliance Server and Chef Automate 1 from the
inspec automate
command, as both products are EOL. (#5534)
Chef InSpec 4.37.20
https://packages.chef.io/release-notes/inspec/4.37.20.mdBug Fixes
CLI command fixes:
inspec automate login --help
outputs the correct URL (5529)inspec detect --no-color
returns color-free output (#5530)
Backward Incompatibilities
- This release ends support for EOL Ubuntu 16.04 and builds on 18.04 (#5532)
Chef InSpec 4.37.17
https://packages.chef.io/release-notes/inspec/4.37.17.mdImprovements
- Added support for
zfs_pool
andzfs_dataset
resources on Linux (#5523) - Add docs for
toml
resource (#5514) - Add CI-CD docs (#5489)
- Add explicit RHEL8 builders to omnibus build (#5527)
- Improved
port
resource performance: adding more specific search while usingss
command (#5522)
Bug Fixes
file
resourcemore_permissive_than
matcher returns nil instead of throwing exception when file does not exist (#5519)
Chef InSpec 4.37.8
https://packages.chef.io/release-notes/inspec/4.37.8.mdBug Fixes
- The HTTP resource response body is now coerced into UTF-8. (#5510)
- The
automate login
command now will verify credentials before storing them. (#5509) - Modified the windows_feature resource to indicate if a feature is enabled rather than just available. (#5506)
Chef InSpec 4.37.0
https://packages.chef.io/release-notes/inspec/4.37.0.mdNew Features
- The new
inspec automate
command replaces theinspec compliance
command, which is now deprecated. (#5490)
Improvements
- Updated OpenSSL to 1.1.1k on macOS to address several CVEs. (#5493)
Bug Fixes
- Fixed an error when using profile dependencies and require_controls. (#5487)
- Fixed the
windows_firewall_rule
resource when it failed to validate more than one rule. (#5502)
Chef InSpec 4.36.4
https://packages.chef.io/release-notes/inspec/4.36.4.mdNew Features
- Added the selinux resource which includes support for modules and booleans. (#5458) (#5463)
- Added the pattern input option for DSL and metadata inputs. (#5466)
- Added the
members_array
property for group & groups resources. (#5479) - Train now reads the username and port from the
.ssh/config
file and will use these values if present. (train #659)
Bug Fixes
- Switch to GNU timeout-based implementation of SSH timeouts. (train #679)
- Fixed the group resource when a member does not exist. (#5470)
Chef InSpec 4.33.1
https://packages.chef.io/release-notes/inspec/4.33.1.mdNew Features
- Added the new
--reporter-include-source
CLI option, which includes the source code of the controls in the output of the CLI reporter. (#5465)
Bug Fixes
- Removed the default of 3600 seconds for
--command-timeout
CLI option. (#5472)
Chef InSpec 4.32.0
https://packages.chef.io/release-notes/inspec/4.32.0.mdNew Features
- Added ability to pass inputs to InSpec shell using input file and cli (#5452) For more information, see How can I set Inputs? in the InSpec documentation.
Bug Fixes
- Fix SSH Timeout PTY allocation (train #676). We fixed a bug that caused occasional failures in some command resources that use SSH transport and were mistakenly allocated a pseudoterminal (PTY) when setting a timeout. In some cases, the PTY changed how the resource was interpreted. This fix only uses PTY when explicitly requested.
Chef InSpec 4.31.1
https://packages.chef.io/release-notes/inspec/4.31.1.mdThis release is a hotfix to address a regression in 4.31.0.
Bug Fixes
- Fix for error “timed out after 0 seconds” on all command resources under kitchen-inspec (#5455)
Chef InSpec 4.31.0
https://packages.chef.io/release-notes/inspec/4.31.0.mdNew Features
- Commands can now be set to timeout using the command resource or the
--command-timeout
option in the CLI. Commands timeout by default after one hour. (#5443) - Added the
--docker-url
CLI option, which can be used to specify the URI to connect to the Docker Engine. (#5445) - Added support for targeting Linux and Windows containers running on Docker for Windows. (train #674)
Bug Fixes
- Hash inputs will now be loaded consistently and accessed as strings or symbols. (#5446)
Chef InSpec 4.29.3
https://packages.chef.io/release-notes/inspec/4.29.3.mdNew Features
- The JSON metadata pass through configuration has been moved from the Automate reporter to the JSON Reporter (#5430)
- MacOS packages are now built for the
arm
architecture (M1 chipset) (#5432)
Bug Fixes
The apt resource now correctly fetches all package repositories using the
-name
flag in an environment where ZSH is the user’s default shell. (#5437)The
--controls
option ininspec exec
now correctly filters the controls by name. (#5434)Updates how InSpec profiles are created with GCP or AWS providers so they use
inputs
instead ofattributes
. (#5435)inspec exec
will now fetch profiles via Git regardless of the name of default branch. (#5438)
Chef InSpec 4.28.0
https://packages.chef.io/release-notes/inspec/4.28.0.mdNew Features
- Added the option to filter out empty profiles from reports. (#5425)
- Exposed the
conf_path
,content
, andparams
properties to theauditd_conf
resource. (#5422) - Added the ability to specify
--user
when connecting to docker containers. (train #669) - Added a
clear_cache
option to the InSpec CLI. (#5266)
Bug Fixes
- Fixed the
crontab
resource when passing a username to AIX. (#5418) - Added Git to the Docker build. (#5420)
- Stopped a backtrace from occurring when using
cmp
to comparenil
with a non-existing file. (#5427)
Chef InSpec 4.26.13
https://packages.chef.io/release-notes/inspec/4.26.13.mdBug Fixes
- Fixed
skip_control
to work on deeply nested profiles. (#5411) - The
ssh_config
andsshd_config
resources now correctly use the first value when a setting is repeated. (#5414)
Chef InSpec 4.26.4
https://packages.chef.io/release-notes/inspec/4.26.4.mdNew Features
- You can now directly refer to settings in the
nginx_conf
resource using theits
syntax. Thanks @rgeissert! (#5285) - You can now specify the shell type for WinRM connections using the
--winrm-shell-type
option. Thanks @catriona1! (#5263) - Plugin settings can now be set programmatically. Thanks @tecracer-theinen! (#5393)
Bug Fixes
- Updated the
oracledb_session
to use more general invocation options. Thanks @pacopal! (#5193) - Fixed an error with the
http
resource when packaged with Chef Infra Client by includingfaraday_middleware
in the gemspec. (#5391) - Fixed an incompatibility between
parslet
andtoml
when used with Chef Infra. (#5394) - Improved programmatic plugin configuration. (#5395)
Chef InSpec 4.25.1
https://packages.chef.io/release-notes/inspec/4.25.1.mdNew Features
- Chef InSpec is now released natively on
aarch64
packages for the ARM architecture on Debian, SLES, and Ubuntu. (#5386)
Improvements
- OpenSSH Client on Windows can now be tested with the ssh_config and sshd_config resources. Thanks @rgeissert! (#5288)
Bug Fixes
- Thor is now unconditionally required. (#5388)
Chef InSpec 4.24.32
https://packages.chef.io/release-notes/inspec/4.24.32.mdImprovements
- The local working directory is now ignored when a Docker image of InSpec is built. (#5360)
Bug Fixes
- Docker images of InSpec are now built using Omnibus. (#5362)
Chef InSpec 4.24.28
https://packages.chef.io/release-notes/inspec/4.24.28.mdImprovements
- The
--reporter-message-truncation
option now also truncates thecode_desc
field. (#5372)
Bug Fixes
- The documentation incorrectly stated that waivered controls will default to
run:false
when in fact they default to running. The documentation has been corrected and a test has been added. Thanks @dwmarshall! (#5370) - Chef InSpec 4.24.26 was released with a defect that caused every invocation to exit with an error mentioning the
supermarket
plugin and theffi
gem. This has been fixed by avoiding the 1.14.2 version of theffi
gem. (#5375)
Chef InSpec 4.24.26
https://packages.chef.io/release-notes/inspec/4.24.26.mdImprovements
- The
parse_config
resource now accepts[
and]
characters, which allows access to settings that contain dots. Thanks @rgeissert! (#5252) - The gemspec allows for Ruby 3.0 use and opens the way for future testing. (#5357)
- Updated the RSpec dependency to version 3.10. (#5342)
- The
mssql_session
resource expands its platform support to include macOS and Linux since thesqlcmd
utility is now available on those platforms. Thanks @kclinden! (#5366)
Backward Incompatibilities
- macOS 10.13 is no longer a supported platform for Chef InSpec. (#5311)
Chef InSpec 4.24.8
https://packages.chef.io/release-notes/inspec/4.24.8.mdNew Features
- The Chef InSpec Omnibus package adds
ed25519
SSH key support. (#5299) - The addition of
resource_class
andresource_params
to the JSON Reporter output reveals specific resources used and entered parameters to users. (#5241) - Specify more than one platform in Chef InSpec Profiles with supported asterisk (
*
) wildcard use. (#5302)
Improvements
- Chef InSpec now ships with Ruby 2.7.2. Internal Ruby-related deprecation warnings are now turned off by default, but Chef InSpec-specific warnings are not turned off. (#5281)
- The
wmi
resource becomes more predictable by returning arrays forwmi
properties. (#5314) - Updated dependencies reflects the removal of Ruby 2.4 support. (#5325)
Bug Fixes
- The
grub_conf
resource no longer assumes that the default config forgrub2
containsmenuentry
lines. (#5306) - Accessing the home directory no longer causes an error if the
HOME
environment is absent. (#5317) - A Ruby 2.5 dependency issue that affected gem builds is fixed. (#5321)
Backward Incompatibilities
- Ruby 2.4 is no longer supported. (#5321)
Chef InSpec 4.23.15
https://packages.chef.io/release-notes/inspec/4.23.15.mdImprovements
- The Chef Habitat packages for Chef InSpec use Ruby 2.6 instead of Ruby 2.5. (#5287)
Bug Fixes
- Waivers return a consistent message for expiration dates rather a message dependent on the waiver’s
run
value. (#5278)
Chef InSpec 4.23.11
https://packages.chef.io/release-notes/inspec/4.23.11.mdImprovements
inspec --help
now links to information about Chef’s patents. (#5255)
Chef InSpec 4.23.10
https://packages.chef.io/release-notes/inspec/4.23.10.mdBug Fixes
- The Latest: The
junit2
reporter now works as expected. (#5244)
Chef InSpec 4.23.4
https://packages.chef.io/release-notes/inspec/4.23.4.mdNew Features
- Discretion: A mechanism marks inputs as
sensitive: true
and replaces their values with “***”. (#5054) - Cut the Chatter: Use the
--no-diff
CLI option to suppress diff output for textual tests. (#5054) - Sorted: Control the order of controls in output, but not execution order, with the
--sort_results_by=none|control|file|random
CLI option. (#5054) - Test Better: Disable caching of inputs with a
cache_inputs: true
setting. (#5211)
Improvements
- Port Access:
postgres_session
allows for custom ports in thepostgres_session('username', 'password', 'host', 'port')
command. (#5185)
Bug Fixes
- Unabridged: Addressed a
ps
output truncation edge case related to undefined output widths for some Linux systems. (#5232)
Chef InSpec 4.22.22
https://packages.chef.io/release-notes/inspec/4.22.22.mdNew Features
- Shiny: Check out the new
windows_firewall
andwindows_firewall_rule
resources! (#4979) - New Factor: New
junit2
reporter is now available! Thejunit2
reporter shows the standard JUnit specification in XML format, and is recommended for all new users of JUnit. (#5085) - In Progress: We added a test in preparation for the macOS Big Sur (11.0) beta release. (#5217)
Improvements
- Revision: We converted the legacy
junit
reporter into a plugin. Nothing changed about using thejunit
reporter, but it’s a great example of a plugin if you want to build your own! (#5084) - Better Finding: Experience more robust Darwin operating system detection. (#5175)
- Lighter: We removed unused dependencies and the
inspec
gem no longer ships with the readme file. (#5201, #5203, and #5202) - Upgrade: Omnibus builds now use Ruby 2.6.6 for improved security. (#5198)
Bug Fixes
- Restored: The
mysql_session
resource works again withstdout
,stderr
, andexit_status
parameters. (#5219)
Backward Incompatibilities
- Reminder: We no longer build packages for Debian 8 as it is considered end-of-life. (5197)
Chef InSpec 4.22.8
https://packages.chef.io/release-notes/inspec/4.22.8.mdNew Features
- For mysql and postgres session resources, we added functionality that protects passwords from printing out to the console. (#5124)
Improvements
- The Scientific Linux platform is now supported on the
service
resource. (#5164) - We fixed documentation examples for the
passwd
resource. (#5171)
Bug Fixes
- We fixed a bug where failure messages would always end with
[TRUNCATED]
if truncation was enabled. This meant that you would even get the truncation text even if your message was short enough to begin with. (#5165)
Chef InSpec 4.22.1
https://packages.chef.io/release-notes/inspec/4.22.1.mdBug Fixes
- Chef InSpec’s Chef Habitat builds for Linux no longer executes with a
PATH
that includes build dependency directories. (#5148)
Chef InSpec 4.22.0
https://packages.chef.io/release-notes/inspec/4.22.0.mdNew Features
- Chef InSpec reports the profile as “failed” instead of immediately terminating when a runtime error occurs during loading. (#5128)
Improvements
- The
service
resource features an update in preparation for the macOS Big Sur 11 release. (#5130)
Bug Fixes
- The
=
character’s presence in a CLI input no longer truncates the value passed to Chef InSpec. (#5135) - The
apt
resource skips unsupportedapt-cdrom
repositories when parsing lists. (#5138)
Chef InSpec 4.21.3
https://packages.chef.io/release-notes/inspec/4.21.3.mdBug Fixes
- Less Static: Chef InSpec logging entries no longer appear in the
html2
reporter output.
Chef InSpec 4.21.1
https://packages.chef.io/release-notes/inspec/4.21.1.mdNew Features
- Clark Kent: New
html2
reporter now available! Thehtml2
reporter shows all the data from your Chef InSpec run and even allows you to customize your report formatting with custom JavaScript and CSS options. At a later date, thehtml2
reporter will replace the current rspec-basedhtml
reporter.
Improvements
- Check It Out!: The
interface
resource features several improvements:- The resource supports macOS and FreeBSD
- The resource includes a pluralized
interfaces
to query multiple interfaces - New
ipv4_address
andipv6_address
properties return the primary IP address for an interface
Bug Fixes
- Better Performance: Chef InSpec no longer reopens a new SSH connection for each command when targeting hosts over SSH.
Chef InSpec 4.20.10
https://packages.chef.io/release-notes/inspec/4.20.10.mdBug Fixes
- Chef InSpec works again with tools that depend on the
inspec
Ruby gem, which fixes a bug in the 4.20.6 release.
Chef InSpec 4.20.6
https://packages.chef.io/release-notes/inspec/4.20.6.mdBug Fixes
- Certain substrings within a
.toml
file no longer cause unexpected crashes.
Chef InSpec 4.20.2
https://packages.chef.io/release-notes/inspec/4.20.2.mdImprovements
- Accurate InSpec CLI input parsing for numeric values and structured data, which were previously treated as strings. Numeric values are cast to an integer or float; YAML or JSON structures are converted to a hash or an array.
- Suppress deprecation warnings on
inspec exec
with the--silence-deprecations
option. - Expanded
only_if
documentation.
Bug Fixes
- Fixed an issue in testing for file existence on Solaris 10.
Chef InSpec 4.19.2
https://packages.chef.io/release-notes/inspec/4.19.2.mdNew Features
- Check out our new
x86_64
andaarch64
packages for Amazon Linux. - We added
aarch64
packages for RedHat.
Bug Fixes
- We restored Chef InSpec to work on Microsoft Windows after a build issue.
Chef InSpec 4.19.0
https://packages.chef.io/release-notes/inspec/4.19.0.mdNew Features
- In Your Hands: Develop your own Chef InSpec Reporter plugin and determine how Chef InSpec will report result data. Learn more about Chef Inspec plugins and implementation in our documentation.
- Easier Form: The
inspec archive
command packs your profile into atar.gz
file that includes the profile in JSON form as theinspec.json
file. Use this JSON file to programmatically examine the profile without needing to load it into Chef InSpec.
Improvements
- More Dates: Chef InSpec accepts a variety of date formats in the
waivers.yaml
configuration file, rather than only theYYYY-MM-DD
format.
Chef InSpec 4.18.114
https://packages.chef.io/release-notes/inspec/4.18.114.mdNew Features
- Use the new
inspec
command options to control the size of reports:--reporter-message-truncation
sets a length limit for themessage
field in test failure report data.--reporter-backtrace-inclusion
determines if Ruby backtraces should be included in test failure report data.
Chef InSpec 4.18.111
https://packages.chef.io/release-notes/inspec/4.18.111.mdBug Fixes
- Not a Blocker: Chef InSpec allows an input and a control to have the same name.
- Clarity: Inputs with a value passed by the user and no default value no longer cause incorrect “Input does not have a value” warnings.
Chef InSpec 4.18.108
https://packages.chef.io/release-notes/inspec/4.18.108.mdImprovements
- Troubleshooting Help:
inspec compliance
logs if an error occurs when connecting to a Chef Automate instance.
Chef InSpec 4.18.104
https://packages.chef.io/release-notes/inspec/4.18.104.mdNew Features
- Time Is Time: The
search
andinstall
CLI commands now accept a--source
option that allows a gem package source other than RubyGems.org.
Improvements
- You Make My Dreams: The
virtualization
resource supports expanded detection of VMware, Hyper-V, VirtualBox, KVM and Xen hypervisors, and includesvirtual_system?
andphysical_system?
helper methods.
Bug Fixes
- Tell It Like It Is: The
service
resource correctly detects Windows hosts.
Chef InSpec 4.18.100
https://packages.chef.io/release-notes/inspec/4.18.100.mdBug Fixes
- We fixed a problem in which the sudo password would appear to be ignored even if provided.
- We resolved an issue in which profiles could not be fetched from an Automate server.
- The
release
property of theplatform
resource no longer breaks for Chef Habitat with Linux.
Chef InSpec 4.18.97
https://packages.chef.io/release-notes/inspec/4.18.97.mdBug Fixes
- Fixed an issue in which custom resources in resource packs could not be created.
Chef InSpec 4.18.85
https://packages.chef.io/release-notes/inspec/4.18.85.mdNew Features
- Read SSL certificate contents from files or the content that you provide. Thank you to @frezbo for this new feature!
- The
archive
command includes an--airgap
mode, which allows it to re-package archives with remote dependencies and not fail. - Improve your resource debugging experience with the new
--inspect
option for theinspec shell
command. - The
service
resource features new support for yocto-based linux distributions. Thank you to @michaellihs for this addition! - The
package
resource now includes support for FreeBSD. Thank you to @fzipi for this work!
Improvements
- Our macOS packaging is compatible with macOS Catalina. For more information, see our recent blog post.
- The
ControlEvalContext
,LibraryEvalContext
, andResource
classes experienced removal of most meta-programming. - We standardized the platform for the
etc_hosts
,virtualization
,ini
, andxml
resources.
Bug Fixes
- The name of the option
--winrm-basic-auth-only
correctly matches the option provided by train. Thanks @shawnifoley for this fix! - The
oracledb_session
resource works again due to a missing quote fix. command.exist?
now conforms to POSIX standards. Thanks to @PiQuer!- Errors with bad tarball files will properly report.
- The
groups
resource on macOS no longer reports duplicates anymore. - The JSON reporter’s attributes array will not remain empty. Thanks @nazliBeit for your contribution!
- Changed the
postfix_conf
resource’s supported platform to the broaderunix
. Thank you to @fzipi for this fix!
Chef InSpec 4.18.51
https://packages.chef.io/release-notes/inspec/4.18.51.mdImprovements
- Readable: A message appears to the user when fetching a profile fails, instead of a wordy stack trace.
- New Standard: Updating to rspec 3.9 means that output on failures changes from “X should be Y” to “X is expected to be Y”.
- No More Sign-in Sheet: The
WindowsUser
resource now tests for the user’s last login date. Thank you @mbaitelman for your contribution! - Transformed: Wired up
control
blocks to use resources.
Bug Fixes
- Future Proofing: Compatibility fixes added in preparation for ruby 2.7.
- Logging at Last: Fixed
inspec detect
so the--log-level=<level>
command works properly.
Backward Incompatibilities
- Technical Adjustment: Moved
lib/fetchers
tolib/inspec/fetcher
and re-namespaced accordingly.
Chef InSpec 4.18.39
https://packages.chef.io/release-notes/inspec/4.18.39.mdBug Fixes
- Expansion: You can now use inputs in
describe.one
blocks. - Customize Today: The
npm
resource now works with a custom path on Windows. - Wait, There’s More: The
npm
resource now works under sudo on Unix. - Translation: Fixed handling of text files within profiles on Windows by using UTF-8 encoding and converting newlines.
- Yay!: The
gem
resource works again. - Decoder Ring: The
apt
resource now properly parses config files with an architecture specifier.
Chef InSpec 4.18.38
https://packages.chef.io/release-notes/inspec/4.18.38.mdThis release does not have any release notes.
Chef InSpec 4.18.24
https://packages.chef.io/release-notes/inspec/4.18.24.mdThis release does not have any release notes.
Chef InSpec 4.18.0
https://packages.chef.io/release-notes/inspec/4.18.0.mdNew Features
- Exceptional: Use Waivers to mark controls as being administratively expected to fail.
Improvements
- What Do You Call…?: The
interface
resource now has aname
property. - Dazed and Conf-user-ed: Expanded user resource to include the
passwordage
,maxbadpasswords
, andbadpasswordattempts
properties with Windows.
Bug Fixes
- Repaired: Fixed a regression in which most RSpec-based matchers were broken.
- Understandable: The
apt
resources now correctly parse quoted repository addresses. - Back In Action:
inspec env
works again, instead of erroneously stacktracing.
Chef InSpec 4.17.17
https://packages.chef.io/release-notes/inspec/4.17.17.mdBug Fixes
- Dynamically loaded resources work again in
describe.one
blocks. - You can use
only_if
blocks on non-OS platforms, such as cloud providers.
Chef InSpec 4.17.15
https://packages.chef.io/release-notes/inspec/4.17.15.mdBug Fixes
Fixed two bugs introduced in yesterday’s release:
- Vision Quest: The new resource loader sees all the resources.
- Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.
Chef InSpec 4.17.14
https://packages.chef.io/release-notes/inspec/4.17.14.mdBug Fixes
Fixed two bugs introduced in yesterday’s release:
- Vision Quest: The new resource loader sees all the resources.
- Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.
Chef InSpec 4.17.11
https://packages.chef.io/release-notes/inspec/4.17.11.mdBug Fixes
Fixed two bugs introduced in yesterday’s release:
- Vision Quest: The new resource loader sees all the resources.
- Test Prep: RSpec test DSL uses InSpec lazy resource loading correctly.
Chef InSpec 4.17.7
https://packages.chef.io/release-notes/inspec/4.17.7.mdNew Features
- Choice: The
sys_info
resource now supportsip_address
,fqdn
,domain
, andshort
options when giving a version of the hostname. - Boom!: We have released our beta Chef InSpec plug-in for HashiCorp Vault. Check it out in our inspec-vault GitHub repo and let us know what you think – or better yet, start jumping in and contributing with us on it.
- Also: Waivers, our new beta feature, was added to InSpec! Waivers allows you to better manage compliance failures. We would love to hear your feedback on this! See our documentation for more details.
Improvements
- Accelerate: Sped up initial load/response time for all commands by removing pre-leading of resources on invocation of
inspec
. - Better Debugging: If an error occurs when using the
json
resource with acommand
source, you will now get the error message from STDERR returned in the report. - Makeover: We improved the formatting of the usage help, so what you see when you type
inspec exec --help
should look better!
Bug Fixes
- Squashed: We fixed a bug on
sys_info
,etc_hosts
, and several other resources, which would cause aConversionError
stacktrace when used in adescribe
block. This bug would not occur when used as an information gathering call, such assys_info.manufacturer
. - Compressed: Resolved encoding issues with the JSON reporter and .tar.gz profiles.
- Clear Expression: Fixed a deprecation warning on the
apt
resource when using the=~
operator withfalse
. - Locating: Improved how the
postfix_conf
resource handles a non-standard config location. - Remake: Refactored activator plugin to be more idiomatic.
- Excerpt: Resolved quoting issues with the
mssql_session
resource. - Loaded: Fixed Plugin loader to check for the
inspec-core
gem if theinspec
gem is not found, and to fail gracefully otherwise.
Chef InSpec 4.17.6
https://packages.chef.io/release-notes/inspec/4.17.6.mdThis release does not have any release notes.
Chef InSpec 4.16.0
https://packages.chef.io/release-notes/inspec/4.16.0.mdNew Features
- One’s Option:
inspec exec
now supports a new CLI option,--input name=value
, which allows you to set an Input directly on the command line. While YAML files are still more practical and recommended for large numbers of inputs, use the--input
option to set just one or two. - Mail Me Maybe: Manage your Postfix mail transfer agent configurations with its new available resource. Thank you to @dmgasper for this!
- Slowly but Surely: InSpec now is ready to accept the
input
option from the audit cookbook and the kitchen-inspec plugin. This is another step on the journey of renaming ‘attributes’ to ‘inputs’! You can use this immediately with kitchen-inspec, and stay tuned for the audit cookbook update! - All in One Place: InSpec and Train plugins may now store configuration data in the user configuration file at
~/.inspec/config.json
. This change allows plugins to store things like authentication tokens, service discovery addresses, or other information in one place. Plugins are not required to use the configuration file, but it is one option.
Improvements
- Check It Out!: We improved the output of inspec plugin list:
- The output is now in a table format and includes built-in plugins
- Installed plugins now display their versions
- Filter which plugins to list via new CLI options
- See
inspec plugin list -h
for more information
- Heads Up: The
inspec
check command will now issue a warning if theinspec_version
constraint in a profile cannot be satisfied by the current version of InSpec running it.
Bug Fixes
- Entirely Set: Resources were not fully initialized in some cases, which lead to broken messaging during reporting, but we fixed this.
Chef InSpec 4.12.0
https://packages.chef.io/release-notes/inspec/4.12.0.mdNew Features
- Who’s Who: The
service
resource now has astartuser
property, which lets you examine the username that started the service.
Bug Fixes
- Comma Fix: Looks like we had some syntax errors in our examples in the documentation for the
wmi
resource, which Jeff Brimager pointed out. A few commas later and all is well! - Pluralization Matters: Another typo was fixed in the umask example.
- Present and Accounted: On MacOS, the
group
resource was not working correctly as it under-reported membership. That has been fixed. So if you are on MacOS, you are now astaff
member. Congratulations!
Backward Incompatibilities
- No Longer Available: We have dropped support for SUSE Linux Enterprise Server (SLES) 11, which was EOL’d as of March 31, 2019.
- Tidying Up: The
inspec-core
gem, a distribution with fewer dependencies and no need for compilers, will no longer include WinRM functionality. This change does not impact most users of Chef InSpec, only those who use the specializedinspec-core
version. If you need WinRM functionality, install thetrain-winrm
gem, but please note that winrm support requires a compiler to install.
Chef InSpec 4.11.3
https://packages.chef.io/release-notes/inspec/4.11.3.mdThis release does not have any release notes.
Chef InSpec 4.10.4
https://packages.chef.io/release-notes/inspec/4.10.4.mdNew Features
- Structure Enhancement: The Habitat plugin now uses scaffolding, which allows users to follow current best practices.
When you run
inspec habitat profile create
now, the templates will be sourced from the Habitat scaffolding for InSpec rather than the older unmaintained templates in Chef InSpec itself.
Improvements
- Finally!: Relative path support added for specifying a path to a profile in a Git repo. This means that you can organize multiple profiles into one git repo, and select an individual profile from any subdirectory in the git repo.
- Simmer Down:
inspec version
no longer checks and reports against rubygems.org versions. The version check no longer talks on the network. This makes the version check much faster, less likely to cause a failure under CI, and also less surprising behavior.
Bug Fixes
- More than One: The
windows_task
resource now handles multiple triggers.
Chef InSpec 4.7.24
https://packages.chef.io/release-notes/inspec/4.7.24.mdNew Features
- Sweet: The
sys_info
resource features two new properties -manufacturer
andmodel
- which let you determine information about the hardware being inspected.
Improvements
- Lights Out: The
service
resource no longer issues a deprecation warning when theshould be_running
matcher is used. There are no plans to remove this matcher in the foreseeable future. Thank you to users for their feedback on this!
Bug Fixes
- The Need For Speed: When installing plugins, the installer no longer tries to extract documentation from the underlying libraries, a process which usually failed in the past. This change makes plugin installation much faster, more stable, and requires less disk space.
- Painted: Chef InSpec properly handles and reports exceptions with mutually incompatible resources and transports. For example: Using a
file
resource on theaws
transport.
Chef InSpec 4.7.18
https://packages.chef.io/release-notes/inspec/4.7.18.mdImprovements
- For
inspec-aws
users, the release process for the inspec-aws resource pack changed:
This release begins the full naming convention of the
inspec-aws
project at 1.0.1. No breaking changes are present. To date, the project has been unversioned with many releases labeled as version 0.1.0 in the inspec.yml, so we are starting fresh at 1.0.0.Because
inspec-aws
has critical gem dependencies on Chef InSpec, it is important to use a version ofinspec-aws
that is compatible with a minimum version of Chef InSpec. This release requires Chef InSpec 4.7.x, and is likely to work with Chef InSpec 4.x.
Chef InSpec 4.7.3
https://packages.chef.io/release-notes/inspec/4.7.3.mdThis release does not have any release notes.
Chef InSpec 4.6.9
https://packages.chef.io/release-notes/inspec/4.6.9.mdThis release does not have any release notes.
Chef InSpec 4.6.4
https://packages.chef.io/release-notes/inspec/4.6.4.mdThis release does not have any release notes.
Chef InSpec 4.6.3
https://packages.chef.io/release-notes/inspec/4.6.3.mdThis release does not have any release notes.
Chef InSpec 4.3.2
https://packages.chef.io/release-notes/inspec/4.3.2.mdThis release does not have any release notes.
Chef InSpec 3.9.3
https://packages.chef.io/release-notes/inspec/3.9.3.mdThis release does not have any release notes.
Chef InSpec 3.9.0
https://packages.chef.io/release-notes/inspec/3.9.0.mdThis release does not have any release notes.
Chef InSpec 3.7.11
https://packages.chef.io/release-notes/inspec/3.7.11.mdThis release does not have any release notes.
Chef InSpec 3.7.1
https://packages.chef.io/release-notes/inspec/3.7.1.mdThis release does not have any release notes.
Chef InSpec 3.6.6
https://packages.chef.io/release-notes/inspec/3.6.6.mdThis release does not have any release notes.
Chef InSpec 3.6.4
https://packages.chef.io/release-notes/inspec/3.6.4.mdThis release does not have any release notes.
Chef InSpec 3.6.2
https://packages.chef.io/release-notes/inspec/3.6.2.mdThis release does not have any release notes.
Chef InSpec 3.5.0
https://packages.chef.io/release-notes/inspec/3.5.0.mdThis release does not have any release notes.
Chef InSpec 3.4.1
https://packages.chef.io/release-notes/inspec/3.4.1.mdThis release does not have any release notes.
Chef InSpec 3.3.14
https://packages.chef.io/release-notes/inspec/3.3.14.mdThis release does not have any release notes.
Chef InSpec 3.2.6
https://packages.chef.io/release-notes/inspec/3.2.6.mdThis release does not have any release notes.
Chef InSpec 3.1.3
https://packages.chef.io/release-notes/inspec/3.1.3.mdThis release does not have any release notes.
Chef InSpec 3.0.64
https://packages.chef.io/release-notes/inspec/3.0.64.mdThis release does not have any release notes.
Chef InSpec 3.0.61
https://packages.chef.io/release-notes/inspec/3.0.61.mdThis release does not have any release notes.
Chef InSpec 3.0.52
https://packages.chef.io/release-notes/inspec/3.0.52.mdThis release does not have any release notes.
Chef InSpec 3.0.46
https://packages.chef.io/release-notes/inspec/3.0.46.mdThis release does not have any release notes.
Chef InSpec 3.0.25
https://packages.chef.io/release-notes/inspec/3.0.25.mdThis release does not have any release notes.
Chef InSpec 3.0.12
https://packages.chef.io/release-notes/inspec/3.0.12.mdThis release does not have any release notes.
Chef InSpec 3.0.9
https://packages.chef.io/release-notes/inspec/3.0.9.mdThis release does not have any release notes.
Chef InSpec 3.0.0
https://packages.chef.io/release-notes/inspec/3.0.0.mdThis release does not have any release notes.
Chef InSpec 2.3.28
https://packages.chef.io/release-notes/inspec/2.3.28.mdThis release does not have any release notes.
Chef InSpec 2.3.24
https://packages.chef.io/release-notes/inspec/2.3.24.mdThis release does not have any release notes.
Chef InSpec 2.3.23
https://packages.chef.io/release-notes/inspec/2.3.23.mdThis release does not have any release notes.
Chef InSpec 2.3.10
https://packages.chef.io/release-notes/inspec/2.3.10.mdThis release does not have any release notes.
Chef InSpec 2.3.5
https://packages.chef.io/release-notes/inspec/2.3.5.mdThis release does not have any release notes.
Chef InSpec 2.3.4
https://packages.chef.io/release-notes/inspec/2.3.4.mdThis release does not have any release notes.
Chef InSpec 2.2.112
https://packages.chef.io/release-notes/inspec/2.2.112.mdThis release does not have any release notes.
Chef InSpec 2.2.102
https://packages.chef.io/release-notes/inspec/2.2.102.mdThis release does not have any release notes.
Chef InSpec 2.2.101
https://packages.chef.io/release-notes/inspec/2.2.101.mdThis release does not have any release notes.
Chef InSpec 2.2.78
https://packages.chef.io/release-notes/inspec/2.2.78.mdThis release does not have any release notes.
Chef InSpec 2.2.70
https://packages.chef.io/release-notes/inspec/2.2.70.mdThis release does not have any release notes.
Chef InSpec 2.2.64
https://packages.chef.io/release-notes/inspec/2.2.64.mdThis release does not have any release notes.
Chef InSpec 2.2.61
https://packages.chef.io/release-notes/inspec/2.2.61.mdThis release does not have any release notes.
Chef InSpec 2.2.55
https://packages.chef.io/release-notes/inspec/2.2.55.mdThis release does not have any release notes.
Chef InSpec 2.2.54
https://packages.chef.io/release-notes/inspec/2.2.54.mdThis release does not have any release notes.
Chef InSpec 2.2.50
https://packages.chef.io/release-notes/inspec/2.2.50.mdThis release does not have any release notes.
Chef InSpec 2.2.41
https://packages.chef.io/release-notes/inspec/2.2.41.mdThis release does not have any release notes.
Chef InSpec 2.2.35
https://packages.chef.io/release-notes/inspec/2.2.35.mdThis release does not have any release notes.
Chef InSpec 2.2.34
https://packages.chef.io/release-notes/inspec/2.2.34.mdThis release does not have any release notes.
Chef InSpec 2.2.27
https://packages.chef.io/release-notes/inspec/2.2.27.mdThis release does not have any release notes.
Chef InSpec 2.2.20
https://packages.chef.io/release-notes/inspec/2.2.20.mdThis release does not have any release notes.
Chef InSpec 2.2.16
https://packages.chef.io/release-notes/inspec/2.2.16.mdThis release does not have any release notes.
Chef InSpec 2.2.10
https://packages.chef.io/release-notes/inspec/2.2.10.mdThis release does not have any release notes.
Chef InSpec 2.1.84
https://packages.chef.io/release-notes/inspec/2.1.84.mdThis release does not have any release notes.
Chef InSpec 2.1.83
https://packages.chef.io/release-notes/inspec/2.1.83.mdThis release does not have any release notes.
Chef InSpec 2.1.81
https://packages.chef.io/release-notes/inspec/2.1.81.mdThis release does not have any release notes.
Chef InSpec 2.1.80
https://packages.chef.io/release-notes/inspec/2.1.80.mdThis release does not have any release notes.
Chef InSpec 2.1.78
https://packages.chef.io/release-notes/inspec/2.1.78.mdThis release does not have any release notes.
Chef InSpec 2.1.72
https://packages.chef.io/release-notes/inspec/2.1.72.mdThis release does not have any release notes.
Chef InSpec 2.1.68
https://packages.chef.io/release-notes/inspec/2.1.68.mdThis release does not have any release notes.
Chef InSpec 2.1.67
https://packages.chef.io/release-notes/inspec/2.1.67.mdThis release does not have any release notes.
Chef InSpec 2.1.59
https://packages.chef.io/release-notes/inspec/2.1.59.mdThis release does not have any release notes.
Chef InSpec 2.1.54
https://packages.chef.io/release-notes/inspec/2.1.54.mdThis release does not have any release notes.
Chef InSpec 2.1.43
https://packages.chef.io/release-notes/inspec/2.1.43.mdThis release does not have any release notes.
Chef InSpec 2.1.30
https://packages.chef.io/release-notes/inspec/2.1.30.mdThis release does not have any release notes.
Chef InSpec 2.1.21
https://packages.chef.io/release-notes/inspec/2.1.21.mdThis release does not have any release notes.
Chef InSpec 2.1.10
https://packages.chef.io/release-notes/inspec/2.1.10.mdThis release does not have any release notes.
Chef InSpec 2.1.0
https://packages.chef.io/release-notes/inspec/2.1.0.mdThis release does not have any release notes.
Chef InSpec 2.0.45
https://packages.chef.io/release-notes/inspec/2.0.45.mdThis release does not have any release notes.
Chef InSpec 2.0.32
https://packages.chef.io/release-notes/inspec/2.0.32.mdThis release does not have any release notes.
Chef InSpec 2.0.17
https://packages.chef.io/release-notes/inspec/2.0.17.mdThis release does not have any release notes.
Chef InSpec 2.0.16
https://packages.chef.io/release-notes/inspec/2.0.16.mdThis release does not have any release notes.
Chef InSpec 1.51.31
https://packages.chef.io/release-notes/inspec/1.51.31.mdThis release does not have any release notes.
Chef InSpec 1.51.25
https://packages.chef.io/release-notes/inspec/1.51.25.mdThis release does not have any release notes.
Chef InSpec 1.51.21
https://packages.chef.io/release-notes/inspec/1.51.21.mdThis release does not have any release notes.
Chef InSpec 1.51.18
https://packages.chef.io/release-notes/inspec/1.51.18.mdThis release does not have any release notes.
Chef InSpec 1.51.15
https://packages.chef.io/release-notes/inspec/1.51.15.mdThis release does not have any release notes.
Chef InSpec 1.51.6
https://packages.chef.io/release-notes/inspec/1.51.6.mdThis release does not have any release notes.
Chef InSpec 1.51.0
https://packages.chef.io/release-notes/inspec/1.51.0.mdThis release does not have any release notes.
Chef InSpec 1.50.1
https://packages.chef.io/release-notes/inspec/1.50.1.mdThis release does not have any release notes.
Chef InSpec 1.49.2
https://packages.chef.io/release-notes/inspec/1.49.2.mdThis release does not have any release notes.
Chef InSpec 1.48.0
https://packages.chef.io/release-notes/inspec/1.48.0.mdThis release does not have any release notes.
Chef InSpec 1.47.0
https://packages.chef.io/release-notes/inspec/1.47.0.mdThis release does not have any release notes.
Chef InSpec 1.46.2
https://packages.chef.io/release-notes/inspec/1.46.2.mdThis release does not have any release notes.
Chef InSpec 1.45.13
https://packages.chef.io/release-notes/inspec/1.45.13.mdThis release does not have any release notes.
Chef InSpec 1.45.9
https://packages.chef.io/release-notes/inspec/1.45.9.mdThis release does not have any release notes.
Chef InSpec 1.44.8
https://packages.chef.io/release-notes/inspec/1.44.8.mdThis release does not have any release notes.
Chef InSpec 1.43.8
https://packages.chef.io/release-notes/inspec/1.43.8.mdThis release does not have any release notes.
Chef InSpec 1.43.5
https://packages.chef.io/release-notes/inspec/1.43.5.mdThis release does not have any release notes.
Chef InSpec 1.42.3
https://packages.chef.io/release-notes/inspec/1.42.3.mdThis release does not have any release notes.
Chef InSpec 1.41.0
https://packages.chef.io/release-notes/inspec/1.41.0.mdThis release does not have any release notes.
Chef InSpec 1.40.0
https://packages.chef.io/release-notes/inspec/1.40.0.mdThis release does not have any release notes.
Chef InSpec 1.39.1
https://packages.chef.io/release-notes/inspec/1.39.1.mdThis release does not have any release notes.
Chef InSpec 1.38.8
https://packages.chef.io/release-notes/inspec/1.38.8.mdThis release does not have any release notes.
Chef InSpec 1.37.6
https://packages.chef.io/release-notes/inspec/1.37.6.mdThis release does not have any release notes.
Chef InSpec 1.36.1
https://packages.chef.io/release-notes/inspec/1.36.1.mdThis release does not have any release notes.
Chef InSpec 1.35.1
https://packages.chef.io/release-notes/inspec/1.35.1.mdThis release does not have any release notes.
Chef InSpec 1.34.1
https://packages.chef.io/release-notes/inspec/1.34.1.mdThis release does not have any release notes.
Chef InSpec 1.33.12
https://packages.chef.io/release-notes/inspec/1.33.12.mdThis release does not have any release notes.
Chef InSpec 1.33.1
https://packages.chef.io/release-notes/inspec/1.33.1.mdThis release does not have any release notes.
Chef InSpec 1.32.1
https://packages.chef.io/release-notes/inspec/1.32.1.mdThis release does not have any release notes.
Chef InSpec 1.31.1
https://packages.chef.io/release-notes/inspec/1.31.1.mdThis release does not have any release notes.
Chef InSpec 1.31.0
https://packages.chef.io/release-notes/inspec/1.31.0.mdThis release does not have any release notes.
Chef InSpec 1.30.0
https://packages.chef.io/release-notes/inspec/1.30.0.mdThis release does not have any release notes.
Chef InSpec 1.29.0
https://packages.chef.io/release-notes/inspec/1.29.0.mdThis release does not have any release notes.
Chef InSpec 1.28.1
https://packages.chef.io/release-notes/inspec/1.28.1.mdThis release does not have any release notes.
Chef InSpec 1.28.0
https://packages.chef.io/release-notes/inspec/1.28.0.mdThis release does not have any release notes.
Chef InSpec 1.27.0
https://packages.chef.io/release-notes/inspec/1.27.0.mdThis release does not have any release notes.
Chef InSpec 1.26.0
https://packages.chef.io/release-notes/inspec/1.26.0.mdThis release does not have any release notes.
Chef InSpec 1.25.1
https://packages.chef.io/release-notes/inspec/1.25.1.mdThis release does not have any release notes.
Chef InSpec 1.25.0
https://packages.chef.io/release-notes/inspec/1.25.0.mdThis release does not have any release notes.
Chef InSpec 1.24.0
https://packages.chef.io/release-notes/inspec/1.24.0.mdThis release does not have any release notes.
Chef InSpec 1.23.0
https://packages.chef.io/release-notes/inspec/1.23.0.mdThis release does not have any release notes.
Chef InSpec 1.22.0
https://packages.chef.io/release-notes/inspec/1.22.0.mdThis release does not have any release notes.
Chef InSpec 1.21.0
https://packages.chef.io/release-notes/inspec/1.21.0.mdThis release does not have any release notes.
Chef InSpec 1.20.0
https://packages.chef.io/release-notes/inspec/1.20.0.mdThis release does not have any release notes.
Chef InSpec 1.19.2
https://packages.chef.io/release-notes/inspec/1.19.2.mdThis release does not have any release notes.
Chef InSpec 1.19.1
https://packages.chef.io/release-notes/inspec/1.19.1.mdThis release does not have any release notes.
Chef InSpec 1.19.0
https://packages.chef.io/release-notes/inspec/1.19.0.mdThis release does not have any release notes.
Chef InSpec 1.18.0
https://packages.chef.io/release-notes/inspec/1.18.0.mdThis release does not have any release notes.
Chef InSpec 1.17.0
https://packages.chef.io/release-notes/inspec/1.17.0.mdThis release does not have any release notes.
Chef InSpec 1.16.1
https://packages.chef.io/release-notes/inspec/1.16.1.mdThis release does not have any release notes.
Chef InSpec 1.15.0
https://packages.chef.io/release-notes/inspec/1.15.0.mdThis release does not have any release notes.
Chef InSpec 1.14.1
https://packages.chef.io/release-notes/inspec/1.14.1.mdThis release does not have any release notes.
Chef InSpec 1.7.1
https://packages.chef.io/release-notes/inspec/1.7.1.mdThis release does not have any release notes.
Chef InSpec 1.6.0
https://packages.chef.io/release-notes/inspec/1.6.0.mdThis release does not have any release notes.
Chef InSpec 1.5.0
https://packages.chef.io/release-notes/inspec/1.5.0.mdThis release does not have any release notes.
Chef InSpec 1.4.1
https://packages.chef.io/release-notes/inspec/1.4.1.mdThis release does not have any release notes.
Chef InSpec 1.3.0
https://packages.chef.io/release-notes/inspec/1.3.0.mdThis release does not have any release notes.
Chef InSpec 1.0.0
https://packages.chef.io/release-notes/inspec/1.0.0.mdThis release does not have any release notes.