Release notes: Chef Workstation 20.8.111


.chef Home Directory

The first time you execute the chef command, it checks for the presence of the ~/.chef directory. If it does not exist, chef creates it. Some tools included in Chef Workstation raise an error if that directory does not exist, so we are attempting to add more safeguards to ensure that it does.

Habitat Version Reporting

chef -v output has been updated to display the included Habitat version. We also updated the Chef Workstation App to include the Habitat version on the 'About' page.

Chef Infra Client

Chef Infra Client has been updated from 16.2.73 to 16.3.45.

We took a hard look at many of the terms we've historically used throughout the Chef Infra Client configuration sub-system and came to the realization that we weren't living up to the words of our Community Code of Conduct. From the code of conduct: "Be careful in the words that you choose. Be kind to others. Practice empathy". Terms such as blacklist and sanity don't meet that bar so we've chosen to rename these configuration options:

  • automatic_attribute_blacklist -> blocked_automatic_attributes
  • default_attribute_blacklist -> blocked_default_attributes
  • normal_attribute_blacklist -> blocked_normal_attributes
  • override_attribute_blacklist -> blocked_override_attributes
  • automatic_attribute_whitelist -> allowed_automatic_attributes
  • default_attribute_whitelist -> allowed_default_attributes
  • normal_attribute_whitelist -> allowed_normal_attributes
  • override_attribute_whitelist -> allowed_override_attributes
  • enforce_path_sanity -> enforce_default_paths

Existing configuration options will continue to function for now, but will raise a deprecation warning and will be removed entirely from a future release of Chef Infra Client.

This release includes the new windows_firewall_profile resource and updates eight existing resources. It also includes improvements to knife. See the release notes for full details!

This update resolves failures from negotiating protocol versions with the Chef Infra Server. It also improves log output on Windows systems in the hostname resource and adds support to the archive_file resource for pzstd compressed files.

Knife Improvements

  • Ctrl-C can now be used to exit knife even when being prompted for input.
  • knife bootstrap will now properly error if attempting to bootstrap an AIX system using an account with an expired password.
  • knife profile commands will no longer error if an invalid profile was previously set.
  • The -o flag for knife cookbook upload can now be used on Windows systems.
  • knife ssh now once again accepts legacy DSS host keys although we highly recommend upgrading to a more secure key algorithm if possible.
  • Several changes were made to knife to that may prevent intermittent failures running cookbook commands


Cookstyle has been updated from 6.12.6 to 6.14.7. This release includes seven new cops, including ones to modernize resource writing and clean up macos_userdefaults usage.

Chef InSpec

InSpec has been updated from 4.21.3 to 4.22.1. This release includes the following improvements:

  • The = character is now allowed for command line inputs.
  • apt-cdrom repositories are now skipped when parsing out the list of apt repositories.
  • Faulty profiles are now reported instead of causing a crash.
  • Errors are no longer logged to stdout with the html2 reporter.
  • macOS Big Sur is now correctly identified as macOS.


knife-opc has been updated from 0.4.4 to 0.4.6. This release fixes hydrate errors raised when running knife opc user edit USERNAME.

Test Kitchen

Test Kitchen has been updated from 2.5.3 to 2.5.4. This update rolls back a change we introduced around fixing root_path usage. We are going to take another stab at fixing this and will include that in the next version of Chef Workstation.


kitchen-vcenter has been updated from 2.7.0 to 2.7.8. This release adds the ability to customize the guest OS as well as supporting data centers stored in folders. It also updates the vSphere interface gem (rbvmomi) to the latest major release.