An open-source framework for testing and auditing your applications and infrastructure.
Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. It compares the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. It detects violations and displays findings in the form of a report, but puts you in control of remediation.
Chef InSpec is a run-time framework and rule language used to specify compliance, security, and policy requirements. It includes a collection of resources that help you write auditing controls quickly and easily.
Deprecation notice about moving core resource packs to their individual gems after the next major release (#7219)
Added the --legacy flag to the inspec automate upload command. (#7200)
The inspec automate upload command runs inspec check and inspec export, which were updated in Chef InSpec 5.22.36. This update led to a bug with InSpec profiles with =begin =end.
Use the --legacy flag with profiles where the newer export and check methods may fail to parse older profiles correctly, particularly due to limitations in AST parsing.
CVEs
Fixes HTTP Request Smuggling in ruby webrick CVE-2024-47220. (#7214)
Fixes the REXML denial of service vulnerability CVE-2024-43398. (#7199)
Fixes the REXML ReDoS vulnerability CVE-2024-49761. (#7199)
Improvements
Use of a better cryptographic hashing algorithm on sensitive data. (#7261)
Improvements in the error handling of the plugin installation error. (#7161)
Fixed the encoding issues with special characters in passwords for Postgres Session resource (#7277)
