Release: Chef Client 11.12.0 & 10.32.2

Ohai folks,

Today we’ve released Chef Client 11.12.0 & 10.32.2 with new releases of ohai and mixlib-shellout. Due to a tagging mishap we have skipped 10.32.0.

  • Chef Client 11.12.0 includes ohai 7.0.0 and mixlib-shellout 1.4.0.
  • Chef Client 10.32.2 includes ohai 6.22.0.

Important: These releases remediate the recently published OpenSSL Heartbleed vulnerability (more info here). We recommend upgrading to these releases as soon as possible.

Chef Client 11.12.0 contains a lot of improvements to the previous version. You can check out the release notes and full list of changes but here are some of the improvements that deserve special shout outs:

  • knife ssl check & knife ssl fetch commands
  • Brand new plugin DSL with Ohai 7.0.0
  • Windows MSI Package Provider
  • reboot_pending? helper

Be sure to check out backwards compatibility notes before upgrading to this release.


As usual we had a lot of awesome contributions from our community. Here are the MVPs for these releases:

  • Chef Client 11.12.0 MVP Chris Bandy for refactoring FileEdit util functions.
  • Ohai 7.0.0 MVP Martin Vidner for adding differentiation between SLES & openSUSE. Also thanks for your patience around waiting for a major release to get this in :)
  • Chef Client 10.32.2 and Ohai 6.22.0 MVP Phil Dibowitz and his team for continuing contributions to Chef 10. Awesome work as usual Phil.

Congratulations Chris, Martin and Phil and thanks for your contributions.

Here is the full list of contributions that made their way into these releases:

Chef Client 11.12.0

  • jonlives: Changed the order of recipe and cookbook name setting. Fixes CHEF-5052.
  • jaymzh: Added support for enable and disable to MacOSX service provider.
  • bossmc: Made formatters more resilient to nil exception messages.
  • valodzka: Fixed the convergence message in deploy provider.
  • linkfanel: Made attribute arrays able to handle non-dupable elements while being duped.
  • linkfanel: Removed ruby-shadow installation on cygwin platform.
  • lbragstad: Add IBM PowerKVM to platform map.
  • slantview: Allow boolean and numerics in cookbook metadata.
  • jeffmendoza: Made knife to use cloud attribute for port when available.
  • ryotarai: Added a method to capture IO for live stream.
  • sawanoboly: Fixed service provider to be aware of maintenance state on Solaris.
  • cbandy: Refactored Chef::Util::FileEdit.
  • cbandy: Fixed insert_line_if_no_match to run multiple times.
  • pavelbrylov: Modified subversion resource to hide password from error messages.
  • eherot: Add support for epoch versions to the dpkg package provider.
  • jdmurphy: Display all missing dependencies when uploading cookbooks.
  • nkrinner: Add a public file_edited? method to Chef::Util::FileEdit.
  • ccope: Made package provider to use IPS provider in Solaris 5.11+
  • josephholsten: Changed Chef::REST to be able to handle frozen options.
  • andreasrs: Changed service provider to use Systemd on ArchLinux.
  • eherot: Add support for epoch versions to the dpkg package provider.
  • jdmurphy: Display all missing dependencies when uploading cookbooks.
  • nkrinner: Add a public file_edited? method to Chef::Util::FileEdit.
  • jjasghar: Output correct host name in knife ssh error message.
  • esigler: Added default_choice option to Knife::UI#confirm.
  • DracoAter: Add support to the Cron resource for special strings, e.g. @reboot.
  • ryotarai: Add support to the Cron resource for weekday passed as a symbol.
  • thommay: Made sure that doesn’t save the run_list when chef is running with override-run-list.
  • Maxime Caumartin: Fix mount resource when device is a relative symlink.
  • jessehu: Increase bootstrap log_level when knife -V -V is set
  • mveitas: knife cookbook test honors chefignore
  • zuazo: Fix ImmutableMash and ImmutableArray to_hash and to_a methods
  • jaymzh: SIGTERM will once-more kill a non-daemonized chef-client (CHEF-5172)

Chef Client 10.32.2

  • jaymzh: Service Provider for MacOSX now supports enable and disable
  • jaymzh: Chef now gracefully handles corrupted cache files.
  • jaymzh: SIGTERM will once-more kill a non-daemonized chef-client (CHEF-5172)
  • jaymzh: bump up upper limit on json gem to 1.8.1 (CHEF-4632)

Ohai 7.0.0

  • jaymzh: Work around libc bug in hostname --fqdn
  • mvidner: (Long time ago) Added differentiation for suse & opensuse in the :platform attribute.
  • tas50: Added additional cpu information to darwin platform.
  • mpasternacki: Removed fe80:: link-local address from reported ip6addresses.
  • paulczar: Added private network information for Rackspace nodes.
  • ctennis: Added init_package plugin which reports the init mechanism of the system on linux.

Ohai 6.22.0

  • jaymzh: Work around libc bug in hostname --fqdn
  • jaymzh: Add timeouts to ‘df’ and ‘mount’ commands

mixlib-shellout 1.4.0

  • carmstrong: Added error? method to see if the command was successful.

More Information

Here are some pointers to more information about these releases:

How to get it?

As usual you can get these releases with our install script on non-windows platforms:

curl -L | sudo bash -s -- -v 10.32.2 
curl -L | sudo bash -s -- -v 11.12.0

You can download these releases for Windows using these links:

Chef Client 11.12.0

Chef Client 10.32.2

Author Serdar Sutay

  • Serdar Sutay

    Our blog post went out a little bit earlier than expected folks. 11.12.0 release is out however 10.32.2 is still in our release pipelines. It should be online in the next couple of hours.

    I’ll post an update when it is online. Sorry for any confusion this might cause.

    • Serdar Sutay

      And 10.32.2 is also live now.

  • sashazykov

    I updated chef using “curl -L | sudo bash -s — -v 11.12.0″ reconfigured and restarted it, but it’s still vulnerable. What I did wrong?

    • Serdar Sutay

      Thanks for the note @sashazykov:disqus.

      Are you trying to upgrade your Chef client or server? When you say ‘reconfigured’ it makes me think that you’re trying to upgrade server. Server releases are still in the works. Information will be available on our blog when they are available.

      If you’re trying to upgrade your client, can you share the platform you are trying that on and the version of openssl you’re seeing after upgrade?

      • sashazykov

        Oops. Yes, I tried to upgrade my server. :) Hope to do it soon.. Thank you for the response.

  • Michael Weinberg

    11.12.0 introduces ohai 7.0.0, which is a breaking change for ohai 6 plugins. Are you planning a non-breaking patched release for 11.x as well?

    • Serdar Sutay

      Ohai 7.0.0 is designed to be backwards compatible with Ohai 6 plugins Michael.

      Did you run into any issues? I would be glad to help if you can share more details.

  • Michael Weinberg

    Serdar, I’ve twice tried to reply to you here and my comment has disappeared both times. Definitely seeing issues related to ohai 7.0.0. If you want me info I’m happy to provide it michael at hw-op dot com.

    • Serdar Sutay

      We’re looking into one issue around Ohai 7 Michael:

      I’ve tried the email address above but got a delivery failure. If your issue is looking different can you reach out to me here: serdar at getchef dot com ?