From e68a1aea9053b802d4dd8dab43d8b666572ce8a7 Mon Sep 17 00:00:00 2001 From: Mohan Chhalotre Date: Mon, 25 May 2026 16:36:07 +0530 Subject: [PATCH 1/9] Add Chef InSpec 5.24.* release notes Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Mohan Chhalotre --- content/release_notes/inspec.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 40b1019e1..33a49b923 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -393,6 +393,21 @@ We overhauled the `inspec check` and `inspec export` commands to use the parser - We no longer support Ruby 2.7 since it became end-of-life (EOL) in March 2023. +## Chef InSpec 5.24.* + +Release date: + +### Bug fixes + +- fix: CHEF-32686 - Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) + +### Dependency updates + +- Updated `addressable` gem from `2.4` to `2.9.0`. ([#7920](https://github.com/inspec/inspec/pull/7920)) +- Updated `json` gem from `>= 1.8` to `>= 2.19.2`. ([#829](https://github.com/inspec/train/pull/829)) +- Updated `activesupport` gem from `>= 7.2.2.1` to `>= 7.2.3.1`. ([#830](https://github.com/inspec/train/pull/830)) +- Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7911](https://github.com/inspec/inspec/pull/7911)) + ## Chef InSpec 5.24.7 Release date: March 2, 2026 From 3b33047741866b031a77c101bec6ef1daca95c4d Mon Sep 17 00:00:00 2001 From: Mohan Chhalotre Date: Mon, 25 May 2026 16:44:38 +0530 Subject: [PATCH 2/9] remove ticket number Signed-off-by: Mohan Chhalotre --- content/release_notes/inspec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 33a49b923..96633dbf6 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -399,7 +399,7 @@ Release date: ### Bug fixes -- fix: CHEF-32686 - Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) +- Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) ### Dependency updates From 0e7a90f0dd9e3b63db06435a3a11e7cfc3e67889 Mon Sep 17 00:00:00 2001 From: Chandra Date: Wed, 3 Jun 2026 15:57:37 +0530 Subject: [PATCH 3/9] Added omnibus submodule doc Signed-off-by: Chandra --- content/release_notes/inspec.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 96633dbf6..6dcff4984 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -395,13 +395,17 @@ We overhauled the `inspec check` and `inspec export` commands to use the parser ## Chef InSpec 5.24.* -Release date: +Release date: June 21th, 2026 + +### Key features / Improvements + +- **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. See [Building InSpec with Omnibus](/inspec/install/) for configuration details. ### Bug fixes - Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) -### Dependency updates +#### Security fixes - Updated `addressable` gem from `2.4` to `2.9.0`. ([#7920](https://github.com/inspec/inspec/pull/7920)) - Updated `json` gem from `>= 1.8` to `>= 2.19.2`. ([#829](https://github.com/inspec/train/pull/829)) From 4fa71f02cde3a7ab24e9cb47e69a824d85fc6df0 Mon Sep 17 00:00:00 2001 From: Nik08 Date: Thu, 11 Jun 2026 19:32:18 +0530 Subject: [PATCH 4/9] Add Windows arch detection bug fix to InSpec 5.24 release notes Fixed Windows architecture detection over WinRM when os.arch was missing or unknown. Adds robust fallback detection in Train and InSpec. ([#7935](https://github.com/inspec/inspec/pull/7935), train [#832](https://github.com/inspec/train/pull/832)) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Nik08 --- content/release_notes/inspec.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 6dcff4984..3eff12178 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -404,6 +404,7 @@ Release date: June 21th, 2026 ### Bug fixes - Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) +- Fixed Windows architecture detection over WinRM when os.arch was missing or unknown, which could cause incorrect architecture reporting and downstream transport failures. This adds robust fallback detection in Train and InSpec. ([#7935](https://github.com/inspec/inspec/pull/7935), train [#832](https://github.com/inspec/train/pull/832)) #### Security fixes From f40c6305100895227299267e81750119c1c69a30 Mon Sep 17 00:00:00 2001 From: Chandra Date: Fri, 12 Jun 2026 16:26:35 +0530 Subject: [PATCH 5/9] updated gem dependency entry Signed-off-by: Chandra --- content/release_notes/inspec.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 3eff12178..58ebc7bc8 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -393,13 +393,13 @@ We overhauled the `inspec check` and `inspec export` commands to use the parser - We no longer support Ruby 2.7 since it became end-of-life (EOL) in March 2023. -## Chef InSpec 5.24.* +## Chef InSpec 5.24.17 Release date: June 21th, 2026 ### Key features / Improvements -- **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. See [Building InSpec with Omnibus](/inspec/install/) for configuration details. +- **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. ([#7827](https://github.com/inspec/inspec/pull/7827)) ### Bug fixes @@ -409,9 +409,11 @@ Release date: June 21th, 2026 #### Security fixes - Updated `addressable` gem from `2.4` to `2.9.0`. ([#7920](https://github.com/inspec/inspec/pull/7920)) -- Updated `json` gem from `>= 1.8` to `>= 2.19.2`. ([#829](https://github.com/inspec/train/pull/829)) -- Updated `activesupport` gem from `>= 7.2.2.1` to `>= 7.2.3.1`. ([#830](https://github.com/inspec/train/pull/830)) +- Updated `json` gem from `>= 1.8` to `>= 2.19.2`. (train [#829](https://github.com/inspec/train/pull/829)) +- Updated `activesupport` gem from `>= 7.2.2.1` to `>= 7.2.3.1`. (train [#830](https://github.com/inspec/train/pull/830)) - Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7911](https://github.com/inspec/inspec/pull/7911)) +- Updated `jwt` gem from `2.10.2` to `2.10.3`. ([#7925](https://github.com/inspec/inspec/pull/7925)) +- Updated `faraday` gem from `1.10.4` to `1.10.5`. ([#7925](https://github.com/inspec/inspec/pull/7925)) ## Chef InSpec 5.24.7 From 8bbc87306fad52e1971c2235053d0a5708bbcfd1 Mon Sep 17 00:00:00 2001 From: Chandra Date: Wed, 17 Jun 2026 11:35:35 +0530 Subject: [PATCH 6/9] =?UTF-8?q?docs:=20inspec=20release=20notes=20?= =?UTF-8?q?=E2=80=94=20add=20nokogiri=20test=20dependency=20upgrade=20note?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mentioned the nokogiri test dependency upgrade from 1.17.1 to 1.18.10 under 'Key features / Improvements' in the Chef InSpec 5.24.17 release notes, specifying it as a test dependency to distinguish it from runtime security fixes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Chandra --- content/release_notes/inspec.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 58ebc7bc8..4663cbcb5 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -393,13 +393,14 @@ We overhauled the `inspec check` and `inspec export` commands to use the parser - We no longer support Ruby 2.7 since it became end-of-life (EOL) in March 2023. -## Chef InSpec 5.24.17 +## Chef InSpec 5.24.20 Release date: June 21th, 2026 ### Key features / Improvements - **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. ([#7827](https://github.com/inspec/inspec/pull/7827)) +- Updated `nokogiri` test dependency gem from `1.17.1` to `1.18.10`. ([#7946](https://github.com/inspec/inspec/pull/7946)) ### Bug fixes From fb3b47a6a5268f4320f347b26e636029168b5063 Mon Sep 17 00:00:00 2001 From: Chandra Date: Wed, 17 Jun 2026 11:42:51 +0530 Subject: [PATCH 7/9] =?UTF-8?q?docs:=20inspec=20release=20notes=20?= =?UTF-8?q?=E2=80=94=20add=20nokogiri=20to=20security=20fixes=20section?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added nokogiri test dependency upgrade (1.17.1 to 1.18.10) to the Security fixes section of Chef InSpec 5.24.17 release notes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Chandra --- content/release_notes/inspec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 4663cbcb5..ce325f846 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -400,7 +400,6 @@ Release date: June 21th, 2026 ### Key features / Improvements - **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. ([#7827](https://github.com/inspec/inspec/pull/7827)) -- Updated `nokogiri` test dependency gem from `1.17.1` to `1.18.10`. ([#7946](https://github.com/inspec/inspec/pull/7946)) ### Bug fixes @@ -415,6 +414,7 @@ Release date: June 21th, 2026 - Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7911](https://github.com/inspec/inspec/pull/7911)) - Updated `jwt` gem from `2.10.2` to `2.10.3`. ([#7925](https://github.com/inspec/inspec/pull/7925)) - Updated `faraday` gem from `1.10.4` to `1.10.5`. ([#7925](https://github.com/inspec/inspec/pull/7925)) +- Updated `nokogiri` test dependency gem from `1.17.1` to `1.18.10`. ([#7946](https://github.com/inspec/inspec/pull/7946)) ## Chef InSpec 5.24.7 From 18ea1146d2ea61a681f0a2c8c0c1592207565a2f Mon Sep 17 00:00:00 2001 From: Ian Maddaus Date: Thu, 18 Jun 2026 10:03:00 -0400 Subject: [PATCH 8/9] Edit release notes Signed-off-by: Ian Maddaus --- content/release_notes/inspec.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index ce325f846..18e0cd246 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -395,25 +395,31 @@ We overhauled the `inspec check` and `inspec export` commands to use the parser ## Chef InSpec 5.24.20 -Release date: June 21th, 2026 +Release date: June 21, 2026 -### Key features / Improvements +### Improvements -- **Omnibus build configuration as Git submodule**: The omnibus build configuration is now managed as a Git submodule from a private Chef repository, improving separation of concerns and enabling better control over official release builds. Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. ([#7827](https://github.com/inspec/inspec/pull/7827)) +- **Omnibus build configuration**: Moves the omnibus build configuration to a private Git submodule, improving separation of concerns and enabling better control over official release builds. +Community contributors can continue building InSpec packages using the public [`inspec-omnibus-community-config`](https://github.com/chef/inspec-omnibus-community-config) repository. ([#7827](https://github.com/inspec/inspec/pull/7827)) ### Bug fixes -- Pre-check waivers before control block evaluation to avoid eager resource execution ([#7832](https://github.com/inspec/inspec/pull/7832)) -- Fixed Windows architecture detection over WinRM when os.arch was missing or unknown, which could cause incorrect architecture reporting and downstream transport failures. This adds robust fallback detection in Train and InSpec. ([#7935](https://github.com/inspec/inspec/pull/7935), train [#832](https://github.com/inspec/train/pull/832)) +- Fixed an issue where controls waived with `run: false` still executed the entire control block before skipping, causing expensive commands to run unnecessarily. +InSpec now pre-checks waivers before evaluating the control block, so waived controls skip execution entirely. ([#7832](https://github.com/inspec/inspec/pull/7832)) +- Fixed an issue where the `package` resource failed to detect 32-bit packages when running InSpec against Windows Server 2025 through a WinRM session (for example, with Test Kitchen). +PowerShell WinRM sessions don't expand CMD-style environment variables, which caused architecture detection to return an unknown value and `WOW6432Node` registry paths to be skipped, making 32-bit packages appear as not installed. +Train now falls back to PowerShell-native syntax for architecture detection when CMD variable expansion fails. ([#7935](https://github.com/inspec/inspec/pull/7935), train [#832](https://github.com/inspec/train/pull/832)) #### Security fixes -- Updated `addressable` gem from `2.4` to `2.9.0`. ([#7920](https://github.com/inspec/inspec/pull/7920)) +- Updated `addressable` gem constraint from `< 2.8.8` to `~> 2.9`. ([#7920](https://github.com/inspec/inspec/pull/7920)) - Updated `json` gem from `>= 1.8` to `>= 2.19.2`. (train [#829](https://github.com/inspec/train/pull/829)) - Updated `activesupport` gem from `>= 7.2.2.1` to `>= 7.2.3.1`. (train [#830](https://github.com/inspec/train/pull/830)) + - Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7911](https://github.com/inspec/inspec/pull/7911)) - Updated `jwt` gem from `2.10.2` to `2.10.3`. ([#7925](https://github.com/inspec/inspec/pull/7925)) - Updated `faraday` gem from `1.10.4` to `1.10.5`. ([#7925](https://github.com/inspec/inspec/pull/7925)) +- Pinned `bigdecimal` to `< 4` in Train to prevent install failures on el-7 platforms (RHEL 7, CentOS 7). (train [#833](https://github.com/inspec/train/pull/833)) - Updated `nokogiri` test dependency gem from `1.17.1` to `1.18.10`. ([#7946](https://github.com/inspec/inspec/pull/7946)) ## Chef InSpec 5.24.7 From a16718e743a195aecfb18df736518ac575b9b23b Mon Sep 17 00:00:00 2001 From: Chandra Date: Fri, 19 Jun 2026 13:38:28 +0530 Subject: [PATCH 9/9] updated net-imap PR ref Signed-off-by: Chandra --- content/release_notes/inspec.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/release_notes/inspec.md b/content/release_notes/inspec.md index 18e0cd246..dbf1a4a41 100644 --- a/content/release_notes/inspec.md +++ b/content/release_notes/inspec.md @@ -415,8 +415,7 @@ Train now falls back to PowerShell-native syntax for architecture detection when - Updated `addressable` gem constraint from `< 2.8.8` to `~> 2.9`. ([#7920](https://github.com/inspec/inspec/pull/7920)) - Updated `json` gem from `>= 1.8` to `>= 2.19.2`. (train [#829](https://github.com/inspec/train/pull/829)) - Updated `activesupport` gem from `>= 7.2.2.1` to `>= 7.2.3.1`. (train [#830](https://github.com/inspec/train/pull/830)) - -- Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7911](https://github.com/inspec/inspec/pull/7911)) +- Updated `net-imap` gem from `>= 0.2.5` to `>= 0.5.14`. ([#7924](https://github.com/inspec/inspec/pull/7924)) - Updated `jwt` gem from `2.10.2` to `2.10.3`. ([#7925](https://github.com/inspec/inspec/pull/7925)) - Updated `faraday` gem from `1.10.4` to `1.10.5`. ([#7925](https://github.com/inspec/inspec/pull/7925)) - Pinned `bigdecimal` to `< 4` in Train to prevent install failures on el-7 platforms (RHEL 7, CentOS 7). (train [#833](https://github.com/inspec/train/pull/833))