Add additional deprecations, a few bugs, and some security updatestm/13_7_release

Signed-off-by: Tim Smith <tsmith@chef.io>

1 files changed, 45 insertions, 15 deletions

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 03f95a4ba9..71f1909145 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -4,29 +4,59 @@ _This file holds "in progress" release notes for the current release under devel
 
 # Chef Client Release Notes 13.7:
 
-## `erl_call` Resource is Deprecated
-
-We introduced `erl_call` to help us to manage CouchDB servers back in
-the olden times of Chef. Since then, we've noticed that no-one uses it,
-and so `erl_call` will be removed in Chef 14.
-
 ## The `windows_task` Resource should be better behaved
 
-We've spent a considerable amount of time testing and fixing the
-`windows_task` resource to ensure that it is properly idempotent and
-correct in more situations.
+We've spent a considerable amount of time testing and fixing the `windows_task` resource to ensure that it is properly idempotent and correct in more situations.
 
 ## Credentials handling
 
-Previously, chef on the workstation used `knife.rb` or `config.rb` to
-handle credentials. This didn't do a great job when interacting with
-multiple Chef servers, leading to the need for tools like `knife_block`.
-We've added support for a credentials file that can contain
-configuration for many Chef servers (or organizations), and we've made
-it easy to indicate which account you mean to use.
+Previously, chef on the workstation used `knife.rb` or `config.rb` to handle credentials. This didn't do a great job when interacting with multiple Chef servers, leading to the need for tools like `knife_block`. We've added support for a credentials file that can contain configuration for many Chef servers (or organizations), and we've made it easy to indicate which account you mean to use.
+
+## New deprecations
+
+### `erl_call` Resource
+
+We introduced `erl_call` to help us to manage CouchDB servers back in the olden times of Chef. Since then, we've noticed that no-one uses it, and so `erl_call` will be removed in Chef 14\. Foodcritic rule FC105 has been introduced to detect usage of erl_call.
+
+### epic_fail
+
+The original name for the ignore_failure property in resources was epic_fail. Our documentation hasn't referred to epic_fail for years and out of the 3500 cookbooks on the Supermarket only one uses epic_fail. In Chef 14 we will remove the epic_fail property entirely. Foodcritic rule FC107 has been introduced to detect usage of epic_fail.
+
+### Legacy Mixins
+
+In Chef 14 several legacy legacy mixins will be removed. Usage of these mixins has resulted in deprecation warnings for several years. They were traditionally used in some HWRPs, but are rarely found in code available on the Supermarket. Foodcritic rules FC097, FC098, FC099, FC100, and FC102 have been introduced to detect these mixins.
+
+- Chef::Mixin::LanguageIncludeAttribute
+- Chef::Mixin::RecipeDefinitionDSLCore
+- Chef::Mixin::LanguageIncludeRecipe
+- Chef::Mixin::Language
+- Chef::DSL::Recipe::FullDSL
+
+### :uninstall action in chocolatey_package
+
+The chocolatey cookbook's chocolatey_package resource originally contained an :uninstall action. When chocolatey_package was moved into core Chef we made :uninstall an alias for :remove. In Chef 14 :uninstall will no longer be a valid action. Foodcritic rule FC103 has been introduced to detect the usage of the :uninstall action.
+
+## Bugfixes
+
+- Resolved a bug where knife commands that prompted on Windows would never display the prompt
+- Fixed hiding of sensitive resources when converge_if_changed was used
+- Fixed scenarios where services would fail to start on Solaris
+
+## Security Updates
+
+- OpenSSL has been upgraded to 1.0.2n to resolve CVE-2017-3738, CVE-2017-3737, CVE-2017-3736, and CVE-2017-3735.
+- Ruby has been upgraded to 2.4.3 to resolve CVE-2017-17405
 
 ## Ohai 13.7 Release Notes:
 
+### Network Tunnel Information
+
+The Network plugin on Linux hosts now gathers additional information on tunnels
+
+### LsPci Plugin
+
+The new LsPci plugin provides a `node[:pci]` hash with information about the PCI bus based on `lspci`. Only runs on Linux.
+
 ### EC2 C5 Detection
 
 The EC2 plugin has been updated to properly detect the new AWS hypervisor used in the C5 instance types