ยซ Changelog History


Chocolatey v0.10.1 Release Notes

Release Date: 2016-09-19 // over 7 years ago

  • ๐Ÿš€ We're dubbing this the "Shhh! Keep that secret please" release. We've found that when passing in passwords and other sensitive arguments, those items can end up in the logs in clear text. We've addressed this in #948 and #953. When it comes to passing sensitive arguments through to native installers, you can set up environment variables with those sensitive args and pass those arguments directly through to Start-ChocolateyProcessAsAdmin. If you prefer a better experience, the licensed version allows passing sensitive options directly through choco.exe as --install-arguments-sensitive and --package-parameters-sensitive. Read more in the Licensed CHANGELOG.

    ๐Ÿš€ Perhaps the biggest improvement in this release is that Chocolatey will automatically look to see if it can download binaries over HTTPS when provided an HTTP url. If so, Chocolatey will switch to downloading the binaries over SSL. This provides better security in downloading and knowing you are getting the binary from the source location instead of a possible man in the middle location, especially when the package does not provide checksums for verification.

    ๐Ÿ”’ Another improvement you may not even notice, but we think you will love is that Chocolatey now supports TLS v1.2 transport which presents a nice transparent increase in security. You will need to have at least .NET Framework 4.5 installed to take advantage of this feature.

    ๐Ÿ”‹ FEATURES

    • [Security] Support TLS v1.2 - see #458
    • [Security] Attempt to download packages via HTTPS connection - see #746
    • [Security] Pro/Business - Pass sensitive arguments to installers - see #948
    • Search (and info) by version - see #935

    ๐Ÿ› BUG FIXES

    • [Security] Fix - Passwords in command line options are logged in clear text - see #953
    • [Security] Fix - For PowerShell v2 - if switch down to SSLv3 protocol fails, go back to original protocol - see #958
    • Fix - Unzipping to ProgramFiles/System32 is Subject to File System Redirection - see #960
    • Fix - Run without login - see #945
    • Fix - Support Long Paths - see #934
    • Fix - help should not issue warning about elevated command shell - see #893
    • Fix - Licensed Feed cannot be disabled - see #959
    • Fix - Choco with unknown command should show help menu - see #938
    • Fix - Get-FtpFile error when file is missing (called through Get-ChocolateyWebFile) - see #920
    • Fix - Skip Get-WebFileName for FTP - see #957
    • Fix - Chocolatey-InstallChocolateyPackage fix for double chocolatey folder name is not also applied to the passed in file name - see #908
    • Fix - Start-ProcessAsAdmin - working directory should be from the location of the executable - see #937
    • [POSH Host] Fix - PowerShell Host - Package scripts setting values can affect packages that depend on them - see #719
    • Fix - Transactional install - pending check may fail if the lib folder doesn't exist - see #954
    • Fix - Start-ChocolateyProcessAsAdmin Module Import for PowerShell causes errors - see #901

    ๐Ÿ‘Œ IMPROVEMENTS

    • Transactional Install - Improve concurrent operations (pending) - see #943
    • Uninstall-ChocolateyPackage should set unrecognized fileType to exe - see #964
    • Powershell functions - Allow access to package title, not only ID - see #925
    • Option to apply package parameters / install arguments to dependent packages - see #839
    • Get-ChocolateyWebFile download check enhancements - see #952
    • Do not treat unknown checksum types as MD5 - see #932
    • Pro/Business - Install-ChocolateyPackage - UseOriginalLocation - see #950
    • Auto determine checksum type - see #922
    • Ensure PowerShell functions have parameter name parity - see #941
    • Output from installer should go to verbose log - see #940