ยซ Changelog History


Chocolatey v0.10.9 Release Notes

Release Date: 2018-03-25 // about 6 years ago

  • ๐Ÿš€ The vendored 7Zip had a couple of security findings that necessitated a release. There is also a lot of goodness going into this release as well. We've fixed XDT transforms not to keep extra data around (requiring manual fixes). We've resolved some issues surrounding compatibility with Get-PackageParameters in the chocolatey-core.extension package and what's now built into Chocolatey. That should now work appropriately, and the built-in method should be preferred, so if you are using --package-parameters-sensitive, those will be added as well when you do have the chocolatey-core.extension package also installed.

    โฌ†๏ธ We've also brought in the long desired logging with no colorization. You can set that as a switch or globally with a feature flipper. With outdated/upgrade, you can now ignore unfound packages along with already skipping pinned packages. That will help you reduce your output to only the things it finds upgrades for that can be upgraded.

    ๐Ÿ› BUG FIXES

    • [Security] Fix - Pro/Business - Logging - Get-PackageParameters should not log sensitive params - see #1460
    • Fix - XDT transform causes xml file to have extra data in it (unusable until manually fixed) - see #1482
    • Fix - Escape package registry information to reduce unreadable files - see #1505
    • Fix - Uninstall-ChocolateyZipPackage is unable to find zip contents file - see #1415
    • Fix - Get-PackageParameters - Resolve differences between chocolatey.core-extension and built-in method - see #1490
    • Fix - Get-PackageParameters - force built-in method to be preferred over chocolatey-core.extension method - see #1476
    • Fix - Get-PackageParameters should handle urls - see #1459
    • Fix - Setting output directory with proper quoting can result in "The given path's format is not supported." - see #1517
    • Fix - Logging - PowerShell script contents logging should not error if they have contents mistaken for log formatting - see #1489
    • Fix - Incorrect documentation for Install-ChocolateyInstallPackage - see #1416
    • [API] Fix - Logging - Loggers should always be checked for initialization - see #1447
    • Fix - Pro/Business - Expired licenses should not cause Chocolatey errors - see #1500

    ๐Ÿ‘Œ IMPROVEMENTS

    • [Security] RAR extraction with older 7zip can cause memory corruption (CVE-2018-5996) / ZIP Shrink vulnerability (CVE-2017-17969) - see #1478
    • Provide friendly error messages on well-known exit codes - see #1526
    • Capture password securely during validation when only the user name has been provided - see #1524
    • Outdated/Upgrade - Option/feature to ignore unfound packages - see #1398
    • Installation/Setup: run choco once to initialize the config file - see #1401
    • Logging - Log access denied for config file to log file only - see #1445
    • Ability to pick x64/x86 runtime binaries for shimming by architecture without needing PowerShell scripts - see #1365
    • Logging - Add '--no-color' as a global option and 'logWithoutColor' feature - see #100
    • Reset colors after abnormal exit - see #474
    • [API] Logging - Set logging levels debug/verbose/trace - see #1448
    • [API] Logging - Sync already logged items when setting custom logging - see #1446
    • [API] Fix - Ensure one instantiation of GetChocolatey at a time - see #1400
    • Pro/Business - Uninstall - Keep stored package information by default - see #1399
    • Pro/Business - Logging - See licensing logging output - see #1488