ยซ Changelog History


OSQuery v4.6.0 Release Notes

  • Git Commits

    ๐Ÿ†• New Features

    • ๐ŸŽ‰ Initial implementations for BPF-based socket and process events tables (#6571)
    • ๐Ÿ‘Œ Support EC2 tables on Windows (#6756)

    Under the Hood improvements

    • ๐Ÿ‘ฏ BPF: Add container support to fork/vfork/clone (#6721)
    • BPF: Additional improvements on the initial implementation (#6717)
    • โœ… BPF: Fix the tests (#6783)
    • BPF: Fix wrong d_type compare in filesystem classes (#6774)
    • BPF: Implement additional syscalls to track file descriptor usage (#6723)
    • โœ‚ Remove unused LTCG flag (#6769)
    • ๐Ÿ‘Œ Support TLS client certificate chains (#6753)
    • ๐Ÿ”จ Refactor carver to use the Scheduler (#6671)
    • โž• Add configuration flag to disable file_events by default (#6663)
    • ๐Ÿ— libs: Build x86_64 configurations on Ubuntu 14.04 (#6687)
    • libs: Port the RocksDB Win7 compatibility patch to the MSBuild generator (#6765)
    • โšก๏ธ libs: Update BPF libraries to support LLVM 11 (#6775)
    • โšก๏ธ libs: Update RocksDB to version 6.14.5 (#6759)
    • โšก๏ธ libs: Update bzip2 to version 1.0.8 (#6786)
    • โšก๏ธ libs: Update ebpfpub to latest version (#6757)
    • โšก๏ธ libs: Update sqlite to version 3.34.0 (#6804)
    • โšก๏ธ libs: update aws-sdk to 1.7.230 (#6749)
    • โž• Adding support for pretty-printing JSON results in osqueryi (#6695)

    Table Changes

    • โž• Add Yandex Browser support for chrome_extensions (#6735)
    • โž• Add additional file stat flags to Darwin (bsd_flags) (#6699)
    • โž• Add extended_attributes table to Linux, add support for Linux capabilities (#6195)
    • โž• Add indexed column support to Windows users table (#6782)
    • ๐Ÿ Enable AWS Instance profile as credential provider on Windows (#6754)
    • โž• Add systemd support for startup_items on Linux (#6562)

    ๐Ÿ› Bug Fixes

    • Do not use memset on VirtualTable, a non-POD type (#6760)
    • ๐Ÿ›  Fix deadlock when registering two extensions (#6745)
    • Fix last_connected column in wifi_networks on Catalina (#6669)
    • ๐Ÿ›  Fix missing negations, duplicate rows in iptables table (#6713)
    • ๐Ÿ›  Fix shadow table to detect empty passwords (#6696)
    • ๐Ÿ†“ Free memory allocated by ConvertStringSidToSid (#6714)
    • ๐Ÿ“ฆ PackageIdentifiers are optional in InstallHistory.plist (#6767)
    • ๐Ÿ Removing PUNYCODE flag from windows string conversions (#6730)
    • ๐Ÿ›  Fix memory leak in the dbus classes (#6773)
    • ๐Ÿ”„ Change the kernel_modules size column type to BIGINT (#6712)

    ๐Ÿ“š Documentation

    • โž• Add a README.md to source-based libraries (#6686)
    • ๐Ÿ›  Fix spelling typos (#6705)
    • ๐Ÿ“š Journald Audit Logs Masking Documentation (#6748)

    ๐Ÿ— Build

    • ๐Ÿ“ฆ CI: Provide built packages as Azure artifacts (#6772)
    • ๐Ÿ CI: Python installation improvements on Windows (#6764)
    • โšก๏ธ CI: Update brew scripts (#6794)
    • ๐Ÿ‘ CMake: Disable BPF support if the LLVM libs are not compatible (#6746)
    • CMake: Use CPACK_RPM_PACKAGE_RELEASE (#6805)
    • ๐Ÿง CMake: Add max version limit to 3.18.0 on Linux (#6801)
    • ๐Ÿ”„ Change urls for submodules gpg-error, libgcrypt, libcap (#6768)
    • โฌ‡๏ธ Reduce linkage requirements for tests (#6715)
    • โœ‚ Remove a Buck leftover (#6799)
    • โœ‚ Remove boost workaround introduced in #5591 for string_view (#6771)
    • โœ… Tests: Fix tests on Catalina (#6704)
    • Update cmake_minum_required to 3.17.5 and pin version in CI (#6770)
    • ๐Ÿ build: Fix Windows build on newer MSVC (#6732)
    • extensions: Always compile examples to prevent them from breaking (#6747)

    ๐Ÿ”’ Security Issues

    Packs

    • โšก๏ธ Updated unwanted-chrome-extensions (#6720)
    • Restrict the usb_devices pack to Posix (#6739)
    • โž• Add Reptile rootkit to ossec-rootkit pack (#6703)