ยซ Changelog History


OSQuery v4.8.0 Release Notes

  • Git Commits

    Representing commits from 14 contributors! Thank you all.

    ๐Ÿ›  This version fixes a regression introduced in 4.7.0 related to events expiration optimization. Please read (#7055) for more information.

    ๐Ÿš€ This release upgrades openssl, as is general good practice. Osquery is ๐Ÿ”’ not known to be effected by any security issues in OpenSSL.

    ๐Ÿ†• New Features

    • shell: Add .connect meta command (#6944)

    Table Changes

    • โž• Add seccomp_events table for Linux (#7006)
    • โž• Add shortcut_files table for Windows (#6994)

    Under the Hood improvements

    • Removing Keyboard Event Taps from osx-attacks pack (#7023)
    • ๐Ÿ”จ Refactor watcher out of singleton pattern (#7042)
    • ๐Ÿ”จ Small events subscriber refactor to increase test coverage (#7050)
    • ๐Ÿ“ฆ Setting non-required deb_packages fields as optional in test (#7001)

    ๐Ÿ› Bug Fixes

    • ๐Ÿ– Handle events optimization edge cases (#7060)
    • ๐Ÿ›  Fix optimization for multiple queries using the same subscriber (#7055)
    • ๐Ÿ‘‰ Use epoch and counter for events-based queries (#7051)
    • Guard node key to prevent duplicate enrollments (#7052)
    • ๐Ÿ”„ Change windows calculation for physical_memory (#7028)
    • ๐Ÿ†“ Free using WTSFreeMemoryEx for WTSEnumerateSessionsExW (#7039)
    • ๐Ÿš€ Release variable in Windows data conversation (#7024)
    • ๐Ÿ”„ Change chrome_extensions warnings to verbose (#7032)
    • โž• Add transactions to the SQLite authorizer PRAGMAs (#7029)
    • ๐Ÿ”„ Change Windows messages to verbose (#7027)
    • ๐Ÿ›  Fix scheduler to print the correct number of elapsed seconds (#7016)

    ๐Ÿ“š Documentation

    • Fix tls_enroll_max_attempts flag name in the documentation (#7049)
    • ๐Ÿ‘Œ Improve docs on FIM, mention NTFS and Audit, etc. (#7036)
    • ๐Ÿ“„ config: Add docs for the events top-level-key (#7040)
    • โž• Add funding link on GitHub generated page (#7043)
    • ๐Ÿ Correct the example in the windows_events table spec (#7035)
    • ๐Ÿ“„ Correct docs about OpenSSL and TLS behavior (#7033)
    • โšก๏ธ Update docs to describe how to build for aarch64/arm64 (#6285) (#6970)
    • โž• Add a note on enabling Windows to build with CMake's long paths (#7010)
    • โž• Add 4.8.0 CHANGELOG (#7057)

    ๐Ÿ— Build

    • โž• Add an option to enable incremental linking on Windows (#7044)
    • โœ‚ Remove Buck leftovers that supported building with old versions of OpenSSL (#7034)
    • โž• Add build_aarch64 workflow for push (#7014)
    • ๐Ÿ‘ท Move CI to using docker from osquery (#7012)
    • โšก๏ธ Update dockerfile to multiplatform (#7011)
    • โš™ Run GH Actions workflows on all tags (#7004)
    • ๐Ÿ— Disable BPF events tests if OSQUERY_BUILD_BPF is false (#7002)
    • โšก๏ธ libs: Update OpenSSL to version 1.1.1k (#7026)