ยซ Changelog History


OSQuery v4.9.0 Release Notes

  • Git Commits

    Representing commits from 16 contributors! Thank you all.

    ๐Ÿ†• New Features

    • โž• Add filesystem logrotate feature (#7015)
    • โž• Add Non-Functional EndpointSecurity based process events to macOS (Requires updated codesigning due in 5.0) (#7046)

    Table Changes

    • Add mdm_managed column to system_extensions on macOS (#6915)
    • โž• Add prefetch table on Windows (#7076)
    • โž• Add support for IMDSv2 to AWS tables (#7084)
    • ๐Ÿณ Enable container stats on docker containers that don't have traditional networks (#7145)
    • โšก๏ธ Update homebrew_packages to include new prefix, and allow specifying alternate prefixes (#7117)
    • Update ntfs_acl_permissions to list all ACE entries (using GetAce()) (#7114)
    • โšก๏ธ Update processes table to display additional Windows attributes (secured, protected, virtual, elevated) (#7121)
    • Update how package_install_history identifies the packageIdentifiers key (#7099)
    • โšก๏ธ Update how identifier is calculated in chrome_extensions (#7124)

    Under the Hood improvements

    • ๐Ÿ‘Œ Improve speed of osquery shutdown procedure (#7077)
    • ๐Ÿ‘Œ Improve shutdown speed during initialization (#7106)
    • โšก๏ธ Update website generators (#7136)
    • CLI flag to allow osquery to keep retrying enrollment (instead of exiting) (#7125)
    • rocksdb: Do not fsync WAL writes (#7094)
    • ๐Ÿšš Move CPack packaging to a dedicated repository (#7059)
    • โช Restore thrift socket 5min timeout (#7072)
    • Consolidate syscalls to a single audit rule (#7063)

    ๐Ÿ› Bug Fixes

    • โž• Add current WMI location for Dell BIOS info (#7103)
    • ๐Ÿ–จ Correct RocksDB error code and subcode printing on open failure (#7069)
    • ๐Ÿ›  Fix pipe_channel not reading all data in a message (#7139)
    • ๐Ÿ›  Fix crash and deadlocks in recursive logging (#7127)
    • ๐Ÿ›  Fix custom curl_certificate timeouts (#7151)
    • ๐Ÿ›  Fix extensions crash on shutdown (#7075)
    • Handle updated paths on various macOS tables -- xprotect_entries, xprotect_meta, launchd (#7138, #7154)
    • Trigger event cleanup checks every 256 events (#7143)
    • โšก๏ธ Update generating an extension uuid to be thread safe (#7135)
    • ๐Ÿ‘ท Watchdog should wait for the worker to shutdown (#7116)

    ๐Ÿ“š Documentation

    • ๐Ÿ“š Update process auditing requirements documentation (#7102)
    • โšก๏ธ Update website docs indicating windows support for YARA tables (#7130)
    • โž• Add 4.9.0 CHANGELOG (#7152)

    ๐Ÿ— Build

    • โž• Add Apple provisioning profile for distribution (#7119)
    • โž• Add more tests for events expiration (#7071)
    • CI: Regenerate sccache cache when compiler version changes (#7081)
    • Fix flaky test test_daemon_sigint by waiting for pidfile (#7095)
    • ๐Ÿ›  Fix icon in Windows packaging (#7148)
    • Minor cleanup of unused variables (#7128)
    • ๐Ÿ–จ Print extension SDK minimum version required when failing to load (#7074)
    • โœ‚ Remove POSIX-only -fexceptions flag on Windows (#7126)
    • Remove duplicated osquery_utils_aws_tests-test (#7078)
    • โœ‚ Remove flaky test decorators for python tests (#7070)
    • โšก๏ธ Update SQLite to version 3.35.5 (#7090)
    • โšก๏ธ Update librdkafka to version 1.7.0 (#7134)
    • โšก๏ธ Update libyara to version 4.1.1 (#7133)