OSQuery v5.1.0 Release Notes
-
Representing commits from 20 contributors! Thank you all.
๐ New Features
- ๐ Allow custom cpu limit duration for the watchdog (#7348)
- ๐ Support custom endpoints for AWS Kinesis and Firehose. (#7317)
Table Changes
- Add
docker_container_envs
table for access to docker container environment (#7313) curl
table now returns peer certificates even if the TLS handshake does not complete (#7349)
Under the Hood improvements
- ๐ Allow tests and SDK to reset dispatcher state (#7372)
- Avoid string copies when looping through cron search dirs (#7331)
- Respect
read_max
flag when hashing using ssdeep (#7367)
๐ Bug Fixes
- ๐ Detect when an extension has not started correctly on Windows (#7355)
- ๐ Fix crash #7353 when osquery captures kill syscall when not subscribed to them (#7354)
- โ Fix crash in AuditdNetlinkReader::configureAuditService when audit_add_rule_data returns an error (#7337)
- ๐ Fix crash when
windows_security_products
errors out (#7401) - ๐ Fix for #7394 where cleanup of some event tables never occures (#7395)
- ๐ Improve BPF publisher reliability (#7302)
- ๐ฒ Lower log level of "executing distributed query" (#7386)
- โฌ๏ธ Reduce excessive log messages from
authorized_keys
table implementation (#7318)
๐ Documentation
- โ Add 5.0.1 CHANGELOG (#7284)
- ๐ Fix typo in Everything in SQL docs (#7338)
- ๐ Fix typo in SQL docs (#7376)
- โก๏ธ Update GitHub issue templates (#7361, #7396)
- โก๏ธ Update installation guide to use newer macOS paths (#7311)
- ๐ Update macOS ESF documentation (#7303)
Packs
- โ Add Forcepoint Endpoint Chrome Extension detection to packs (#7346)
- โ Add
beurk
rootkit detection to packs (#7345)
๐ Build
- ๐ Allow tests to reset the restarting state (#7373)
- ๐ Build librpm with ndb support (#7294)
- Customizable installation logic (#7315)
- ๐ Fix ASL test on macOS 11 and later (#7320)
- ๐ Restore query packs in Windows packaging (#7388)
- ๐ Skip deprecated ASL test when targeting macOS 10.13+ SDK (#7358)
- โก๏ธ Update packaging commit to fix Linux symlinks (#7404)
- โก๏ธ Update the CI Linux Docker image (#7332)