OSQuery v5.1.0 Release Notes

  • Git Commits

    Representing commits from 20 contributors! Thank you all.

    ๐Ÿ†• New Features

    • ๐Ÿ‘ Allow custom cpu limit duration for the watchdog (#7348)
    • ๐Ÿ‘Œ Support custom endpoints for AWS Kinesis and Firehose. (#7317)

    Table Changes

    • Add docker_container_envs table for access to docker container environment (#7313)
    • curl table now returns peer certificates even if the TLS handshake does not complete (#7349)

    Under the Hood improvements

    • ๐Ÿ‘ Allow tests and SDK to reset dispatcher state (#7372)
    • Avoid string copies when looping through cron search dirs (#7331)
    • Respect read_max flag when hashing using ssdeep (#7367)

    ๐Ÿ› Bug Fixes

    • ๐Ÿ Detect when an extension has not started correctly on Windows (#7355)
    • ๐Ÿ›  Fix crash #7353 when osquery captures kill syscall when not subscribed to them (#7354)
    • โž• Fix crash in AuditdNetlinkReader::configureAuditService when audit_add_rule_data returns an error (#7337)
    • ๐Ÿ”’ Fix crash when windows_security_products errors out (#7401)
    • ๐Ÿ›  Fix for #7394 where cleanup of some event tables never occures (#7395)
    • ๐Ÿ‘Œ Improve BPF publisher reliability (#7302)
    • ๐ŸŒฒ Lower log level of "executing distributed query" (#7386)
    • โฌ‡๏ธ Reduce excessive log messages from authorized_keys table implementation (#7318)

    ๐Ÿ“š Documentation

    • โž• Add 5.0.1 CHANGELOG (#7284)
    • ๐Ÿ›  Fix typo in Everything in SQL docs (#7338)
    • ๐Ÿ›  Fix typo in SQL docs (#7376)
    • โšก๏ธ Update GitHub issue templates (#7361, #7396)
    • โšก๏ธ Update installation guide to use newer macOS paths (#7311)
    • ๐Ÿ“š Update macOS ESF documentation (#7303)

    Packs

    • โž• Add Forcepoint Endpoint Chrome Extension detection to packs (#7346)
    • โž• Add beurk rootkit detection to packs (#7345)

    ๐Ÿ— Build

    • ๐Ÿ‘ Allow tests to reset the restarting state (#7373)
    • ๐Ÿ— Build librpm with ndb support (#7294)
    • Customizable installation logic (#7315)
    • ๐Ÿ›  Fix ASL test on macOS 11 and later (#7320)
    • ๐Ÿ Restore query packs in Windows packaging (#7388)
    • ๐ŸŽ Skip deprecated ASL test when targeting macOS 10.13+ SDK (#7358)
    • โšก๏ธ Update packaging commit to fix Linux symlinks (#7404)
    • โšก๏ธ Update the CI Linux Docker image (#7332)