ยซ Changelog History


OSQuery v5.3.0 Release Notes

  • Git Commits

    ๐Ÿ›  osquery 5.3.0 brings several table improvements and bugfixes. Worth mentioning also the deprecation of the smart_drive_info table ๐Ÿ”ง and the new warning added when incorrectly configuring a CLI only flag ๐Ÿš€ via the config file. In the next release CLI only flags will not be ๐Ÿ”ง configurable through the config file or refresh anymore.

    ๐Ÿš€ This release represents commits from 15 contributors! Thank you all.

    ๐Ÿ—„ Deprecation Notices

    • Deprecate unmaintainable legacy table, smart_drive_info (#7464, #7542)

    ๐Ÿ†• New Features

    • Add the option tls_disable_status_log to prevent status logs from being sent via TLS #7550
    • Add SQLite function in_cidr_block to check if IPv4/v6 addresses are within the supplied CIDR block #7563

    Table Changes

    • โž• Add the admindir column to the deb_packages table to parse package databases on different paths #7549
    • ๐ŸŽ Implement and fix wifi_networks on macOS Big Sur and newer #7503
    • โž• Add windows/darwin support to npm_packages #7536
    • Move apt_sources and yum_sources tables to linux only #7537
    • โž• Add homebrew paths to the python_packages table #7535
    • Mark wall_time column in osquery_schedule as hidden #7501
    • โž• Add new metrics and improve description of existing ones in osquery_schedule #7438
    • โž• Add the mirrorlist column in the table yum_sources #7479
    • Implement output_size for osquery_schedule #7436
    • ๐Ÿ“ฆ deb_packages table: Use additional instead of index for the admindir column #7573
    • ๐Ÿง certificates table: Add Linux support #7570
    • โž• Add translated column to processes table to indicate whether the process is running under Apple Rosetta #7507
    • โž• Add the "internet password" type to the macOS keychain_items table #7576
    • โž• Add original filename column to file table on Windows #7156

    ๐Ÿ› Bug Fixes

    • ๐Ÿ›  Fix watchdog not killing unhealthy worker/extension fast enough #7474
    • Fix the test_http_server.py --persist option #7497
    • โšก๏ธ Updateprofile.py --leaks for python3 #7534
    • Fixes osquery tls connections to aws kinesis when tls_server_certs is set #7450
    • ๐Ÿ›  Fix parsing issue when a backslash as the last character on sudoers file line #7440
    • ๐Ÿ”„ Change the JSON of the results coming from an event scheduled query to an array #7434
    • ๐Ÿ›  Fix globToRegex truncating UTF16 characters #7430
    • Prevent hanging when the WMI server does not respond #7429
    • ๐Ÿ›  Fix python_packages table so that it lists python packages from any user Python installations #7414
    • Set string size limit on thrift protocol factory to prevent a crash #7484
    • ๐Ÿ›  Fix driver image path in drivers table #7444
    • ๐Ÿšš Do not remove nonblocking flag when reading "special" files, to prevent hangs #7530
    • ๐Ÿ›  Fix crash due to interaction between distributed and config plugin #7504
    • bpf: Disable the BPF publisher in case of error #7500
    • Warn about setting CLI_FLAGs in the config #7583
    • Explicitly set context for the tables reading utmpx databases #7578
    • bpf: Improve socket event handling #7446
    • ๐Ÿ”จ certificates: Refactor the OpenSSL utilities #7581
    • ๐Ÿ›  Fix shared_resources accessing uninitialized variables #7600

    Under the Hood improvements

    • ๐Ÿ Implement a performant cache for users and groups on Windows #7516
    • Replace WmiRequest constructor with static factory method to improve error handling and prevent crashes #7489
    • โœ‚ Remove redundant string conversion #7603

    ๐Ÿ— Build

    • ๐Ÿ›  Fix DebPackages.test_sanity test when the size column is empty #7569
    • โšก๏ธ libs: Update libdpkg from version v1.19.0.5 to v1.21.7 #7549
    • ๐Ÿš€ CI: Restore some release checks #7558
    • Prevent ebpfpub linking against the system zlib #7557
    • ๐Ÿ›  Fix mdfind.test_sanity flaky behavior #7533
    • ๐ŸŽ Enable fuzzing and Asan on Windows, enable Asan on macOS #7470
    • โšก๏ธ Update cppcheck to version 2.6.3 and skip analysis for third party code #7455
    • โœ… Change cpu_info test to expect at least one socket, not just one #7490
    • ๐Ÿ›  Fix third party libraries flags leaking to osquery targets #7480
    • โž• Add third party libraries target #7467
    • Do not run clang-tidy on third party libraries #7432
    • ๐Ÿ”€ CI: Create github workflow target to gate mergeability #7427
    • ๐Ÿ›  Fix some warnings about unrecognized special characters in the Windows event log test #7478
    • ๐Ÿ”„ Change where the macOS Info.plist is generated #7566
    • Add OSQUERY_ENABLE_THREAD_SANITIZER to optionally enable TSan #6997
    • โž• Add an option to specify a path to the openssl archive #7559
    • โšก๏ธ packs: Update reverse shell query pack to check for a valid remote_port #7567
    • Remove the test_daemon_sighup test #7584
    • ๐Ÿ›  Fix release tests for Linux aarch64 #7572

    ๐Ÿ“š Documentation

    • ๐Ÿ“„ docs: remove FreeBSD #7508
    • ๐Ÿ“Œ Pin Jinja2 ReadTheDocs dependency to 3.0.3 #7533
    • ๐Ÿ”„ CHANGELOG 5.2.3 #7571
    • ๐Ÿ”„ CHANGELOG 5.2.2 #7447
    • โฌ†๏ธ Bump mkdocs from 1.1.2 to 1.2.3 in /docs #7457
    • ๐ŸŽ Replace OS X with macOS in table specs #7587
    • โšก๏ธ Update osquery.example.conf to omit the CLI only flags #7595
    • ๐Ÿ“š Update documentation about users and groups service flags (#7596)
    • โšก๏ธ Update the TSC members (#7543)