OSQuery v5.4.0 Release Notes
-
Representing commits from 15 contributors! Thank you all.
๐ New Features
- ๐จ We're extending macOS Endpoint Security to include File Integrity monitoring. Check out the new
es_process_file_events
table. (#7579) - โ Add Docker build scripts and configuration (#7619)
๐ Deprecation Notices
Table Changes
- ๐จ New Table:
es_process_file_events
for macOS Endpoint Security based FIM (#7579) - ๐ New Table:
password_policy
table for macOS (#7594) - โก๏ธ New Table:
windows_update_history
(#7407) - ๐ง Add
memory_available
to linuxmemory_info
table (#7669) - ๐ง Port the
cpu_info
table to linux (#7499) - โ Remove the
lldp_neighbors
table (#7664) - โก๏ธ Update
deb_packages
table to not sisplay arch info in the package name (#7638) - Update
hardware_model
in thesystem_info
table on Apple M1 machines to report correctly (#7662) - Update
shared_resources
table to add type names, fix type/maximum_allowed handling (#7645)
Under the Hood improvements
- ๐ Expand env vars before trying to enumerate crashes in
windows_crashes
table (#7391) - Implement a split and trim function using std::string_view (#7636)
- ๐ Improve scheduled query denylisting and scheduler shutdown (#7492)
- Prevent CLI_FLAGs to be set via config (#7561)
- โ Remove unnecessary string copy (#7625)
๐ Bug Fixes
- โ Add linwin to list of supported PLATFORM_DIRS (#7646)
- ๐ Fix AWS certificate verification failing on all services (#7652)
- ๐ Fix MBCS support on Windows (#7593)
- ๐ Fix
local_timezone
column in thetime
table on Windows (#7656) - ๐ Fix
system_info
table to support unicode on Windows (#7626) - ๐ Fix multiple Yara leaks (#7615)
- Fix std::bad_alloc on pci_devices on Apple Silicon macs (#7648)
- ๐ Fix tables spec files to specify
linux
and notposix
(#7644) - ๐ Fix thrift server shutting down when dropping privileges (#7639)
๐ Documentation
- ๐ CHANGELOG 5.3.0 (#7575)
- ๐ Exclude
spec/example.table
when generating documentation (#7647) - ๐ Fix a UUID typo in the
disk_encryption
table (#7608) - ๐ Fix spelling of the word "owned" (#7630)
- ๐ Fix typo in FIM docs for Windows (#7676)
- ๐ Update the "new release" issue template (#7607)
- ๐ clarify browser_plugins table is referencing basically unsupported CNPAPI tech (#7651)
๐ Build
- โ Add an option to build with the leak sanitizer (#7609)
- ๐ Fix check for PIE support (#7234)
- โฑ Fix SchedulerTests.test_scheduler_drift_accumulation flakyness (#7613)
- ๐ Improve config parsing and osqueryfuzz-config performance (#7635)
- ๐ Initialize users and groups services on all tests that need them (#7620)
- โก๏ธ ci: Update osquery-packaging commit to the latest one (#7667)
- cmake: Add an option to enable or disable using ccache (#7671)
- โก๏ธ libs: Update OpenSSL to version 1.1.1o (#7629)
- โก๏ธ libs: Update OpenSSL to version 1.1.1q (#7674)
- โก๏ธ libs: Update libarchive to version 3.6.1 (#7654)
- โก๏ธ libs: Update sqlite to version 3.38.5 (#7628)
- ๐จ We're extending macOS Endpoint Security to include File Integrity monitoring. Check out the new