ยซ Changelog History


OSQuery v5.5.1 Release Notes

  • Git Commits

    โšก๏ธ Osquery 5.5.1 has some really exciting table updates! There is a much ๐ŸŽ anticipated unified_log for macOS, this table is the replacement for asl, and uses the current Apple APIs. Additionally, several tables ๐Ÿ‘ have improved their cross-platform support.

    Representing commits from 14 contributors! Thank you all.

    ๐Ÿ†• New Features

    • โž• Add denylist mechanism to distributed queries (#7675)

    Table Changes

    • โž• Add cgroup_path column to processes table on Linux (#7728)
    • Add firmware_type column to platform_info table on Windows. (#7710)
    • โž• Add unified_log table for macOS (UAL) (#7598, #7713)
    • ๐Ÿ Port memory_devices table to Windows (#7633)
    • Port platform_info table to M1 Macs (#7660)
    • ๐ŸŽ Restore macOS kernel_panics table on modern macOS (#7585)
    • โšก๏ธ Update battery table on macOS m1 with correct raw battery max and current capacity (#7721)
    • โšก๏ธ Update mdfind query timeout to 30 seconds (#7725)
    • โšก๏ธ Update macos password_policy table to use use -1 as sentinel value for uid column (#7699)
    • โšก๏ธ Update parsing of authorized_keys file (#7560)
    • โšก๏ธ Update the registry table to be case insensitive for key (#7708)

    Under the Hood improvements

    • โž• Add a mechanism to reduce memory retained on Linux (#7502)
    • โž• Add denylist mechanism to distributed queries (#7675)
    • โž• Add table spec support for COLLATE NOCASE (#7680)
    • ๐Ÿ‘Œ Improve Pidfile handling (#7304)
    • Prevent the audit event system from using too much memory (#7329)
    • carves: use full pathnames while creating an archive (#7681)

    ๐Ÿ› Bug Fixes

    • ๐Ÿ›  Fix GetMemorySize for Windows memory_devices table (#7711)
    • ๐Ÿ›  Fix tpm_info bug where values were out of date (#7686)
    • ๐Ÿ›  Fix a crash when parsing ATC config with no columns (#7693)
    • ๐Ÿ›  Fix bug in GetHomeDirectories filesystem function (#7705)

    ๐Ÿ“š Documentation

    • โž• Add core to the type column description of osquery_extensions schema (#7716)
    • โž• Add documentation about 3rd-party dependency security (#7684)
    • โž• Add example for hostname form in curl_certificate table (#7706)
    • โž• Adds info on how to use GTEST_FILTER on windows (#7696)
    • ๐Ÿ”„ Changelog 5.4.0 (#7678)
    • Describe user-context-related caveat for screenlock table (#7649)
    • Update schema for process_open_sockets.state (#7733)
    • โšก๏ธ Update schema to reflect platform_info columns not available in Windows (#7732)

    ๐Ÿ— Build

    • โž• Add validation integration test for memory_devices (#7722)
    • โœ… Temporarily disable memory_devices integration test (#7717)
    • โšก๏ธ Update minimum macOS support from 10.12 to 10.14 (#7707)
    • โšก๏ธ ci: Update and temporarily disable the macOS Catalina test job (#7700)
    • ๐Ÿง cmake: Prevent defining some Linux only targets on other platforms (#7672)
    • โšก๏ธ libs: Update libxml2 to v2.9.14 (#7729)
    • โšก๏ธ libs: Update sqlite to version 3.39.2 (#7736)
    • โœ… test: Fix Mdfind.test_sanity flakyness (#7701)