All Versions
25
Latest Version
Avg Release Cycle
57 days
Latest Release
-
Changelog History
Page 2
Changelog History
Page 2
-
v4.6.0 Changes
๐ New Features
- ๐ Initial implementations for BPF-based socket and process events tables (#6571)
- ๐ Support EC2 tables on Windows (#6756)
Under the Hood improvements
- ๐ฏ BPF: Add container support to fork/vfork/clone (#6721)
- BPF: Additional improvements on the initial implementation (#6717)
- โ BPF: Fix the tests (#6783)
- BPF: Fix wrong d_type compare in filesystem classes (#6774)
- BPF: Implement additional syscalls to track file descriptor usage (#6723)
- โ Remove unused LTCG flag (#6769)
- ๐ Support TLS client certificate chains (#6753)
- ๐จ Refactor carver to use the Scheduler (#6671)
- โ Add configuration flag to disable file_events by default (#6663)
- ๐ libs: Build x86_64 configurations on Ubuntu 14.04 (#6687)
- libs: Port the RocksDB Win7 compatibility patch to the MSBuild generator (#6765)
- โก๏ธ libs: Update BPF libraries to support LLVM 11 (#6775)
- โก๏ธ libs: Update RocksDB to version 6.14.5 (#6759)
- โก๏ธ libs: Update bzip2 to version 1.0.8 (#6786)
- โก๏ธ libs: Update ebpfpub to latest version (#6757)
- โก๏ธ libs: Update sqlite to version 3.34.0 (#6804)
- โก๏ธ libs: update aws-sdk to 1.7.230 (#6749)
- โ Adding support for pretty-printing JSON results in osqueryi (#6695)
Table Changes
- โ Add Yandex Browser support for chrome_extensions (#6735)
- โ Add additional file stat flags to Darwin (bsd_flags) (#6699)
- โ Add extended_attributes table to Linux, add support for Linux capabilities (#6195)
- โ Add indexed column support to Windows users table (#6782)
- ๐ Enable AWS Instance profile as credential provider on Windows (#6754)
- โ Add systemd support for startup_items on Linux (#6562)
๐ Bug Fixes
- Do not use memset on VirtualTable, a non-POD type (#6760)
- ๐ Fix deadlock when registering two extensions (#6745)
- Fix last_connected column in wifi_networks on Catalina (#6669)
- ๐ Fix missing negations, duplicate rows in iptables table (#6713)
- ๐ Fix shadow table to detect empty passwords (#6696)
- ๐ Free memory allocated by ConvertStringSidToSid (#6714)
- ๐ฆ PackageIdentifiers are optional in InstallHistory.plist (#6767)
- ๐ Removing PUNYCODE flag from windows string conversions (#6730)
- ๐ Fix memory leak in the dbus classes (#6773)
- ๐ Change the kernel_modules size column type to BIGINT (#6712)
๐ Documentation
- โ Add a README.md to source-based libraries (#6686)
- ๐ Fix spelling typos (#6705)
- ๐ Journald Audit Logs Masking Documentation (#6748)
๐ Build
- ๐ฆ CI: Provide built packages as Azure artifacts (#6772)
- ๐ CI: Python installation improvements on Windows (#6764)
- โก๏ธ CI: Update brew scripts (#6794)
- ๐ CMake: Disable BPF support if the LLVM libs are not compatible (#6746)
- CMake: Use CPACK_RPM_PACKAGE_RELEASE (#6805)
- ๐ง CMake: Add max version limit to 3.18.0 on Linux (#6801)
- ๐ Change urls for submodules gpg-error, libgcrypt, libcap (#6768)
- โฌ๏ธ Reduce linkage requirements for tests (#6715)
- โ Remove a Buck leftover (#6799)
- โ Remove boost workaround introduced in #5591 for string_view (#6771)
- โ Tests: Fix tests on Catalina (#6704)
- Update cmake_minum_required to 3.17.5 and pin version in CI (#6770)
- ๐ build: Fix Windows build on newer MSVC (#6732)
- extensions: Always compile examples to prevent them from breaking (#6747)
๐ Security Issues
- โ Add SQLite authorizer to mitgate CVE-2020-26273 / GHSA-4g56-2482-x7q8 (https://github.com/osquery/osquery/commit/c3f9a3dae22d43ed3b4f6a403cbf89da4cba7c3c)
Packs
-
v4.5.1 Changes
October 05, 2020Under the Hood improvements
- ๐ Improve carver tests by faking
postCarve(#6659) - Emit an error during carving, if the
carveSQL function is disabled (#6658) - โก๏ธ Update
carvesspecs to allow full scan (#6657) - โก๏ธ Update
carvestable to use JSON (#6656) - ๐ Improve performance and accuracy of Windows
registryquerying (#6647) - ๐จ Refactor
ephemeraldatabase plugin into core and simplify tests (#6648)
Table Changes
- ๐ Support for Office MRU (most recently used) entries (#6587)
- ๐ง Implement configurable timeout through WHERE clause on
curl_certificate(#6641) - โ Add
atom_packagestable spec to window (#6649) - โ Add signature information to
authenticodetable on windows (#6677) - โ Add additional AWS regions (#6666)
๐ Bug Fixes
- ๐ Fix container overflow in
curl_certificate(#6664) - ๐ Fix handling of invalid array bound error with
EvtNextfunction (#6660) - Fix
wmi_bios_infotable searching (#5246) - ๐ Fix
imagecolumn withindriverstable on Windows (#6652) - ๐ Fix windows
dirPathsAreEqualto use the documented way (#6690) - ๐ Fix incorrect
stat()return checking within process_events (#6694) - Always flush
stdoutwhen called with--help(#6693)
๐ Documentation
- โฑ Document max scheduled query interval (#6683)
- ๐ Update documentation around build steps (#6681)
- ๐ Documentation copy editing (#6676, #6665, #6662)
- โ Add 4.5.0 CHANGELOG (#6646)
- โ Add 4.5.1 CHANGELOG (#6692)
๐ Build
- ๐ Improve flaky python test handling (#6654)
- โช Restore
test_osqueryi(#6631) - Limit
osquerydCPU usage to 20% in systemd unit file (#6644) - ๐ Improve flaky
test_osqueryi(#6688) - โ Add
cppchecksupport to macOS (#6685)
Hardening
- โ Add exception catching for table execution (#6689)
- ๐ Improve carver tests by faking
-
v4.5.0 Changes
September 12, 2020๐ We would like to thank all of the contributors working on bootstrapping the ARM64/AARCH64 support and Windows 32bit support.
โ Additionally, we want to thank those working on Unicode support and all the bug fixes, documentation improvements, and new features.
๐ฑ Thank you! ๐๐ New Features
- ๐ง ARM64/AARCH64 beta support for Linux (#6612)
- ๐ Windows 32bit support (#6543)
- ๐ Fix buildup of RocksDB SST files (#6606)
Under the Hood improvements
- โ Remove selectAllFrom from Linux
process_eventscallback (#6638) - โ Remove database read only concept (#6637)
- ๐ Move database initialization retry logic into DB API (#6633)
- ๐ Move osquery/include files into respective CMake targets (#6557)
- ๐ Memoize
EventFactory::getType(#6555) - โก๏ธ Update schedule counter behavior (#6223)
- ๐ Define
UNICODEand_UNICODEpreprocessors for windows (#6338) - โ Add WMI utility function to convert datetime to FILETIME (#5901)
- ๐ Move osquery shutdown logic outside of
Initializer (#6530)
Table Changes
- ๐ Support for Windows Background Activity Moderator (#6585)
- โ Add
apparmor_eventstable to Linux (#4982) - โ Add
sigurlcolumn to get YARA signatures from an HTTPS server (#6607) - โ Add
sigrulescolumn to pass YARA signatures within queries (#6568) - Add non-evented table for querying
windows_event_log(#6563) - ๐ Improve
chassis_typesandsecurity_breachcolumns withinchassis_info(#6608) - ๐ Fix bool type usage in
powershell_events(#6584) - โ Add
FileVersionRawcolumn tofiletable for Windows (#5771) - ๐ Enable YARA table on Windows (#6564)
- โ Add
dns_cachetable for Windows (#6505) - โ Add support for processing KILL syscall (#6435)
- โ Add
startup_items table for Linux (#6502) - โ Add
shimcachetable (#6463) - ๐จ Refactor
shell_historyto use generators (it will use less memory) (#6541)
๐ Bug Fixes
- ๐ Set thread names correctly on macOS and Linux (#6627)
- โฑ Apply
--scheduler_timeoutcorrectly (#6618) - โ Add check for
character_frequenciessize (#6625) - ๐ Fix race in removing external
TablePlugins(#6623) - ๐ฎ Force shell to disable watchdog and logger (#6621)
- Return early within the shell if relative flags are used (#6605)
- ๐ท Apply watcher delay each time the worker is started (#6604)
- Set global output function for Thrift (#6592)
- ๐ Fix incorrect
readFileparams increatePidFile(#6578) - ๐ Fix call to
LocalFreeon deinit ptr insidegetUidFromSid(#6579) - ๐ Fix
readFileto observe requested read size (#6569) - Replace fstream within
syslog_events with a custom non-blocking getline (#6539) - Only fire events if a publisher exists (#6553)
- ๐ Fix Leak in
psidToString(#6548) - ๐ฆ Fix memory leaks in
rpm_package_files(#6544) - ๐ Change "Symlink loop" message from warning to verbose (#6545)
๐ Documentation
- โก๏ธ Update process auditing docs schema link (#6645)
- ๐ Improve descriptions for the
processestable (#6596) - Replace slackin with Slack shared invite (#6617)
- โก๏ธ Update copyright notices to osquery foundation (#6589, #6590)
๐ Build
- ๐ Fix Windows build by removing non existing C11 conformance (#6629)
- โ Remove
ExecStartPrefrom systemd service unit (#6586) - ๐ Fix pip upgrade warning within CI (#6576)
- Detect
MAJOR_IN_SYSMACROS/MKDEVfor librpm in CMake (#6554) - โ Add
curl_certificatetests (#5281) - โก๏ธ Update YARA library to 4.0.2 (#6559)
- ๐ Improve testing assumptions and flush fsevents when stopping (#6552)
- ๐ Fix the test utility to allow Windows profiling (#6550)
- ๐ Support ASAN for boost coroutine2 using ucontext (#6531)
- โก๏ธ Update instructions for CPack package building (#6529)
- ๐ฆ Use specific RPM variables to set the package name (#6527)
- โก๏ธ Update compiler version used to v142 within Azure (#6528)
Hardening
- ๐ง Restore PIE support being dropped on Linux (#6611)
-
v4.4.0 Changes
June 25, 2020๐ New Features / Under the Hood improvements
- ๐ง Implement container access from tables on Linux (#6209, #6485)
- โก๏ธ Update language to use 'allow list' and 'deny list' (#6489, #6487, #6488, #6493)
- ๐ macos: Automatic configuration of the OpenBSM audit rules (#6447)
- ๐ macos: Add polling to OpenBSM publisher (#6436)
- โ Add messages to distributed query results (#6352)
- ๐ Implement event batching support for Windows tables (#6280)
Table Changes
- โ Add container access to the os_version table (#6413)
- โ Add container access to DEB, RPM, NPM packages tables (#6414)
- โ Add fields auid, fs{u,g}id, s{u,g}id to auditd based tables (#6362)
- ๐ Improve apt_sources resiliency (#6482)
- ๐ Make file and hash container columns hidden (#6486)
- โ Add 'maintainer', 'section', 'priority' columns to deb_packages (#6442)
- Add 'vendor', 'package_group' columns to rpm_packages (#6443)
- โ Add 'arch' column to os_version (#6444)
- Add 'board_xxx' columns to system_info table (#6398)
- Windows: omit non-interactive sessions from logged_in_users (#6375)
- ๐ Fixes to package_bom table (#6457, #6461)
- โ Add chassis_info table for windows (#5282)
- โ Add Azure tables (#6507)
๐ Bug Fixes
- โก๏ธ Update hash cache inode number in query cache (#6440)
- Only explode registry key if it can be tokenized (#6474)
- ๐ Change ErrorBase::takeUnderlyingError to non const (#6483)
- ๐ Use RapidJSON to fix event format results and the Kafka Logger (#6449)
- ๐ Correct the 'cwd' and 'root' columns of processes table on Windows (#6459)
- Correct some SQLite types (#6392)
- Partial fix for md_devices issue (#6417)
- ๐ Fix the handling of empty args strings, on Windows (#6460)
- ๐จ Refactor shutdown logging, and remove explicit syslog call (#6376)
- ๐ Change the Windows registry LIKE path constraint to filter recursively (#6448)
- ๐ Use sync resolve within http client (#6490)
- ๐ Fix typed_row table caching (#6508)
- Do not use system proxy for AWS local authority (#6512)
- Only populate table cache with star-like selects (#6513)
๐ Documentation
- โก๏ธ Update osquery security policy (#6425)
- ๐ Updating changelog for 4.3.0 release (#6387)
- ๐ Improve the new table tutorial (#6479)
- โ Add Auto Table Construction to docs (#6476)
- โ Add documentation for enabling socket_events on macOS (#6407)
- โก๏ธ Update winbaseobj table description (#6429)
- Fixing the description of failed_login_count from account_policy_data (#6415)
- โ Remove references to brew in macOS install (#6494)
- โ Add note to bump the Homebrew cask (#6519)
- โก๏ธ Updating docs on cpack usage to include Chocolatey (#6022)
- ๐ Changelog for 4.4.0 (#6492, #6523))
๐ Build
- ๐ Fix Userassist.test_sanity test sometimes failing (#6396)
- โฌ๏ธ Drop the facebook and source_migration layers (#6473)
- ๐ Move ssdeep-cpp to source_migration (#6464)
- ๐ Move smartmontools to source_migration (#6465)
- ๐ Build augeas from source on macOS (#6399)
- ๐ Build lldpd from source on macOS (#6406)
- ๐ Build linenoise-ng from source on macOS and Windows (#6412)
- ๐ Build sleuthkit from source on macOS (#6416)
- ๐ Build popt from source on macOS (#6409)
- ๐ Fix libelfin build on ossfuzz and LLVM/Clang 10 (#6472)
- ๐ Use the patched libelfin version (#6480)
- codegen: Port Jinja2 to Templite (#6470)
- ๐ Pass the minimum macOS SDK version to openssl only if explicitly set (#6471)
- โ Add git-lfs as dep for macOS build in documentation (#6384)
- โก๏ธ Update openssl from 1.1.1f to 1.1.1g (#6432)
- ๐ Build openssl with the macOS SDK version taken from CMake (#6469)
- ๐ Do not install openssl docs (#6441)
- โก๏ธ Update build configuration of ReadTheDocs (#6434, #6456)
- ๐ Link librdkafka on Windows (#6454)
- ๐ Build sleuthkit on Windows (#6445)
- โ Add nupkg cpack build option and update Windows deployment script (#6262)
- ๐ Fix rpm and deb package name format (#6468)
- ๐ฆ Fix atom_packages, processes, rpm_packages tests (#6518)
- ๐ Fixes and cleanup for Windows compiler flags (#6521)
- ๐ Correct macOS framework linking (#6522)
๐ Security Issues
- ๐ Disable openssl compression support (#6433)
Hardening
- Use LOAD_LIBRARY_SEARCH_SYSTEM32 for LoadLibrary (#6458)
-
v4.3.0 Changes
April 14, 2020๐ New Features / Under the Hood improvements
- ๐ Change verbosity of scheduled query execution messages from INFO to verbose only (#6271)
- โก๏ธ Updated the unwanted-chrome-extensions queries to include all users, not the osquery process owner only (#6265)
- Check for errors in the return status of the extension tables and report them (#6108)
- ๐ First steps to properly support UTF8 strings on Windows (#6190)
- Display the undelying API error string when udev monitoring fails (#6186)
- โ Add the
pathcolumn to the ATC generate specs (#6278) - โ Add Kafka support to Microsoft Windows (#6095)
- ๐ Log a warning message if osquery fails to get the service description on Microsoft Windows (#6281)
- ๐ง Make AWS kinesis status logging configurable (#6135)
- โ Add an integration test for the
disk_infotable (#6323) - ๐ Use -1 for missing
ppidin theprocess_eventstable (#6339) - โ Remove error when converting empty numeric rows (#6371)
- ๐ Change verbosity from ERROR to INFO of access failures to system processes on Microsoft Windows (#6370)
- ๐ Make possible to get verbose messages from the dispatcher service management on Microsoft Windows too (#6369)
๐ Build
- ๐ Fix codegen template for extension group (#6244)
- โก๏ธ Update SQLite from 3.30.1-1 to 3.31.1 (#6252)
- โก๏ธ Update the osquery-toolchain to version 1.1.0 which uses LLVM/Clang 9.0.1 (#6315)
- โก๏ธ Update openssl to version 1.1.1f (#6302, #6359)
- ๐ Simplify formula-based third party libraries build (#6303)
- โ Removed the Buck build system (#6361)
๐ Bug Fixes
- ๐ Fix CFNumber conversion when the type was a Float64/32 instead of a Double (#6273)
- ๐ Fix duplicate results being returned by the chrome_extensions table (#6277)
- ๐ Fix flaky ProcessOpenFilesTest.test_sanity (#6185)
- ๐ Fix the
--database_dumpflag for RocksDB not outputting anything (#6272) - ๐ Fix the
pci_devicestable pci ids extraction in non-existing paths (#6297) - ๐ Fix parsing an invalid decorators config (#6317)
- โ Fix flaky TLSConfigTests.test_runner_and_scheduler (#6308)
- ๐ Fix chromeExtensions.test_sanity (#6324)
- ๐ Fix broken Unicode filename searches on Microsoft Windows (#6291)
- ๐ Fix a use-after-free when sqlite attempts to access the entire rows data at the end of a query (#6328)
- โ Keep proc instance for test_base and test_osqueryd (#6335)
- ๐ Fix osquery not exiting when given check or dump requests (#6334)
- ๐ Fix
processtablecmdlineparsing (#6340) - ๐ Fix a crash when parsing files with libmagic (#6363)
- ๐ Fix a sporadic readFile API failure when using non-blocking I/O (#6368)
- ๐ Fix the MSI package not always installing in the system drive by default (#6379)
- Ensure the extensions uuid is never 0 (#6377)
- ๐ Fix a race condition making the watcher act as a worker on Microsoft Windows (#6372)
- ๐ Fix extensions tables detaching which was sometimes failing (#6373)
- ๐ Fix an issue with extensions re-registration (#6374)
- ๐ Fix a crash due to a race condition in accessing the iokit port on Darwin (Apple OS X) (#6380)
Hardening
- Limit SQL functions regex_match and regex_split regex size (#6267)
- ๐ Prevent a stack overflow when parsing deeply nested configs (#6325)
Table Changes
- Added table
chrome_extension_content_scriptsto All Platforms (#6140) - Added table
docker_container_fs_changesto POSIX-compatible Platforms (#6178) - ๐ Added table
windows_security_centerto Microsoft Windows (#6256) - โ Added many new tables to Linux to query
lxd(#6249) - โ Added table
screenlockto Darwin (Apple OS X) (#6243) - โ Added table
userassistto Microsoft Windows (#5539) - โ Added column
status(TEXT) to tabledeb_packages(#6341) - โ Added many new columns to the
curl_certificatetable (#6176) - โ Added table
socket_eventsto Darwin (Apple OS X) (#6028) - โ Added table
hvci_status, previously inadvertly left out from the build, to Microsoft Windows (#6378)
-
v4.2.0 Changes
February 13, 2020๐ New Features / Under the Hood improvements
- โ TLS Testing infrastructure has been overhauled (#6170)
- Boost regex has been replaced with std (#6236)
community_id_v1added as a SQL function (#6211)
๐ Build
- ๐ Fix format checking on Windows (#6188)
- ๐ Fix format folder exclusions for build checks (#6201)
- ๐ Fix the linking for extensions in build (#6219)
- ๐ Fix build to include windows optional features table (#6207)
๐ Security Issues
- [CVE-2020-1887] osquery does not properly verify the SNI hostname (#6197)
๐ Bug Fixes
- Carver no longer returns empty carves for hidden files (#6183)
- โ Address a race in the Dispatcher logic (#6145)
- ๐ Fix validation in 'last' table (#6147)
- ๐ Fix flaky logger testing (#6171)
- ๐ Fix JSON format assumptions in file_paths parsing (#6159)
- ๐ Fix windows WMI BSTR to be wstrings (#6175)
- ๐ Fix windows string <-> wstring conversion functions (#6187)
- ๐ Enable more intelligent path expansion on Windows (#6153)
- ๐ Fix heap buffer overflow in callDoubleFunc and powerFunc (#6225)
Table Changes
- โ Added table
firefox_addonsto All Platforms (#6200) - โ Added table
ssh_configsto All Platforms (#6161) - Added table
user_ssh_keysto All Platforms (#6161) - โ Added table
mdlsto Darwin (Apple OS X) (#4825) - โ Added table
hvci_statusto Microsoft Windows (#5426) - Added table
ntfs_journal_eventsto Microsoft Windows (#5371) - Added table
docker_image_layersto POSIX-compatible Platforms (#6154) - Added table
process_open_pipesto POSIX-compatible Platforms (#6142) - โ Added table
apparmor_profilesto Ubuntu, CentOS (#6138) - โ Added table
selinux_settingsto Ubuntu, CentOS (#6118) - Added column
lock_status(INTEGER_TYPE) to tablebitlocker_info(#6155) - Added column
percentage_encrypted(INTEGER_TYPE) to tablebitlocker_info(#6155) - Added column
version(INTEGER_TYPE) to tablebitlocker_info(#6155) - Added column
optional_permissions(TEXT_TYPE) to tablechrome_extensions(#6115) - โ Removed table
firefox_addonsfrom POSIX-compatible Platforms (#6200) - โ Removed table
ssh_configsfrom POSIX-compatible Platforms (#6161) - Removed table
user_ssh_keysfrom POSIX-compatible Platforms (#6161)
-
v4.1.2 Changes
December 17, 2019๐ New Features / Under the Hood improvements
- โ Add more tests throughout the codebase (#5908), (#6071), (#6126)
- ๐ The
chrome_extensionstable now supports Chromium and Brave (#6126)
๐ Build
- Require Python 3.5 and greater (#6081), (#6120)
- ๐ท Prepare Python tests for CI (lots of effort!) (#6068)
- โช Restore osqueryd integration test (#6116)
๐ Bug Fixes
- ๐ง Continue to use
com.facebook.osquery.plistfor Launch Daemon configuration (#6093) - โก๏ธ Update systemd service to use KillMode=control-group (#6096)
- ๐ฆ RPM and DEB packages both have post-install scripts to reload systemd (#6097)
- โก๏ธ Update Windows package build script to include cert bundle (#6114)
- โก๏ธ Update table specs to fix constraints passing (#6103), (#6104), (#6105), (#6106), (#6122)
Table Changes
-
v4.1.1 Changes
November 19, 2019๐ New Features / Under the Hood improvements
- ๐ Improve
nvramtable to use input variable names (#6053) - ๐ Improve
apt_sourcessource detection (#6047) - ๐ Change
atom_packagesto use user constraints (#6052) - โ Re-enable required-column warning messages (#6038)
๐ Build
- Migrate several libraries to the CMake source layer (#5902), (#6023)
- โก๏ธ Update SQLite from 3.29.0-3 to 3.30.1-1 (#6020)
- ๐ Recommend building with MacOS 10.11 SDK (#6000)
๐ Bug Fixes
- ๐ Fix Linux audit incorrect read and handle leak (#5959)
- ๐ Change "logNumericsAsNumbers" to "numerics" logger top-level key (#6002)
- โช Restore INDEX behavior for extensions (#6006)
- ๐ Fix potential JSON parsing issues in ATC plugin (#6029)
- Avoid scanning special files with YARA (#5971)
- ๐ Fix use-after-move in YARA subscriber (#6054)
- ๐ Handle relative redirects in internal HTTP clients (#6049)
- ๐ Apply options config parsing before others (#6050)
Table Changes
- Added table
windows_optional_featuresto Microsoft Windows #5991)
- ๐ Improve
-
v4.1.0 Changes
November 03, 2019๐ New Features / Under the Hood improvements
- ๐ Restore extension SDK and build support (#5851)
- ๐ Documentation improvements (#5860), (#5852), (#5912), (#5954)
- โ Add more tests throughout the codebase (#5837), (#5832), (#5857), (#5864), (#5855), (#5869), (#5871), (#5885), (#5903), (#5879), (#5914), (#5941), (#5957)
- ๐ Allow configuration more Linux Audit settings using flags (#5953)
- Add logger_tls_max_lines flag (#5956)
- โ Add AWS Session Token support (#5944)
๐ Build
- Lots of work on CPack-based packaging (#5809), (#5822), (#5823), (#5827), (#5780), (#5850), (#5843), (#5881), (#5825), (#5940), (#5951), (#5936)
- Lots of work porting Python2 to Python3 (#5846)
- โฌ๏ธ Upgrade OpenSSL to 1.0.2t on all platforms (#5928)
- ๐ Use SQLite 3.29.0 on Windows and macOS (#5810)
- ๐ Use aws-sdk-cpp source-builds on Windows and macOS (#5889)
- โ Add various code quality checks and utilities (#5834), (#5730), (#5872)
Hardening
- โช Restore fuzzing harness and use oss-fuzz (#5844), (#5886), (#5910), (#5915), (#5923), (#5955), (#5963)
- ๐ Use newer RapidJSON and switch to safer iterative parsing (#5893), (#5913)
๐ Bug Fixes
- ๐ Set Windows MSI ErrorControl to normal instead of critical (#5818)
- ๐ Wrap flagfile with quotes for Windows install flag (#5824)
- ๐ Improve submodule usages in CMake (#5850), (#5880), (#5892), (#5897), (#5907)
- ๐ Improve locking support in internal APIs (#5841), (#5906), (#5943), (#5944)
- ๐ Fixes for macOS application layer firewall tables (#5378)
- ๐ Fixes within BPF event tables (#5874)
- ๐จ Refactor and improve PCI device tables on Linux (#5446)
- ๐ Implement PID indexing on Windows
processestable (#5919) - ๐ Improve
WHERE IN()performance (#5924), (#5938) - ๐ Improve the internal HTTP client (#5891), (#5946), (#5947)
- ๐ Fix Windows version codename lookup (#5887)
Table Changes
- โ Added table
alf_servicesto Darwin (Apple OS X) (#5378) - โ Added table
connectivityto Microsoft Windows (#5500) - โ Added table
default_environmentto Microsoft Windows (#5441) - ๐ Added table
windows_security_productsto Microsoft Windows (#5479) - Added column
platform_mask(INTEGER_TYPE) to tableosquery_info(#5898)
-
v4.0.2 Changes
September 12, 2019๐ This release fixes crashes identified in 4.0.1. There are no changes in functionality.
๐ Bug Fixes