« Changelog History


OSQuery v5.5.1 Release Notes

  • Git Commits

    ⚡️ Osquery 5.5.1 has some really exciting table updates! There is a much 🍎 anticipated unified_log for macOS, this table is the replacement for asl, and uses the current Apple APIs. Additionally, several tables 👍 have improved their cross-platform support.

    Representing commits from 14 contributors! Thank you all.

    🆕 New Features

    • ➕ Add denylist mechanism to distributed queries (#7675)

    Table Changes

    • ➕ Add cgroup_path column to processes table on Linux (#7728)
    • Add firmware_type column to platform_info table on Windows. (#7710)
    • ➕ Add unified_log table for macOS (UAL) (#7598, #7713)
    • 🏁 Port memory_devices table to Windows (#7633)
    • Port platform_info table to M1 Macs (#7660)
    • 🍎 Restore macOS kernel_panics table on modern macOS (#7585)
    • ⚡️ Update battery table on macOS m1 with correct raw battery max and current capacity (#7721)
    • ⚡️ Update mdfind query timeout to 30 seconds (#7725)
    • ⚡️ Update macos password_policy table to use use -1 as sentinel value for uid column (#7699)
    • ⚡️ Update parsing of authorized_keys file (#7560)
    • ⚡️ Update the registry table to be case insensitive for key (#7708)

    Under the Hood improvements

    • ➕ Add a mechanism to reduce memory retained on Linux (#7502)
    • ➕ Add denylist mechanism to distributed queries (#7675)
    • ➕ Add table spec support for COLLATE NOCASE (#7680)
    • 👌 Improve Pidfile handling (#7304)
    • Prevent the audit event system from using too much memory (#7329)
    • carves: use full pathnames while creating an archive (#7681)

    🐛 Bug Fixes

    • 🛠 Fix GetMemorySize for Windows memory_devices table (#7711)
    • 🛠 Fix tpm_info bug where values were out of date (#7686)
    • 🛠 Fix a crash when parsing ATC config with no columns (#7693)
    • 🛠 Fix bug in GetHomeDirectories filesystem function (#7705)

    📚 Documentation

    • ➕ Add core to the type column description of osquery_extensions schema (#7716)
    • ➕ Add documentation about 3rd-party dependency security (#7684)
    • ➕ Add example for hostname form in curl_certificate table (#7706)
    • ➕ Adds info on how to use GTEST_FILTER on windows (#7696)
    • 🔄 Changelog 5.4.0 (#7678)
    • Describe user-context-related caveat for screenlock table (#7649)
    • Update schema for process_open_sockets.state (#7733)
    • ⚡️ Update schema to reflect platform_info columns not available in Windows (#7732)

    🏗 Build

    • ➕ Add validation integration test for memory_devices (#7722)
    • ✅ Temporarily disable memory_devices integration test (#7717)
    • ⚡️ Update minimum macOS support from 10.12 to 10.14 (#7707)
    • ⚡️ ci: Update and temporarily disable the macOS Catalina test job (#7700)
    • 🐧 cmake: Prevent defining some Linux only targets on other platforms (#7672)
    • ⚡️ libs: Update libxml2 to v2.9.14 (#7729)
    • ⚡️ libs: Update sqlite to version 3.39.2 (#7736)
    • ✅ test: Fix Mdfind.test_sanity flakyness (#7701)