Skip to content

4.5.0
Compare
Choose a tag to compare
@theopolis theopolis released this 12 Sep 23:18
· 951 commits to master since this release
4.5.0
5c71654
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

We would like to thank all of the contributors working on bootstrapping the ARM64/AARCH64 support and Windows 32bit support.
Additionally, we want to thank those working on Unicode support and all the bug fixes, documentation improvements, and new features.
Thank you! 👏

New Features

  • ARM64/AARCH64 beta support for Linux (#6612)
  • Windows 32bit support (#6543)
  • Fix buildup of RocksDB SST files (#6606)

Under the Hood improvements

  • Remove selectAllFrom from Linux process_events callback (#6638)
  • Remove database read only concept (#6637)
  • Move database initialization retry logic into DB API (#6633)
  • Move osquery/include files into respective CMake targets (#6557)
  • Memoize EventFactory::getType (#6555)
  • Update schedule counter behavior (#6223)
  • Define UNICODE and _UNICODE preprocessors for windows (#6338)
  • Add WMI utility function to convert datetime to FILETIME (#5901)
  • Move osquery shutdown logic outside of Initializer (#6530)

Table Changes

  • Support for Windows Background Activity Moderator (#6585)
  • Add apparmor_events table to Linux (#4982)
  • Add sigurl column to get YARA signatures from an HTTPS server (#6607)
  • Add sigrules column to pass YARA signatures within queries (#6568)
  • Add non-evented table for querying windows_event_log (#6563)
  • Improve chassis_types and security_breach columns within chassis_info (#6608)
  • Fix bool type usage in powershell_events (#6584)
  • Add FileVersionRaw column to file table for Windows (#5771)
  • Enable YARA table on Windows (#6564)
  • Add dns_cache table for Windows (#6505)
  • Add support for processing KILL syscall (#6435)
  • Add startup_items table for Linux (#6502)
  • Add shimcache table (#6463)
  • Refactor shell_history to use generators (it will use less memory) (#6541)

Bug Fixes

  • Set thread names correctly on macOS and Linux (#6627)
  • Apply --scheduler_timeout correctly (#6618)
  • Add check for character_frequencies size (#6625)
  • Fix race in removing external TablePlugins (#6623)
  • Force shell to disable watchdog and logger (#6621)
  • Return early within the shell if relative flags are used (#6605)
  • Apply watcher delay each time the worker is started (#6604)
  • Set global output function for Thrift (#6592)
  • Fix incorrect readFile params in createPidFile (#6578)
  • Fix call to LocalFree on deinit ptr inside getUidFromSid (#6579)
  • Fix readFile to observe requested read size (#6569)
  • Replace fstream within syslog_events with a custom non-blocking getline (#6539)
  • Only fire events if a publisher exists (#6553)
  • Fix Leak in psidToString (#6548)
  • Fix memory leaks in rpm_package_files (#6544)
  • Change "Symlink loop" message from warning to verbose (#6545)

Documentation

  • Update process auditing docs schema link (#6645)
  • Improve descriptions for the processes table (#6596)
  • Replace slackin with Slack shared invite (#6617)
  • Update copyright notices to osquery foundation (#6589, #6590)

Build

  • Fix Windows build by removing non existing C11 conformance (#6629)
  • Remove ExecStartPre from systemd service unit (#6586)
  • Fix pip upgrade warning within CI (#6576)
  • Detect MAJOR_IN_SYSMACROS/MKDEV for librpm in CMake (#6554)
  • Add curl_certificate tests (#5281)
  • Update YARA library to 4.0.2 (#6559)
  • Improve testing assumptions and flush fsevents when stopping (#6552)
  • Fix the test utility to allow Windows profiling (#6550)
  • Support ASAN for boost coroutine2 using ucontext (#6531)
  • Update instructions for CPack package building (#6529)
  • Use specific RPM variables to set the package name (#6527)
  • Update compiler version used to v142 within Azure (#6528)

Hardening

  • Restore PIE support being dropped on Linux (#6611)
Assets 9
Loading