Skip to content

v4.2.7-1c782a1

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Mar 18:46
· 447 commits to main since this release
Immutable release. Only release title and notes can be modified.
v4.2.7-1c782a1
1c782a1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

⚠️ This release is affected by GHSA-w253-42qp-5f2x. Update to v5.0.5-caaf673 or later.

What's Changed

New features

  • Santa MDM export: policy rules can now be exported as a .mobileconfig payload in Santa's JSON allowlist format for MDM deployment.
  • Discovery session modal: the app protection discovery session is now presented as a persistent modal popover rather than an inline list row. It stays live regardless of which tab is active, and the countdown timer and captured paths update in real time as opfilter events arrive.

Bug fixes

  • Discovery session pollution fixed: starting a new discovery session no longer replays events from previous sessions. The XPC event history is now cleared at session start so each session sees only the file-access events generated during its own lifetime.

Allowlist additions

  • Added com.apple.iconservicesagent and com.apple.siriknowledged to the baseline global allowlist.

Preset updates

  • Safari: allow com.apple.Passwords in Library/Safari and Library/Containers/com.apple.Safari.
  • HEY: allow com.hey.app.desktop.helper and chrome_crashpad_handler; allow com.hey.app.desktop as an ancestor signature so child processes inherit access.
  • Chrome: allow com.apple.iconservicesagent in Application Support/Google.

Internal

  • Added tests for ManagedPolicyLoader and ManagedAllowlistLoader parsing logic.

Full Changelog: v4.2.6-e3bced6...v4.2.7-1c782a1

Assets 4
Loading