Skip to content
  • 2021.5
  • 1d9af01
  • Compare
    Choose a tag to compare
    Search for a tag
  • 2021.5
  • 1d9af01
  • Compare
    Choose a tag to compare
    Search for a tag

@russellhancox russellhancox released this May 4, 2021

Notes

  • Updates MOLAuthenticatingURLSession to v3.0, which will now pick the most recently issued cert if multiple certs match the filters specified in the configuration. Fixes #553
Assets 4
  • 2021.3
  • ad1868a
  • Compare
    Choose a tag to compare
    Search for a tag
  • 2021.3
  • ad1868a
  • Compare
    Choose a tag to compare
    Search for a tag

@russellhancox russellhancox released this Mar 8, 2021

Notes

  • Fixes an issue in santactl fileinfo where bundles were misappropriated (issue #536)
  • Fixes transitive allowlisting when EnableSysCache is true (issue #539)
Assets 4
  • 2021.2
  • 8b22c85
  • Compare
    Choose a tag to compare
    Search for a tag
  • 2021.2
  • 8b22c85
  • Compare
    Choose a tag to compare
    Search for a tag

@russellhancox russellhancox released this Jan 28, 2021

Notes

  • santad: Fixes caching of blocked executions when EnableSysxCache is in use.
  • santactl: Retry individual requests to continue a long sync through minor network blips
Assets 4

@russellhancox russellhancox released this Jan 13, 2021

Notes

  • Added an optional self-managed cache for decision responses, which should help improve performance when running Santa as a system extension alongside another system extension (#510). To enable this cache, set EnableSysxCache to <true/> in your Santa config profile.
  • Fixed santactl/fileinfo pulling embedded Info.plist files from 32-bit sections of fat binaries.

The versioning scheme has also changed to YYYY.X

Assets 4
  • 1.17
  • 01e4e15
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.17
  • 01e4e15
  • Compare
    Choose a tag to compare
    Search for a tag

@tburgin tburgin released this Dec 23, 2020

Notes

  • santad: log pidversion along with pid. (#512 - thanks @avanzini!)
  • santactl/sync: Use deflate as the default Content-Encoding instead of zlib. (#511 - thanks @radsec!)
    • To re-enable zlib set the EnableBackwardsCompatibleContentEncoding config option to true. If syncing with Upvote deployed at commit 0b4477d or below, set this option to true.
  • Santa now ships as a Universal app (arm64, x86_64). Notably santa-driver.kext will continue to only ship as x86_64. We have no plans to support Santa's kext on Apple Silicon Macs.

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without prompting the user.

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15+.

Assets 4
Dec 19, 2020

1.16

release: split out the kext into a separate release label (#520)
* fix SNTLoggingKernel BUILD rule (#518)

* release: split out santa-driver.kext

* release: update ci

* remove ipa script rule

* update ci
  • 1.15
  • 2221c93
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.15
  • 2221c93
  • Compare
    Choose a tag to compare
    Search for a tag

@russellhancox russellhancox released this Oct 22, 2020

Notes

  • The Santa system extension now prevents santa-driver.kext from being loaded, to prevent the two systems from dueling, which can happen if an old version of Santa is installed after a sysx version has been enabled.
  • Add support for %hostname%, %uuid%, %serial% to EventDetailURL (thanks to @hughneale!)
  • Allow a sync server to remotely set FullSyncInterval during preflight (thanks to @hughneale!)
  • Add a config key (IgnoreOtherEndpointSecurityClients) to ignore events generated by other EndpointSecurity clients, which may cause increased CPU usage.
  • Add a config key (EnableDebugLogging) to enable debug logging for all Santa components
  • Fix a bug in santactl/sync that can cause infinite recursion discovering identities from self-signed roots (issue #497).

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without prompting the user.

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.

Assets 4
  • 1.14
  • ff9cb34
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.14
  • ff9cb34
  • Compare
    Choose a tag to compare
    Search for a tag

@russellhancox russellhancox released this Oct 20, 2020

Notes

  • Added FORK/EXIT logging, can be enabled with the EnableForkAndExitLogging configuration key.
  • Made logging around rule downloads clearer

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without prompting the user.

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.

Assets 4

@russellhancox russellhancox released this Apr 8, 2020

Security Fixes

This release contains some important security fixes to Santa's kernel extension component. The bugs that were fixed could allow an attacker with local code execution as root to gain kernel access. Machines using the system extension on 10.15 are not affected.

Many thanks to Drew Yao of Apple SEAR Red Team for reporting these bugs to us.

  • Off-by-one array access in SantaDriverClient::externalMethod
  • Integer overflow/underflow in SantaCache::bucket_counts
  • Race condition & use-after-free in SantaDriverClient::clientMemoryForType

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without prompting the user.

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.

Assets 4
  • 1.12
  • d9ebb4e
  • Compare
    Choose a tag to compare
    Search for a tag
  • 1.12
  • d9ebb4e
  • Compare
    Choose a tag to compare
    Search for a tag

@tburgin tburgin released this Mar 18, 2020

Important

The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.

Once Santa's SystemExtension is installed, it cannot be removed without promoting the user.

Notes

This release of Santa contains bug fixes:

  • Sync server communication is interrupted on cold boot #453
  • Installing new versions of Santa results in odd SystemExtension behavior, such as multiple active extensions and invalid state #454

See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.

Assets 4