v3.6
Security
- [Interp] CVE-2022-30688: Anchor interpreter regex to prevent local privilege escalation.
(responsibly reported by Jakub Wilk)
DSA 5137-1 | USN-5426-1
Features
- [Core] Add support for runit.
(Debian Bug#972685 by Lorenzo Puliti plorenzo@disroot.org) - [VM] Add support to detect outdated VM processes (i.e. qemu).
(github pull request #216 by )Christian Ehrhardt @cpaelzer)
Changes
- [Cont] Improve LXD container support.
(github pull request #188 by James TD Smith @ahktenzero) - [Cont] Update cgroup regex for LXC 4.0.
(github pull request #215 by James TD Smith @ahktenzero) - [Cont] Support cgroup v2 for docker.
(github pull request #234 by Markus Frosch @lazyfrosch) - [Cont] Support cgroup v2 for LXC/LXD.
(github pull request #238 by Trent Lloyd @lathiat) - [Core] Support cgroup v2 for services and user sessions.
- [Core] Support systemd manager restart on Ubuntu 20.04+.
(github pull request #195 by Lars Kollstedt @LarsKollstedt) - [Core] Do not restart bluetooth.service by default.
(github pull request #209 by Erik Tews @eriktews) - [Core] Do not restart elogind by default.
(github issue #205 by @HumanG33k) - [Core] Output user sessions in batch mode.
(github pull request #232 by @anarcat) - [Core] Use ImVirt for virtualization detection if not running on systemd.
(Debian Bug#984789 by Patrik Schindler poc@pocnet.net) - [Interp] Add tolerance when checking script file ctimes to avoid false positives.
(github pull request #233 by Corey Hickey @bugfood) - [Kernel] Replace strings(1) by GNU grep to drop binutils dependency.
(Debian Bug#986507 by Trent W. Buck trentbuck@gmail.com)
Fixes
- [Core] Fix comment for default value of
skip_mapfiles
.
(github pull request #179 by @iasdeoupxe) - [Interp] Fix detection for ruby script started from relative paths.
(github pull request #182 by Alexander Neumann @rtpt-alex) - [Core] Fix typos.
(github pull request #189 by @wwuck)
(github pull request #193 by Stefan Weil @stweil) - [Core] Fix verbose/verbosity confusion in needrestart.conf.
(github pull request #197 by Jan-Philipp Litza @jplitza) - [Core] Ignore memfd files like used by nvidia's binary drivers.
(github pull request #200 by Jan Visser @starquake) - [Core] Ignore all memfd mappings.
(Debian Bug#972685 by Michail Bachmann m.bachmann@cms.hu-berlin.de) - [Core] Ignore Java Native Access mappings.
(github issue #142 by @nirgal)
(github issue #185 by Ivan Zaera @izaera) - [Core] nagios: Do not print perfdata data in unkown state.
(github pull request #222 by Lorenz @RincewindsHat) - [uCode] Fix 'uninitialized value' on AMD.
(github pull request #226 by Christian Garbs @mmitch)
Misc
- Minor cleanups (whitespaces, shellcheck, ...).
(github pull request #217 by @a1346054) - Update README.batch.md.
(github pull request #219 by Stavros Ntentos @stdedos) - Add icinga2 example config.
(github pull request #223 by Lorenz @RincewindsHat) - [uCode] Fix lsinitrd example.
(github pull request #240 by Corey Hickey @bugfood)
Full Changelog: v3.5...v3.6