New Features / Under the Hood improvements
- Implement container access from tables on Linux (#6209, #6485)
- Update language to use 'allow list' and 'deny list' (#6489, #6487, #6488, #6493)
- macos: Automatic configuration of the OpenBSM audit rules (#6447)
- macos: Add polling to OpenBSM publisher (#6436)
- Add messages to distributed query results (#6352)
- Implement event batching support for Windows tables (#6280)
Table Changes
- Add container access to the os_version table (#6413)
- Add container access to DEB, RPM, NPM packages tables (#6414)
- Add fields auid, fs{u,g}id, s{u,g}id to auditd based tables (#6362)
- Improve apt_sources resiliency (#6482)
- Make file and hash container columns hidden (#6486)
- Add 'maintainer', 'section', 'priority' columns to deb_packages (#6442)
- Add 'vendor', 'package_group' columns to rpm_packages (#6443)
- Add 'arch' column to os_version (#6444)
- Add 'board_xxx' columns to system_info table (#6398)
- Windows: omit non-interactive sessions from logged_in_users (#6375)
- Fixes to package_bom table (#6457, #6461)
- Add chassis_info table for windows (#5282)
- Add Azure tables (#6507)
Bug Fixes
- Update hash cache inode number in query cache (#6440)
- Only explode registry key if it can be tokenized (#6474)
- Change ErrorBase::takeUnderlyingError to non const (#6483)
- Use RapidJSON to fix event format results and the Kafka Logger (#6449)
- Correct the 'cwd' and 'root' columns of processes table on Windows (#6459)
- Correct some SQLite types (#6392)
- Partial fix for md_devices issue (#6417)
- Fix the handling of empty args strings, on Windows (#6460)
- Refactor shutdown logging, and remove explicit syslog call (#6376)
- Change the Windows registry LIKE path constraint to filter recursively (#6448)
- Use sync resolve within http client (#6490)
- Fix typed_row table caching (#6508)
- Do not use system proxy for AWS local authority (#6512)
- Only populate table cache with star-like selects (#6513)
Documentation
- Update osquery security policy (#6425)
- Updating changelog for 4.3.0 release (#6387)
- Improve the new table tutorial (#6479)
- Add Auto Table Construction to docs (#6476)
- Add documentation for enabling socket_events on macOS (#6407)
- Update winbaseobj table description (#6429)
- Fixing the description of failed_login_count from account_policy_data (#6415)
- Remove references to brew in macOS install (#6494)
- Add note to bump the Homebrew cask (#6519)
- Updating docs on cpack usage to include Chocolatey (#6022)
- Changelog for 4.4.0 (#6492, #6523))
Build
- Fix Userassist.test_sanity test sometimes failing (#6396)
- Drop the facebook and source_migration layers (#6473)
- Move ssdeep-cpp to source_migration (#6464)
- Move smartmontools to source_migration (#6465)
- Build augeas from source on macOS (#6399)
- Build lldpd from source on macOS (#6406)
- Build linenoise-ng from source on macOS and Windows (#6412)
- Build sleuthkit from source on macOS (#6416)
- Build popt from source on macOS (#6409)
- Fix libelfin build on ossfuzz and LLVM/Clang 10 (#6472)
- Use the patched libelfin version (#6480)
- codegen: Port Jinja2 to Templite (#6470)
- Pass the minimum macOS SDK version to openssl only if explicitly set (#6471)
- Add git-lfs as dep for macOS build in documentation (#6384)
- Update openssl from 1.1.1f to 1.1.1g (#6432)
- Build openssl with the macOS SDK version taken from CMake (#6469)
- Do not install openssl docs (#6441)
- Update build configuration of ReadTheDocs (#6434, #6456)
- Link librdkafka on Windows (#6454)
- Build sleuthkit on Windows (#6445)
- Add nupkg cpack build option and update Windows deployment script (#6262)
- Fix rpm and deb package name format (#6468)
- Fix atom_packages, processes, rpm_packages tests (#6518)
- Fixes and cleanup for Windows compiler flags (#6521)
- Correct macOS framework linking (#6522)
Security Issues
- Disable openssl compression support (#6433)
Hardening
- Use LOAD_LIBRARY_SEARCH_SYSTEM32 for LoadLibrary (#6458)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.