Skip to content

4.8.0
Compare
Choose a tag to compare
@directionless directionless released this 19 Apr 02:42
· 575 commits to master since this release
4.8.0
89e32f9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Representing commits from 14 contributors! Thank you all.

This version fixes a regression introduced in 4.7.0 related to events expiration optimization. Please read (#7055) for more information.

This release upgrades openssl, as is general good practice. Osquery is not known to be effected by any security issues in OpenSSL.

New Features

  • shell: Add .connect meta command (#6944)

Table Changes

  • Add seccomp_events table for Linux (#7006)
  • Add shortcut_files table for Windows (#6994)

Under the Hood improvements

  • Removing Keyboard Event Taps from osx-attacks pack (#7023)
  • Refactor watcher out of singleton pattern (#7042)
  • Small events subscriber refactor to increase test coverage (#7050)
  • Setting non-required deb_packages fields as optional in test (#7001)

Bug Fixes

  • Handle events optimization edge cases (#7060)
  • Fix optimization for multiple queries using the same subscriber (#7055)
  • Use epoch and counter for events-based queries (#7051)
  • Guard node key to prevent duplicate enrollments (#7052)
  • Change windows calculation for physical_memory (#7028)
  • Free using WTSFreeMemoryEx for WTSEnumerateSessionsExW (#7039)
  • Release variable in Windows data conversation (#7024)
  • Change chrome_extensions warnings to verbose (#7032)
  • Add transactions to the SQLite authorizer PRAGMAs (#7029)
  • Change Windows messages to verbose (#7027)
  • Fix scheduler to print the correct number of elapsed seconds (#7016)

Documentation

  • Fix tls_enroll_max_attempts flag name in the documentation (#7049)
  • Improve docs on FIM, mention NTFS and Audit, etc. (#7036)
  • config: Add docs for the events top-level-key (#7040)
  • Add funding link on GitHub generated page (#7043)
  • Correct the example in the windows_events table spec (#7035)
  • Correct docs about OpenSSL and TLS behavior (#7033)
  • Update docs to describe how to build for aarch64/arm64 (#6285) (#6970)
  • Add a note on enabling Windows to build with CMake's long paths (#7010)
  • Add 4.8.0 CHANGELOG (#7057)

Build

  • Add an option to enable incremental linking on Windows (#7044)
  • Remove Buck leftovers that supported building with old versions of OpenSSL (#7034)
  • Add build_aarch64 workflow for push (#7014)
  • Move CI to using docker from osquery (#7012)
  • Update dockerfile to multiplatform (#7011)
  • Run GH Actions workflows on all tags (#7004)
  • Disable BPF events tests if OSQUERY_BUILD_BPF is false (#7002)
  • libs: Update OpenSSL to version 1.1.1k (#7026)
Assets 2