Skip to content

5.7.0
Compare
Choose a tag to compare
@directionless directionless released this 06 Dec 19:00
· 228 commits to master since this release
5.7.0
feb718d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

5.7.0

Git Commits

Representing commits from 12 contributors! Thank you all.

CVEs

Addressed by updating a library:

Ignored due to not affecting osquery:

New Features

  • New table security_profile_info to retrieve security profile information on Windows (#7794)

Table Changes

  • Add column to es_process_events for process codesigning flags (#7726)
  • shimcache: Only check CurrentControlSet to avoid duplicate rows (#7832)
  • processes: Fix the procfs memory unit kB, which is 1024 bytes not 1000 (#7818)
  • Fix permissions on opening pipes for reading in pipes table (#7810)
  • Fix the empty host column from logged_in_users table (#7685)
  • docker_containers: Don't report finished_at for a container which is still running (#7783)
  • processes: Stabilize the start_time column value on macOS and Linux (#7788)

Bug Fixes

  • Do not access the AWS SDK request content type if missing (#7834)
  • Fix deadlock when logging happens during a database reset (#7798)
  • Fix handling of some errors during an AWS HTTP request (#7811)

Documentation

  • CHANGELOG 5.6.0 (#7804)
  • Add link to official YARA docs (#7792)
  • Fix typo in keychain_items (#7790)

Packs

  • packs/incident_response: process_memory_map is also applicable to Darwin (#7789)

Build

  • cve: Ignore zstd CVE-2021-24031 (#7865)
  • ci: Add a job and helper scripts to periodically scan for CVEs (#7787)
  • ci: Update how we set github workflow step outputs (#7791)
  • ci: Fix python version when installing modules and testing on macos (#7813)
Assets 18