5.7.0
5.7.0
Representing commits from 12 contributors! Thank you all.
CVEs
Addressed by updating a library:
Ignored due to not affecting osquery:
- libzstd CVE-2021-24031 via (#7865)
New Features
- New table
security_profile_info
to retrieve security profile information on Windows (#7794)
Table Changes
- Add column to
es_process_events
for process codesigning flags (#7726) shimcache
: Only check CurrentControlSet to avoid duplicate rows (#7832)processes
: Fix the procfs memory unit kB, which is 1024 bytes not 1000 (#7818)- Fix permissions on opening pipes for reading in
pipes
table (#7810) - Fix the empty
host
column fromlogged_in_users
table (#7685) docker_containers
: Don't reportfinished_at
for a container which is still running (#7783)processes
: Stabilize thestart_time
column value on macOS and Linux (#7788)
Bug Fixes
- Do not access the AWS SDK request content type if missing (#7834)
- Fix deadlock when logging happens during a database reset (#7798)
- Fix handling of some errors during an AWS HTTP request (#7811)
Documentation
Packs
- packs/incident_response:
process_memory_map
is also applicable to Darwin (#7789)
Build
- cve: Ignore zstd CVE-2021-24031 (#7865)
- ci: Add a job and helper scripts to periodically scan for CVEs (#7787)
- ci: Update how we set github workflow step outputs (#7791)
- ci: Fix python version when installing modules and testing on macos (#7813)