5.8.1
5.8.1
Representing commits from 22 contributors! Thank you all.
New Features
- Record and send statistics for distributed queries (#7870)
Table Changes
- Add ETW-based process events table for Windows (#7821)
- Add
pid_with_namespace
foryara
table (#7920) - Add a new table
kernel_keys
to the Linux platform (#7876) - Leave
min_version
empty inxprotect_meta
when not specified (#7926) - Port the
secureboot
table to macOS (#7692) - Update
docker_container_stats
table to includecached_memory
column (#7807) cpu_info
: Port the table to macOS x86 and Apple Silicon (#7757)- experiments: Implement a new
bpf_process_events_v2
table (#7773) systemd_units
: Add newunit_file_state
column (#7895)
Under the Hood improvements
- Set counter consistently so zero always indicates all records (#7801)
- Support logging empty result set in batch format for initial runs (#7803)
- Support rollbacks of osquery when new versions introduce new column families (#7712)
- analysis.py: Add --pack flag to load queries from a pack file (#7935)
- profile.py: Log # of queries loaded and raise an error if 0 are loaded (#7934)
Bug Fixes
- Clear cached constraints and columns in xBestIndex (#7435)
- Fix assert fail for unverified WMI request result (#7921)
- Fix leaks in
scheduled_tasks
(#7903) (#7904) - Flush console buffer during ungraceful exit (#7829)
- Propagate windows errors to the exit code (#7896)
- Relax osquery safe permissions check (#7763)
- Silence warnings for more builtin Chrome and Brave extensions (#7932)
- Workaround for hung
routes
table (#7916) - dns_resolvers: fix typo in the name when spawning in namespace (#7875)
- test: Fix flaky test_daemon_sigint (#7888)
Documentation
- Add note about
windows_security_products
compatibility (#7880) - CHANGELOG 5.7.0 (#7894)
- Docs: mention the recent adoption of automatic CVE scanning (#7878)
- Fix broken link in CODE_OF_CONDUCT.md (#7922)
- docs: Update the list of pages (#7866)
- docs: clarify that logger_plugin is set from CLI (#7917)
Build
- Do not catch table or registry exceptions when running tests (#7621)
- Fix and document discovery queries behavior on distributed queries and add tests (#7655)
- Try to free some disk space on the arm64 runners (#7950)
- ci: Automatically cancel old PR jobs (#7887)
- ci: Improve error message when a library is missing from the manifest (#7899)
- ci: Remove Windows 32bit build (#7939)
- ci: Update some actions to remove deprecation warnings (#7864)
- ci: Workaround in the aarch64 runner to avoid out of space (#7941)
- cmake: Remove forced static libraries search for osquery-toolchain (#7881)
- cve: Ignore libcryptsetup cves (#7871)
- cve: Ignore libdpkg CVE-2022-1664 (#7872)
- cve: Ignore libgcrypt cves (#7873)
- cve: Ignore sqlite CVE-2022-46908 (#7911)
- cve: Ignore util-linux cves (#7929)
- cve: Update librpm to 4.18.0 (#7910)
- cve: Update openssl to 1.1.1t (#7937)
- cve: Update yara to 4.2.3 (#7912)
- git: Ignore compile_commands.json and pyrightconfig.json (#7885)
- libs: Fix libmagic build on macOS (#7915)
- libs: Fix system paths used by dbus (#7919)
- libs: Update dbus to 1.12.24 (#7905)
- libs: Update libarchive to 3.6.2 (#7877)
- libs: Update libxml2 to 2.10.3 (#7882)
- libs: Update popt to 1.19 (#7909)
- libs: Update util-linux to 2.35.2 (#7902)
- libs: Update zlib to 1.2.13 (#7874)
- libs: update Thrift to 0.17 (#7868)
- test: Add an option to run only selected python testcases (#7890)
- test: Speed up ec2InstanceMetadata.test_sanity (#7907)