Workflow

Osquery

Latest version: v3.1.1

Safety actively analyzes 688758 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 6

5.2.3

which contained CVEs that could affect osquery.
Additionally some other third-party libraries and tables have been dropped,
since they were not maintained or considered safe anymore.

Deprecation Notices

- Remove the `shortcut_files` table ([7547](https://github.com/osquery/osquery/pull/7547))
- Remove the ssdeep library and remove its support in the `hash` table ([7525](https://github.com/osquery/osquery/pull/7525))
- Remove the libelfin library and elf parsing tables ([7524](https://github.com/osquery/osquery/pull/7524))

Hardening

- libs: Update OpenSSL from version 1.1.1l to 1.1.1n ([7506](https://github.com/osquery/osquery/pull/7506))
- libs: Update zlib from v1.2.11 to v1.2.12 ([7548](https://github.com/osquery/osquery/pull/7548))
- Update librpm to 4.17.0 ([7529](https://github.com/osquery/osquery/pull/7529))
- libs: Update expat from version 2.2.10 to 2.4.7 ([7526](https://github.com/osquery/osquery/pull/7526))

<a name="5.2.2"></a>

5.2.2

platform. It also represents a comprehensive review and update of our
third-party dependencies. To support this work, the developer docs
have been updated, as have several parts of the build system

This release represents commits from 24 contributors! Thank you all.

New Features

- Apple Silicon support ([7330](https://github.com/osquery/osquery/pull/7330))

Deprecation Notices

- The `cpuid` table is x86 only. See [7462](https://github.com/osquery/osquery/issues/7462)
- The `smart_drive_info` table has been deprecated, and is not included in the m1 builds. See [7464](https://github.com/osquery/osquery/issues/7464)
- The `lldp_neighbors` table has been deprecated, and is not included in the m1 builds. See [7463](https://github.com/osquery/osquery/issues/7463)

Table Changes

- Update `time` table to always reflect UTC values ([7276](https://github.com/osquery/osquery/pull/7276), [#7460](https://github.com/osquery/osquery/pull/7460), [#7437](https://github.com/osquery/osquery/pull/7437))
- Hide the deprecated `antispyware` column in `windows_security_center` ([7411](https://github.com/osquery/osquery/pull/7411))
- Add `windows_firewall_rules` table for windows ([7403](https://github.com/osquery/osquery/pull/7403))

Bug Fixes

- Update the ATC table `path` column check to be case insensitive ([7442](https://github.com/osquery/osquery/pull/7442))
- Fix a crash introduced by 5.2.0 when Yara uses its own strutils functions ([7439](https://github.com/osquery/osquery/pull/7439))
- Fix `user_time` and `system_time` unit in processes table on M1 ([7473](https://github.com/osquery/osquery/pull/7473))

Documentation

- Fix typos in documentation ([7443](https://github.com/osquery/osquery/pull/7443), [#7412](https://github.com/osquery/osquery/pull/7412))
- CHANGELOG 5.1.0 ([7406](https://github.com/osquery/osquery/pull/7406))

Build

- Update sqlite to version 3.37.0 ([7426](https://github.com/osquery/osquery/pull/7426))
- Fix linking of thirdparty_sleuthkit ([7425](https://github.com/osquery/osquery/pull/7425))
- Fix how we disable tables in the fuzzer init method ([7419](https://github.com/osquery/osquery/pull/7419))
- Prevent running discovery queries when fuzzing ([7418](https://github.com/osquery/osquery/pull/7418))
- Add BOOST_USE_ASAN define when enabling Asan ([7469](https://github.com/osquery/osquery/pull/7469))
- Removing unnecessary macOS version check ([7451](https://github.com/osquery/osquery/pull/7451))
- Fix submodule cache for macOS CI runner ([7456](https://github.com/osquery/osquery/pull/7456))
- Add osquery version to macOS app bundle Info.plist ([7452](https://github.com/osquery/osquery/pull/7452))
- libs: Update OpenSSL to verion 1.1.1l ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update augeas to version 1.12.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update aws-sdk to version 1.9.116 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update boost to version 1.77 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update gflags to 2.2.2 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update glog to version 0.5.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update googletest to version 1.11.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update libarchive to version 3.5.2 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update libcap to version 1.2.59 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update libmagic to version 5.40 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update librdkafka to version 1.8.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update libxml2 to version 2.9.12 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update linenoise-ng to the latest commit ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update lzma to version 5.2.5 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update rocksdb to version 6.22.1 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update sleuthkit to version 4.11.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update ssdeep-cpp to the latest commit (d8705da) ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update thrift to version 0.15.0 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update yara to version 4.1.3 ([7330](https://github.com/osquery/osquery/pull/7330))
- libs: Update zstd to version 1.4.0 ([7330](https://github.com/osquery/osquery/pull/7330))

<a name="5.1.0"></a>

5.1.0

[Git Commits](https://github.com/osquery/osquery/compare/5.0.1...5.1.0)

Representing commits from 20 contributors! Thank you all.

New Features

- Allow custom cpu limit duration for the watchdog ([7348](https://github.com/osquery/osquery/pull/7348))
- Support custom endpoints for AWS Kinesis and Firehose. ([7317](https://github.com/osquery/osquery/pull/7317))

Table Changes

- Add `docker_container_envs` table for access to docker container environment ([7313](https://github.com/osquery/osquery/pull/7313))
- `curl` table now returns peer certificates even if the TLS handshake does not complete ([7349](https://github.com/osquery/osquery/pull/7349))

Under the Hood improvements

- Allow tests and SDK to reset dispatcher state ([7372](https://github.com/osquery/osquery/pull/7372))
- Avoid string copies when looping through cron search dirs ([7331](https://github.com/osquery/osquery/pull/7331))
- Respect `read_max` flag when hashing using ssdeep ([7367](https://github.com/osquery/osquery/pull/7367))

Bug Fixes

- Detect when an extension has not started correctly on Windows ([7355](https://github.com/osquery/osquery/pull/7355))
- Fix crash 7353 when osquery captures kill syscall when not subscribed to them ([7354](https://github.com/osquery/osquery/pull/7354))
- Fix crash in AuditdNetlinkReader::configureAuditService when audit_add_rule_data returns an error ([7337](https://github.com/osquery/osquery/pull/7337))
- Fix crash when `windows_security_products` errors out ([7401](https://github.com/osquery/osquery/pull/7401))
- Fix for 7394 where cleanup of some event tables never occurs ([7395](https://github.com/osquery/osquery/pull/7395))
- Improve BPF publisher reliability ([7302](https://github.com/osquery/osquery/pull/7302))
- Lower log level of "executing distributed query" ([7386](https://github.com/osquery/osquery/pull/7386))
- Reduce excessive log messages from `authorized_keys` table implementation ([7318](https://github.com/osquery/osquery/pull/7318))

Documentation

- Add 5.0.1 CHANGELOG ([7284](https://github.com/osquery/osquery/pull/7284))
- Fix typo in Everything in SQL docs ([7338](https://github.com/osquery/osquery/pull/7338))
- Fix typo in SQL docs ([7376](https://github.com/osquery/osquery/pull/7376))
- Update GitHub issue templates ([7361](https://github.com/osquery/osquery/pull/7361), [#7396](https://github.com/osquery/osquery/pull/7396))
- Update installation guide to use newer macOS paths ([7311](https://github.com/osquery/osquery/pull/7311))
- Update macOS ESF documentation ([7303](https://github.com/osquery/osquery/pull/7303))

Packs

- Add Forcepoint Endpoint Chrome Extension detection to packs ([7346](https://github.com/osquery/osquery/pull/7346))
- Add `beurk` rootkit detection to packs ([7345](https://github.com/osquery/osquery/pull/7345))

Build

- Allow tests to reset the restarting state ([7373](https://github.com/osquery/osquery/pull/7373))
- Build librpm with ndb support ([7294](https://github.com/osquery/osquery/pull/7294))
- Customizable installation logic ([7315](https://github.com/osquery/osquery/pull/7315))
- Fix ASL test on macOS 11 and later ([7320](https://github.com/osquery/osquery/pull/7320))
- Restore query packs in Windows packaging ([7388](https://github.com/osquery/osquery/pull/7388))
- Skip deprecated ASL test when targeting macOS 10.13+ SDK ([7358](https://github.com/osquery/osquery/pull/7358))
- Update packaging commit to fix Linux symlinks ([7404](https://github.com/osquery/osquery/pull/7404))
- Update the CI Linux Docker image ([7332](https://github.com/osquery/osquery/pull/7332))

<a name="5.0.1"></a>

5.0.1

[Git Commits](https://github.com/osquery/osquery/compare/4.9.0...5.0.1)

Representing commits from 21 contributors! Thank you all.

5.0

* We now install into /opt/osquery on macOS and Linux for better portability.
* Our default and recommended installation for macOS uses an application bundle to support entitlement-based features.
* We now use Endpoint Security APIs for various event-based tables on macOS (more to come in the future!)
* We now use an osquery-organization macOS code signing certificate.

There are several breaking changes:
* Installation paths have changes from `/usr/local` to `/opt/osquery` on macOS and Linux (symlinks to executables are provided).
* macOS codesigning is now down through the Osquery Foundation account
* If you manage macOS full disk permission through a profile, you will need to update it.
See [docs](https://osquery.readthedocs.io/en/latest/deployment/process-auditing/#automatically-granting-permissions-silent-installs)
* We removed the deprecated `blacklist` key from the configuration (7153)
* Search semantics on the augeas table have changed to be more performant, but do break the existing query API.

Table Changes

- Add `secureboot` table for Linux and Windows ([7202](https://github.com/osquery/osquery/pull/7202))
- Add `tpm_info` for Windows ([7107](https://github.com/osquery/osquery/pull/7107))
- Fix `osquery_info` build_platform column value on Linux ([7254](https://github.com/osquery/osquery/pull/7254))
- Support `pid_with_namespace` in more tables ([7132](https://github.com/osquery/osquery/pull/7132))
- Update `augeas` table to use native pattern matching (BREAKING) ([6982](https://github.com/osquery/osquery/pull/6982))
- Update `chrome_extensions` to include Edge & EdgeBeta ([7170](https://github.com/osquery/osquery/pull/7170))
- Update `disk_encryption` table to support QueryContext ([7209](https://github.com/osquery/osquery/pull/7209))
- Update `last` to include utmp type name column ([7201](https://github.com/osquery/osquery/pull/7201))
- Update `sudoers` table to support newer include syntax ([7185](https://github.com/osquery/osquery/pull/7185))
- Update `user_ssh_keys` to detect encryption of ed25519 keys ([7168](https://github.com/osquery/osquery/pull/7168))

Under the Hood Improvements

- Add ruby namespace to the thrift definition ([7191](https://github.com/osquery/osquery/pull/7191))
- Always initialize variable change in PerformanceChange ([7176](https://github.com/osquery/osquery/pull/7176))
- Remove deprecated `blacklist` key ([7153](https://github.com/osquery/osquery/pull/7153))
- Use total_size within watchdog on Windows ([7157](https://github.com/osquery/osquery/pull/7157))
- Support AF_PACKET sockets reporting on Linux ([7282](https://github.com/osquery/osquery/pull/7282))
- socket_events improvements in Linux audit system ([7269](https://github.com/osquery/osquery/pull/7269))

Bug Fixes

- Add case sensitive pragma to the pragma/actions authorizer allow list ([7267](https://github.com/osquery/osquery/pull/7267))
- Add feature to skip denylist for event-based queries ([7158](https://github.com/osquery/osquery/pull/7158))
- Change logger_mode flag to be correctly interpreted as an octal ([7273](https://github.com/osquery/osquery/pull/7273))
- Do not let osquery create multiple copies of the extension running at once ([7178](https://github.com/osquery/osquery/pull/7178))
- Fix Linux audit rule removal upon osquery exit ([7221](https://github.com/osquery/osquery/pull/7221))
- Fix broadcasting empty logs to logger plugins ([7183](https://github.com/osquery/osquery/pull/7183))
- Fix issues applying ACLs during chocolatey deployment ([7166](https://github.com/osquery/osquery/pull/7166))
- Fix memory issue in Windows fileops ([7179](https://github.com/osquery/osquery/pull/7179))
- Fix `process_open_sockets` type error on darwin ([6546](https://github.com/osquery/osquery/pull/6546))
- Make sure that the file action `MOVED_TO` is tracked with yara events. ([7203](https://github.com/osquery/osquery/pull/7203))
- Prevent osquery from killing itself when the `--force` flag is used ([7295](https://github.com/osquery/osquery/pull/7295))
- Prevent race condition between shutdown and worker or extension launch ([7204](https://github.com/osquery/osquery/pull/7204))

Documentation

- Add a security assurance case ([7048](https://github.com/osquery/osquery/pull/7048))
- Bring the YARA wiki page up to date ([7172](https://github.com/osquery/osquery/pull/7172))
- Spelling fixes ([7211](https://github.com/osquery/osquery/pull/7211), [#7186](https://github.com/osquery/osquery/pull/7186))
- Update `uptime` table description ([7270](https://github.com/osquery/osquery/pull/7270))
- Update osquery installed artifacts paths in the documentation ([7286](https://github.com/osquery/osquery/pull/7286))

Build

- Add TimeoutStopSec to systemd service files ([7190](https://github.com/osquery/osquery/pull/7190))
- Correct macOS installed app bundle path in osqueryctl and doc ([7289](https://github.com/osquery/osquery/pull/7289))
- Create an macOS app bundle ([7263](https://github.com/osquery/osquery/pull/7263))
- Fix choco packaging not failing when an error occurs during install or upgrade ([7182](https://github.com/osquery/osquery/pull/7182))
- Fix path in macOS launchd plist ([7288](https://github.com/osquery/osquery/pull/7288))
- Pin the packaging repo within GitHub workflows ([7208](https://github.com/osquery/osquery/pull/7208), [#7255](https://github.com/osquery/osquery/pull/7255), [#7279](https://github.com/osquery/osquery/pull/7279))
- Update Windows deployment icon to png ([7163](https://github.com/osquery/osquery/pull/7163))
- Update install paths, and remove deprecated Facebook naming ([7210](https://github.com/osquery/osquery/pull/7210))
- Update macOS build to include app bundle related files ([7184](https://github.com/osquery/osquery/pull/7184))
- Update osquery installed artifacts default paths in code ([7285](https://github.com/osquery/osquery/pull/7285))
- Update the installation path on Linux ([7271](https://github.com/osquery/osquery/pull/7271))
- libs: Add options to AWS Optionally enable debug option and restrict content-type header size for PUT req ([7216](https://github.com/osquery/osquery/pull/7216))
- libs: Enable and compile the YARA macho module on macOS ([7174](https://github.com/osquery/osquery/pull/7174))
- libs: Update OpenSSL to version 1.1.1l ([7293](https://github.com/osquery/osquery/pull/7293))
- libs: Update Strawberry Perl to 5.32.1.1, use HTTPS downloads ([7199](https://github.com/osquery/osquery/pull/7199))
- libs: Update ebpfpub ([7173](https://github.com/osquery/osquery/pull/7173), [#7219](https://github.com/osquery/osquery/pull/7219))

<a name="4.9.0"></a>

4.9.0

[Git Commits](https://github.com/osquery/osquery/compare/4.8.0...4.9.0)

Representing commits from 16 contributors! Thank you all.

New Features

- Add filesystem logrotate feature ([7015](https://github.com/osquery/osquery/pull/7015))
- Add Non-Functional EndpointSecurity based process events to macOS (Requires updated codesigning due in 5.0) ([7046](https://github.com/osquery/osquery/pull/7046))

Table Changes

- Add `mdm_managed` column to `system_extensions` on macOS ([6915](https://github.com/osquery/osquery/pull/6915))
- Add `prefetch` table on Windows ([7076](https://github.com/osquery/osquery/pull/7076))
- Add support for IMDSv2 to AWS tables ([7084](https://github.com/osquery/osquery/pull/7084))
- Enable container stats on docker containers that don't have traditional networks ([7145](https://github.com/osquery/osquery/pull/7145))
- Update `homebrew_packages` to include new prefix, and allow specifying alternate prefixes ([7117](https://github.com/osquery/osquery/pull/7117))
- Update `ntfs_acl_permissions` to list all ACE entries (using `GetAce()`) ([7114](https://github.com/osquery/osquery/pull/7114))
- Update `processes` table to display additional Windows attributes (`secured`, `protected`, `virtual`, `elevated`) ([7121](https://github.com/osquery/osquery/pull/7121))
- Update how `package_install_history` identifies the packageIdentifiers key ([7099](https://github.com/osquery/osquery/pull/7099))
- Update how `identifier` is calculated in `chrome_extensions` ([7124](https://github.com/osquery/osquery/pull/7124))

Under the Hood improvements

- Improve speed of osquery shutdown procedure ([7077](https://github.com/osquery/osquery/pull/7077))
- Improve shutdown speed during initialization ([7106](https://github.com/osquery/osquery/pull/7106))
- Update website generators ([7136](https://github.com/osquery/osquery/pull/7136))
- CLI flag to allow osquery to keep retrying enrollment (instead of exiting) ([7125](https://github.com/osquery/osquery/pull/7125))
- rocksdb: Do not fsync WAL writes ([7094](https://github.com/osquery/osquery/pull/7094))
- Move CPack packaging to a dedicated repository ([7059](https://github.com/osquery/osquery/pull/7059))
- Restore thrift socket 5min timeout ([7072](https://github.com/osquery/osquery/pull/7072))
- Consolidate syscalls to a single audit rule ([7063](https://github.com/osquery/osquery/pull/7063))

Bug Fixes

- Add current WMI location for Dell BIOS info ([7103](https://github.com/osquery/osquery/pull/7103))
- Correct RocksDB error code and subcode printing on open failure ([7069](https://github.com/osquery/osquery/pull/7069))
- Fix `pipe_channel` not reading all data in a message ([7139](https://github.com/osquery/osquery/pull/7139))
- Fix crash and deadlocks in recursive logging ([7127](https://github.com/osquery/osquery/pull/7127))
- Fix custom `curl_certificate` timeouts ([7151](https://github.com/osquery/osquery/pull/7151))
- Fix extensions crash on shutdown ([7075](https://github.com/osquery/osquery/pull/7075))
- Handle updated paths on various macOS tables -- `xprotect_entries`, `xprotect_meta`, `launchd` ([7138](https://github.com/osquery/osquery/pull/7138), [#7154](https://github.com/osquery/osquery/pull/7154))
- Trigger event cleanup checks every 256 events ([7143](https://github.com/osquery/osquery/pull/7143))
- Update generating an extension uuid to be thread safe ([7135](https://github.com/osquery/osquery/pull/7135))
- Watchdog should wait for the worker to shutdown ([7116](https://github.com/osquery/osquery/pull/7116))

Documentation

- Update process auditing requirements documentation ([7102](https://github.com/osquery/osquery/pull/7102))
- Update website docs indicating windows support for YARA tables ([7130](https://github.com/osquery/osquery/pull/7130))
- Add 4.9.0 CHANGELOG ([7152](https://github.com/osquery/osquery/pull/7152))

Build

- Add Apple provisioning profile for distribution ([7119](https://github.com/osquery/osquery/pull/7119))
- Add more tests for events expiration ([7071](https://github.com/osquery/osquery/pull/7071))
- CI: Regenerate sccache cache when compiler version changes ([7081](https://github.com/osquery/osquery/pull/7081))
- Fix flaky test test_daemon_sigint by waiting for pidfile ([7095](https://github.com/osquery/osquery/pull/7095))
- Fix icon in Windows packaging ([7148](https://github.com/osquery/osquery/pull/7148))
- Minor cleanup of unused variables ([7128](https://github.com/osquery/osquery/pull/7128))
- Print extension SDK minimum version required when failing to load ([7074](https://github.com/osquery/osquery/pull/7074))
- Remove POSIX-only `-fexceptions` flag on Windows ([7126](https://github.com/osquery/osquery/pull/7126))
- Remove duplicated osquery_utils_aws_tests-test ([7078](https://github.com/osquery/osquery/pull/7078))
- Remove flaky test decorators for python tests ([7070](https://github.com/osquery/osquery/pull/7070))
- Update SQLite to version 3.35.5 ([7090](https://github.com/osquery/osquery/pull/7090))
- Update librdkafka to version 1.7.0 ([7134](https://github.com/osquery/osquery/pull/7134))
- Update libyara to version 4.1.1 ([7133](https://github.com/osquery/osquery/pull/7133))

<a name="4.8.0"></a>

Page 3 of 6

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.