Osquery

Latest version: v3.1.1

Safety actively analyzes 688758 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 6

4.8.0

[Git Commits](https://github.com/osquery/osquery/compare/4.7.0...4.8.0)

Representing commits from 14 contributors! Thank you all.

This version fixes a regression introduced in 4.7.0 related to events
expiration optimization. Please read
([7055](https://github.com/osquery/osquery/pull/7055)) for more
information.

This release upgrades openssl, as is general good practice. Osquery is
not known to be effected by any security issues in OpenSSL.

New Features

- shell: Add `.connect` meta command ([6944](https://github.com/osquery/osquery/pull/6944))

Table Changes

- Add `seccomp_events` table for Linux ([7006](https://github.com/osquery/osquery/pull/7006))
- Add `shortcut_files` table for Windows ([6994](https://github.com/osquery/osquery/pull/6994))

Under the Hood improvements

- Removing Keyboard Event Taps from osx-attacks pack ([7023](https://github.com/osquery/osquery/pull/7023))
- Refactor watcher out of singleton pattern ([7042](https://github.com/osquery/osquery/pull/7042))
- Small events subscriber refactor to increase test coverage ([7050](https://github.com/osquery/osquery/pull/7050))
- Setting non-required `deb_packages` fields as optional in test ([7001](https://github.com/osquery/osquery/pull/7001))

Bug Fixes

- Handle events optimization edge cases ([7060](https://github.com/osquery/osquery/pull/7060))
- Fix optimization for multiple queries using the same subscriber ([7055](https://github.com/osquery/osquery/pull/7055))
- Use epoch and counter for events-based queries ([7051](https://github.com/osquery/osquery/pull/7051))
- Guard node key to prevent duplicate enrollments ([7052](https://github.com/osquery/osquery/pull/7052))
- Change windows calculation for physical_memory ([7028](https://github.com/osquery/osquery/pull/7028))
- Free using WTSFreeMemoryEx for WTSEnumerateSessionsExW ([7039](https://github.com/osquery/osquery/pull/7039))
- Release variable in Windows data conversation ([7024](https://github.com/osquery/osquery/pull/7024))
- Change `chrome_extensions` warnings to verbose ([7032](https://github.com/osquery/osquery/pull/7032))
- Add transactions to the SQLite authorizer PRAGMAs ([7029](https://github.com/osquery/osquery/pull/7029))
- Change Windows messages to verbose ([7027](https://github.com/osquery/osquery/pull/7027))
- Fix scheduler to print the correct number of elapsed seconds ([7016](https://github.com/osquery/osquery/pull/7016))

Documentation

- Fix `tls_enroll_max_attempts` flag name in the documentation ([7049](https://github.com/osquery/osquery/pull/7049))
- Improve docs on FIM, mention NTFS and Audit, etc. ([7036](https://github.com/osquery/osquery/pull/7036))
- config: Add docs for the events top-level-key ([7040](https://github.com/osquery/osquery/pull/7040))
- Add funding link on GitHub generated page ([7043](https://github.com/osquery/osquery/pull/7043))
- Correct the example in the `windows_events` table spec ([7035](https://github.com/osquery/osquery/pull/7035))
- Correct docs about OpenSSL and TLS behavior ([7033](https://github.com/osquery/osquery/pull/7033))
- Update docs to describe how to build for aarch64/arm64 (6285) ([6970](https://github.com/osquery/osquery/pull/6970))
- Add a note on enabling Windows to build with CMake's long paths ([7010](https://github.com/osquery/osquery/pull/7010))
- Add 4.8.0 CHANGELOG ([7057](https://github.com/osquery/osquery/pull/7057))

Build

- Add an option to enable incremental linking on Windows ([7044](https://github.com/osquery/osquery/pull/7044))
- Remove Buck leftovers that supported building with old versions of OpenSSL ([7034](https://github.com/osquery/osquery/pull/7034))
- Add build_aarch64 workflow for push ([7014](https://github.com/osquery/osquery/pull/7014))
- Move CI to using docker from osquery ([7012](https://github.com/osquery/osquery/pull/7012))
- Update dockerfile to multiplatform ([7011](https://github.com/osquery/osquery/pull/7011))
- Run GH Actions workflows on all tags ([7004](https://github.com/osquery/osquery/pull/7004))
- Disable BPF events tests if OSQUERY_BUILD_BPF is false ([7002](https://github.com/osquery/osquery/pull/7002))
- libs: Update OpenSSL to version 1.1.1k ([7026](https://github.com/osquery/osquery/pull/7026))

<a name="4.7.0"></a>

4.7.0

[Git Commits](https://github.com/osquery/osquery/compare/4.6.0...4.7.0)

Commits from 21 contributors! Thank you all!

New Features

- Add `concat` and `concat_ws` sql functions ([6927](https://github.com/osquery/osquery/pull/6927))
- Update the scheduler to log the query name at info level ([6934](https://github.com/osquery/osquery/pull/6934))
- Add support for SQLite RPM databases ([6939](https://github.com/osquery/osquery/pull/6939))

Table Changes

- Add `computer` column to Windows Eventlogs ([6952](https://github.com/osquery/osquery/pull/6952))
- Add `docker_image_history` table ([6884](https://github.com/osquery/osquery/pull/6884))
- Add `filevault_status` column to disk_encryption table ([6823](https://github.com/osquery/osquery/pull/6823))
- Add `location_services` table on macOS ([6826](https://github.com/osquery/osquery/pull/6826))
- Add `shellbags` table ([6949](https://github.com/osquery/osquery/pull/6949))
- Add `system_extensions` table on macOS ([6863](https://github.com/osquery/osquery/pull/6863))
- Add `systemd_units` table ([6593](https://github.com/osquery/osquery/pull/6593))
- Add `ycloud_instance_metadata` table ([6961](https://github.com/osquery/osquery/pull/6961))
- Fix loading of YARA rules on Windows ([6893](https://github.com/osquery/osquery/pull/6893))
- Fix macOS OpenDirectory attribute mismatch ([6816](https://github.com/osquery/osquery/pull/6816))
- Update `augeas` table not to autoload system lenses ([6980](https://github.com/osquery/osquery/pull/6980))
- Update `chrome_extensions` table -- more browser support and tests ([6780](https://github.com/osquery/osquery/pull/6780))
- Update `office_mru` table to correct platforms ([6827](https://github.com/osquery/osquery/pull/6827))
- Update aws table to include macOS ([6817](https://github.com/osquery/osquery/pull/6817))

Under the Hood improvements

- Remove Azure Pipelines ([6953](https://github.com/osquery/osquery/pull/6953))
- Disable deprecated TLS versions 1.0, 1.1 ([6910](https://github.com/osquery/osquery/pull/6910))
- Use librpm bdb_ro backend and remove bdb ([6931](https://github.com/osquery/osquery/pull/6931))
- bpf: Improve execve/execveat tracing, add AArch64 build support ([6802](https://github.com/osquery/osquery/pull/6802))
- Use a distinct carver `request_id` and add this to the schema ([6959](https://github.com/osquery/osquery/pull/6959))
- Initialize TLSLogForwarder before enrollment check ([6958](https://github.com/osquery/osquery/pull/6958))
- Put noisy thrift logs behind a flag ([6951](https://github.com/osquery/osquery/pull/6951))
- Fix bug in windows thrift, causing named pipe closing ([6937](https://github.com/osquery/osquery/pull/6937))
- Remove unused/experimental ebpf code ([6879](https://github.com/osquery/osquery/pull/6879))
- Remove unused ev2 code ([6878](https://github.com/osquery/osquery/pull/6878))
- Refactor the eventing framework to reduce disk IO and improve performance([6610](https://github.com/osquery/osquery/pull/6610))

Bug Fixes

- Add `journal_mode` to the sqlite authorizer PRAGMAs ([6999](https://github.com/osquery/osquery/pull/6999))
- Add `table_info` to the sqlite authorizer PRAGMAs ([6814](https://github.com/osquery/osquery/pull/6814))
- Always use BIGINT macro for `long long` data ([6986](https://github.com/osquery/osquery/pull/6986))
- Copy JSON objects to avoid MemoryPool buildup ([6957](https://github.com/osquery/osquery/pull/6957))
- Do not call unconfigured subscribers errors ([6847](https://github.com/osquery/osquery/pull/6847))
- Do not ignore mountpoints that have the same mount path ([6871](https://github.com/osquery/osquery/pull/6871))
- Do not start scheduler when shutting down ([6960](https://github.com/osquery/osquery/pull/6960))
- Don't mark scope and key columns as index in selinux_settings table ([6872](https://github.com/osquery/osquery/pull/6872))
- Fix `augeas` table output bug for non-path entries ([6981](https://github.com/osquery/osquery/pull/6981))
- Fix `pids` column in `docker_container_stats` table ([6965](https://github.com/osquery/osquery/pull/6965))
- Fix additional relative path check in Yara for Windows ([6894](https://github.com/osquery/osquery/pull/6894))
- Fix config validation oom with duplicated keys ([6876](https://github.com/osquery/osquery/pull/6876))
- Fix data type macro used for 64-bit timestamp variables ([6897](https://github.com/osquery/osquery/pull/6897))
- Fix error in `process_open_files` inode need stoul, not stoi ([6983](https://github.com/osquery/osquery/pull/6983))
- Fix leaks when a query fails from the shell ([6849](https://github.com/osquery/osquery/pull/6849))
- Fix mem leak regression with Windows sids API ([6984](https://github.com/osquery/osquery/pull/6984))
- Make Group ID columns consistent across Windows tables ([6987](https://github.com/osquery/osquery/pull/6987))
- When iterating /proc, use individual try/catch so catch partial failures ([6933](https://github.com/osquery/osquery/pull/6933))
- augeas: Clear aug pointer on error ([6973](https://github.com/osquery/osquery/pull/6973))

Documentation

- Add 4.6.0 CHANGELOG ([6809](https://github.com/osquery/osquery/pull/6809))
- Add 4.7.0 CHANGELOG ([6985](https://github.com/osquery/osquery/pull/6985))
- Add docs for TLS enroll max attempts ([6888](https://github.com/osquery/osquery/pull/6888))
- Change reference about Azure Pipelines to GitHub Actions ([6988](https://github.com/osquery/osquery/pull/6988))
- Clarify FIM exclude category documentation ([6966](https://github.com/osquery/osquery/pull/6966))
- Document retrieval of available tables/columns via SQL ([6812](https://github.com/osquery/osquery/pull/6812))
- Fix Github Actions status badge in the README ([6908](https://github.com/osquery/osquery/pull/6908))
- Fix all broken or redirected URLs and references ([6835](https://github.com/osquery/osquery/pull/6835))
- Fix broken URL in docs ([6882](https://github.com/osquery/osquery/pull/6882))
- Fix incorrect Slack URLs ([6844](https://github.com/osquery/osquery/pull/6844))
- Fix packs discovery queries documentation ([6946](https://github.com/osquery/osquery/pull/6946))
- Fix reference to a Powershell script on Windows ([6936](https://github.com/osquery/osquery/pull/6936))
- Fix typos in source code ([6901](https://github.com/osquery/osquery/pull/6901))
- Improve explanations of event control flags ([6954](https://github.com/osquery/osquery/pull/6954))
- Spellcheck and Markdown edits ([6899](https://github.com/osquery/osquery/pull/6899))
- Update README to include release process comment ([6877](https://github.com/osquery/osquery/pull/6877))
- Update documentation about denylist schedule key ([6922](https://github.com/osquery/osquery/pull/6922))
- Update macOS OpenBSM configuration ([6916](https://github.com/osquery/osquery/pull/6916))
- Update the Linux install steps and package listing ([6956](https://github.com/osquery/osquery/pull/6956))
- Update the info about osquery's TLS version support ([6963](https://github.com/osquery/osquery/pull/6963))

Build

- CI: Add a RelWithDebInfo Linux job to generate packages ([6838](https://github.com/osquery/osquery/pull/6838))
- CI: Add support for GitHub Actions ([6885](https://github.com/osquery/osquery/pull/6885))
- CI: Add unit tests for RPM DB querying ([6919](https://github.com/osquery/osquery/pull/6919))
- CI: Fix ExtendedAttributesTableTests failing due to an unexpected attribute ([6942](https://github.com/osquery/osquery/pull/6942))
- CI: Fix StartupItemTest failing due to unexpected values ([6940](https://github.com/osquery/osquery/pull/6940))
- CI: Fix SystemControlsTest adding sunrpc as an expected subsystem ([6932](https://github.com/osquery/osquery/pull/6932))
- CI: Fix XattrTests failing due to unexpected attribute name ([6941](https://github.com/osquery/osquery/pull/6941))
- CI: Fix an incorrect check in StartupItems test ([6950](https://github.com/osquery/osquery/pull/6950))
- CI: Fix wifi_tests on macOS 10.15 and above ([6724](https://github.com/osquery/osquery/pull/6724))
- CI: Move cppcheck step after the tests ([6845](https://github.com/osquery/osquery/pull/6845))
- CI: Permit running formatting earlier in the CI ([6836](https://github.com/osquery/osquery/pull/6836))
- CI: Remove incorrect 2to3 symlink breaking Python brew upgrade ([6819](https://github.com/osquery/osquery/pull/6819))
- CI: Remove unused empty test file ([6918](https://github.com/osquery/osquery/pull/6918))
- CI: Remove unused tests for Rocksdb and Inmemory db plugins ([6900](https://github.com/osquery/osquery/pull/6900))
- CI: Update XCode to 12.3 and Update min macOS version to 10.12 ([6896](https://github.com/osquery/osquery/pull/6896), [#6913](https://github.com/osquery/osquery/pull/6913))
- CI: Update macOS agent to 10.15 Catalina ([6680](https://github.com/osquery/osquery/pull/6680))
- CMake: Add -pthread compile option on posix platforms ([6909](https://github.com/osquery/osquery/pull/6909))
- CMake: Add Valgrind support ([6834](https://github.com/osquery/osquery/pull/6834))
- CMake: Add an option to disable building AWS tables and library ([6831](https://github.com/osquery/osquery/pull/6831))
- CMake: Add an option to disable building libdpkg tables and library ([6848](https://github.com/osquery/osquery/pull/6848))
- CMake: Detect missing headers during include namespace generation ([6855](https://github.com/osquery/osquery/pull/6855))
- CMake: Do not attempt to dllimport Thrift symbols ([6856](https://github.com/osquery/osquery/pull/6856))
- CMake: Do not compile Windows libraries with debug symbols ([6833](https://github.com/osquery/osquery/pull/6833))
- CMake: Explicitly set the MSVC runtime library ([6818](https://github.com/osquery/osquery/pull/6818))
- CMake: Fix amalgamated tables generation on change ([6832](https://github.com/osquery/osquery/pull/6832))
- CMake: Fix platformtablecontaineripc include namespace generation ([6853](https://github.com/osquery/osquery/pull/6853))
- CMake: Further fix amalgamation file gen on change ([6854](https://github.com/osquery/osquery/pull/6854))
- CMake: Refactor and rename fuzzers build flag ([6829](https://github.com/osquery/osquery/pull/6829))
- CMake: Significantly speed up configuration phase ([6914](https://github.com/osquery/osquery/pull/6914))
- CMake: Use make jobserver for OpenSSL on Linux and macOS ([6821](https://github.com/osquery/osquery/pull/6821))
- CPack: Remove extraneous lenses directory for augues on macOS ([6998](https://github.com/osquery/osquery/pull/6998))
- Change libdpkg submodule url to our own GitHub mirror ([6903](https://github.com/osquery/osquery/pull/6903))
- Disable incremental linking to reduce build size on Windows ([6898](https://github.com/osquery/osquery/pull/6898))
- GitHub Actions: Fix .deb artifacts, add scheduled builds ([6920](https://github.com/osquery/osquery/pull/6920))
- Remove `hash` and `yara` table from fuzz harnesses ([6972](https://github.com/osquery/osquery/pull/6972))
- libraries: Reduce the compilation units from libarchive ([6886](https://github.com/osquery/osquery/pull/6886))
- libraries: Remove the last usage of sqlite3 from sleuthkit ([6858](https://github.com/osquery/osquery/pull/6858))
- libraries: Rename yara str functions to avoid symbol collisions ([6917](https://github.com/osquery/osquery/pull/6917))
- libraries: Update librpm to version 4.16.1.2 ([6850](https://github.com/osquery/osquery/pull/6850))
- libraries: Update openssl to version 1.1.1i ([6820](https://github.com/osquery/osquery/pull/6820))
- libraries: Update thrift to version 0.13.0 ([6822](https://github.com/osquery/osquery/pull/6822))

Hardening

- Update CODEOWNERS to reflect existing teams ([6955](https://github.com/osquery/osquery/pull/6955), [#6975](https://github.com/osquery/osquery/pull/6975))
- Restrict access to Thrift server pipe on Windows ([6875](https://github.com/osquery/osquery/pull/6875))
- Fix a leak in libdpkg when querying the `deb_packages` table ([6892](https://github.com/osquery/osquery/pull/6892))
- Fix UB and dangerous casting in the pubsub framework ([6881](https://github.com/osquery/osquery/pull/6881))
- Fix heap-use-after-free in deregisterEventSubscriber ([6880](https://github.com/osquery/osquery/pull/6880))
- Thift patch to support security configuration ([6846](https://github.com/osquery/osquery/pull/6846))
- Improve config fuzzer dictionary creation script ([6860](https://github.com/osquery/osquery/pull/6860))
- Avoid running queries for views when fuzzing ([6859](https://github.com/osquery/osquery/pull/6859))
- Improve fuzzing speed and stack trace accuracy ([6851](https://github.com/osquery/osquery/pull/6851))

<a name="4.6.0"></a>

4.6.0

[Git Commits](https://github.com/osquery/osquery/compare/4.5.1...4.6.0)

New Features

- Initial implementations for BPF-based socket and process events tables ([6571](https://github.com/osquery/osquery/pull/6571))
- Support EC2 tables on Windows ([6756](https://github.com/osquery/osquery/pull/6756))

Under the Hood improvements

- BPF: Add container support to fork/vfork/clone ([6721](https://github.com/osquery/osquery/pull/6721))
- BPF: Additional improvements on the initial implementation ([6717](https://github.com/osquery/osquery/pull/6717))
- BPF: Fix the tests ([6783](https://github.com/osquery/osquery/pull/6783))
- BPF: Fix wrong d_type compare in filesystem classes ([6774](https://github.com/osquery/osquery/pull/6774))
- BPF: Implement additional syscalls to track file descriptor usage ([6723](https://github.com/osquery/osquery/pull/6723))
- Remove unused LTCG flag ([6769](https://github.com/osquery/osquery/pull/6769))
- Support TLS client certificate chains ([6753](https://github.com/osquery/osquery/pull/6753))
- Refactor carver to use the Scheduler ([6671](https://github.com/osquery/osquery/pull/6671))
- Add configuration flag to disable file_events by default ([6663](https://github.com/osquery/osquery/pull/6663))
- libs: Build x86_64 configurations on Ubuntu 14.04 ([6687](https://github.com/osquery/osquery/pull/6687))
- libs: Port the RocksDB Win7 compatibility patch to the MSBuild generator ([6765](https://github.com/osquery/osquery/pull/6765))
- libs: Update BPF libraries to support LLVM 11 ([6775](https://github.com/osquery/osquery/pull/6775))
- libs: Update RocksDB to version 6.14.5 ([6759](https://github.com/osquery/osquery/pull/6759))
- libs: Update bzip2 to version 1.0.8 ([6786](https://github.com/osquery/osquery/pull/6786))
- libs: Update ebpfpub to latest version ([6757](https://github.com/osquery/osquery/pull/6757))
- libs: Update sqlite to version 3.34.0 ([6804](https://github.com/osquery/osquery/pull/6804))
- libs: update aws-sdk to 1.7.230 ([6749](https://github.com/osquery/osquery/pull/6749))
- Adding support for pretty-printing JSON results in osqueryi ([6695](https://github.com/osquery/osquery/pull/6695))

Table Changes

- Add Yandex Browser support for chrome_extensions ([6735](https://github.com/osquery/osquery/pull/6735))
- Add additional file stat flags to Darwin (bsd_flags) ([6699](https://github.com/osquery/osquery/pull/6699))
- Add extended_attributes table to Linux, add support for Linux capabilities ([6195](https://github.com/osquery/osquery/pull/6195))
- Add indexed column support to Windows users table ([6782](https://github.com/osquery/osquery/pull/6782))
- Enable AWS Instance profile as credential provider on Windows ([6754](https://github.com/osquery/osquery/pull/6754))
- Add systemd support for startup_items on Linux ([6562](https://github.com/osquery/osquery/pull/6562))

Bug Fixes

- Do not use memset on VirtualTable, a non-POD type ([6760](https://github.com/osquery/osquery/pull/6760))
- Fix deadlock when registering two extensions ([6745](https://github.com/osquery/osquery/pull/6745))
- Fix last_connected column in wifi_networks on Catalina ([6669](https://github.com/osquery/osquery/pull/6669))
- Fix missing negations, duplicate rows in iptables table ([6713](https://github.com/osquery/osquery/pull/6713))
- Fix shadow table to detect empty passwords ([6696](https://github.com/osquery/osquery/pull/6696))
- Free memory allocated by ConvertStringSidToSid ([6714](https://github.com/osquery/osquery/pull/6714))
- PackageIdentifiers are optional in InstallHistory.plist ([6767](https://github.com/osquery/osquery/pull/6767))
- Removing PUNYCODE flag from windows string conversions ([6730](https://github.com/osquery/osquery/pull/6730))
- Fix memory leak in the dbus classes ([6773](https://github.com/osquery/osquery/pull/6773))
- Change the kernel_modules size column type to BIGINT ([6712](https://github.com/osquery/osquery/pull/6712))

Documentation

- Add a README.md to source-based libraries ([6686](https://github.com/osquery/osquery/pull/6686))
- Fix spelling typos ([6705](https://github.com/osquery/osquery/pull/6705))
- Journald Audit Logs Masking Documentation ([6748](https://github.com/osquery/osquery/pull/6748))

Build

- CI: Provide built packages as Azure artifacts ([6772](https://github.com/osquery/osquery/pull/6772))
- CI: Python installation improvements on Windows ([6764](https://github.com/osquery/osquery/pull/6764))
- CI: Update brew scripts ([6794](https://github.com/osquery/osquery/pull/6794))
- CMake: Disable BPF support if the LLVM libs are not compatible ([6746](https://github.com/osquery/osquery/pull/6746))
- CMake: Use CPACK_RPM_PACKAGE_RELEASE ([6805](https://github.com/osquery/osquery/pull/6805))
- CMake: Add max version limit to 3.18.0 on Linux ([6801](https://github.com/osquery/osquery/pull/6801))
- Change urls for submodules gpg-error, libgcrypt, libcap ([6768](https://github.com/osquery/osquery/pull/6768))
- Reduce linkage requirements for tests ([6715](https://github.com/osquery/osquery/pull/6715))
- Remove a Buck leftover ([6799](https://github.com/osquery/osquery/pull/6799))
- Remove boost workaround introduced in 5591 for string_view ([6771](https://github.com/osquery/osquery/pull/6771))
- Tests: Fix tests on Catalina ([6704](https://github.com/osquery/osquery/pull/6704))
- Update cmake_minum_required to 3.17.5 and pin version in CI ([6770](https://github.com/osquery/osquery/pull/6770))
- build: Fix Windows build on newer MSVC ([6732](https://github.com/osquery/osquery/pull/6732))
- extensions: Always compile examples to prevent them from breaking ([6747](https://github.com/osquery/osquery/pull/6747))

Security Issues

- Add SQLite authorizer to mitgate CVE-2020-26273 / GHSA-4g56-2482-x7q8 (https://github.com/osquery/osquery/commit/c3f9a3dae22d43ed3b4f6a403cbf89da4cba7c3c)

Packs

- Updated unwanted-chrome-extensions ([6720](https://github.com/osquery/osquery/pull/6720))
- Restrict the usb_devices pack to Posix ([6739](https://github.com/osquery/osquery/pull/6739))
- Add Reptile rootkit to ossec-rootkit pack ([6703](https://github.com/osquery/osquery/pull/6703))

<a name="4.5.1"></a>

4.5.1

[Git Commits](https://github.com/osquery/osquery/compare/4.5.0...4.5.1)

Under the Hood improvements

- Improve carver tests by faking `postCarve` ([6659](https://github.com/osquery/osquery/pull/6659))
- Emit an error during carving, if the `carve` SQL function is disabled ([6658](https://github.com/osquery/osquery/pull/6658))
- Update `carves` specs to allow full scan ([6657](https://github.com/osquery/osquery/pull/6657))
- Update `carves` table to use JSON ([6656](https://github.com/osquery/osquery/pull/6656))
- Improve performance and accuracy of Windows `registry` querying ([6647](https://github.com/osquery/osquery/pull/6647))
- Refactor `ephemeral` database plugin into core and simplify tests ([6648](https://github.com/osquery/osquery/pull/6648))

Table Changes

- Support for Office MRU (most recently used) entries ([6587](https://github.com/osquery/osquery/pull/6587))
- Implement configurable timeout through WHERE clause on `curl_certificate` ([6641](https://github.com/osquery/osquery/pull/6641))
- Add `atom_packages` table spec to window ([6649](https://github.com/osquery/osquery/pull/6649))
- Add signature information to `authenticode` table on windows ([6677](https://github.com/osquery/osquery/pull/6677))
- Add additional AWS regions ([6666](https://github.com/osquery/osquery/pull/6666))

Bug Fixes

- Fix container overflow in `curl_certificate` ([6664](https://github.com/osquery/osquery/pull/6664))
- Fix handling of invalid array bound error with `EvtNext` function ([6660](https://github.com/osquery/osquery/pull/6660))
- Fix `wmi_bios_info` table searching ([5246](https://github.com/osquery/osquery/pull/5246))
- Fix `image` column within `drivers` table on Windows ([6652](https://github.com/osquery/osquery/pull/6652))
- Fix windows `dirPathsAreEqual` to use the documented way ([6690](https://github.com/osquery/osquery/pull/6690))
- Fix incorrect `stat()` return checking within process_events ([6694](https://github.com/osquery/osquery/pull/6694))
- Always flush `stdout` when called with `--help` ([6693](https://github.com/osquery/osquery/pull/6693))

Documentation

- Document max scheduled query interval ([6683](https://github.com/osquery/osquery/pull/6683))
- Update documentation around build steps ([6681](https://github.com/osquery/osquery/pull/6681))
- Documentation copy editing
([6676](https://github.com/osquery/osquery/pull/6676),
[6665](https://github.com/osquery/osquery/pull/6665),
[6662](https://github.com/osquery/osquery/pull/6662))
- Add 4.5.0 CHANGELOG ([6646](https://github.com/osquery/osquery/pull/6646))
- Add 4.5.1 CHANGELOG ([6692](https://github.com/osquery/osquery/pull/6692))

Build

- Improve flaky python test handling ([6654](https://github.com/osquery/osquery/pull/6654))
- Restore `test_osqueryi` ([6631](https://github.com/osquery/osquery/pull/6631))
- Limit `osqueryd` CPU usage to 20% in systemd unit file ([6644](https://github.com/osquery/osquery/pull/6644))
- Improve flaky `test_osqueryi` ([6688](https://github.com/osquery/osquery/pull/6688))
- Add `cppcheck` support to macOS ([6685](https://github.com/osquery/osquery/pull/6685))

Hardening

- Add exception catching for table execution ([6689](https://github.com/osquery/osquery/pull/6689))

<a name="4.5.0"></a>

4.5.0

[Git Commits](https://github.com/osquery/osquery/compare/4.4.0...4.5.0)

We would like to thank all of the contributors working on
bootstrapping the ARM64/AARCH64 support and Windows 32bit support.
Additionally, we want to thank those working on Unicode support and
all the bug fixes, documentation improvements, and new features.
Thank you! :clap:

New Features

- ARM64/AARCH64 beta support for Linux ([6612](https://github.com/osquery/osquery/pull/6612))
- Windows 32bit support ([6543](https://github.com/osquery/osquery/pull/6543))
- Fix buildup of RocksDB SST files ([6606](https://github.com/osquery/osquery/pull/6606))

Under the Hood improvements

- Remove selectAllFrom from Linux `process_events` callback ([6638](https://github.com/osquery/osquery/pull/6638))
- Remove database read only concept ([6637](https://github.com/osquery/osquery/pull/6637))
- Move database initialization retry logic into DB API ([6633](https://github.com/osquery/osquery/pull/6633))
- Move osquery/include files into respective CMake targets ([6557](https://github.com/osquery/osquery/pull/6557))
- Memoize `EventFactory::getType` ([6555](https://github.com/osquery/osquery/pull/6555))
- Update schedule counter behavior ([6223](https://github.com/osquery/osquery/pull/6223))
- Define `UNICODE` and `_UNICODE` preprocessors for windows ([6338](https://github.com/osquery/osquery/pull/6338))
- Add WMI utility function to convert datetime to FILETIME ([5901](https://github.com/osquery/osquery/pull/5901))
- Move osquery shutdown logic outside of `Initialize`r ([6530](https://github.com/osquery/osquery/pull/6530))

Table Changes

- Support for Windows Background Activity Moderator ([6585](https://github.com/osquery/osquery/pull/6585))
- Add `apparmor_events` table to Linux ([4982](https://github.com/osquery/osquery/pull/4982))
- Add `sigurl` column to get YARA signatures from an HTTPS server ([6607](https://github.com/osquery/osquery/pull/6607))
- Add `sigrules` column to pass YARA signatures within queries ([6568](https://github.com/osquery/osquery/pull/6568))
- Add non-evented table for querying `windows_event_log` ([6563](https://github.com/osquery/osquery/pull/6563))
- Improve `chassis_types` and `security_breach` columns within `chassis_info` ([6608](https://github.com/osquery/osquery/pull/6608))
- Fix bool type usage in `powershell_events` ([6584](https://github.com/osquery/osquery/pull/6584))
- Add `FileVersionRaw` column to `file` table for Windows ([5771](https://github.com/osquery/osquery/pull/5771))
- Enable YARA table on Windows ([6564](https://github.com/osquery/osquery/pull/6564))
- Add `dns_cache` table for Windows ([6505](https://github.com/osquery/osquery/pull/6505))
- Add support for processing KILL syscall ([6435](https://github.com/osquery/osquery/pull/6435))
- Add `startup_item`s table for Linux ([6502](https://github.com/osquery/osquery/pull/6502))
- Add `shimcache` table ([6463](https://github.com/osquery/osquery/pull/6463))
- Refactor `shell_history` to use generators (it will use less memory) ([6541](https://github.com/osquery/osquery/pull/6541))

Bug Fixes

- Set thread names correctly on macOS and Linux ([6627](https://github.com/osquery/osquery/pull/6627))
- Apply `--scheduler_timeout` correctly ([6618](https://github.com/osquery/osquery/pull/6618))
- Add check for `character_frequencies` size ([6625](https://github.com/osquery/osquery/pull/6625))
- Fix race in removing external `TablePlugins` ([6623](https://github.com/osquery/osquery/pull/6623))
- Force shell to disable watchdog and logger ([6621](https://github.com/osquery/osquery/pull/6621))
- Return early within the shell if relative flags are used ([6605](https://github.com/osquery/osquery/pull/6605))
- Apply watcher delay each time the worker is started ([6604](https://github.com/osquery/osquery/pull/6604))
- Set global output function for Thrift ([6592](https://github.com/osquery/osquery/pull/6592))
- Fix incorrect `readFile` params in `createPidFile` ([6578](https://github.com/osquery/osquery/pull/6578))
- Fix call to `LocalFree` on deinit ptr inside `getUidFromSid` ([6579](https://github.com/osquery/osquery/pull/6579))
- Fix `readFile` to observe requested read size ([6569](https://github.com/osquery/osquery/pull/6569))
- Replace fstream within `syslog_event`s with a custom non-blocking getline ([6539](https://github.com/osquery/osquery/pull/6539))
- Only fire events if a publisher exists ([6553](https://github.com/osquery/osquery/pull/6553))
- Fix Leak in `psidToString` ([6548](https://github.com/osquery/osquery/pull/6548))
- Fix memory leaks in `rpm_package_files` ([6544](https://github.com/osquery/osquery/pull/6544))
- Change "Symlink loop" message from warning to verbose ([6545](https://github.com/osquery/osquery/pull/6545))

Documentation

- Update process auditing docs schema link ([6645](https://github.com/osquery/osquery/pull/6645))
- Improve descriptions for the `processes` table ([6596](https://github.com/osquery/osquery/pull/6596))
- Replace slackin with Slack shared invite ([6617](https://github.com/osquery/osquery/pull/6617))
- Update copyright notices to osquery foundation ([6589](https://github.com/osquery/osquery/pull/6589), [#6590](https://github.com/osquery/osquery/pull/6590))

Build

- Fix Windows build by removing non existing C11 conformance ([6629](https://github.com/osquery/osquery/pull/6629))
- Remove `ExecStartPre` from systemd service unit ([6586](https://github.com/osquery/osquery/pull/6586))
- Fix pip upgrade warning within CI ([6576](https://github.com/osquery/osquery/pull/6576))
- Detect `MAJOR_IN_SYSMACROS`/`MKDEV` for librpm in CMake ([6554](https://github.com/osquery/osquery/pull/6554))
- Add `curl_certificate` tests ([5281](https://github.com/osquery/osquery/pull/5281))
- Update YARA library to 4.0.2 ([6559](https://github.com/osquery/osquery/pull/6559))
- Improve testing assumptions and flush fsevents when stopping ([6552](https://github.com/osquery/osquery/pull/6552))
- Fix the test utility to allow Windows profiling ([6550](https://github.com/osquery/osquery/pull/6550))
- Support ASAN for boost coroutine2 using ucontext ([6531](https://github.com/osquery/osquery/pull/6531))
- Update instructions for CPack package building ([6529](https://github.com/osquery/osquery/pull/6529))
- Use specific RPM variables to set the package name ([6527](https://github.com/osquery/osquery/pull/6527))
- Update compiler version used to v142 within Azure ([6528](https://github.com/osquery/osquery/pull/6528))

Hardening

- Restore PIE support being dropped on Linux ([6611](https://github.com/osquery/osquery/pull/6611))

<a name="4.4.0"></a>

4.4.0

[Git Commits](https://github.com/osquery/osquery/compare/4.3.0...4.4.0)

New Features / Under the Hood improvements

- Implement container access from tables on Linux ([6209](https://github.com/osquery/osquery/pull/6209), [#6485](https://github.com/osquery/osquery/pull/6485))
- Update language to use 'allow list' and 'deny list' ([6489](https://github.com/osquery/osquery/pull/6489), [#6487](https://github.com/osquery/osquery/pull/6487), [#6488](https://github.com/osquery/osquery/pull/6488), [#6493](https://github.com/osquery/osquery/pull/6493))
- macos: Automatic configuration of the OpenBSM audit rules ([6447](https://github.com/osquery/osquery/pull/6447))
- macos: Add polling to OpenBSM publisher ([6436](https://github.com/osquery/osquery/pull/6436))
- Add messages to distributed query results ([6352](https://github.com/osquery/osquery/pull/6352))
- Implement event batching support for Windows tables ([6280](https://github.com/osquery/osquery/pull/6280))

Table Changes

- Add container access to the os_version table ([6413](https://github.com/osquery/osquery/pull/6413))
- Add container access to DEB, RPM, NPM packages tables ([6414](https://github.com/osquery/osquery/pull/6414))
- Add fields auid, fs{u,g}id, s{u,g}id to auditd based tables ([6362](https://github.com/osquery/osquery/pull/6362))
- Improve apt_sources resiliency ([6482](https://github.com/osquery/osquery/pull/6482))
- Make file and hash container columns hidden ([6486](https://github.com/osquery/osquery/pull/6486))
- Add 'maintainer', 'section', 'priority' columns to deb_packages ([6442](https://github.com/osquery/osquery/pull/6442))
- Add 'vendor', 'package_group' columns to rpm_packages ([6443](https://github.com/osquery/osquery/pull/6443))
- Add 'arch' column to os_version ([6444](https://github.com/osquery/osquery/pull/6444))
- Add 'board_xxx' columns to system_info table ([6398](https://github.com/osquery/osquery/pull/6398))
- Windows: omit non-interactive sessions from logged_in_users ([6375](https://github.com/osquery/osquery/pull/6375))
- Fixes to package_bom table ([6457](https://github.com/osquery/osquery/pull/6457), [#6461](https://github.com/osquery/osquery/pull/6461))
- Add chassis_info table for windows ([5282](https://github.com/osquery/osquery/pull/5282))
- Add Azure tables ([6507](https://github.com/osquery/osquery/pull/6507))

Bug Fixes

- Update hash cache inode number in query cache ([6440](https://github.com/osquery/osquery/pull/6440))
- Only explode registry key if it can be tokenized ([6474](https://github.com/osquery/osquery/pull/6474))
- Change ErrorBase::takeUnderlyingError to non const ([6483](https://github.com/osquery/osquery/pull/6483))
- Use RapidJSON to fix event format results and the Kafka Logger ([6449](https://github.com/osquery/osquery/pull/6449))
- Correct the 'cwd' and 'root' columns of processes table on Windows ([6459](https://github.com/osquery/osquery/pull/6459))
- Correct some SQLite types ([6392](https://github.com/osquery/osquery/pull/6392))
- Partial fix for md_devices issue ([6417](https://github.com/osquery/osquery/pull/6417))
- Fix the handling of empty args strings, on Windows ([6460](https://github.com/osquery/osquery/pull/6460))
- Refactor shutdown logging, and remove explicit syslog call ([6376](https://github.com/osquery/osquery/pull/6376))
- Change the Windows registry LIKE path constraint to filter recursively ([6448](https://github.com/osquery/osquery/pull/6448))
- Use sync resolve within http client ([6490](https://github.com/osquery/osquery/pull/6490))
- Fix typed_row table caching ([6508](https://github.com/osquery/osquery/pull/6508))
- Do not use system proxy for AWS local authority ([6512](https://github.com/osquery/osquery/pull/6512))
- Only populate table cache with star-like selects ([6513](https://github.com/osquery/osquery/pull/6513))

Documentation

- Update osquery security policy ([6425](https://github.com/osquery/osquery/pull/6425))
- Updating changelog for 4.3.0 release ([6387](https://github.com/osquery/osquery/pull/6387))
- Improve the new table tutorial ([6479](https://github.com/osquery/osquery/pull/6479))
- Add Auto Table Construction to docs ([6476](https://github.com/osquery/osquery/pull/6476))
- Add documentation for enabling socket_events on macOS ([6407](https://github.com/osquery/osquery/pull/6407))
- Update winbaseobj table description ([6429](https://github.com/osquery/osquery/pull/6429))
- Fixing the description of failed_login_count from account_policy_data ([6415](https://github.com/osquery/osquery/pull/6415))
- Remove references to brew in macOS install ([6494](https://github.com/osquery/osquery/pull/6494))
- Add note to bump the Homebrew cask ([6519](https://github.com/osquery/osquery/pull/6519))
- Updating docs on cpack usage to include Chocolatey ([6022](https://github.com/osquery/osquery/pull/6022))
- Changelog for 4.4.0 ([6492](https://github.com/osquery/osquery/pull/6492), [#6523](https://github.com/osquery/osquery/pull/6523)))

Build

- Fix Userassist.test_sanity test sometimes failing ([6396](https://github.com/osquery/osquery/pull/6396))
- Drop the facebook and source_migration layers ([6473](https://github.com/osquery/osquery/pull/6473))
- Move ssdeep-cpp to source_migration ([6464](https://github.com/osquery/osquery/pull/6464))
- Move smartmontools to source_migration ([6465](https://github.com/osquery/osquery/pull/6465))
- Build augeas from source on macOS ([6399](https://github.com/osquery/osquery/pull/6399))
- Build lldpd from source on macOS ([6406](https://github.com/osquery/osquery/pull/6406))
- Build linenoise-ng from source on macOS and Windows ([6412](https://github.com/osquery/osquery/pull/6412))
- Build sleuthkit from source on macOS ([6416](https://github.com/osquery/osquery/pull/6416))
- Build popt from source on macOS ([6409](https://github.com/osquery/osquery/pull/6409))
- Fix libelfin build on ossfuzz and LLVM/Clang 10 ([6472](https://github.com/osquery/osquery/pull/6472))
- Use the patched libelfin version ([6480](https://github.com/osquery/osquery/pull/6480))
- codegen: Port Jinja2 to Templite ([6470](https://github.com/osquery/osquery/pull/6470))
- Pass the minimum macOS SDK version to openssl only if explicitly set ([6471](https://github.com/osquery/osquery/pull/6471))
- Add git-lfs as dep for macOS build in documentation ([6384](https://github.com/osquery/osquery/pull/6384))
- Update openssl from 1.1.1f to 1.1.1g ([6432](https://github.com/osquery/osquery/pull/6432))
- Build openssl with the macOS SDK version taken from CMake ([6469](https://github.com/osquery/osquery/pull/6469))
- Do not install openssl docs ([6441](https://github.com/osquery/osquery/pull/6441))
- Update build configuration of ReadTheDocs ([6434](https://github.com/osquery/osquery/pull/6434), [#6456](https://github.com/osquery/osquery/pull/6456))
- Link librdkafka on Windows ([6454](https://github.com/osquery/osquery/pull/6454))
- Build sleuthkit on Windows ([6445](https://github.com/osquery/osquery/pull/6445))
- Add nupkg cpack build option and update Windows deployment script ([6262](https://github.com/osquery/osquery/pull/6262))
- Fix rpm and deb package name format ([6468](https://github.com/osquery/osquery/pull/6468))
- Fix atom_packages, processes, rpm_packages tests ([6518](https://github.com/osquery/osquery/pull/6518))
- Fixes and cleanup for Windows compiler flags ([6521](https://github.com/osquery/osquery/pull/6521))
- Correct macOS framework linking ([6522](https://github.com/osquery/osquery/pull/6522))

Security Issues

- Disable openssl compression support ([6433](https://github.com/osquery/osquery/pull/6433))

Hardening

- Use LOAD_LIBRARY_SEARCH_SYSTEM32 for LoadLibrary ([6458](https://github.com/osquery/osquery/pull/6458))

<a name="4.3.0"></a>

Page 4 of 6

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.