Workflow

Osquery

Latest version: v3.1.1

Safety actively analyzes 688758 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 5 of 6

4.3.0

[Git Commits](https://github.com/osquery/osquery/compare/4.2.0...4.3.0)

New Features / Under the Hood improvements

- Change verbosity of scheduled query execution messages from INFO to verbose only ([6271](https://github.com/osquery/osquery/pull/6271))
- Updated the unwanted-chrome-extensions queries to include all users, not the osquery process owner only ([6265](https://github.com/osquery/osquery/pull/6265))
- Check for errors in the return status of the extension tables and report them ([6108](https://github.com/osquery/osquery/pull/6108))
- First steps to properly support UTF8 strings on Windows ([6190](https://github.com/osquery/osquery/pull/6190))
- Display the undelying API error string when udev monitoring fails ([6186](https://github.com/osquery/osquery/pull/6186))
- Add the `path` column to the ATC generate specs ([6278](https://github.com/osquery/osquery/pull/6278))
- Add Kafka support to Microsoft Windows ([6095](https://github.com/osquery/osquery/pull/6095))
- Log a warning message if osquery fails to get the service description on Microsoft Windows ([6281](https://github.com/osquery/osquery/pull/6281))
- Make AWS kinesis status logging configurable ([6135](https://github.com/osquery/osquery/pull/6135))
- Add an integration test for the `disk_info` table ([6323](https://github.com/osquery/osquery/pull/6323))
- Use -1 for missing `ppid` in the `process_events` table ([6339](https://github.com/osquery/osquery/pull/6339))
- Remove error when converting empty numeric rows ([6371](https://github.com/osquery/osquery/pull/6371))
- Change verbosity from ERROR to INFO of access failures to system processes on Microsoft Windows ([6370](https://github.com/osquery/osquery/pull/6370))
- Make possible to get verbose messages from the dispatcher service management on Microsoft Windows too ([6369](https://github.com/osquery/osquery/pull/6369))

Build

- Fix codegen template for extension group ([6244](https://github.com/osquery/osquery/pull/6244))
- Update SQLite from 3.30.1-1 to 3.31.1 ([6252](https://github.com/osquery/osquery/pull/6252))
- Update the osquery-toolchain to version 1.1.0 which uses LLVM/Clang 9.0.1 ([6315](https://github.com/osquery/osquery/pull/6315))
- Update openssl to version 1.1.1f ([6302](https://github.com/osquery/osquery/pull/6302), [#6359](https://github.com/osquery/osquery/pull/6359))
- Simplify formula-based third party libraries build ([6303](https://github.com/osquery/osquery/pull/6303))
- Removed the Buck build system ([6361](https://github.com/osquery/osquery/pull/6361))

Bug Fixes

- Fix CFNumber conversion when the type was a Float64/32 instead of a Double ([6273](https://github.com/osquery/osquery/pull/6273))
- Fix duplicate results being returned by the chrome_extensions table ([6277](https://github.com/osquery/osquery/pull/6277))
- Fix flaky ProcessOpenFilesTest.test_sanity ([6185](https://github.com/osquery/osquery/pull/6185))
- Fix the `--database_dump` flag for RocksDB not outputting anything ([6272](https://github.com/osquery/osquery/pull/6272))
- Fix the `pci_devices` table pci ids extraction in non-existing paths ([6297](https://github.com/osquery/osquery/pull/6297))
- Fix parsing an invalid decorators config ([6317](https://github.com/osquery/osquery/pull/6317))
- Fix flaky TLSConfigTests.test_runner_and_scheduler ([6308](https://github.com/osquery/osquery/pull/6308))
- Fix chromeExtensions.test_sanity ([6324](https://github.com/osquery/osquery/pull/6324))
- Fix broken Unicode filename searches on Microsoft Windows ([6291](https://github.com/osquery/osquery/pull/6291))
- Fix a use-after-free when sqlite attempts to access the entire rows data at the end of a query ([6328](https://github.com/osquery/osquery/pull/6328))
- Keep proc instance for test_base and test_osqueryd ([6335](https://github.com/osquery/osquery/pull/6335))
- Fix osquery not exiting when given check or dump requests ([6334](https://github.com/osquery/osquery/pull/6334))
- Fix `process` table `cmdline` parsing ([6340](https://github.com/osquery/osquery/pull/6340))
- Fix a crash when parsing files with libmagic ([6363](https://github.com/osquery/osquery/pull/6363))
- Fix a sporadic readFile API failure when using non-blocking I/O ([6368](https://github.com/osquery/osquery/pull/6368))
- Fix the MSI package not always installing in the system drive by default ([6379](https://github.com/osquery/osquery/pull/6379))
- Ensure the extensions uuid is never 0 ([6377](https://github.com/osquery/osquery/pull/6377))
- Fix a race condition making the watcher act as a worker on Microsoft Windows ([6372](https://github.com/osquery/osquery/pull/6372))
- Fix extensions tables detaching which was sometimes failing ([6373](https://github.com/osquery/osquery/pull/6373))
- Fix an issue with extensions re-registration ([6374](https://github.com/osquery/osquery/pull/6374))
- Fix a crash due to a race condition in accessing the iokit port on Darwin (Apple OS X) ([6380](https://github.com/osquery/osquery/pull/6380))

Hardening

- Limit SQL functions regex_match and regex_split regex size ([6267](https://github.com/osquery/osquery/pull/6267))
- Prevent a stack overflow when parsing deeply nested configs ([6325](https://github.com/osquery/osquery/pull/6325))

Table Changes

- Added table `chrome_extension_content_scripts` to All Platforms ([6140](https://github.com/osquery/osquery/pull/6140))
- Added table `docker_container_fs_changes` to POSIX-compatible Platforms ([6178](https://github.com/osquery/osquery/pull/6178))
- Added table `windows_security_center` to Microsoft Windows ([6256](https://github.com/osquery/osquery/pull/6256))
- Added many new tables to Linux to query `lxd` ([6249](https://github.com/osquery/osquery/pull/6249))
- Added table `screenlock` to Darwin (Apple OS X) ([6243](https://github.com/osquery/osquery/pull/6243))
- Added table `userassist` to Microsoft Windows ([5539](https://github.com/osquery/osquery/pull/5539))
- Added column `status` (`TEXT`) to table `deb_packages` ([6341](https://github.com/osquery/osquery/pull/6341))
- Added many new columns to the `curl_certificate` table ([6176](https://github.com/osquery/osquery/pull/6176))
- Added table `socket_events` to Darwin (Apple OS X) ([6028](https://github.com/osquery/osquery/pull/6028))
- Added table `hvci_status`, previously inadvertly left out from the build, to Microsoft Windows ([6378](https://github.com/osquery/osquery/pull/6378))

<a name="4.2.0"></a>

4.2.0

[Git Commits](https://github.com/osquery/osquery/compare/4.1.2...4.2.0)

New Features / Under the Hood improvements

- TLS Testing infrastructure has been overhauled ([6170](https://github.com/osquery/osquery/pull/6170))
- Boost regex has been replaced with std ([6236](https://github.com/osquery/osquery/pull/6236))
- `community_id_v1` added as a SQL function ([6211](https://github.com/osquery/osquery/pull/6211))

Build

- Fix format checking on Windows ([6188](https://github.com/osquery/osquery/pull/6188))
- Fix format folder exclusions for build checks ([6201](https://github.com/osquery/osquery/pull/6201))
- Fix the linking for extensions in build ([6219](https://github.com/osquery/osquery/pull/6219))
- Fix build to include windows optional features table ([6207](https://github.com/osquery/osquery/pull/6207))

Security Issues

- [CVE-2020-1887] osquery does not properly verify the SNI hostname ([6197](https://github.com/osquery/osquery/pull/6197))

Bug Fixes

- Carver no longer returns empty carves for hidden files ([6183](https://github.com/osquery/osquery/pull/6183))
- Address a race in the Dispatcher logic ([6145](https://github.com/osquery/osquery/pull/6145))
- Fix validation in 'last' table ([6147](https://github.com/osquery/osquery/pull/6147))
- Fix flaky logger testing ([6171](https://github.com/osquery/osquery/pull/6171))
- Fix JSON format assumptions in file_paths parsing ([6159](https://github.com/osquery/osquery/pull/6159))
- Fix windows WMI BSTR to be wstrings ([6175](https://github.com/osquery/osquery/pull/6175))
- Fix windows string <-> wstring conversion functions ([6187](https://github.com/osquery/osquery/pull/6187))
- Enable more intelligent path expansion on Windows ([6153](https://github.com/osquery/osquery/pull/6153))
- Fix heap buffer overflow in callDoubleFunc and powerFunc ([6225](https://github.com/osquery/osquery/pull/6225))

Table Changes

- Added table `firefox_addons` to All Platforms ([6200](https://github.com/osquery/osquery/pull/6200))
- Added table `ssh_configs` to All Platforms ([6161](https://github.com/osquery/osquery/pull/6161))
- Added table `user_ssh_keys` to All Platforms ([6161](https://github.com/osquery/osquery/pull/6161))
- Added table `mdls` to Darwin (Apple OS X) ([4825](https://github.com/osquery/osquery/pull/4825))
- Added table `hvci_status` to Microsoft Windows ([5426](https://github.com/osquery/osquery/pull/5426))
- Added table `ntfs_journal_events` to Microsoft Windows ([5371](https://github.com/osquery/osquery/pull/5371))
- Added table `docker_image_layers` to POSIX-compatible Platforms ([6154](https://github.com/osquery/osquery/pull/6154))
- Added table `process_open_pipes` to POSIX-compatible Platforms ([6142](https://github.com/osquery/osquery/pull/6142))
- Added table `apparmor_profiles` to Ubuntu, CentOS ([6138](https://github.com/osquery/osquery/pull/6138))
- Added table `selinux_settings` to Ubuntu, CentOS ([6118](https://github.com/osquery/osquery/pull/6118))
- Added column `lock_status` (`INTEGER_TYPE`) to table `bitlocker_info` ([6155](https://github.com/osquery/osquery/pull/6155))
- Added column `percentage_encrypted` (`INTEGER_TYPE`) to table `bitlocker_info` ([6155](https://github.com/osquery/osquery/pull/6155))
- Added column `version` (`INTEGER_TYPE`) to table `bitlocker_info` ([6155](https://github.com/osquery/osquery/pull/6155))
- Added column `optional_permissions` (`TEXT_TYPE`) to table `chrome_extensions` ([6115](https://github.com/osquery/osquery/pull/6115))
- Removed table `firefox_addons` from POSIX-compatible Platforms ([6200](https://github.com/osquery/osquery/pull/6200))
- Removed table `ssh_configs` from POSIX-compatible Platforms ([6161](https://github.com/osquery/osquery/pull/6161))
- Removed table `user_ssh_keys` from POSIX-compatible Platforms ([6161](https://github.com/osquery/osquery/pull/6161))

<a name="4.1.2"></a>

4.1.2

[Git Commits](https://github.com/osquery/osquery/compare/4.1.1...4.1.2)

New Features / Under the Hood improvements

- Add more tests throughout the codebase ([5908](https://github.com/osquery/osquery/pull/5908)), ([#6071](https://github.com/osquery/osquery/pull/6071)), ([#6126](https://github.com/osquery/osquery/pull/6126))
- The `chrome_extensions` table now supports Chromium and Brave ([6126](https://github.com/osquery/osquery/pull/6126))

Build

- Require Python 3.5 and greater ([6081](https://github.com/osquery/osquery/pull/6081)), ([#6120](https://github.com/osquery/osquery/pull/6120))
- Prepare Python tests for CI (lots of effort!) ([6068](https://github.com/osquery/osquery/pull/6068))
- Restore osqueryd integration test ([6116](https://github.com/osquery/osquery/pull/6116))

Bug Fixes

- Continue to use `com.facebook.osquery.plist` for Launch Daemon configuration ([6093](https://github.com/osquery/osquery/pull/6093))
- Update systemd service to use KillMode=control-group ([6096](https://github.com/osquery/osquery/pull/6096))
- RPM and DEB packages both have post-install scripts to reload systemd ([6097](https://github.com/osquery/osquery/pull/6097))
- Update Windows package build script to include cert bundle ([6114](https://github.com/osquery/osquery/pull/6114))
- Update table specs to fix constraints passing ([6103](https://github.com/osquery/osquery/pull/6103)), ([#6104](https://github.com/osquery/osquery/pull/6104)), ([#6105](https://github.com/osquery/osquery/pull/6105)), ([#6106](https://github.com/osquery/osquery/pull/6106)), ([#6122](https://github.com/osquery/osquery/pull/6122))

Table Changes

- Added tables `azure_instance_tags` and `azure_instance_metadata` to Linux and Microsoft Windows ([5434](https://github.com/osquery/osquery/pull/5434))
- Added column `install_time` (`INTEGER_TYPE`) to table `rpm_packages` ([6113](https://github.com/osquery/osquery/pull/6113))
- Added column `bsd_flags` (`TEST_TYPE`) to table `file` on Darwin ([5981](https://github.com/osquery/osquery/pull/5981))

<a name="4.1.1"></a>

4.1.1

[Git Commits](https://github.com/osquery/osquery/compare/4.1.0...4.1.1)

New Features / Under the Hood improvements

- Improve `nvram` table to use input variable names ([6053](https://github.com/osquery/osquery/pull/6053))
- Improve `apt_sources` source detection ([6047](https://github.com/osquery/osquery/pull/6047))
- Change `atom_packages` to use user constraints ([6052](https://github.com/osquery/osquery/pull/6052))
- Re-enable required-column warning messages ([6038](https://github.com/osquery/osquery/pull/6038))

Build

- Migrate several libraries to the CMake source layer ([5902](https://github.com/osquery/osquery/pull/5902)), ([#6023](https://github.com/osquery/osquery/pull/6023))
- Update SQLite from 3.29.0-3 to 3.30.1-1 ([6020](https://github.com/osquery/osquery/pull/6020))
- Recommend building with MacOS 10.11 SDK ([6000](https://github.com/osquery/osquery/pull/6000))

Bug Fixes

- Fix Linux audit incorrect read and handle leak ([5959](https://github.com/osquery/osquery/pull/5959))
- Change "logNumericsAsNumbers" to "numerics" logger top-level key ([6002](https://github.com/osquery/osquery/pull/6002))
- Restore INDEX behavior for extensions ([6006](https://github.com/osquery/osquery/pull/6006))
- Fix potential JSON parsing issues in ATC plugin ([6029](https://github.com/osquery/osquery/pull/6029))
- Avoid scanning special files with YARA ([5971](https://github.com/osquery/osquery/pull/5971))
- Fix use-after-move in YARA subscriber ([6054](https://github.com/osquery/osquery/pull/6054))
- Handle relative redirects in internal HTTP clients ([6049](https://github.com/osquery/osquery/pull/6049))
- Apply options config parsing before others ([6050](https://github.com/osquery/osquery/pull/6050))

Table Changes

- Added table `windows_optional_features` to Microsoft Windows [5991](https://github.com/osquery/osquery/pull/5991))

<a name="4.1.0"></a>

4.1.0

[Git Commits](https://github.com/osquery/osquery/compare/4.0.2...4.1.0)

New Features / Under the Hood improvements

- Restore extension SDK and build support ([5851](https://github.com/osquery/osquery/pull/5851))
- Documentation improvements ([5860](https://github.com/osquery/osquery/pull/5860)), ([#5852](https://github.com/osquery/osquery/pull/5852)), ([#5912](https://github.com/osquery/osquery/pull/5912)), ([#5954](https://github.com/osquery/osquery/pull/5954))
- Add more tests throughout the codebase ([5837](https://github.com/osquery/osquery/pull/5837)), ([#5832](https://github.com/osquery/osquery/pull/5832)), ([#5857](https://github.com/osquery/osquery/pull/5857)), ([#5864](https://github.com/osquery/osquery/pull/5864)), ([#5855](https://github.com/osquery/osquery/pull/5855)), ([#5869](https://github.com/osquery/osquery/pull/5869)), ([#5871](https://github.com/osquery/osquery/pull/5871)), ([#5885](https://github.com/osquery/osquery/pull/5885)), ([#5903](https://github.com/osquery/osquery/pull/5903)), ([#5879](https://github.com/osquery/osquery/pull/5879)), ([#5914](https://github.com/osquery/osquery/pull/5914)), ([#5941](https://github.com/osquery/osquery/pull/5941)), ([#5957](https://github.com/osquery/osquery/pull/5957))
- Allow configuration more Linux Audit settings using flags ([5953](https://github.com/osquery/osquery/pull/5953))
- Add logger_tls_max_lines flag ([5956](https://github.com/osquery/osquery/pull/5956))
- Add AWS Session Token support ([5944](https://github.com/osquery/osquery/pull/5944))

Build

- Lots of work on CPack-based packaging ([5809](https://github.com/osquery/osquery/pull/5809)), ([#5822](https://github.com/osquery/osquery/pull/5822)), ([#5823](https://github.com/osquery/osquery/pull/5823)), ([#5827](https://github.com/osquery/osquery/pull/5827)), ([#5780](https://github.com/osquery/osquery/pull/5780)), ([#5850](https://github.com/osquery/osquery/pull/5850)), ([#5843](https://github.com/osquery/osquery/pull/5843)), ([#5881](https://github.com/osquery/osquery/pull/5881)), ([#5825](https://github.com/osquery/osquery/pull/5825)), ([#5940](https://github.com/osquery/osquery/pull/5940)), ([#5951](https://github.com/osquery/osquery/pull/5951)), ([#5936](https://github.com/osquery/osquery/pull/5936))
- Lots of work porting Python2 to Python3 ([5846](https://github.com/osquery/osquery/pull/5846))
- Upgrade OpenSSL to 1.0.2t on all platforms ([5928](https://github.com/osquery/osquery/pull/5928))
- Use SQLite 3.29.0 on Windows and macOS ([5810](https://github.com/osquery/osquery/pull/5810))
- Use aws-sdk-cpp source-builds on Windows and macOS ([5889](https://github.com/osquery/osquery/pull/5889))
- Add various code quality checks and utilities ([5834](https://github.com/osquery/osquery/pull/5834)), ([#5730](https://github.com/osquery/osquery/pull/5730)), ([#5872](https://github.com/osquery/osquery/pull/5872))

Hardening

- Restore fuzzing harness and use oss-fuzz ([5844](https://github.com/osquery/osquery/pull/5844)), ([#5886](https://github.com/osquery/osquery/pull/5886)), ([#5910](https://github.com/osquery/osquery/pull/5910)), ([#5915](https://github.com/osquery/osquery/pull/5915)), ([#5923](https://github.com/osquery/osquery/pull/5923)), ([#5955](https://github.com/osquery/osquery/pull/5955)), ([#5963](https://github.com/osquery/osquery/pull/5963))
- Use newer RapidJSON and switch to safer iterative parsing ([5893](https://github.com/osquery/osquery/pull/5893)), ([#5913](https://github.com/osquery/osquery/pull/5913))

Bug Fixes

- Set Windows MSI ErrorControl to normal instead of critical ([5818](https://github.com/osquery/osquery/pull/5818))
- Wrap flagfile with quotes for Windows install flag ([5824](https://github.com/osquery/osquery/pull/5824))
- Improve submodule usages in CMake ([5850](https://github.com/osquery/osquery/pull/5850)), ([#5880](https://github.com/osquery/osquery/pull/5880)), ([#5892](https://github.com/osquery/osquery/pull/5892)), ([#5897](https://github.com/osquery/osquery/pull/5897)), ([#5907](https://github.com/osquery/osquery/pull/5907))
- Improve locking support in internal APIs ([5841](https://github.com/osquery/osquery/pull/5841)), ([#5906](https://github.com/osquery/osquery/pull/5906)), ([#5943](https://github.com/osquery/osquery/pull/5943)), ([#5944](https://github.com/osquery/osquery/pull/5944))
- Fixes for macOS application layer firewall tables ([5378](https://github.com/osquery/osquery/pull/5378))
- Fixes within BPF event tables ([5874](https://github.com/osquery/osquery/pull/5874))
- Refactor and improve PCI device tables on Linux ([5446](https://github.com/osquery/osquery/pull/5446))
- Implement PID indexing on Windows `processes` table ([5919](https://github.com/osquery/osquery/pull/5919))
- Improve `WHERE IN()` performance ([5924](https://github.com/osquery/osquery/pull/5924)), ([#5938](https://github.com/osquery/osquery/pull/5938))
- Improve the internal HTTP client ([5891](https://github.com/osquery/osquery/pull/5891)), ([#5946](https://github.com/osquery/osquery/pull/5946)), ([#5947](https://github.com/osquery/osquery/pull/5947))
- Fix Windows version codename lookup ([5887](https://github.com/osquery/osquery/pull/5887))

Table Changes

- Added table `alf_services` to Darwin (Apple OS X) ([5378](https://github.com/osquery/osquery/pull/5378))
- Added table `connectivity` to Microsoft Windows ([5500](https://github.com/osquery/osquery/pull/5500))
- Added table `default_environment` to Microsoft Windows ([5441](https://github.com/osquery/osquery/pull/5441))
- Added table `windows_security_products` to Microsoft Windows ([5479](https://github.com/osquery/osquery/pull/5479))
- Added column `platform_mask` (`INTEGER_TYPE`) to table `osquery_info` ([5898](https://github.com/osquery/osquery/pull/5898))

<a name="4.0.2"></a>

4.0.2

This release fixes crashes identified in 4.0.1. There are no changes in functionality.

[Git Commits](https://github.com/osquery/osquery/compare/4.0.1...4.0.2)

Bug Fixes

- Fix configuration of AWS libraries to address crash in Linux ([5799](https://github.com/osquery/osquery/pull/5799))
- Remove RocksDB optimization causing crash ([5797](https://github.com/osquery/osquery/pull/5797))

<a name="4.0.1"></a>

Page 5 of 6

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.