Skip to content

v2023.8

Compare
Choose a tag to compare
@mlw mlw released this 05 Oct 21:30
5a383eb

Notes

Fixed

❗ Fixed issue where client mode was almost always logged as "unknown" (since v2023.5)
❗ Fixed issue where TeamID and SigningID rules were evaluated when a binary had codesign issues.

Changed

↔️ Default button text used in UIs when a Custom URL is set

Added

➕ Mount name information added to disk events
rules_received and rules_processed fields now sent in postflight request
➕ SigningID rules now support transitive allowlisting
➕ File Access Authorization now supports UI flows, similar to blocked binary executions
➕ File Access Authorization enforcement can now be controlled via sync settings
➕ Rules can now be imported/exported as JSON via santactl

What's Changed

  • Added TransitiveWhitelisting explanation to rules.md by @p-harrison in #1150
  • Add support for was_mmaped_writeable to file write monitoring when using macOS 13+ by @pmarkowsky in #1148
  • Fix issue where re config types couldn't be overridden by @mlw in #1151
  • Add mount from name information to disk appear events by @mlw in #1153
  • Remove references to old EnableSystemExtension config key by @mlw in #1155
  • sync: Send rules_received and rules_processed fields in postflight request by @russellhancox in #1156
  • Add SigningID/TeamID to Event definition in sync-protocol.md by @p-harrison in #1158
  • Correction to sync-protocol.md by @p-harrison in #1159
  • Fix new buildifier issues by @mlw in #1162
  • Additional metrics for File Access Authorizer client by @mlw in #1160
  • Use default event detail button text when a custom URL is set by @mlw in #1161
  • Restore file_bundle_hash & file_bundle_binary_count to Sync Protocol Docs by @pmarkowsky in #1164
  • Document SyncExtraHeaders in configuration.md by @p-harrison in #1166
  • Fix issue where client mode was almost always logged as "Unknown" by @mlw in #1165
  • Remove logupload stage from syncing-overview.md by @p-harrison in #1168
  • Fix typo in troubleshooting.md by @kyoshisuki in #1169
  • Update rules.md with more detail on Transitive/Compiler rules by @p-harrison in #1172
  • Add Tests for #1165 Behavior. by @pmarkowsky in #1173
  • Bump bazel and build_bazel_rules_apple versions by @mlw in #1178
  • Make Transitive Allowlisting Work with Signing ID rules by @pmarkowsky in #1177
  • Update Protobuf and Abseil versions by @mlw in #1179
  • UI For Blocked File Access by @mlw in #1174
  • Add ability to override File Access actions via config and sync settings by @mlw in #1175
  • Add basic support for importing and exporting rules to/from JSON by @pmarkowsky in #1170
  • Flatten deps to satisfy internal checkers by @mlw in #1182
  • Internal build fixes by @mlw in #1183
  • Use 'set -xo pipefail' instead for lint.sh by @tnek in #1185
  • Pin GitHub Actions to Specific Versions by @pmarkowsky in #1184
  • Add ability to specify custom event URLs and button text for FAA dialog by @mlw in #1186
  • Remove superfluous import by @mlw in #1188
  • Update sync-protocol.md by @p-harrison in #1187
  • Fix missing Santa block gif by @pmarkowsky in #1193
  • Only eval TID and SID rules when the binary signature is valid by @mlw in #1191

New Contributors

Full Changelog: 2023.7...2023.8