v2023.9

Notes

Fixed

❗ Fixed issue where mount flags were improperly set for APFS formatted drives

Changed

↔️ santactl sync no longer requires root
↔️ Several public doc updates (thank you to our external contributors!)

Added

➕ Santa can now unmount/remount USB devices on startup
➕ New event type supported: CS_INVALIDATED
➕ Bundle information can now be printed via santactl fileinfo with the new --bundleinfo flag
➕ macOS 14 and USB support for E2E Testing

What's Changed

• santactl/sync: Drop root requirement by @russellhancox in #1196
• Minor doc updates. Add missing FAA config options. by @mlw in #1197
• Update configuration.md to explain EnableDebugLogging by @p-harrison in #1203
• Remove mention of KEXT from README.md by @pmarkowsky in #1202
• Update configuration.md that push notifications not widely available by @p-harrison in #1204
• Update syncing-overview.md with note on push notifications by @p-harrison in #1205
• Fix issue preventing rule import / export from working by @pmarkowsky in #1199
• Enable e2e testing on macOS 14 by @kallsyms in #1209
• Support printing bundle info via santactl fileinfo command by @mlw in #1213
• Unmount USB on start by @mlw in #1211
• Additional build deps by @mlw in #1215
• Add E2E testing for usb by @kallsyms in #1214
• Add Support for CS_INVALIDATED Events by @pmarkowsky in #1210
• Support remounting devices at startup with correct flags by @mlw in #1216
• Record metrics for device manager startup operations by @mlw in #1218
• Add OnStartUSBOptions to santactl status by @mlw in #1219
• Fix remount issue for APFS formatted drives by @mlw in #1220
• Update to the latest hedron_compile_commands by @mlw in #1221
• Only remount on startup if remount args are set by @mlw in #1222

Full Changelog: 2023.8...2023.9

v2023.8

Notes

Fixed

❗ Fixed issue where client mode was almost always logged as "unknown" (since v2023.5)
❗ Fixed issue where TeamID and SigningID rules were evaluated when a binary had codesign issues.

Changed

↔️ Default button text used in UIs when a Custom URL is set

Added

➕ Mount name information added to disk events
➕ rules_received and rules_processed fields now sent in postflight request
➕ SigningID rules now support transitive allowlisting
➕ File Access Authorization now supports UI flows, similar to blocked binary executions
➕ File Access Authorization enforcement can now be controlled via sync settings
➕ Rules can now be imported/exported as JSON via santactl

What's Changed

• Added TransitiveWhitelisting explanation to rules.md by @p-harrison in #1150
• Add support for was_mmaped_writeable to file write monitoring when using macOS 13+ by @pmarkowsky in #1148
• Fix issue where re config types couldn't be overridden by @mlw in #1151
• Add mount from name information to disk appear events by @mlw in #1153
• Remove references to old EnableSystemExtension config key by @mlw in #1155
• sync: Send rules_received and rules_processed fields in postflight request by @russellhancox in #1156
• Add SigningID/TeamID to Event definition in sync-protocol.md by @p-harrison in #1158
• Correction to sync-protocol.md by @p-harrison in #1159
• Fix new buildifier issues by @mlw in #1162
• Additional metrics for File Access Authorizer client by @mlw in #1160
• Use default event detail button text when a custom URL is set by @mlw in #1161
• Restore file_bundle_hash & file_bundle_binary_count to Sync Protocol Docs by @pmarkowsky in #1164
• Document SyncExtraHeaders in configuration.md by @p-harrison in #1166
• Fix issue where client mode was almost always logged as "Unknown" by @mlw in #1165
• Remove logupload stage from syncing-overview.md by @p-harrison in #1168
• Fix typo in troubleshooting.md by @kyoshisuki in #1169
• Update rules.md with more detail on Transitive/Compiler rules by @p-harrison in #1172
• Add Tests for #1165 Behavior. by @pmarkowsky in #1173
• Bump bazel and build_bazel_rules_apple versions by @mlw in #1178
• Make Transitive Allowlisting Work with Signing ID rules by @pmarkowsky in #1177
• Update Protobuf and Abseil versions by @mlw in #1179
• UI For Blocked File Access by @mlw in #1174
• Add ability to override File Access actions via config and sync settings by @mlw in #1175
• Add basic support for importing and exporting rules to/from JSON by @pmarkowsky in #1170
• Flatten deps to satisfy internal checkers by @mlw in #1182
• Internal build fixes by @mlw in #1183
• Use 'set -xo pipefail' instead for lint.sh by @tnek in #1185
• Pin GitHub Actions to Specific Versions by @pmarkowsky in #1184
• Add ability to specify custom event URLs and button text for FAA dialog by @mlw in #1186
• Remove superfluous import by @mlw in #1188
• Update sync-protocol.md by @p-harrison in #1187
• Fix missing Santa block gif by @pmarkowsky in #1193
• Only eval TID and SID rules when the binary signature is valid by @mlw in #1191

New Contributors

• @kyoshisuki made their first contribution in #1169

Full Changelog: 2023.7...2023.8

v2023.7

Notes

Fixed

❗ Fixed performance regression that could occur when protobuf logging was configured and the spool directory was full

❗ Fixed issue where some daemon settings were being overridden by default values during sync preflight

Changed

↔️ Rules received now have their case forced to be what is expected during evaluation (e.g. hashes are forced to be lower case, Team IDs are uppercase)

↔️ Distributed notifications posted by Santa are now delivered immediately

↔️ All daemon settings sent during sync preflight now take effect during postflight

Added

➕ Added support for per-rule custom urls when a binary is blocked

➕ Custom headers can now be configured for sync requests

What's Changed

• Update sync-protocol.md to include SIGNINGID rule type by @p-harrison in #1130
• Add more file access config options by @mlw in #1128
• Wire up TTYWriter instance to the file access client by @mlw in #1129
• Enforce expected case for various rule type identifiers by @mlw in #1132
• Add additional dep to satisfy import issue by @mlw in #1134
• Change "exponential" backoff in SNTSyncStage.m to be exponential by @alexgraehl in #1135
• Check if spool dir has changed before estimating size by @mlw in #1138
• Have distributed notifications delivered immediately by @mlw in #1141
• Only update daemon settings when sync settings explicitly set by @mlw in #1142
• sync: Add SyncExtraHeaders config option. by @russellhancox in #1144
• sync/UI: Add ability to send custom URLs for blocking rules. by @russellhancox in #1140
• Add hot cache for targets of read only policies by @mlw in #1145
• Cast enum to int by @itf in #1146
• Project: Split integration VM license into its own LICENSE file by @russellhancox in #1147

New Contributors

• @p-harrison made their first contribution in #1130
• @alexgraehl made their first contribution in #1135

Full Changelog: 2023.6...2023.7

v2023.6

Notes

❗ The FileChangesRegex configuration key has inadvertently been ignored since 2022.9. This functionality has been added back in this release. This may cause some expected changes to logging if this configuration isn't properly set for your use cases.

❗ Team ID and Signing ID rules will now only be considered when evaluating an execution if the the code signature for a binary is valid.

❗ The SyncEnableCleanSyncEventUpload configuration key wasn't being properly read. This would prevent event uploads during a sync when a clean sync was requested by the server.

➕ Beta support has been added for JSON logging. Setting the EventLogType configuration key to json will cause the data in the santa.proto schema to be logged as JSON instead of binary protobuf. It is important to note that encoding to JSON will incur a performance penalty and deployments should appropriately measure cost to endpoints to ensure it is acceptable.

What's Changed

• Fix missing check for FileChangesRegex by @mlw in #1102
• Update docs for signing id rules by @mlw in #1105
• Migrate to new SNTRuleType enum values by @mlw in #1107
• Abstract TTY writing so multiple writers can be synchronized by @mlw in #1108
• Basic dialog functionality when access to a watch item is denied by @mlw in #1106
• Fix build issues due to macOS 13.3 SDK changes by @mlw in #1110
• Add Support for Logging to JSON (beta feature) by @pmarkowsky in #1112
• Add macOS 13 to the test matrix by @pmarkowsky in #1113
• Conf: Update notarization_tool in signing script by @russellhancox in #1116
• Fix memleak in fsspool by @kallsyms in #1115
• Use angle brackets for includes by @mlw in #1118
• Add include for proto status stub by @mlw in #1119
• Fix rule evaluation for TeamID and SigningID rules when encountering invalid signatures by @pmarkowsky in #1120
• Fix check to detect changes to StaticRules by @mlw in #1121
• Fix issue with invalid lengths by @mlw in #1122
• Add kSyncEnableCleanSyncEventUpload to the _forcedConfigKeyTypes dict by @pmarkowsky in #1123

Full Changelog: 2023.5...2023.6

v2023.5

Notes

➕ Santa now supports Signing ID rule types. See full documentation on santa.dev.

➕ File Access Authorization configuration now supports inverting the exception list in order to specify the processes that should be denied (or audited) instead of allowed.

What's Changed

• Clarify that execution_time is a float64 by @jasonmc in #1080
• Fix documentation for clean sync field in the preflight request. by @faizanrashid in #1082
• Switch SNTEventState to uint64_t, reposition flag values and masks by @mlw in #1086
• Add support to file monitoring config to invert process exceptions by @mlw in #1083
• Inject additional dependencies into the serializers by @mlw in #1078
• Docs: Added instructions for how to use config-overrides.plist by @pmarkowsky in #1077
• santactl/rule: Fix --path argument by @russellhancox in #1089
• Don't establish the FAA client pre-macOS 13 by @mlw in #1091
• Return unique_ptr from Enrich instead of shared_ptr by @mlw in #1093
• Stop unmuting the default mute set unnecessarily. by @mlw in #1095 (fixes: #1094)
• Add new rule type for Signing IDs by @mlw in #1090
• docs: Update vulnerability reporting instructions by @russellhancox in #1098
• Handle database downgrade scenarios gracefully by @mlw in #1099
• Fix precedence for static rule evaluation, santactl fileinfo output by @mlw in #1100

New Contributors

• @jasonmc made their first contribution in #1080
• @faizanrashid made their first contribution in #1082

Full Changelog: 2023.4...2023.5

v2023.4

Notes

❗ The EnableBackwardsCompatibleContentEncoding config key has been removed. We were not aware of any sync servers requiring this key; please contact us if you were using it and need an equivalent to be added.

➕ A new config key, SyncClientContentEncoding has been added to allow switching from the default deflate to gzip. This new option doesn't improve compression but is required for some servers to support compression.

➕ A new config key, EnableSilentTTYMode has been added, that allows disabling notifications from Santa to be posted in a user's terminal session.

What's Changed

• GUI: Device event window, handle empty remount args by @russellhancox in #1066
• sync: Add more complete XSSI prefix to be stripped. by @russellhancox in #1068
• Fix string length issues by @mlw in #1070
• config: Add EnableSilentTTYMode key to disable TTY notifications. by @russellhancox in #1072
• Ensure unmount always flushes appropriate caches by @mlw in #1073
• Cache flush metrics by @mlw in #1074
• README: Add more badges by @russellhancox in #1075
• Make the sync client content encoding a tunable by @pmarkowsky in #1076
• One more TSAN fix by @kallsyms in #1079
• sync: Permit XSRF header between sync stages/sessions by @russellhancox in #1081

Full Changelog: 2023.3...2023.4

v2023.3

What's Changed

• santactl/rule: Validate identifier is a valid SHA-256 for binary/cert rules by @russellhancox in #1045
• Config: Ignore static rules with an invalid identifier by @russellhancox in #1049
• metrics: Properly report "file access client enabled" metrics by @mlw in #1051
• chore(ci): Upgrade workflows to non-deprecated runtimes by @dev-slatto in #1052
• Basic rate limiting for File Access Authorizer by @mlw in #1053
• config: Support filesystem monitoring config embedded in main Santa config by @mlw in #1054
• [BUGFIX] Fix SD Card Block not operating on Internal SD Card Readers by @liamn in #1055
• test: Fix a couple last TSAN failures by @kallsyms in #1056
• docs: Document SigningID and PlatformBinary exception keys by @mlw in #1059
• sync: Allow server to override the header for transmitting XSRF tokens by @russellhancox in #1060
• sync: Fix case of empty header name by @russellhancox in #1062
• protolog: Change types of repeated args and envs fields by @mlw in #1063

New Contributors

• @dev-slatto made their first contribution in #1052

Full Changelog: 2023.2...2023.3

v2023.2

Notes

• Many improvements to the File Access Authorization feature, which remains in BETA.
• Platform binaries can now be excluded from authorization checks in FAA
• Several performance improvements

What's Changed

• GUI: Re-write AboutWindow view in SwiftUI by @russellhancox in #1007
• shadow rules_python for fuzzing by @kallsyms in #1009
• GUI: Migrate DeviceMessageWindow to SwiftUI by @russellhancox in #1010
• Ensure watch item names conform to naming requirements by @mlw in #1011
• Reduce proto warning severity by @mlw in #1012
• Reduce calls into configurator by @mlw in #1013
• Project: Fix module maps for swift libraries and their dependencies by @russellhancox in #1014
• Remove extra expectation in test by @mlw in #1015
• Add new continuous test run with various sanitizers by @kallsyms in #1016
• Log type metrics by @mlw in #1018
• Initial docs for file access auth feature by @mlw in #1017
• Fsmon docs table width by @mlw in #1020
• Try with more vertical space by @mlw in #1021
• docs: Support wider pages, fix syntax highlighting of plist by @russellhancox in #1022
• Remove Default column by @mlw in #1024
• add updated description by @headmin in #1023
• docs: fix width of sidebar on larger windows by @russellhancox in #1025
• Fix team ID and signing ID checks by @mlw in #1026
• Fix: Rewrite the SNTMetricHTTPWriter to avoid potential stack corruption by @pmarkowsky in #1019
• Perf: Translocate cache, reserve proto repeated fields by @mlw in #1027
• Use cached sizes when serializing by @mlw in #1028
• Rework timeout handling in metrics HTTP writer by @mlw in #1029
• Restart daemon on log type change by @mlw in #1031
• santactl & syncservice: Use synchronousRemoteObjectProxy where it makes sense by @russellhancox in #1033
• Configurator: Return an unsafe_unretained pointer to avoid needless retain/release by @russellhancox in #1035
• Replace SNTDecisionCache dictionary with SantaCache by @mlw in #1034
• Report log type in santactl status by @mlw in #1036
• Small test fixes to make sanitizers happy by @kallsyms in #1030
• Fix: correct sync protocol diagram by @pmarkowsky in #1037
• Clear ES cache when watch items change by @mlw in #1042
• Add support for platform binary to process exceptions by @mlw in #1041
• Add basic metrics to report when the FAM client is enabled by @mlw in #1043

Full Changelog: 2023.1...2023.2

v2023.1

Notes

• Dropped support for macOS 10.15, minimum version is now macOS 11.
• (BETA) Added file access authorization feature, docs at https://santa.dev/deployment/file-access-auth
• USB blocking will now also block SD cards (thanks @liamn)
• sync: Improved debug output when auth fails
• Improved reliability in reconnecting sync and metrics daemons
• Several performance improvements

What's Changed

• docs: Fix typo in sync-protocol, h/t to @maxwbuckley by @russellhancox in #940
• docs: Update keyserver address in SECURITY by @russellhancox in #941
• Rename santa_vnode_id_t to SantaVnode by @mlw in #943
• Switch from task_info to libproc for system resource info by @mlw in #939
• Drop macOS 10.15 by @mlw in #944
• Remove SNTCommon by @mlw in #945
• Include SD Card Mounting in the USB Block Functionality by @liamn in #938
• Watch items by @mlw in #937
• Tests: Fix some assertions comparing strings by @russellhancox in #947
• santad: Change workaround for glob header with blocks by @russellhancox in #948
• Initial work for File Access Authorizer Client by @mlw in #949
• Draft proto for new FileAccess log by @mlw in #952
• FS Access Config Version, Policy decision enums by @mlw in #951
• Import fix by @mlw in #953
• pemdas by @mlw in #955
• Config: In debug builds, allow config to be overridden from a plist file. by @russellhancox in #957
• Tests: Fix SNTEndpointSecurityFileAccessAuthorizerTest by @russellhancox in #958
• Dynamically enable/disable FS Access client based on config by @mlw in #959
• Use the appropriate variable when asynchronously processing auth messages by @mlw in #961
• Enrich file access events, prepare for logging by @mlw in #962
• santad: Flush cache when StaticRules are changed by @russellhancox in #963
• Serialize File Access events by @mlw in #964
• Introduce end-to-end testing by @kallsyms in #919
• Lint the E2E start-vm Python script by @kallsyms in #965
• Fix message lifetime by @mlw in #966
• Use absl_guarded_by instead of guarded_by by @kallsyms in #967
• Track path types for current/new watch items by @mlw in #968
• Fix import issues by @mlw in #969
• Update LICENSE for VM code by @kallsyms in #970
• Address policy consistency issues by @mlw in #971
• sync: Fix deduplication in reachability handler by @russellhancox in #973
• Fix golden test data for macOS 13 by @mlw in #972
• Project: Upgrade MOLAuthenticatingURLSession to v3.1 by @russellhancox in #974
• Adopt new ES APIs to monitor target paths by @mlw in #975
• Revitalize Fuzzing by @kallsyms in #976
• Fix import: Add build targets, lint by @mlw in #978
• Allstar: Add fuzzing artifact by @russellhancox in #980
• Fix SNTFileInfoTest for macOS 13 by @pmarkowsky in #977
• Fix loop when no override config is specified by @kallsyms in #981
• Run fuzzing in a VM by @kallsyms in #982
• Use new public api for booting VM into recoveryOS by @kallsyms in #983
• Adopt new ES APIs to watch target paths in tamper client by @mlw in #984
• Fix SNTFileInfo Fuzzing by @kallsyms in #985
• Fix nightly run cron specification by @kallsyms in #986
• Opportunistically use ES cache when possible by @mlw in #989
• Fuzz embedded plist reading by @kallsyms in #990
• Add more event coverage in the file access client by @mlw in #991
• More event type support by @mlw in #992
• lower fuzz case timeout to 5s by @kallsyms in #993
• Change name of santa config keys for file access monitoring by @mlw in #995
• docs: Fix deployment/configuration doc by @russellhancox in #996
• Add policy version and name to basic string serializer by @mlw in #997
• Adopt new FS Access Auth config format and policy application logic by @mlw in #994
• Support configuring signing IDs for process exceptions by @mlw in #998
• Rename type aliases by @mlw in #999
• Add watch item state to santactl status by @mlw in #1000
• Reconnect to santametrics service on failure by @kallsyms in #1001
• Configurator: Apply config updates in non-daemon processes by @russellhancox in #1003
• Low hanging fruit perf changes by @mlw in #1004
• Prevent recursive reconnect attempts by @mlw in #1005
• Revert "Configurator: Apply config updates in non-daemon processes" by @russellhancox in #1008

New Contributors

• @liamn made their first contribution in #938

Full Changelog: 2022.11...2023.1

v2022.11

What's Changed

• Docs: Fix type of {allowed,blocked}_path_regex keys in preflight by @russellhancox in #934
• Prefix tree updates by @mlw in #931
• GUI: Fix distributed notifications in silent mode by @russellhancox in #936

Full Changelog: 2022.10...2022.11