v2022.10

Notes

• Re-added the protobuf value for the EventLogTypeconfiguration key. This key remains a BETA and should not be used in production as changes are still being made.
• The block_usb_mount and remount_usb_mode keys can now correctly be synchronized from a server.
• The EnableSilentMode key for the GUI has been fixed. Note: enabling silent mode currently breaks distributed notifications; this is fixed in the 2022.11 release, which should be published within 2 weeks.**

What's Changed

• Make SNTCommonEnums a textual header by @itf in #896
• Proto serializer by @mlw in #897
• Fsspool adopt by @mlw in #900
• Fix USB config sync by @np5 in #890
• Machine id proto by @mlw in #907
• Spool writer by @mlw in #908
• Proto minimization by @mlw in #909
• USB: usbBlockMessage is not being used. by @videlanicolas in #915
• Fix issue with transposed remount/banned block messages by @mlw in #917
• Fix: duplicates bug in SNTMetricSet when using multiple fields by @pmarkowsky in #920
• Event metrics by @mlw in #918
• Fix issue in test that would crash on some platforms by @mlw in #922
• Change order that ES clients are enabled by @mlw in #923
• Update Known Limitations for USB Mass Storage Blocking by @pmarkowsky in #924
• GUI: Fix EnableSilentMode key by @russellhancox in #927
• metrics and logging cleanup by @mlw in #928
• Update spool to flush on size thresholds instead of batch counts by @mlw in #930
• Don't add messages when accumulated bytes exceeds threshold by @mlw in #932

Build fixes

• Import fixes by @mlw in #902
• More import fixes by @mlw in #904
• Update include paths and add include guard by @mlw in #905
• Update build docs. by @mlw in #911
• Change include to import by @mlw in #912
• Various changes to fix import by @mlw in #913
• Fix some more includes by @mlw in #914
• More import fixes by @mlw in #921

New Contributors

• @itf made their first contribution in #896
• @videlanicolas made their first contribution in #915

Full Changelog: 2022.9...2022.10

v2022.9

Notes

• This release includes a major overhaul of Santa internals, primarily its logging subsystem and how it interacts with the EndpointSecurity framework to receive events.
• The beta protobuf value for the EventLogType configuration key is not supported in this release.
• The EnableSysxCache configuration key has been removed. There is no longer an option to disable response caching within Santa.

What's Changed

• README: Fix logo link, remove coverage badge by @russellhancox in #882
• README: Try again, this time replacing the correct bit by @russellhancox in #883
• Allstar: Pre-emptively check-in binary_artifacts.yaml to exclude test binaries by @russellhancox in #884
• Refactor the SNTApplicationTest unit tests to function correctly by @pmarkowsky in #885
• Project: Update bazel and apple-rules by @russellhancox in #887
• ES and Logging Interfaces Redesign by @mlw in #888
• Ingestion fixups by @mlw in #891
• Linter and BUILD deps fixups by @mlw in #892
• Build deps by @mlw in #893
• Return a value from the test block by @mlw in #894
• Fix crash flushing cache on unmount events by @mlw in #895

Full Changelog: 2022.8...2022.9

v2022.8

Notes

• Sync state plist is no longer world-readable
• GUI now shows team ID for App Store apps
• Added EnableSilentMode configuration option to disable GUI notifications
• Santa now posts NSDistributedNotificationCenter notifications for block events

What's Changed

• Sync state plist | only allow santad read+write permissions by @bfreezy in #858
• Docs: Add recommended rollout doc by @kathancox in #861
• syncservice: Add tests for NSData+Zlib and Postflight by @russellhancox in #864
• Sync Protocol Docs by @pmarkowsky in #860
• Docs: Add StaticRules to example mobileconfig by @russellhancox in #866
• add link to GitHub in docs by @headmin in #868
• GUI: For App Store published apps, include team ID. by @russellhancox in #872
• GUI: Add silent mode configuration option. by @russellhancox in #871
• Santa: Post distributed notification when showing block UI by @russellhancox in #870
• GUI: Improve signing chain key reporting in distributed notifications. by @russellhancox in #874
• Project: Add a GH action to prevent trailing whitespace by @russellhancox in #873
• GUI: Expose SNTNotificationManager.h for the test. by @russellhancox in #875
• GUI: Missed a required dependency by @russellhancox in #876
• Project: Rename Source/santa -> Source/gui by @russellhancox in #877
• Fix up endTimestamp to be Monarch compliant by @pmarkowsky in #879

Full Changelog: 2022.7...2022.8

v2022.7

Notes

• This release adds Static Rules, which can be used to either manage rules using an MDM or for managing a fallback set of rules in case an issue occurs with a configured sync server.
• Event uploads and logs now include the team ID
• An option to disable event uploads for unknown binaries was added

What's Changed

• Readme: http -> https link by @case in #829
• Add team ID to synced events by @np5 in #827
• Project: Upgrade bazel rules_apple to 1.0.1 release by @russellhancox in #830
• Docs: Add gemfile for running jekyll locally. by @russellhancox in #834
• Use the message copy in the dispatch blocks by @mlw in #839
• adhoc build and run santa by @tburgin in #840
• Docs: Updated home page with README files & nav changes by @kathancox in #841
• CI: Make CI workflow only run on source changes by @russellhancox in #843
• Project: Delete tulsiproj, add basic doc about hedron by @russellhancox in #845
• santad: Allow configuring a static set of rules via configuration profile by @russellhancox in #846
• santad: Improve caching of static rules by @russellhancox in #847
• santasyncservice: Keep XSRF token in memory, don't send to daemon by @russellhancox in #851
• santad: Fix re-establishment of syncservice connection by @russellhancox in #849
• santactl/status: Fix printing of static rules by @russellhancox in #848
• santad: Add DisableUnknownEventUpload option. by @russellhancox in #852
• santad: Log team ID in execution logs, where available by @russellhancox in #850
• Ensure KVO works for USB config options by @pmarkowsky in #853
• Added quick getting started page for deployments by @kathancox in #855
• Add sync server list by @kathancox in #856
• Tests: Fix un-needed expectation in SNTExecutionControllerTest.allEve… by @russellhancox in #857

New Contributors

• @case made their first contribution in #829
• @kathancox made their first contribution in #841

Full Changelog: 2022.6...2022.7

v2022.6

What's Changed

• Improve logging when file cannot be read. by @Safrout1 in #817
• Remove unused testing scripts by @mlw in #816
• Copy new PrinterProxy file instead of overwriting by @mlw in #819
• Mute self to reduce message volume. Remove noisy log message. by @mlw in #820
• santad: Copy/retain ES message for use in deadline handler. by @russellhancox in #822
• Added handling for Remount events to USB mass storage blocking by @pmarkowsky in #818
• santad: Fix some style nits by @russellhancox in #824
• santad: Update assert usage to avoid a string-to-bool conversion by @russellhancox in #825
• santactl/status: Remove driver connected, re-org USB blocking status by @russellhancox in #826

New Contributors

• @Safrout1 made their first contribution in #817

Full Changelog: 2022.5...2022.6

v2022.5

Notes

• Fixed an issue preventing events from being uploaded immediately after a blocked execution
• Fixed a GUI bug that allowed multiple dialogs to be queued for the same execution
• Added option to disable all event logging
• Added option to upload all events
• Added option to upload events during a clean sync
• Added new keys to the EventDetailURL key to differentiate files vs bundles.

What's Changed

• GUI: Add %bundle_or_file_sha% translation key by @russellhancox in #797
• Sync: Add option to enable event upload despite clean sync. by @russellhancox in #796
• Created a profiles package so provisioning profiles only need to be in one place. by @pmarkowsky in #794
• Added macos-12 to the build matrix by @pmarkowsky in #798
• Add config to allow uploading all events by @russellhancox in #800
• santad: Add 'null' event logger. Fixes #754 by @russellhancox in #799
• Fix ES Mock Client Subscription issues by @pmarkowsky in #801
• santad: remove start and stop options from the sync service queue by @tburgin in #803
• GUI: Update keys for EventDetailURL. by @russellhancox in #802
• santasyncservice: handle loading and unloading of the service in the pkg by @tburgin in #804
• GUI: Fix message queuing by @russellhancox in #805
• GUI: Switch to UserNotification.framework notifications by @russellhancox in #806
• SNTConfigurator: remove mutability from sync state dict by @tburgin in #807
• preflight sync: stop the sync if we cannot communicate with the daemon by @tburgin in #808
• preflight sync: fix dispatch_group_wait return polarity by @tburgin in #809
• syncservice: Fix SNTSyncTest by @russellhancox in #810
• Project: Enable layering check, fix all dependency violations by @russellhancox in #811
• Project: Layering, missed a dependency by @russellhancox in #812
• Project: Fix layering for tests by @russellhancox in #813

Full Changelog: 2022.4...2022.5

v2022.4

What's Changed

• Project: Show test errors in output from CI by @russellhancox in #764
• santactl/metrics: Allow filtering metrics by @russellhancox in #763
• santad: Split ES cache into root/non-root varieties by @russellhancox in #765
• Project: Make versioning dynamic through bazel's --embed-label. by @russellhancox in #766
• Exclude bazel-out from test coverage generation by @tnek in #768
• Project: Fix fallback version by @russellhancox in #767
• Project: Update apple_rules dep, add .bazelversion for bazelisk users by @russellhancox in #769
• Project: Fix coverage collection by @russellhancox in #770
• Update logo image of Santa by @tnek in #773
• Modified build target names for santa proto by @mlw in #772
• Fix dead link by @tnek in #774
• ES_EVENT_TYPE_NOTIFY_UNMOUNT: flush the cache off the ES handler thread by @tburgin in #778
• Disable layering check for Objective-C by @googlewalt in #781
• Add "Team ID" to description on AllowedPathRegex by @tnek in #782
• Fix event team ID decision value by @np5 in #784
• santad: Use TTY path provided by ES by @russellhancox in #785
• Disable layering check for Objective-C by @googlewalt in #787
• Populate critical paths from the ES default mute set by @mlw in #786
• santa/windows: Update buttons to use push to better stand out by @radsec in #788
• syncservice: implementation and migration by @tburgin in #775
• syncservice: sign and package by @tburgin in #790
• Project: Include syncservice.plist in release builds and loads by @russellhancox in #792
• Project: Update packaging script to do tarball creation in a scratch dir by @russellhancox in #793

New Contributors

• @googlewalt made their first contribution in #781

Full Changelog: 2022.3...2022.4

v2022.3

Notes

• The kernel extension and all support for it has been fully removed. Santa now requires macOS 10.15 and above.
• Protobuf structured event logging has been added but is still experimental; the format of the logs is subject to change and there is purposefully no documentation on its use. We will announce in a feature release when this feature is stable.
• The Santa daemon is now loaded early during the boot process to better protect against persistent threats.
• Preflight sync requests now include the machine's model identifier.

What's Changed

• Fix: Issue with SNTMetricHTTPWriter Timeouts by @pmarkowsky in #741
• Fix: uninstall.sh to remove the metric & bundle services. by @pmarkowsky in #743
• Project: Bump version to 2022.3 by @russellhancox in #745
• Project: Disable bazel layering_check feature for most rules by @russellhancox in #742
• Fix: Typo in SNTDeviceManager tests & ensure tests run under CI by @pmarkowsky in #746
• Protobuf support, maildir format logging by @mlw in #731
• Remove the Santa kernel extension. by @tnek in #749
• Made santad an early boot client to prevent racing other processes by @pmarkowsky in #750
• Add model identifier to preflight request by @np5 in #751
• Remove code guarded by #ifdef kernel macros by @tnek in #752
• Project: Remove kext signing/packaging by @russellhancox in #755
• santactl/status: Re-org output in status re: USB Blocking. by @russellhancox in #759
• santad: Clear caches when disks are unmounted. by @russellhancox in #760
• Docs: Remove references to kexts and santa-driver from parts of the docs by @tnek in #762

Full Changelog: 2022.2...2022.3

v2022.2

Notes

• USB device blocking mode is now reported in santactl status and configurable GUI notifications have been added.
• Package will no longer prompt to install Rosetta on ARM machines (fixes #732).
• santactl version now reports the build version alongside the product version. This is part of the CFBundleVersion for each component.
• A new fail-closed configuration key has been added that will cause Santa to block execution if it's unable to read a file.

What's Changed

• santad: Add fail-closed mode by @russellhancox in #722
• Fix additional strlcpy issue, simplify call paths by @mlw in #723
• Update version of bazel rules_apple to fix broken 12.3 builds by @tnek in #726
• Report USB blocking status with santactl status by @tnek in #727
• Fix: remediate a crash in santametricservice by @pmarkowsky in #729
• santad: Fix fail open tests in SNTExecutionControllerTest by @russellhancox in #730
• Project: Add arm64 to hostArchitectures for productbuild by @russellhancox in #733
• Project: Bump version to 2022.2 by @russellhancox in #734
• Add a USB device blocking popup. by @tnek in #728
• Project: Add build version to CFBundleVersion by @russellhancox in #736
• Packaging: Keep package versions simple by @russellhancox in #737

New Contributors

• @mlw made their first contribution in #723

Full Changelog: 2022.1...2022.2

v2022.1

Notes

• Fixed PrinterProxy workaround for Monterey
• More metrics, including an event counter
• Fixed logging of dates when system calendar is not Gregorian.
• Added USB Mass Storage blocking feature, which can be controlled by a sync server
• santad no longer stores events for upload if a sync server is not configured
• Sync can now use a provided proxy configuration separate from the system one (c.f SyncProxyConfiguration)

What's Changed

• Project: Add bazel commands extractor for VSCode integration by @russellhancox in #690
• Ignore VSCode directories by @pmarkowsky in #692
• Fix: SNTMetricSet reregistering metrics returns wrong metric by @pmarkowsky in #693
• Update the Santa version number to 2021.9 by @tnek in #695
• Add a simple event counter to SNTExecutionController by @pmarkowsky in #694
• santasyncservice: move sync code to the santasyncservice dir by @tburgin in #696
• Fix: santactl metrics command behavior by @pmarkowsky in #697
• santad: Fix PrinterProxy workaround for Monterey+ by @russellhancox in #698
• Project: Bump version to 2022.1 by @russellhancox in #700
• Update misleading santactl rule text to have accurate text for team IDs by @tnek in #701
• USB mass storage blocking and remounting by @tnek in #685
• Update hedron_compile_commands by @cpsauer in #704
• Project: Explicitly set calendar on ISO8601 dates by @russellhancox in #706
• Add test coverage for syncing USB mounting options by @tnek in #711
• santad: Don't use proc_pidpath when using ES by @russellhancox in #707
• Add clang annotation for fallthrough by @tnek in #712
• Sync: Allow configuring proxies by @russellhancox in #708
• Support rule downloading of Team ID rules by @tnek in #709
• santactl/fileinfo: Update --cert-index usage by @russellhancox in #713
• santactl/fileinfo: Clarify valid index for cert-index by @russellhancox in #714
• Fix off-by one error in strlcpy by @pmarkowsky in #715
• Create test suites for each component by @pmarkowsky in #702
• Conf: Delete and clean-up ASL conf, enable signaling on newsyslog.conf. by @russellhancox in #716
• Add clang_analyzer report generation script by @tnek in #717
• rule download: return early on daemon timeout by @tburgin in #718
• santactl/fileinfo: Switch certIndex to an NSNumber by @russellhancox in #719
• Add DiskArbitrationTestUtil to shim out DiskArbitration for unit testing by @tnek in #720
• santad: only store events if there is a sync server configured by @tburgin in #721

New Contributors

• @cpsauer made their first contribution in #704

Full Changelog: 2021.8...2022.1