Releases: google/santa
v0.8.8
Notes
Added watchdog thread to help monitor for Santa performance issues.
Preparation for the release of 10.11. As /usr/libexec and /usr/sbin can no longer be written to, instead store Santa's binaries inside the kernel extension bundle and add a symlink for santactl in /usr/local.
Fixed a few occasional bugs in SantaGUI (reconnection bug) and config file watcher (runaway memory use if file is missing)
Highlights
- GUI: Add close button to window
- GUI: Restore constraint on Dismiss button on message window to pull it to center if event detail URL is missing
- GUI: Prevent reconnection loop if XPC connection dies
- santactl: Update help/error wordings
- santactl: Fix event counting bug in status command
- santad: Add watchdog monitoring thead
- santad: More caching in SNTFileInfo to improve performance
- santad: Fix memory 'leak' in SNTFileWatcher that causes runaway memory use if file is missing
v0.8.7
Notes
Small release to fix a rare kernel panic
Highlights
- Kext: Fix rare kernel panic caused by poor use of lck_rw_shared_to_exclusive
v0.8.6
Notes
Considers package scripts as in-scope.
Lots of kext-related changes.
Simplifications to the notification GUI
Highlights
- Kext: Fix potential cache-abuse via executing open files to cache them.
- Kext: Remove useless dataqueue locking
- Kext: Create dataqueue once and re-use it between daemon loads
- Daemon: Handle corrupt events properly
- Daemon: Consider scripts that are part of an installer package as in-scope.
- Sync: Upload parent process name with events
- Sync: Handle DER decoding better, fix over-release.
- GUI: Only show first 10 characters of shasum, show parent process name
- GUI: Don't show notifications for silent-blacklist rules
- Project: Enable more warnings
v0.8.5
Notes
Sync API changes and a few bugfixes.
Highlights
- More nullptr checking in kext
- Use NSString length everywhere instead of isEqual:@""
- Sync API: Upload event decisions as strings
- Sync API: Rename serial_no to serial_num
- Sync API: Add cleansync option, which can be initiated either by server or client
- GUI: Allow notification window to be moved
v0.8.4
Notes
Fixed a few minor bugs and added daemon status to status command.
Update configuration auto-reloading to be less stupid, added daemon status to 'santactl status' and a few minor bug fixes.
Highlights
- Re-write of configuration auto-reloading
- Allow notification window to be moved
- Added daemon status to 'santactl status' output
- Fixed bug in machine ID/owner config option parsing
- Added daemon-auto-killer in driver when PostToQueue has failed several times.
v0.8.3
Notes
Some updates to make the GUI more useful and configurable and make the configuration system auto-reload in each component that uses it.
Highlights
- Make GUI cleaner for users
- Make GUI configurable using configuration file
- Make configuration auto-reload when file on disk changes
- Fixes for "santactl sync" command, updates to sync API
- Update locking mechanism in driver
- Many bug fixes
v0.8.2
Notes
A few driver updates to improve reliability and some minor sync client changes
Highlights
- Increase kext<->daemon event queue size
- Remove process listener, it wasn't that useful and it broke certain apps (like Hopper)
- Change when driver considers daemon connected to avoid a rare race condition
- Make sync client refuse redirects
- Make sync client upload pid/ppid data with events
- Fix potential crash in sync client related to client cert handling
v0.8.1
Notes
Small release that moves the execution interception startup much earlier in the driver load. This allows the logging of binaries that are executed while the daemon is not running.
This involved a lot of kext changes and has had only minimal testing so there may be some kernel panics.
Highlights
- Move execution interception to driver load, logging and allowing any binaries when santad is not running
v0.8
Notes
Lots of changes in this release and some are not backwards-compatible so existing databases will need to be removed before installing. This release also changes the syncing format for event uploads.
Highlights
- Move file hashing into userland, switch over to SHA-256 hashing for both binaries and certificates
- Change sync format, particularly for event uploads.
- Simplify event database schema
- Change logging format.
- Log out-of-scope executions
- Added rule command to santactl (thanks @nl5887)
- More options for client cert auth in sync (thanks @nl5887)
- Slight improvements to notification UI
v0.7.1
Notes
Fix a few bugs in the initial release.
Highlights
- Deadlock bug on Yosemite caused by xpcproxy
- Clean-up logic fail introduced in 6b40dc2
- Always re-create GUI connection on main thread
- Make the asl.conf file actually claim the kernel messages and add rotation config