v1.23.1

What's Changed

Table Changes

• EOL kolide_user_avatars table by @RebeccaMahany in #2322
• EOL kolide_macos_available_products by @RebeccaMahany in #2324
• Replace ExecTable with NewExecAndParseTable for Zerotier commands by @cesarfda in #2334
• Remove kolide_macos_software_update.app_updates_managed because data is not available on Tahoe by @RebeccaMahany in #2336

Build and Package

• regenerate root json by @zackattack01 in #2341
• reduce windows file permissions on MSI install by @zackattack01 in #2346

Features and Improvements

• autoupdate download splay by @zackattack01 in #2337
• Use runsimple rather than osquery client to populate id fields by @RebeccaMahany in #2354

Bug Fixes

• Do not collect enrollment details until after keys have been generated by @RebeccaMahany in #2325
• Wait before remediating systray error, and retry remediation if it fails by @RebeccaMahany in #2333
• Check type assertion success for pubkeys to avoid panic by @RebeccaMahany in #2349
• Added certs to osquery by @cesarfda in #2347
• Batch up tmutil calls further; add more info to logs by @RebeccaMahany in #2356

Observability

• Log when desktop shuts down due to not being able to monitor parent by @RebeccaMahany in #2326
• Downgrade more error logs by @RebeccaMahany in #2320

Tests, Docs, and Other No-op Changes

• rundisclaimed test and docs by @zackattack01 in #2321
• TestProc improvements by @RebeccaMahany in #2327
• Run query against osquery in TestProc by @RebeccaMahany in #2331
• Add .exit command to input in TestProc to ensure that process will shut down by @RebeccaMahany in #2335

General

• Add .kolide.test to list of kolide servers that localserver should use the localhost ecc server cert with by @RebeccaMahany in #2319
• Add development web app url to allowlisted origins for dt4a endpoints by @RebeccaMahany in #2345
• Add additional dev origin to allowlist by @RebeccaMahany in #2351
• Add 1p origin pattern to allowlist by @RebeccaMahany in #2352
• remove user permissions for windows secret file (runtime) by @zackattack01 in #2353
• allow download splay override through options by @zackattack01 in #2355

Full Changelog: v1.22.0...v1.23.1

v1.22.0

What's Changed

Table Changes

• Updating linux tables to NewExecAndParse by @cesarfda in #2286
• Zscale table by @cesarfda in #2289
• Add Microsoft Defender ATP health tables by @Micah-Kolide in #2310
• add table options for reporting errors by @zackattack01 in #2314
• Add kolide_certificate_trust table to present output of security dump-trust-settings by @RebeccaMahany in #2316

Features and Improvements

• Require machine GUID change when detecting hardware change on Windows by @RebeccaMahany in #2293
• Add ResetOnHardwareChangeEnabled feature flag; reset the db if change is detected and flag is enabled by @RebeccaMahany in #2297

Bug Fixes

• Account for identifer in binary directory and services checkups by @RebeccaMahany in #2287
• Skip ending spans for nil spans; log nil spans by @RebeccaMahany in #2290
• Check that index was found before using it to access slice by @RebeccaMahany in #2300
• Fix control service Fetch deadlock (hopefully) by @RebeccaMahany in #2303
• When parsing indexeddb data, read properties_written and length at the end of objects and arrays correctly by @RebeccaMahany in #2313

Observability

• Add new log level LevelReportedError that reports errors to our error reporting system by @RebeccaMahany in #2283
• Run system time checkup in log checkpointer by @RebeccaMahany in #2284
• Upgrade some log levels to LevelReportedError by @RebeccaMahany in #2305
• Add additional attributes to traces and metrics by @RebeccaMahany in #2306
• Report all error-level logs to Error Reporting by @RebeccaMahany in #2309
• Downgrade some log levels from error to warn by @RebeccaMahany in #2311

Tests, Docs, and Other No-op Changes

• remove extra DB creations in extension tests by @zackattack01 in #2296
• Remove windows-2019 in preparation for deprecation; add windows-2025 by @RebeccaMahany in #2299
• add usetesting linter and fix test cleanups by @zackattack01 in #2294

Dependency Updates

• bump goleveldb version by @zackattack01 in #2315

General

• Log when we perform an uninstall by @RebeccaMahany in #2298
• Remove mutex in favor of atomic.Duration for control request interval by @RebeccaMahany in #2301
• Close files after opening by @RebeccaMahany in #2304

Full Changelog: v1.21.2...v1.22.0

v1.21.2

What's Changed

Table Changes

• Migrate plist type tables in darwin_platform_tables by @cesarfda in #2248
• New Table! The deadly sleeper by @directionless in #2273

Features and Improvements

• Make windowsupdate error strings more verbose by @RebeccaMahany in #2251
• Run WMI ExecQuery synchronously instead of semisynchronously by @RebeccaMahany in #2258
• Store registrations in new registration store by @RebeccaMahany in #2262
• Get munemo for header checks from registration store by @RebeccaMahany in #2264
• Get munemo from registration store when performing db reset check by @RebeccaMahany in #2263
• Handle near-simultaneous calls to Interrupt in secureenclaverunner by @RebeccaMahany in #2268
• Add callback queue to localserver by @RebeccaMahany in #2274
• Log when we detect hardware change; require both serial and hardware uuid to change by @RebeccaMahany in #2278

Bug Fixes

• Remove extra logging when we hit db lock issue by @RebeccaMahany in #2270
• Fix potential panic during osquery instance shutdown by @RebeccaMahany in #2272
• prevent comshim panics by @zackattack01 in #2275

Observability

• Track checkups "score" and error count as metrics by @RebeccaMahany in #2252
• Make performance checkup a scored checkup by @RebeccaMahany in #2255
• Make processes checkup "logSupported" so that it will count towards the checkup score by @RebeccaMahany in #2256
• Export metrics every 10 minutes instead of every minute by @RebeccaMahany in #2260
• Add histogram meter to track RSS in bytes for launcher process by @RebeccaMahany in #2269
• add launchd logs to flares by @zackattack01 in #2276
• Gather performance stats for launcher child processes by @RebeccaMahany in #2277
• remove processes checkup from log checkpoints by @zackattack01 in #2279
• Link traces and metrics, where possible by @RebeccaMahany in #2280

Tests, Docs, and Other No-op Changes

• Update KATC test databases by @RebeccaMahany in #2254
• Add Dependency Updates section to release.yml by @RebeccaMahany in #2266
• Print logs and interrupt start time when interrupt test fails by @RebeccaMahany in #2267

Dependency Updates

• Upgrade to modernc.org/[email protected] to fix data races in tests by @RebeccaMahany in #2265

General

• Only log new table_generate_timeout if it did actually change by @RebeccaMahany in #2247
• Part 2 of removing AutoupdateErrorsStore by @RebeccaMahany in #2250
• Use atomic.Bool for isNixOS vars to avoid data races in tests by @RebeccaMahany in #2281
• add windows machine GUID to hardware identifiers by @zackattack01 in #2282

Full Changelog: v1.20.3...v1.21.2

v1.20.3

What's Changed

Features and Improvements

• Kick off cache attempt when exiting modern standby by @RebeccaMahany in #2240

Bug Fixes

• Ensure windows_updates_cacher logs are shipped to cloud by @RebeccaMahany in #2241
• Increase buffer size to prevent deadlock on sending to channel by @RebeccaMahany in #2243
• Part 1 of removing AutoupdateErrorsStore by @RebeccaMahany in #2244
• set auth code if set by downstream handler by @James-Pickett in #2245

General

• Add nixenv parser and tests for nix-env XML data by @cesarfda in #2239
• Add meter for autoupdate failures by @RebeccaMahany in #2246

Full Changelog: v1.20.2...v1.20.3

v1.20.2

What's Changed

Table Changes

• [KATC] Chrome and firefox error serializing by @cesarfda in #2217
• Add kolide_windows_updates_cached table by @RebeccaMahany in #2230

Features and Improvements

• Allow for compacting backup dbs by @RebeccaMahany in #2194
• macOS run disclaimed by @zackattack01 in #2196
• disclaim falconctl command for macos by @zackattack01 in #2207
• disclaim repcli command for macos by @zackattack01 in #2209
• bump local server rate limit, add health endpoint by @James-Pickett in #2216
• add separate dt4a rate limiter by @James-Pickett in #2220
• Add first metrics to our telemetry by @RebeccaMahany in #2222
• Export metrics to ingest server by @RebeccaMahany in #2223
• Add rungroup actor to periodically cache results of querying Windows Update Agent API by @RebeccaMahany in #2229
• Add flag use_cached_data_for_scheduled_queries, and rewrite osquery config accordingly when set by @RebeccaMahany in #2231
• Add telemetry attribute launcher.goos by @RebeccaMahany in #2233
• Immediately cache data rather than waiting 1 hour by @RebeccaMahany in #2234
• Throw more time at query-windowsupdates by @RebeccaMahany in #2235
• Add counter to track tablewrapper timeouts by @RebeccaMahany in #2236
• Make cached query results TTL cloud-configurable by @RebeccaMahany in #2237
• Record tablewrapper generate timeouts in span by @RebeccaMahany in #2238

Bug Fixes

• Make error struct field into a string so it will be marshalled properly by @RebeccaMahany in #2211
• reduce ole.CoInitialize calls from watchdog controller by @zackattack01 in #2228

Tests, Docs, and Other No-op Changes

• Maybe improve recent flakiness in TestProc by @RebeccaMahany in #2201
• Try running TestProc subtests in sequence rather than in parallel, to avoid pollution by @RebeccaMahany in #2202

General

• ADR for standardizing flagset parsing for launcher, plus an example by @RebeccaMahany in #2197
• Bump golang.org/x/net from 0.36.0 to 0.38.0 by @dependabot in #2210
• Enhance SetEnrollmentDetails to merge details by @cesarfda in #2213
• Rename pkg/traces to ee/observability by @RebeccaMahany in #2215
• dont count dt4a toward rate limit by @James-Pickett in #2219
• Update from trace-specific language to broader telemetry-specific language by @RebeccaMahany in #2218
• return dt4a data matching dt4a account id by @James-Pickett in #2206
• Deprecate grpc transport option by @RebeccaMahany in #2225
• return 204 when there is no dt4a data by @James-Pickett in #2227

Full Changelog: v1.19.0...v1.20.2

v1.19.0

What's Changed

Table Changes

• Remove deprecated MacOS keys from socketfilterfw table by @Micah-Kolide in #2193

Build and Package

• package-builder: add podman support via --container_tool by @tstromberg in #1722

Features and Improvements

• [KATC] Support plain leveldb databases by @RebeccaMahany in #2188
• [KATC] Add row transform step to decode hex-encoded strings by @RebeccaMahany in #2195

Bug Fixes

• [KATC] hexDecode should strip out null chars by @RebeccaMahany in #2200
• [KATC] If sqlite db cannot be queried, continue to query other dbs by @RebeccaMahany in #2199

Full Changelog: v1.18.3...v1.19.0

v1.18.3

What's Changed

Build and Package

• check in updated root.json by @zackattack01 in #2189

Bug Fixes

• Add launcher query-windowsupdates subcommand to avoid memory leak temporarily by @RebeccaMahany in #2185

General

• routine performance checks part 1 by @zackattack01 in #2184
• Increase sleep duration in CPU profiling to 5 seconds by @cesarfda in #2183
• dont stop control server fetch for hardware key failure by @James-Pickett in #2187

Full Changelog: v1.18.0...v1.18.3

v1.18.0

What's Changed

Build and Package

• checking in root.json for packaging by @cesarfda in #2154
• Add Exec Test job for containers by @RebeccaMahany in #2159
• Support target parsing for non-default arches by @RebeccaMahany in #2163
• make deps + build default make by @James-Pickett in #2168

Features and Improvements

• james/dt4a auth by @James-Pickett in #2149
• Include nightly extension id by @directionless in #2158
• Allow for manipulating osquery's effective distributed_interval within 5 seconds by @RebeccaMahany in #2157
• rename zta to dt4a as much as possible by @James-Pickett in #2156
• Add two new flags controlling acceleration by @RebeccaMahany in #2160
• Allow dt4a endpoints to accelerate control + osquery request intervals by @RebeccaMahany in #2161
• also accelerate osq distributed forwarding during control server accelerations by @James-Pickett in #2164
• dt4a - use b64 url encoding everywhere, removed unnecessary b64 by @James-Pickett in #2172
• Keep 2 versions in update library, rather than 3 by @RebeccaMahany in #2173
• Add logs to indicate when launcher is checking for updates by @RebeccaMahany in #2174
• Remove old tracing library from launcher by @RebeccaMahany in #2177
• Switch from default freelist type to more performant option by @RebeccaMahany in #2178
• move munemo check into middleware by @James-Pickett in #2166

Bug Fixes

• Requests to the control server should have timeouts set by @RebeccaMahany in #2153
• KVStore.Get should return nil, not error, when no results are found by @RebeccaMahany in #2165
• Check that ATC config exists before making a plugin out of it by @RebeccaMahany in #2171

Tests, Docs, and Other No-op Changes

• Add more old OSes to the container execs by @directionless in #2162

General

• Bump github.com/golang-jwt/jwt/v5 from 5.0.0 to 5.2.2 by @dependabot in #2169
• Update kit and goleveldb by @directionless in #2170
• Upgrade modernc/sqlite to v1.36.2 by @RebeccaMahany in #2179

Full Changelog: v1.17.0...v1.18.0

v1.17.0

Important

Though stable, 1.16.1 was incompatible with older linuxes, such as Ubuntu 20.04. This v1.17.0 release addresses this issue.

What's Changed

Build and Package

• Build for linux in ubuntu 20.04 container by @RebeccaMahany in #2152
• Root.json generator by @cesarfda in #2142

Features and Improvements

• [IndexedDB/KATC] TypedArrays and ArrayBuffers by @RebeccaMahany in #2148
• Log CheckExecutable thoroughly by @RebeccaMahany in #2150

Bug Fixes

• Do not suppress errors when running CheckExecutable by @RebeccaMahany in #2151

General

• swap path separator for windows in lockfile path collection by @zackattack01 in #2146
• Bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #2147

Full Changelog: v1.16.1...v1.17.0

v1.16.1

Important

Though stable, 1.16.1 is incompatible with older linuxes, such as Ubuntu 20.04. Launcher 1.17 will address this.

What's Changed

Build and Package

• Update cache key for Store Artifacts job by @RebeccaMahany in #2098
• Update matrix.artifactos casing for store_artifacts job by @RebeccaMahany in #2100
• Update to newest version of root.json by @RebeccaMahany in #2123
• Remove usage of soon-to-be-deprecated ubuntu-20.04 runner by @RebeccaMahany in #2131

Features and Improvements

• Receive ZTA info via control server and make it available via localserver by @RebeccaMahany in #2096
• make launcher version a doctor check by @James-Pickett in #2105
• handle terminal tpm errors by @James-Pickett in #2110
• osquery history cleanup part 2 by @zackattack01 in #2113
• Check origin header against allowlist for /zta endpoint by @RebeccaMahany in #2117
• Allow origin (in requests to /zta) to be missing or empty by @RebeccaMahany in #2127
• Move KATC tables to restartable extension manager server by @RebeccaMahany in #2128
• [IndexedDB/KATC] Implement JS map and JS set deserialization for chrome and firefox by @RebeccaMahany in #2135
• add system startup trigger to watchdog by @zackattack01 in #2136
• [IndexedDB/KATC] Implement regexp deserialization for chrome and firefox by @RebeccaMahany in #2139
• [IndexedDB/KATC] Implement primitives deserialization for chrome and firefox by @RebeccaMahany in #2140
• [IndexedDB/KATC] Implement or partially implement parsing for BigInts, Strings, arrays containing data other than strings and objects, and others by @RebeccaMahany in #2144

Bug Fixes

• Ensure sqlite driver is imported for tables that query sqlite databases by @RebeccaMahany in #2094
• return proper error for homebrew not found on macos by @zackattack01 in #2103
• make uninitialized osquery history informational for doctor output by @zackattack01 in #2106
• make sure db reset logs encapsulate change values by @zackattack01 in #2111
• add config file option to flare command for improved flexibility by @cesarfda in #2107
• Remove osqueryd version prefix from CurrentRunningOsqueryVersion by @RebeccaMahany in #2118
• Ensure enrollment details are set by @RebeccaMahany in #2120
• Further delay calling cancel after uploading flare by @RebeccaMahany in #2124
• time machine exclusion updates by @zackattack01 in #2129
• Wait up to 20 seconds for runLauncher shutdown on service shutdown request by @RebeccaMahany in #2145

Tests, Docs, and Other No-op Changes

• add tenv linter, fix up os.Setenv offenses in tests by @zackattack01 in #2088
• Explicitly initialize startup settings store in test by @RebeccaMahany in #2138

General

• Enable rowserrcheck linter and fix existing violations by @RebeccaMahany in #2087
• enable predeclared linter, fixup existing offenses by @zackattack01 in #2090
• Improvements after reviewing new tracing data by @RebeccaMahany in #2089
• Enable exhaustive linter by @RebeccaMahany in #2092
• Enable noctx linter and fix existing violations by @RebeccaMahany in #2093
• presence detection callback by @James-Pickett in #2048
• Generate enrollment details on launcher startup by @cesarfda in #2068
• fix early return caught by linter by @James-Pickett in #2102
• remove unneeded rsa references, upgrade krypto by @James-Pickett in #2101
• check munemo in local server by @James-Pickett in #2095
• move osquery history to knapsack by @zackattack01 in #2104
• clear osquery distributed_denylist_duration when watchdog is disabled by @zackattack01 in #2112
• Enable perfsprint linter with limited ruleset and fix existing violations by @RebeccaMahany in #2115
• Add logs when CollectAndSetEnrollmentDetails fails by @RebeccaMahany in #2119
• Refactor trace exporter to utilize enrollment details from knapsack by @cesarfda in #2122
• Bump package/golang version to fix govulncheck GO-2025-3487 by @RebeccaMahany in #2125
• verify secure enclave keys exist in secure enclave by @James-Pickett in #2116
• Sleep before running tmutil by @RebeccaMahany in #2132
• secure enclave more comments, logging by @James-Pickett in #2130

Full Changelog: v1.15.2...v1.16.1