Notes
- Dropped support for macOS 10.15, minimum version is now macOS 11.
- (BETA) Added file access authorization feature, docs at https://santa.dev/deployment/file-access-auth
- USB blocking will now also block SD cards (thanks @liamn)
- sync: Improved debug output when auth fails
- Improved reliability in reconnecting sync and metrics daemons
- Several performance improvements
What's Changed
- docs: Fix typo in sync-protocol, h/t to @maxwbuckley by @russellhancox in #940
- docs: Update keyserver address in SECURITY by @russellhancox in #941
- Rename santa_vnode_id_t to SantaVnode by @mlw in #943
- Switch from task_info to libproc for system resource info by @mlw in #939
- Drop macOS 10.15 by @mlw in #944
- Remove SNTCommon by @mlw in #945
- Include SD Card Mounting in the USB Block Functionality by @liamn in #938
- Watch items by @mlw in #937
- Tests: Fix some assertions comparing strings by @russellhancox in #947
- santad: Change workaround for glob header with blocks by @russellhancox in #948
- Initial work for File Access Authorizer Client by @mlw in #949
- Draft proto for new FileAccess log by @mlw in #952
- FS Access Config Version, Policy decision enums by @mlw in #951
- Import fix by @mlw in #953
- pemdas by @mlw in #955
- Config: In debug builds, allow config to be overridden from a plist file. by @russellhancox in #957
- Tests: Fix SNTEndpointSecurityFileAccessAuthorizerTest by @russellhancox in #958
- Dynamically enable/disable FS Access client based on config by @mlw in #959
- Use the appropriate variable when asynchronously processing auth messages by @mlw in #961
- Enrich file access events, prepare for logging by @mlw in #962
- santad: Flush cache when StaticRules are changed by @russellhancox in #963
- Serialize File Access events by @mlw in #964
- Introduce end-to-end testing by @kallsyms in #919
- Lint the E2E start-vm Python script by @kallsyms in #965
- Fix message lifetime by @mlw in #966
- Use absl_guarded_by instead of guarded_by by @kallsyms in #967
- Track path types for current/new watch items by @mlw in #968
- Fix import issues by @mlw in #969
- Update LICENSE for VM code by @kallsyms in #970
- Address policy consistency issues by @mlw in #971
- sync: Fix deduplication in reachability handler by @russellhancox in #973
- Fix golden test data for macOS 13 by @mlw in #972
- Project: Upgrade MOLAuthenticatingURLSession to v3.1 by @russellhancox in #974
- Adopt new ES APIs to monitor target paths by @mlw in #975
- Revitalize Fuzzing by @kallsyms in #976
- Fix import: Add build targets, lint by @mlw in #978
- Allstar: Add fuzzing artifact by @russellhancox in #980
- Fix SNTFileInfoTest for macOS 13 by @pmarkowsky in #977
- Fix loop when no override config is specified by @kallsyms in #981
- Run fuzzing in a VM by @kallsyms in #982
- Use new public api for booting VM into recoveryOS by @kallsyms in #983
- Adopt new ES APIs to watch target paths in tamper client by @mlw in #984
- Fix SNTFileInfo Fuzzing by @kallsyms in #985
- Fix nightly run cron specification by @kallsyms in #986
- Opportunistically use ES cache when possible by @mlw in #989
- Fuzz embedded plist reading by @kallsyms in #990
- Add more event coverage in the file access client by @mlw in #991
- More event type support by @mlw in #992
- lower fuzz case timeout to 5s by @kallsyms in #993
- Change name of santa config keys for file access monitoring by @mlw in #995
- docs: Fix deployment/configuration doc by @russellhancox in #996
- Add policy version and name to basic string serializer by @mlw in #997
- Adopt new FS Access Auth config format and policy application logic by @mlw in #994
- Support configuring signing IDs for process exceptions by @mlw in #998
- Rename type aliases by @mlw in #999
- Add watch item state to santactl status by @mlw in #1000
- Reconnect to santametrics service on failure by @kallsyms in #1001
- Configurator: Apply config updates in non-daemon processes by @russellhancox in #1003
- Low hanging fruit perf changes by @mlw in #1004
- Prevent recursive reconnect attempts by @mlw in #1005
- Revert "Configurator: Apply config updates in non-daemon processes" by @russellhancox in #1008
New Contributors
Full Changelog: 2022.11...2023.1