github google/santa 2023.1
v2023.1

latest releases: 2024.9, 2024.8, 2024.7...
21 months ago

Notes

  • Dropped support for macOS 10.15, minimum version is now macOS 11.
  • (BETA) Added file access authorization feature, docs at https://santa.dev/deployment/file-access-auth
  • USB blocking will now also block SD cards (thanks @liamn)
  • sync: Improved debug output when auth fails
  • Improved reliability in reconnecting sync and metrics daemons
  • Several performance improvements

What's Changed

  • docs: Fix typo in sync-protocol, h/t to @maxwbuckley by @russellhancox in #940
  • docs: Update keyserver address in SECURITY by @russellhancox in #941
  • Rename santa_vnode_id_t to SantaVnode by @mlw in #943
  • Switch from task_info to libproc for system resource info by @mlw in #939
  • Drop macOS 10.15 by @mlw in #944
  • Remove SNTCommon by @mlw in #945
  • Include SD Card Mounting in the USB Block Functionality by @liamn in #938
  • Watch items by @mlw in #937
  • Tests: Fix some assertions comparing strings by @russellhancox in #947
  • santad: Change workaround for glob header with blocks by @russellhancox in #948
  • Initial work for File Access Authorizer Client by @mlw in #949
  • Draft proto for new FileAccess log by @mlw in #952
  • FS Access Config Version, Policy decision enums by @mlw in #951
  • Import fix by @mlw in #953
  • pemdas by @mlw in #955
  • Config: In debug builds, allow config to be overridden from a plist file. by @russellhancox in #957
  • Tests: Fix SNTEndpointSecurityFileAccessAuthorizerTest by @russellhancox in #958
  • Dynamically enable/disable FS Access client based on config by @mlw in #959
  • Use the appropriate variable when asynchronously processing auth messages by @mlw in #961
  • Enrich file access events, prepare for logging by @mlw in #962
  • santad: Flush cache when StaticRules are changed by @russellhancox in #963
  • Serialize File Access events by @mlw in #964
  • Introduce end-to-end testing by @kallsyms in #919
  • Lint the E2E start-vm Python script by @kallsyms in #965
  • Fix message lifetime by @mlw in #966
  • Use absl_guarded_by instead of guarded_by by @kallsyms in #967
  • Track path types for current/new watch items by @mlw in #968
  • Fix import issues by @mlw in #969
  • Update LICENSE for VM code by @kallsyms in #970
  • Address policy consistency issues by @mlw in #971
  • sync: Fix deduplication in reachability handler by @russellhancox in #973
  • Fix golden test data for macOS 13 by @mlw in #972
  • Project: Upgrade MOLAuthenticatingURLSession to v3.1 by @russellhancox in #974
  • Adopt new ES APIs to monitor target paths by @mlw in #975
  • Revitalize Fuzzing by @kallsyms in #976
  • Fix import: Add build targets, lint by @mlw in #978
  • Allstar: Add fuzzing artifact by @russellhancox in #980
  • Fix SNTFileInfoTest for macOS 13 by @pmarkowsky in #977
  • Fix loop when no override config is specified by @kallsyms in #981
  • Run fuzzing in a VM by @kallsyms in #982
  • Use new public api for booting VM into recoveryOS by @kallsyms in #983
  • Adopt new ES APIs to watch target paths in tamper client by @mlw in #984
  • Fix SNTFileInfo Fuzzing by @kallsyms in #985
  • Fix nightly run cron specification by @kallsyms in #986
  • Opportunistically use ES cache when possible by @mlw in #989
  • Fuzz embedded plist reading by @kallsyms in #990
  • Add more event coverage in the file access client by @mlw in #991
  • More event type support by @mlw in #992
  • lower fuzz case timeout to 5s by @kallsyms in #993
  • Change name of santa config keys for file access monitoring by @mlw in #995
  • docs: Fix deployment/configuration doc by @russellhancox in #996
  • Add policy version and name to basic string serializer by @mlw in #997
  • Adopt new FS Access Auth config format and policy application logic by @mlw in #994
  • Support configuring signing IDs for process exceptions by @mlw in #998
  • Rename type aliases by @mlw in #999
  • Add watch item state to santactl status by @mlw in #1000
  • Reconnect to santametrics service on failure by @kallsyms in #1001
  • Configurator: Apply config updates in non-daemon processes by @russellhancox in #1003
  • Low hanging fruit perf changes by @mlw in #1004
  • Prevent recursive reconnect attempts by @mlw in #1005
  • Revert "Configurator: Apply config updates in non-daemon processes" by @russellhancox in #1008

New Contributors

Full Changelog: 2022.11...2023.1

Don't miss a new santa release

NewReleases is sending notifications on new releases.