What's Changed
Build and Package
- Update cache key for Store Artifacts job by @RebeccaMahany in #2098
- Update matrix.artifactos casing for store_artifacts job by @RebeccaMahany in #2100
- Update to newest version of root.json by @RebeccaMahany in #2123
- Remove usage of soon-to-be-deprecated ubuntu-20.04 runner by @RebeccaMahany in #2131
Features and Improvements
- Receive ZTA info via control server and make it available via localserver by @RebeccaMahany in #2096
- make launcher version a doctor check by @James-Pickett in #2105
- handle terminal tpm errors by @James-Pickett in #2110
- osquery history cleanup part 2 by @zackattack01 in #2113
- Check origin header against allowlist for /zta endpoint by @RebeccaMahany in #2117
- Allow origin (in requests to /zta) to be missing or empty by @RebeccaMahany in #2127
- Move KATC tables to restartable extension manager server by @RebeccaMahany in #2128
- [IndexedDB/KATC] Implement JS map and JS set deserialization for chrome and firefox by @RebeccaMahany in #2135
- add system startup trigger to watchdog by @zackattack01 in #2136
- [IndexedDB/KATC] Implement regexp deserialization for chrome and firefox by @RebeccaMahany in #2139
- [IndexedDB/KATC] Implement primitives deserialization for chrome and firefox by @RebeccaMahany in #2140
- [IndexedDB/KATC] Implement or partially implement parsing for BigInts, Strings, arrays containing data other than strings and objects, and others by @RebeccaMahany in #2144
Bug Fixes
- Ensure sqlite driver is imported for tables that query sqlite databases by @RebeccaMahany in #2094
- return proper error for homebrew not found on macos by @zackattack01 in #2103
- make uninitialized osquery history informational for doctor output by @zackattack01 in #2106
- make sure db reset logs encapsulate change values by @zackattack01 in #2111
- add config file option to flare command for improved flexibility by @cesarfda in #2107
- Remove
osqueryd versionprefix fromCurrentRunningOsqueryVersionby @RebeccaMahany in #2118 - Ensure enrollment details are set by @RebeccaMahany in #2120
- Further delay calling cancel after uploading flare by @RebeccaMahany in #2124
- time machine exclusion updates by @zackattack01 in #2129
Tests, Docs, and Other No-op Changes
- add tenv linter, fix up os.Setenv offenses in tests by @zackattack01 in #2088
- Explicitly initialize startup settings store in test by @RebeccaMahany in #2138
General
- Enable rowserrcheck linter and fix existing violations by @RebeccaMahany in #2087
- enable predeclared linter, fixup existing offenses by @zackattack01 in #2090
- Improvements after reviewing new tracing data by @RebeccaMahany in #2089
- Enable exhaustive linter by @RebeccaMahany in #2092
- Enable noctx linter and fix existing violations by @RebeccaMahany in #2093
- presence detection callback by @James-Pickett in #2048
- Generate enrollment details on launcher startup by @cesarfda in #2068
- fix early return caught by linter by @James-Pickett in #2102
- remove unneeded rsa references, upgrade krypto by @James-Pickett in #2101
- check munemo in local server by @James-Pickett in #2095
- move osquery history to knapsack by @zackattack01 in #2104
- clear osquery distributed_denylist_duration when watchdog is disabled by @zackattack01 in #2112
- Enable perfsprint linter with limited ruleset and fix existing violations by @RebeccaMahany in #2115
- Add logs when CollectAndSetEnrollmentDetails fails by @RebeccaMahany in #2119
- Refactor trace exporter to utilize enrollment details from knapsack by @cesarfda in #2122
- Bump package/golang version to fix govulncheck GO-2025-3487 by @RebeccaMahany in #2125
- verify secure enclave keys exist in secure enclave by @James-Pickett in #2116
- Sleep before running tmutil by @RebeccaMahany in #2132
- secure enclave more comments, logging by @James-Pickett in #2130
Full Changelog: v1.15.2...v1.16.0