What's Changed
Table Changes
- [KATC] Add deserialize_webkit transform to support Safari IndexedDBs by @RebeccaMahany in #2660
- [KATC] Add tests and further parsing for webkit indexeddbs by @RebeccaMahany in #2661
- [KATC] More webkit indexeddb parsing by @RebeccaMahany in #2662
Features and Improvements
- Adding translation support to menu template by @cesarfda in #2667
- Exclude encrypted values in the JWT family from secretscan by @RebeccaMahany in #2697
- Ignore empty variable names in secretscan by @RebeccaMahany in #2699
- Extend default gitleaks config; add secretscan exception for K8s Sealed Secrets by @RebeccaMahany in #2701
- Move an existing secretscan exception into config.toml by @RebeccaMahany in #2702
- Exclude additional false positives from secretscan (cosign encrypted private keys, key algorithms) by @RebeccaMahany in #2703
- Add "filewalk now" action by @RebeccaMahany in #2698
Bug Fixes
- Fix slogger for callbackWorker by @cesarfda in #2658
- Return error if results store is not available by @RebeccaMahany in #2675
- fix(osquery): guard i.history nil before SetConnected by @directionless in #2693
- fix(keyidentifier): use io.ReadFull and check error in readSizedString by @directionless in #2686
- fix: skip blank lines in data_table and simple_array parsers by @directionless in #2683
- fix: socketfilterfw fall-through and softwareupdate test structure by @directionless in #2680
- fix: flush last record and clean whitespace in Linux parsers by @directionless in #2684
- fix(service): add missing nil guard in publish encode functions by @directionless in #2692
- Add bounds checks in airport scan parser and mdmclient byte transformer by @directionless in #2689
- Fix nil socket path when no recent socket file has stat info by @directionless in #2688
- fix(tuf): guard target.Custom nil before dereference by @directionless in #2685
- Ensure value returned by bbolt Get is valid after transaction completes by @RebeccaMahany in #2695
Build and Package
- Avoid execing for version detection in packaging by @RebeccaMahany in #2676
- Ensure arch is included in cache filename to avoid cross-arch cache hits by @RebeccaMahany in #2678
- Reproducible builds by @RebeccaMahany in #2669
Tests, Docs, and Other No-op Changes
- add indexeddb array and snappy compression tests by @zackattack01 in #2657
- Document a couple additional constraints in table descriptions by @RebeccaMahany in #2659
- Specify permissions contents: read for all workflow jobs that don't have permissions set by @RebeccaMahany in #2671
Dependency Updates
- Upgrade to go v1.25.9 by @RebeccaMahany in #2670
- Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot[bot] in #2674
- Upgrade to golang 1.26 by @RebeccaMahany in #2700
General
- Add job to update root json after rotation by @RebeccaMahany in #2664
- [Automated] April 2026 - Update TUF root.json by @github-actions[bot] in #2665
- Remove errant single quote from root json update job by @RebeccaMahany in #2666
- Exclude GO-2026-4923 until a new version of go.etcd.io/bbolt is available by @RebeccaMahany in #2668
- Pin commit hash for 3rd-party non-immutable actions by @RebeccaMahany in #2672
- Restrict for job using custom access token too by @RebeccaMahany in #2673
- add osquerypublisher encryption metadata and AAD by @zackattack01 in #2677
- add zlib compression to osquery log and result publication by @zackattack01 in #2694
- fix(repcli): fix two panics in parser by @directionless in #2682
New Contributors
- @github-actions[bot] made their first contribution in #2665
Full Changelog: v2.1.1...v2.2.0