Notes
Announcements
🎉 Santa has a new Workshop! North Pole Security is excited to announce the release of Workshop, an official sync service specifically designed to deeply integrate with Santa. It is fully featured, scalable, and enterprise ready.
📣 Ready for Tahoe. This version has been validated on the latest Tahoe beta (beta 4) and includes some small fixes to keep things running smoothly on the upcoming macOS Tahoe release.
Fixed
❗ A minor memory leak could occur when evaluating executions of binaries that were not validly signed
❗ Unable to immediately block a binary that was previously executed and allowed on due to cache (issue on macOS Tahoe only)
❗ Execution telemetry could, on very rare occasions, have an improper reason code logged
Changed
↔️ Enabling APNS can now be done dynamically, a restart is no longer required
↔️ Icons have been updated to coincide with North Pole Security branding
↔️ santactl fileinfo has been updated with better detection of binaries signed with development certs so that rule information returned more accurately matches what would be selected at runtime
Added
➕ The sync protocol now contains information in preflight and postflight stages that allows sync servers to detect rule drift, allowing them to take corrective action
If you're migrating from Google Santa, please see the Migration Guide for details on how to upgrade.
Santa documentation has undergone a complete overhaul and can be found at northpole.dev.
What's Changed
- build: Fix make build by @russellhancox in #479
- Support dynamic APNS registration by @mlw in #475
- docs: Add beginning of cookbook by @russellhancox in #482
- Adopt scoped type to fix leak by @mlw in #483
- Ignore static rules in SNTRuleTableTest's implicit ordering test by @mlw in #485
- santactl/fileinfo: Better detect dev-signed binaries by @russellhancox in #484
- santactl/doctor: Stop complaining about standard profile keys by @russellhancox in #486
- docs: Update config profile format by @russellhancox in #487
- santactl/fileinfo: Fix mismatched signature error matching by @russellhancox in #488
- ObjC++ all the things by @mlw in #490
- santad: Add more info in tamper protection logging by @russellhancox in #489
- build: Update cel-cpp version by @russellhancox in #492
- Initial adoption of rednose macro by @mlw in #493
- sync: ignore app name if the rule is remove by @tburgin in #495
- Fix reason values in exec logs by @mlw in #499
- Rework SNTStoredEvent by @mlw in #498
- sync: If sync state is empty, request clean sync by @russellhancox in #501
- sync: Send a hash of all database rules at beginning and end of sync by @russellhancox in #502
- Cookbook: Add CEL rule to prevent users from disabling gatekeeper by @pmarkowsky in #503
- Add new icons for 2025-07 by @statico in #462
- Make sure clear cache operations have a connected ES client by @mlw in #504
- Add rule to lockdown spotlight importers by @pmarkowsky in #506
- docs: Update logo, add announcement, theming by @russellhancox in #508
- Add nullability to stored events. Fix unwrap of missing data. by @mlw in #509
Full Changelog: 2025.6...2025.7