github northpolesec/santa 2026.1
v2026.1
on GitHub

12 hours ago

Notes

Announcements

🎉 Santa has a new Workshop! North Pole Security is excited to announce the release of Workshop, an official sync service specifically designed to deeply integrate with Santa. It is fully featured, scalable, and enterprise ready. Come learn more at northpole.security.

📣 macOS 13 (Ventura) is no longer supported.

Fixed

❗ Instigating process information is no longer missing for File Access rule violations committed by processes that started before Santa was running
❗ Fixed issue that prevented blocking mounts of certain external media types
❗ Blocked USB mounts are now logged in the telemetry stream
❗ Fixed overzealous caching of blocked execution events if the event was unable to be uploaded immediately due to network issues
❗ Removed unintentional escape codes in santactl fileinfo --json output

Added

➕ Co-branding is now supported, allowing admins to configure their company name or logo to be displayed on Santa UI dialogs
➕ Santa now has a menu item! This has functionality to trigger a sync and reset any silenced block notifications. For Workshop customers, you can also control temporary monitor mode and see how much time is remaining. Users can turn this off or on from the "About" dialog. Admins can configure this to be off by default by setting the EnableMenuItem configuration key to false.
➕ The santactl fileinfo command now supports a --verify flag to display code signature validation result for each slice of the binary as well as a security assessment via spctl
Workshop customers: Network shares can now be blocked from mounting and exception lists can be configured (macOS 15+)
Workshop customers: Push command support to terminate arbitrary processes
Workshop customers: You can now use CEL rules to require that a user performs TouchID

Santa documentation can be found at northpole.dev.

What's Changed

  • Block network mounts pt1 by @mlw in #704
  • Add CEL rule to stop users from taking and mounting time machine snapshots by @pmarkowsky in #706
  • Data structures for blocking network mounts by @mlw in #705
  • Kill command impl by @mlw in #702
  • Remove stored events from the backoff cache when event upload fails by @mlw in #709
  • ci: Fix localization.py to exit with a code by @russellhancox in #710
  • santad: Add REQUIRE_TOUCHID option to CELv2 by @russellhancox in #707
  • UI support for blocking network share mounts by @mlw in #708
  • Backfill decision cache on startup by @mlw in #712
  • Telemetry for blocked USB and Network mounts by @mlw in #711
  • Update docs deps by @mlw in #714
  • Drop macOS 13 support by @mlw in #716
  • Fix: Remove the unintentional inclusion of tty control codes in santactl fileinfo --json output by @pmarkowsky in #717
  • Santa command HMAC verification by @mlw in #715
  • Use appropriate CEL v1/v2 evaluator by @mlw in #718
  • Restrict network mount blocking to macOS 15+ by @mlw in #720
  • Remove APNS support by @russellhancox in #721
  • Upload stored network mount events by @mlw in #713
  • Fix issue #719 by @pmarkowsky in #723
  • gui: Add menu item by @russellhancox in #722
  • Allow external repos to depend on Santa by @mlw in #726
  • build: Disable signing timestamps in bazel by @russellhancox in #725
  • gui: Allow users to show/hide menu item by @russellhancox in #727
  • Stub module to allow build time injection of network capabilities by @mlw in #728
  • Change version target visibility by @mlw in #729
  • sync: Fix populating timestamp field for TMM audit events by @russellhancox in #732
  • Support manual installation of santanetd by @mlw in #731
  • santad: Add telemetry for TouchID/hold-and-ask execution events by @russellhancox in #730
  • Add network mount block config to santactl status by @mlw in #734
  • Support detecting first launch after boot by @mlw in #733
  • Cobranding support by @mlw in #735
  • Add 'Reset Silenced Notifications' menu option by @russellhancox in #737
  • santad: Add REQUIRE_TOUCHID_SILENT to CELv2 by @russellhancox in #738
  • Handle network extension settings from sync server by @mlw in #736
  • docs: Force-update lodash by @russellhancox in #739
  • santad: Drop pre-Monterey printer proxy support by @russellhancox in #740
  • Content filter and XPC channel with network extension setup/configuration by @mlw in #741
  • Rename SNTNetworkExtensionSettings by @mlw in #743
  • celv2: Add require_touchid{,_only}_with_cooldown_minutes functions by @russellhancox in #742
  • Add more NATS error logging by @pmarkowsky in #744
  • Optional code signature verification support in santactl fileinfo by @mlw in #745
  • santactl/doctor: Handle no user being logged in, log machine ID/owner by @russellhancox in #746
  • Fix menu item UI edge cases by @mlw in #747
  • Add lefthook config by @russellhancox in #748
  • gui: deny execution of hold&ask events immediately if unavailable by @russellhancox in #749

Full Changelog: 2025.12...2026.1

Check out latest releases or
releases around northpolesec/santa 2026.1

Don't miss a new santa release

NewReleases is sending notifications on new releases.

Get notifications