Representing commits from 14 contributors! Thank you all.
This version fixes a regression introduced in 4.7.0 related to events expiration optimization. Please read (#7055) for more information.
This release upgrades openssl, as is general good practice. Osquery is not known to be effected by any security issues in OpenSSL.
New Features
- shell: Add
.connect
meta command (#6944)
Table Changes
Under the Hood improvements
- Removing Keyboard Event Taps from osx-attacks pack (#7023)
- Refactor watcher out of singleton pattern (#7042)
- Small events subscriber refactor to increase test coverage (#7050)
- Setting non-required
deb_packages
fields as optional in test (#7001)
Bug Fixes
- Handle events optimization edge cases (#7060)
- Fix optimization for multiple queries using the same subscriber (#7055)
- Use epoch and counter for events-based queries (#7051)
- Guard node key to prevent duplicate enrollments (#7052)
- Change windows calculation for physical_memory (#7028)
- Free using WTSFreeMemoryEx for WTSEnumerateSessionsExW (#7039)
- Release variable in Windows data conversation (#7024)
- Change
chrome_extensions
warnings to verbose (#7032) - Add transactions to the SQLite authorizer PRAGMAs (#7029)
- Change Windows messages to verbose (#7027)
- Fix scheduler to print the correct number of elapsed seconds (#7016)
Documentation
- Fix
tls_enroll_max_attempts
flag name in the documentation (#7049) - Improve docs on FIM, mention NTFS and Audit, etc. (#7036)
- config: Add docs for the events top-level-key (#7040)
- Add funding link on GitHub generated page (#7043)
- Correct the example in the
windows_events
table spec (#7035) - Correct docs about OpenSSL and TLS behavior (#7033)
- Update docs to describe how to build for aarch64/arm64 (#6285) (#6970)
- Add a note on enabling Windows to build with CMake's long paths (#7010)
- Add 4.8.0 CHANGELOG (#7057)
Build
- Add an option to enable incremental linking on Windows (#7044)
- Remove Buck leftovers that supported building with old versions of OpenSSL (#7034)
- Add build_aarch64 workflow for push (#7014)
- Move CI to using docker from osquery (#7012)
- Update dockerfile to multiplatform (#7011)
- Run GH Actions workflows on all tags (#7004)
- Disable BPF events tests if OSQUERY_BUILD_BPF is false (#7002)
- libs: Update OpenSSL to version 1.1.1k (#7026)