winget install --id osquery.osquery
About osquery
SQL powered operating system instrumentation, monitoring, and analytics.
What's new in 5.23.1
This is a bug and security fix release. What's Changed Fixes - Fix heap buffer overflow in Windows processes table by @seph in #8934 - Fix heap buffer overflow in Windows authenticode table by @seph in #8923 - Fix use-after-free in Linux process_file_events implementation by @zwass in #8950 - Fix incorrect permissions on temporary file carve directories by @zwass in #8961 - Fix documentation for process_open_handles table by @seph in #8853 - Fix subject2 and issuer2 columns for Windows certificates table by @getvictor in #8963 Full Changelog: 5.23.0...5.23.1
Version history
| Version | Updated | Notes |
|---|---|---|
| 5.23.1 | Unknown | This is a bug and security fix release. What's Changed Fixes - Fix heap buffer overflow in Windows processes table by @seph in #8934 - Fix heap buffer overflow in Windows authenticode table by @seph in #8923 - Fix use-af... |
| 5.23.0 | Unknown | What's Changed Features - Add process memory scanning capability to yara table by @brian-mckinney in #8782 - Split yara tables into yara_process and yara_file by @brian-mckinney in #8835 - Add Windows process_open_handle... |
| 5.22.1 | Unknown | 5.22.0 macOS binaries will not execute because the signing certificate is out of sync with the provisioning profile. 5.22.1 replaces it. What's Changed Features - Make escapeNonPrintableBytes UTF-8 aware by @nulmete in #... |
| 5.21.0 | Unknown | What's Changed - Improvements to password_policy table by @zwass in #8705 - Improve file traversal performance and correctness by @Krechals in #8704 - Add support for Login Items and Background Services on modern macOS b... |
| 5.20.0 | Unknown | What's Changed Features/Bugs - Add default path for CA certificate bundle on openSUSE by @iko1 in #8687 - Exclude config views from db migration by @Micah-Kolide in #8678 - Make vscode_extensions more consistently report... |
| 5.19.0 | Unknown | What's Changed Features - Add table deb_package_files by @zwass in #8657 - Add system_profiler table for macOS by @zwass in #8645 - Add version collate to os_version table's version column by @Micah-Kolide in #8659 - Add... |
| 5.18.1 | Unknown | Revert "Update Windows runner version in hosted_runners.yml (#8618)" (#8633) |
| 5.17.0 | Unknown | 5.17.0 Git Commits What's Changed - Add CHANGELOG.md entry for 5.16.0 by @lucasmrod in #8548 - Add symlink_target_path to files tables by @DocEmmetBrown in #8502 - cve: Ignore libarchive CVE-2024-26256 by @Smjert in #854... |
| 5.16.0 | Unknown | 5.16.0 Git Commits Representing commits from 7 contributors! Thank you all. Table Changes - Fix the python_paths table to skip unnecessary code paths when filtering by directory (#8544) - Added python packages in user di... |
| 5.11.0 | Unknown | No notes |
| 5.8.2 | Unknown | No notes |
| 5.6.0 | Unknown | Table Changes - Add firmware_type column to platform_info on macOS (#7727) - Add additional vendor support for the windows wmi_bios_info table (#7631) - Fix docker_container_processes on macOS (#7746) - Fix process_file_... |