v2023.5

Notes

➕ Santa now supports Signing ID rule types. See full documentation on santa.dev.

➕ File Access Authorization configuration now supports inverting the exception list in order to specify the processes that should be denied (or audited) instead of allowed.

What's Changed

• Clarify that execution_time is a float64 by @jasonmc in #1080
• Fix documentation for clean sync field in the preflight request. by @faizanrashid in #1082
• Switch SNTEventState to uint64_t, reposition flag values and masks by @mlw in #1086
• Add support to file monitoring config to invert process exceptions by @mlw in #1083
• Inject additional dependencies into the serializers by @mlw in #1078
• Docs: Added instructions for how to use config-overrides.plist by @pmarkowsky in #1077
• santactl/rule: Fix --path argument by @russellhancox in #1089
• Don't establish the FAA client pre-macOS 13 by @mlw in #1091
• Return unique_ptr from Enrich instead of shared_ptr by @mlw in #1093
• Stop unmuting the default mute set unnecessarily. by @mlw in #1095 (fixes: #1094)
• Add new rule type for Signing IDs by @mlw in #1090
• docs: Update vulnerability reporting instructions by @russellhancox in #1098
• Handle database downgrade scenarios gracefully by @mlw in #1099
• Fix precedence for static rule evaluation, santactl fileinfo output by @mlw in #1100

New Contributors

• @jasonmc made their first contribution in #1080
• @faizanrashid made their first contribution in #1082

Full Changelog: 2023.4...2023.5