Releases: google/santa
v1.12
Important
The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.
Once Santa's SystemExtension is installed, it cannot be removed without promoting the user.
Notes
This release of Santa contains bug fixes:
- Sync server communication is interrupted on cold boot #453
- Installing new versions of Santa results in odd SystemExtension behavior, such as multiple
activeextensions and invalid state #454
See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.
v1.10
Important
The v1.x versions of Santa include many architectural changes. Including the usage of EndpointSecurity and SystemExtensions for systems running macOS 10.15+.
Once Santa's SystemExtension is installed, it cannot be removed without promoting the user.
Notes
This release of Santa:
- Contains a feature to manage the transition from KernelExtension to SystemExtension. See the
EnableSystemExtensionsection of SNTConfigurator for details.
See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.
v1.1 (beta)
Important
The v1.x.x versions of Santa are currently in beta and include many architectural changes. Including the usage of EndpointSecurity for systems running macOS 10.15+.
Continue using v0.9.33 for non-test systems.
See the notes for the v1.0.3 release regarding SystemExtension and TCC permissions required to run this release on 10.15.
v1.0.3 (beta)
Important
The v1.x.x versions of Santa are beta and include many architectural changes. Including the usage of EndpointSecurity for systems running macOS 10.15+.
Continue using v0.9.33 for non test systems.
Notes
This release of Santa:
- Uses EndpointSecurity with a SystemExtension on macOS 10.15+
- Uses Kauth with a kext on macOS < 10.15
When installing Santa on macOS 10.15+ a popup will be displayed.
Select "Open Security Preferences" and allow the Santa SystemExtension to run.
For Santa to utilize EndpointSecurity, it must be granted "Full Disk Access". Select the Privacy tab and grant com.google.santa.daemon.systemextension access.
For enterprise deployments these requirements can be managed by an MDM.
Feedback via issues or pull requests are very welcome.
v0.9.33
Notes
This release contains bug fixes.
Bug Fixes
santactl: Sync will now authenticate correctly to servers that only provide the root of a certificate chain for determining allowable credentials.
v0.9.32
v0.9.31 Notarized
This release is built from the same 0.9.31 tag as the previous 0.9.31 release.
- This build is signed with a new signing cert that expires 2022/03/10.
- This build opts all binaries into the hardened runtime.
- santa-driver.kext is notarized and stapled.
All future releases will be notarized and stapled.
v0.9.31
Important
/Applications/Santa.app has been moved to /Library/Extensions/santa-driver.kext/Contents/Resources/Santa.app
Notes
This release contains a new feature and a new location for Santa.app.
Features
santa-driver: Add in-kenel file modification filter (#313)Config: AddFileChangesPrefixFiltersconfiguration option. See the header comments for more details.
v0.9.30
Notes
This release contains a bug fix, a feature, and an implementation feature.
Mojave Bug Fixes
santad: Add critical system binary/usr/sbin/ocspd(#301)
Features
Project: Allow transitive whitelisting to be controlled by a sync server (#300)
Implementation Features
santa-driver: Add back the root and non-root decision caches (#302)
v0.9.29
Notes
This release contains some bug fixes and new features.
Mojave Bug Fixes
santa-driver: Add an IOMatchCategory to fix a load / unload bug (#292)santa-driver: Fix cache invalidation (#298)santad: Add critical system binaries (#296)
Features
Project: Add transitive whitelisting to Santa (#224)
Transitive whitelisting is disabled by default. Documentation is still being generated.