Skip to content

v2024.10

Latest
Latest
Compare
Choose a tag to compare
@mlw mlw released this 05 Nov 20:41
2024.10
3aefacb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Notes

This is the first release of North Pole Security Santa!

Please see the Migration Guide for details on how to upgrade from Google Santa.

Santa documentation is now hosted on northpole.dev.

Fixed

❗ Fixed bug where the "Code Signature Invalidated" telemetry event was never logged
❗ Fixed issue where File Access Authorization rule versions were displaying the wrong value in the UI

Changed

↔️ New Icons!
↔️ The UI has been revamped. The details shown to users has been streamlined to only show important, understandable details to users. The full set of previously displayed data can be displayed by clicking the new "More Info" button.
↔️ The silence period on blocked binary notifications can now be set to longer durations (one day/one week/one month)

Added

➕ Details from the new blocked application dialog are now copyable
➕ Several new anti-tampering features were added to better protect Santa installs
➕ Localization is now supported. Initial languages include: German, Ukrainian and Russian. We'll be adding more over time. If you'd like to add support for a new language, we'd love to help you get started! Please open an issue and we can guide you through the process.

Other

Please note that Santa now has a new Bundle ID (com.northpolesec.santa) and TeamID (ZMCG7MLDV9). Signing IDs have also been updated to have the com.northpolesec.* prefix.

What's Changed

  • change bundle id to com.northpolesec.* by @tburgin in #1
  • Project: Update team ID wherever appropriate by @russellhancox in #4
  • Add disclaimer by @pmarkowsky in #3
  • Hook up CS INVALIDATED event by @mlw in #6
  • cleanup legacy components by @tburgin in #7
  • Fix tree aware clients handleContextMessage default return by @mlw in #17
  • installer: support side-by-side install of NPS Santa [1/2] by @tburgin in #19
  • installer: support side-by-side install of NPS Santa [2/3] by @tburgin in #20
  • Revert "installer: support side-by-side install of NPS Santa [2/3] (#… by @tburgin in #26
  • partial revert: installer: support side-by-side install of NPS Santa [1/2] by @tburgin in #27
  • installer: generate migration pkg [1/2] by @tburgin in #28
  • Project: Update notarization_tool.sh to take a key instead of username/password by @russellhancox in #31
  • Update copyright statements for all binaries. by @pmarkowsky in #29
  • installer: generate migration pkg [2/2] by @tburgin in #30
  • Packaging: create package from files under RELEASE_ROOT by @russellhancox in #32
  • package: fix migration file path by @tburgin in #33
  • package: fix migration prefix and set -e by @tburgin in #34
  • package: cleanup com.northpolesec.santa.migration folder by @tburgin in #35
  • Packaging: Copy the pkg to the artifact dir by @russellhancox in #36
  • Actions: Cache bazel between workflows to optimize usage by @russellhancox in #39
  • santad: Stop preventing kextload of santa-driver by @russellhancox in #38
  • santad: Prevent overwrites of Santa.app by @russellhancox in #37
  • Add new install command by @mlw in #40
  • package: tamper resistant install [1/2] by @tburgin in #41
  • santad: Cleanup functions that were moved in a previous PR by @russellhancox in #43
  • package: sysx install services [2/2] by @tburgin in #42
  • Set associated BundleIDs in launchd plists by @mlw in #45
  • Implement daemon install command by @mlw in #44
  • build: fix bazel run :reload by @tburgin in #47
  • tamper: prevent open as writable on protected files by @tburgin in #49
  • Fix tamper tests, add tests for OPEN event and prefix paths by @mlw in #50
  • Workflows: Use the runner OS as the key for disk caches by @russellhancox in #51
  • Project: Use matrix.os as cache key instead of runner.os by @russellhancox in #52
  • GUI: Re-write binary block window with SwiftUI [1/3] by @russellhancox in #46
  • Project: Upgrade OCMock to v3.9.4, drop unused patches by @russellhancox in #57
  • Project: Disable broken workflows by @russellhancox in #58
  • GUI: Allow customization of silence period by @russellhancox in #54
  • Sync: Migrate to using sync proto from northpolesec/protos by @russellhancox in #56
  • GUI: Reduce icon saturation, add keyboard shortcuts as tooltips, move "Copy Details" by @russellhancox in #59
  • GUI: Localization support by @russellhancox in #62
  • GUI: Add selectable silence periods for FAA notifications by @russellhancox in #60
  • GUI: Add support for German localization by @headmin in #63
  • gui: fix publisher layout by @tburgin in #64
  • tamper client: protect service configs by @tburgin in #55
  • Localization: Don't use keys in strings in SNTBlockMessage. by @russellhancox in #66
  • docs: Update santa-block.gif for new UI by @russellhancox in #68
  • Prevent legacy service loads, cleanup legacy plists by @mlw in #65
  • GUI: Refactor common UI elements into a single module. by @russellhancox in #67
  • Set FAA per-rule version to the policy version by @mlw in #69
  • gui: display bundle hashing progress by @tburgin in #71
  • GUI: Update DeviceMessage to new UI by @russellhancox in #74
  • Localization: Add script to regen and validate localizations by @russellhancox in #76
  • Project: Disable pyink checks by @russellhancox in #77
  • GUI: Updated support file for German localization by @headmin in #78
  • docs: add a migration doc by @tburgin in #79
  • Project: Cleanup trailing whitespace by @russellhancox in #80
  • docs: Fix formatting in migration doc by @russellhancox in #82
  • Minor cosmetic updates to migration doc by @mlw in #83
  • docs: Fix a few typos in migration doc by @russellhancox in #84
  • Fix typo in install command by @pmarkowsky in #85
  • README: Some minor wording updates by @russellhancox in #87
  • Project: When localization check fails, print a useful error by @russellhancox in #89
  • Project: Ensure Swift code is properly formatted by @russellhancox in #88
  • gui: do not add to recent applications by @tburgin in #90
  • Address findings from migration testing by @mlw in #91
  • Move away from /Library/Caches for migration by @mlw in #92
  • gui: Make buttons the same width as the checkbox control by @russellhancox in #94
  • Expose flushcache Command by @pmarkowsky in #95
  • Only set AT_SYMLINK_NOFOLLOW_ANY on supported OS versions by @mlw in #98
  • gui: Fix spacing around more details button on FAA dialog by @russellhancox in #97
  • docs: add servicemanagement example profile by @tburgin in #99
  • checkcache and flushcache are now hidden commands. Help text updates. by @mlw in #100
  • gui: Add some date-based font shenanigans by @russellhancox in #96
  • Make New Icons Meet Apple Guidelines by @pmarkowsky in #101
  • gui: scale icon on window by @tburgin in #102
  • Project: Add git commit to version output by @russellhancox in #103

New Contributors

Full Changelog: https://github.com/northpolesec/santa/commits/2024.10

Contributors

headmin, russellhancox, and 3 other contributors
Assets 5
Loading