Download Latest Version
osquery-5.23.0.windows_x86_64.zip (18.9 MB)
Get an email when there's a new version of Osquery
What's Changed
Features
- Add process memory scanning capability to
yaratable by @brian-mckinney in https://github.com/osquery/osquery/pull/8782 - Split yara tables into
yara_processandyara_fileby @brian-mckinney in https://github.com/osquery/osquery/pull/8835 - Add Windows
process_open_handlestable by @brian-mckinney in https://github.com/osquery/osquery/pull/8795 - Add
secureboot_certificatestable for Linux by @zwass in https://github.com/osquery/osquery/pull/8844 - Extend
python_packagesandnpm_packagesto cover modern package managers by @ariary in https://github.com/osquery/osquery/pull/8801 - Add level filtering to the
unified_logtable by @directionless in https://github.com/osquery/osquery/pull/8788 - Disallow newlines in
curlcustom headers by @directionless in https://github.com/osquery/osquery/pull/8787 - Supplement LaunchServices with directory scanning in
appstable (#8789) by @getvictor in https://github.com/osquery/osquery/pull/8790 - Command line flags for query input and output by @directionless in https://github.com/osquery/osquery/pull/8786
- New header-based authentication mechanism for remote APIs by @juan-fdz-hawa in https://github.com/osquery/osquery/pull/8805
- Add recursion to
npm_packagesby @directionless in https://github.com/osquery/osquery/pull/8809 - Make profile.py performance thresholds configurable via CLI flags by @stefanamaerz in https://github.com/osquery/osquery/pull/8841
- Add
ROOT\defaultto WMI tables by @directionless in https://github.com/osquery/osquery/pull/8810
Build & Dependencies
- Update expat to 2.7.4 to fix CVE-2026-25210 by @Sampriti2803 in https://github.com/osquery/osquery/pull/8794
- Fix GCC 15 compatibility by @carlsmedstad in https://github.com/osquery/osquery/pull/8837
Fixes
- Fix macOS keychain corruption when accessing non-SSV keychain files by copying to temporary files first by @lucasmrod in https://github.com/osquery/osquery/pull/8840
- Fix incorrect example queries in table specs by @edwardsb in https://github.com/osquery/osquery/pull/8791
- Improve
network_namedetection on macOSwifi_statustable by @lucasmrod in https://github.com/osquery/osquery/pull/8781 - Fix a bug in
apt_sourcesparsing by @directionless in https://github.com/osquery/osquery/pull/8785 - Add
NOCASEandVERSIONcollation to various columns by @directionless in https://github.com/osquery/osquery/pull/8813 - Increase the limit on systemd unit iteration by @directionless in https://github.com/osquery/osquery/pull/8802
- Fix format string vulnerability in shell.cpp disconnect_socket() by @directionless in https://github.com/osquery/osquery/pull/8824
- Fix saving file times in file carves by @zwass in https://github.com/osquery/osquery/pull/8819
- Fix empty results from
office_mrutable by @thierryfranzetti in https://github.com/osquery/osquery/pull/8838 - Fix multiple security vulnerabilities in smc_keys.cpp by @directionless in https://github.com/osquery/osquery/pull/8820
- Fix
gatekeepertable on macOS 15+ by @thierryfranzetti in https://github.com/osquery/osquery/pull/8831 - Fix container bounds checking vulnerabilities by @directionless in https://github.com/osquery/osquery/pull/8825
- Reduce noisy logs from
chrome_extensionsby @lucasmrod in https://github.com/osquery/osquery/pull/8792
New Contributors
- @edwardsb made their first contribution in https://github.com/osquery/osquery/pull/8791
- @Sampriti2803 made their first contribution in https://github.com/osquery/osquery/pull/8794
- @ariary made their first contribution in https://github.com/osquery/osquery/pull/8801
- @juan-fdz-hawa made their first contribution in https://github.com/osquery/osquery/pull/8805
- @thierryfranzetti made their first contribution in https://github.com/osquery/osquery/pull/8838
- @stefanamaerz made their first contribution in https://github.com/osquery/osquery/pull/8841
Full Changelog: https://github.com/osquery/osquery/compare/5.22.1...5.23.0