Download Latest Version Privileges 2.4.0 source code.tar.gz (14.2 MB)
Email in envelope

Get an email when there's a new version of Privileges

Home / 2.4.0
Name Modified Size InfoDownloads / Week
Parent folder
Privileges_2.4.0_noLC.pkg 2025-07-03 1.7 MB
0
Privileges_2.4.0.pkg 2025-07-03 1.7 MB
0
Privileges 2.4.0 source code.tar.gz 2025-07-03 14.2 MB
0
Privileges 2.4.0 source code.zip 2025-07-03 14.3 MB
0
README.md 2025-07-03 2.6 kB
0
Totals: 5 Items   32.0 MB 0

What's new?

  • If you've configured Privileges with a maximum expiration interval, there is now a new key MaxIntervalInitial that allows you to define the initial interval to use. So you could now define a maximum interval of 60 minutes and set the initial interval to 10 minutes. This will only work as long as the user has not selected an expiration interval. So it's good for the initial setup of a Mac.

  • Unsent syslog or webhook events can now be queued. So if a user does not have an internet connection, these events are not lost as in previous versions of Privileges, but are queued. To enable event queueing, set the new QueueUnsentEvents key to true. Additionally, you can configure the maximum number of events that should be queued by using the QueuedEventsMax key. Here's how event queueing works:

  • If an event (syslog or webhook) cannot be sent, it will be stored locally in /Library/Application Support/Privileges/QueuedEvents.plist.

  • The app attempts to send unsent events at the next privilege change, as well as at various intervals. Retries will occur after approximately 5, 15, 30, and 60 minutes, followed by retries every other hour.
  • If, due to configuration changes, webhook and syslog events are mixed in the event queue, only the events that match the currently configured logging type are resent. Events of a different logging type are discarded.
  • We make sure that the events are sent in the correct order. So the current event will be sent after the queued events.
  • Webhook events have a new delayed key, that is set to true for queued events. This makes it relatively easy for the receiver to identify these events.

  • Events that still could not be sent are returned to the event queue. If the number of unsent events is greater than QueuedEventsMax, the oldest events are discarded. Setting QueuedEventsMax to 0 means that an unlimited number of events will be queued (not recommended).

  • A new configuration key RequireBiometricAuthentication has been added. If RequireAuthentication is enabled, this new key can be used to force biometric authentication. If Touch ID is configured, the user can only authenticate using Touch ID and cannot use a username and password as a fallback. If the machine does not support biometric authentication or is not configured for it, the user will still be asked for a username and password.

  • Fixed an issue where a misconfiguration of the RevokeAtLoginExcludedUsers could cause unwanted application behavior.

  • We also optimized the mTLS code to improve its handling of certain certificates.

Source: README.md, updated 2025-07-03