IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes (Version 7.2.314.2831)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium.  The following Release Notes document changes between releases of the Tanium Server.
The previous version can be found here: N/A


Tanium Server v7.2.314.2831

Limited Availability Release Date: December 2017
General Availability Release Date: December 2017

Major Features

  • Configurable, native encryption capabilities for network communications and sensitive files on disk
  • Tanium configuration command line interface (CLI)
  • Tanium objects Export/ Import API

Improvements

  • Database pruning of old Question, Action and Temporary Sensor data
  • Tanium Client v7.2 environment variables
  • Server SSL-certificate Registration
  • Offer a richer environment to Sensors running internally within the Tanium Client

Bug Fixes

  • Fixed a condition where the Tanium Server could crash under load.
  • Added a feature to disable the concurrent execution of multiple copies of the same Plugin: forbid_concurrent_execution=1.
  • Audit records are no longer created for constantly changing Global Settings like estimated_node_count, doing so added unnecessary rows to the audit tables (global_settings_audit).
  • Fixed a condition where the Zone Server would not write its Info Pages to disk.
  • Corrected a spurious nagging message in the Zone Server logs that would read: assertion 'ptr != NULL' failed
  • Made the settings for client to client symmetric encryption to be off:
    SymmetricEncryptionEnabledToServer=0SymmetricEncryptionEnabledToPeer=0SymmetricEncryptionMultiplexEnabled=1RequireIncomingEncryption=0.
  • Added the necessary support to the Tanium Zone Server for the collection of Sensor statistics.
  • Changed the Tanium Server to use its own, specific v7.2 manifest, distinct from every other version.
  • Improved the efficiency and speed of Question History and Action History by filtering object-lists and not in XMLWriter.
  • Fixed leaking of hash collision resolution Questions, which would cause this subsystem to stop working when max_active_collision_questions was reached.
  • Reduced the spamming of server logs with messages reading HashCollisionResolution when running with LogVerbosityLevel > 40.
  • Fixed an incorrect number of minutes logged at the Zone Server in the message: Hub inactive for 0 minutes. Dropping message.
  • Changed the system behavior to not attempt to resolve hash collisions for counting Questions.
  • Fixed a parser error where asking  Sensor not contains "foo"  would drop the not qualifier.
  • Fixed Action Status display (when using  require_action_approval=1) where Content Administrators could access the page but would see zeroes in the progress bars.
  • Fixed an inconsistency where the ExportObject API returns VBScript instead of the correct PowerShell.
  • Changed the default value of  SOAPWorkerThreadResetInterval[REG_DWORD] to  60 seconds to reduce memory use on the Tanium Server under hight load.
  • Fixed a problem where Package Files with URLs local to the Tanium Server would show as downloaded even if they did not exist.
  • Fixed an upgrade problem where stopping the Module Server would fail and hung the installer until the Module Server was killed manually.
  • Added a Global Setting (soap_enable_basic_auth=1ServerNumeric) which can be used to disable  HTTP Basic-Authentication on the Tanium Server.
  • Fixed a problem where a Sensor import would fail if it referenced a Content Set that once existed and was deleted.
  • Fixed a Tanium Server crash when attempting to log-in with a DOMAIN user account that once existed and has been deleted.
  • Fixed a mutex-contention problem that impaired the server from handling HTTPS requests when many Saved Question requests were issued simultaneously.
  • Fixed an installation problem where a silent install failed to add the trusted-module-servers.crt file on Windows.
  • Fixed problems related to air-gap installs for Package Files with local URLs on the Tanium Server.
  • Fixed a database deadlock when loading Scheduled Actions for some Action Groups.
  • Fixed a problem where the periodic cleanup of the tanium database would remove Temporary Sensors it should not.
  • The Tanium Module Server now offers the ability to write  /info  page contents to files on disk, like the Tanium Server and Zone Server.
  • Reduced the verbosity in logging when strings are being unloaded from memory cache.
  • Fixed a problem where one-time Actions (not Saved Actions) would impede the removal of an Action Group, which was incorrect.
  • Fixed a condition where re-importing some solutions would create Scheduled Actions with empty packages.  This affected Tanium Patch distribution actions.
  • Implemented paged-LDAP querying where supported by the LDAP server, which helps in accounts with large number of returned account and group objects.
  • Fixed a problem with Sensors that were deleted and added again, which would not show in Sensor lists and create erroneous displays in the Question Bar.
  • Fixed an interaction with Microsoft SQL where Tanium would fail to LDAP-synchronize thousands of users.
  • Fixed a problem where the Global Setting console_headerText would not display correctly in the console.
  • Fixed a bug that impacted Tanium Comply where the modification time for Packages was not being updated after a change.
  • Fixed an RBAC problem where users would retain an Administrator role from a User Group even after the group was deleted.
  • Changed a SOAP Request handler so it will not log LDAP user passwords.
  • Removed the execution of the tanium database cleanup during the upgrade process.
  • Added an option to select the display name user for users synchronized from LDAP.
  • Fixed a problem where failing a PostgreSQL transaction would leave a database connection in a bad state.
  • Improved the performance of SOAP snapchots where cache contention was producing significant slowdowns under load.
  • Changed TDownloader to set TrustedCertPath on the Module Server.
  • Fixed UTF-8 management of Organizational Unit (ou) names in LDAP, which failed to save when they contained Japanese characters.
  • Removed a problematic character limit on the filter that can be used when configuring LDAP-synchronization.
  • The Action Approver view of an Action no longer displays a preview of endpoints, because the targets allowed for the Action author and approver may be completely different.
  • Fixed the filtering over the User Name column in the Question History view.
  • Fixed an error reading 400 Bad Request - Sensor not found in the Filter Builder for Computer Groups.
  • Fixed a problem that would not allow the deletion of Scheduled Actions associated with deleted users.
  • Fixed a problem where the contains and ends with options would disappear from Question Builder when filtering a Sensor result.
  • Fixed the fact that the ?maxAge= modifier would disappear from the Question Bar when a question was run through the English parser.
  • Fixed the behavior of the ExportObject API to handle case-insensitive matching of Sensor names.
  • Changes to the LDAP-synchronization settings are now require re-authentication upon saving.
  • Changed a behavior where, if the Version configuration was missing from TaniumClient.ini or Registry, the Client logged errors reading: Sending is Blocked.
  • Improved the restart times for the Tanium Client service.
  • Removed an unecessary dependency on remote-fs.target in the Tanium Linux Client's systemd unit file.
  • Changed the Tanium Client v7.2 to honor SIGCHILD and improved a condition where the process could consume as much as 10% CPU on the RedHat Linux.
  • Changed the Tanium Client v7.2 to honor SIGCHILD.
  • Added VBScript, PowerShell and Python support to un-quarantine Sensors through the Client API.
  • The Tanium Client will no longer attempt to use internal PowerShell repreatedly if it fails once.
  • Changed the behavior of the internal Python interpreter so it no longer takes over the SIGINT signal handler.
  • The Tanium Client notes the Windows console and output Code Pages (GetConsoleCP and GetConsoleOutputCP) before executing a Sensor and restores them after it completes.
  • Packages are offered a 30 second period to finish running before a Tanium Client stop or reset.  The ChildProcessExitTimeoutSeconds client setting (not Global Setting) controls this timeout.
  • Changed the logging of individual Sensor hash messages to LogVerbosityLevel=95, reducing log sizes and clutter.
  • The Tanium Client notes its current working directory (cwd) before executing a Sensor and restores it after the Sesnor completes.
  • The Tanium Client will now reset if it detects a clock skew of more than 5 minutes against the Tanium Server during registration.  This value used to be 15 minutes.
  • Removed the TimerResolution setting from client, which has caused timing problems in the past.
  • Removed unique paths ('e.g.' TempUnix_123_456) reported on Sensor failures with a fixed string: [filepath] .
  • Added the Action ID to RunAction logging in the client.
  • Added a  $Tanium.Version to the Sensor object for use with internal PowerShell.
  • Made the new get_sensor_history property in Python consistent with VBScript and PowerShell.
  • The internal execution of scripts now preserves the settings of environment variables after executing a Sensor.
  • Normalized the naming and management of UNIX Client log files which was log_N.txt in older versions and logN.txt in newer versions, causing some of them to not be deleted.

 

Known Issues and Workarounds

  • The installer creates an invalid trusted-module-servers.crt file, which produce SSL errors: SSLReadWriteError, SSLHandshakeFailed.
    Workaround: Always choose the installer's Module Server registration option during the upgrade.
  • Setting DisableClientLogging=1 will cause the Tanium client to stop answering questions.
    Workaround: Do not use this setting.
  • Computer Group filtering in the Interact Question Builder does not work
    Workaround: N/A


Product Documentation and Resources