IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Tanium Server and Tanium Client (Version 7.2.314.3476)
(Redirected from Release Notes (Version 7.2.314.3476))
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server and Client.
This platform release includes the release of a Windows and Linux Tanium Server as well as platform clients.
The previous Tanium Server versions can be found here:
Release Notes (Version 7.2.314.3246)
The previous Tanium Client versions can be found here:
Release Notes (Version 7.2.314.3211)
Release Notes (Version 7.2.314.3235)
Tanium Server for Windows and Linux and Tanium Client v7.2.314.3476
General Availability Release Date: November 6, 2018
Major Features
- The
ServerNameandServerNameListsettings on the Tanium Client now allow specifying not only server names (or IP addresses) but also a port number on which to connect to the server, like:ServerNameList=ts.foo.com:443,zs.foo.com:443. This will control the outgoing connections independent of the client'sServerPortsetting. - The Tanium Client will now log errors returned by the
GetComputerNameExWandgethostnamecalls to the Windows operating system, which are the two functions used to determine the result for theComputer Namesensor. - SAML now supports SP-initiated logins.
- The Zone Server installer now supports browsing for the
tanium.pubfile, instead of having to type in its full path into a textbox. - Added the
idp_sso_force_reauthfield to support SP-initiated authentications.
Improvements
- Added a caption to the Zone Server installer to make it clear that the field labeled "Allowed Hub IP Address" will accept a comma separated list of Zone Server Hubs which are allowed to connect to this Zone Server.
- TDownloader will now ignore the usual ways of configuring proxies for
curlwhen the Tanium Server proxy settings are configured. This avoids situations where environmental settings mask the specific Tanium configuration. - TDownloader can now trigger updates to the Windows Root Certificate store when encountering missing CAs during download operations.
- TDownloader now creates a more intuitive structure within the
.zipfiles created while downloading UNC directories specified as Package files. - The Tanium Server will now run a periodic cleanup pruning of its archive result tables. This cleanup is controlled by the following server numeric parameters:
archive_database_cleanup_interval(default24h),archive_database_cleanup_hour(default25; i.e. Disabled). - Fixed the display of user account's last login date to omit authentications generated by scheduled plugins in their name.
- The platform installers no longer deliver
dbghelp.dll, but use the operating system's copy instead. - The TDownloader binary now accepts a
--config-folderparameter, which allows different instantiations to run with different configurations, which will benefit Tanium modules which want to use this binary to download files. - The LDAP synchronization process will now log a single message at
LogVerbosity=11every time it execute successfully. This is to offer a continuous but terse indication of the correct execution of these synchronizations. - The Tanium Platform components are now upgraded to use Python v2.7.15 .
- Increased performance by removing an unnecessary lock contention during TLS connection setup, which would manifest itself through reduced values (often zero) of
Min_Available_Threadsin the SOAP information on the Tanium Servers/infopage. - The RBAC subsystem will now throw and log a proper exception, instead of logging
GetSavedQuestionDataFailed, when a request tries to fetch a Saved Question outside its effective permissions. - Updating Saved Actions will now properly honor the "Bypass action approval" privilege.
- Due to clock-shift and synchronization, sometimes a Client's response seems to originate a few seconds in the future, which results in being displayed as a very large number of seconds ago. These cases are now all normalized now to be displayed as
0 seconds. - Added an
audit_history_sizeparameter default for SOAP queries, limiting the number of audit history records returned when querying an object. - Added audit information support for plugin schedules.
- The Tanium Server on Linux now offers the ability to specify Package Files located on SMB shares.
Security Updates
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
Server Bug Fixes
- Fixed a transaction issue during LDAP synchronization which could overrun on the
ldap_sync_working_tablein active-active Tanium Server deployments. - Fixed a problem where CAC authentication would not work on Linux-based platforms.
- Fixed a condition where the Tanium Server could crash if stopped soon after being started.
- Improved the robustness of TDownloader which would cache wrong modification time served by different access points of Microsoft's Content Distribution Network (CDN).
- Modified the schedule and behavior in recycling SOAP worker threads to avoid unnecessary memory growth in the Tanium Server. The Global Setting
cycle_job_thread_intervalnow runs at a default of300 seconds. - Resolved a problem in the
get_saved_actionsstored procedure on PostgreSQL, which would reportScheduleActionsNow: ERROR: column reference 'id' is ambiguousin the Tanium Server logs and keep some Policy Scheduled Actions from being reissued. - Fixed the use of an uninitialized object in the execution of Tanium Server plugins.
- Fixed an uninitialized operator type in the evaluation of SOAP query filters.
- Modified
LDAPPing.exeto correctly honor theldap_timeout_secondsGlobal Setting. - Fixed the filtering of questions in Question History when using equality and comparison operators.
- Fixed the sorting by
Query Textin the Question History grid. - Fixed a PostgreSQL deadlock condition caused sporadically by the
update_action_start_timestored procedure. - Fixed an issue in LDAP synchronization of users to manage escaped
dndesignations when using the "Users of groups" filtering option. - Added validation of the auto-commit setting for pooled database connections, avoiding database interaction problems which would fail with the error message:
SQLTransactionNested. - Fixed a problem when merging a second question into a first set of result which would result in only
[no results]returned for the merge. - Modified hardcoded element in the management of assertions.
- Fixed a Tanium Server issue where temporary Sensor names were returned with the results of a Saved Question, showing names like
tempsensor_Ninstead of the name of the original parametrized Sensor from which it was generated. - Fixed a problem in results when using the "Recent view" for Saved Questions, which would fail to populate the
Agecolumn values that always accompany recent results. - Fixed a minor memory leak in the Tanium Server string cache, associated with the flushing of duplicate string values for a Sensor.
- Fixed a cache-timing problem across active-active Tanium Servers where when creating a Saved Question on one of the servers, the other might display the question as
Get number of machinesbecause thequestion_select_specswhere cached before being fully populated. - Fixed the SQL error
Invalid precision valuewhen using LDAP filters longer that 2,000 characters for the users to be synchronized. - Fixed a minor memory leak issue in the wrapper used to execute SQLite database commands.
- Increased the allowed size for additional Action target manual endpoint list filters, which will throw the error
Invalid precision valuewhen there are too many endpoint names or IPs in the target list. - Fixed a problem with the LDAP synchronization of new users where, when a new user account was created, the database
users_audittable was not updated. - Fixed an issue with
KeyUtilityduring the generation of the TLSreporting.crtthat resulted in theInstall.logmessage:Reporting TLS generation failed. - Fixed a problem with the canonical text of a parsed question where in
any foobar not contains footheanyclause was dropped, making it parse incorrectly if the emitted text form was reused. - CAC-authentication enabled systems now allow access to
/info,/stringand/info.json. - Fixed an issue that skipped downloading of UNC Package files believed to be unchanged from their cached copies.
- Changed the SAML implementation to ignore whitespace in Base64-encoded signatures to work with some providers like SiteMinder.
- Added performance-enhancement indices to the
groups_filter_specstable. - Fixed the Tanium Server's failover of a Module Server, which was not working properly.
- Changed the Windows installer to default to installing a local Module Server during upgrade only when a local TMS is already installed.
- Added the
LdapSyncConnectorNotFounderror response when attempting to delete an LDAP synchronization connection which does not exist. - Changed the Windows Tanium Server installer to create its databases in PostgreSQL using
UTF-8instead of the default locale. - The Tanium Server installer will no longer add
127.0.0.1to theModuleServerconfiguration setting when skipping a local Module Server installation. This value should only be in place when a Module Server is installed locally. - Enhanced SAML authentication to operate transparently on active-active Tanium Server configurations.
- Fixed a group duplication issue over the
groups_subgroupstable which would cause anHTTP 500error when drilling down on question results, and SQL message in the Tanium Server logs:Violation of PRIMARY KEY constraint. - Fixed an issue with certificate-based authenticated downloads when UNC names are substituted for IP addresses.
- Worked around an inconsistency in the use of the
allinfoSMB command on the Linux TDownloader, which resulted in failed downloads and the error:NT_STATUS_OBJECT_NAME_NOT FOUND getting alt name for /. - Reconfigured the highest protocol version used to SMBv3 in TanOS.
- Changed the behavior of the Tanium Server for forced client registrations, registering this event as the last registration time, thus avoiding another registration in a shorter period of time than configured.
- Changed the behavior of the Whitelist URL system to allow the creation of URL regular expressions with the same contents but different letter casing.
- Fixed the display of console glyphicons on Internet Explorer v11.
- Fixed the
TSConfigUtilsManagerplugin to honor theDownloadsPathconfiguration setting. - Fixed a stacking summary issue in the Question's result grid where duplicate rows would appear in the results, and their
Countcolumns would not be added as expected. - Fixed an incorrect path to the
server.dbdatabase in the Tanium Server RPM installer for Linux. - Fixed a leak in
HTTPservice handlers on the Tanium Module Server, which could be seen reflected as an increasing number ofBusy_Handlersin theHTTP-Serversection of theinfo/files. - Changed SAML behavior for Assertion signature to be optional, allowing it to work with authentication systems that do offer this feature.
- Fixed an issue in TDownloader where it would would be rendered unusable when unable to decrypt certificate authorized configurations due to file system permissions.
- Fixed a typo in the Tanium Server installer wording.
- Fixed an issue where the expiration of a Whitelist URL regular expression would not be propagated to the created whitelists that matched the regular expressions.
- The Tanium Server will now stop reissuing the Saved Questions, Actions and Plugins owned by a user after it is deleted.
- TDownloader now uses slash characters as path separators to conform to
.zipfile official standards. - Fixed TDownloader to report the download progress size of UNC/ SMB Package Files in their corresponding progress files.
- Fixed the duplication of Windows computer names in the Tanium console System Status page, which was caused by operating system behavior which would not report a fully qualified domain name (FQDN) during its shutdown phase.
- Action tracking verification Saved Questions are now created belonging to the Reserved Content Set.
- The Tanium Server API will now ignore letter casing when enforcing Saved Question names to be unique.
- Added two new Global Settings (Server, Numeric):
disable_action_status_archive_flaganddisable_data_archive_flagwhich, when set to a non-zero value will disable storing of data to the Question results archive tables. The first will disable only the archiving of Action status questions, while the second one will disable all archiving. - Fixed the database cleanup procedure that would remove accounts' last login information as part of a version upgrade.
- Fixed a condition where parametrized Sensor names would be returned as
[sensor name currently unavailable]and caused the Results Grid for a Question to be rendered as empty.
Client Bug Fixes
- The initial registration of Tanium Clients will no longer send
ComputerID=0as it is now unnecessary. - Improved the CPU efficiency on the Tanium Client when receiving and computing the size of large Questions.
- Fixed a Tanium Client installer issue on Windows were the file browser would display a pop-up asking to create the file on every directory visited.
- Fixed a behavior of the Tanium Client's
ExtraConnectionLimitwhich caused clients adjacent to isolated endpoints to unnecessarily become leaders in a chain. - Fixed a locking condition in the Tanium Client on the Sensors SQLite database when nesting sensor executions.
- Changed the behavior of the Tanium Client installer to populate
ServerNameListwhen this key already exists but is blank / has no contents. - Manual Computer Group membership at the endpoint is now maintained in a local database instead of the Windows registry or a file in Linux.
Known Issues and Workarounds
- None
Additional Information
This version of Tanium Server shipped with Common UI Components version 1.2.2.0180.