IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Tanium Server (Version 7.3.314.3641)

From Tanium Knowledge Base
(Redirected from Release Notes (Version 7.3.314.3641))
Jump to navigation Jump to search

Thank you for choosing Tanium.  The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.3.314.3424)


Tanium Server for Windows and Linux v7.3.314.3641

General Availability Release Date: February 5, 2019.

Special Notes

  • Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.3.314.4324 if you are using this version.

New Features

  • Added support for encrypted XML elements in SAML Responses.
  • Global settings can now be managed through the CLI.

Improvements

  • AuthnRequest queries will automatically be signed when the SAMLEncryption key is configured.
  • Tanium Client registration messages reflecting highest Question and Action IDs and peer list have been added to the Tanium Server logging at  LogVerbosityLevel >=40 .
  • Improved the performance of the Tanium Server in handling client connections through the use of the  SO_REUSEPORT  option.
  • Performed some cleanup of older registration code no longer in use.
  • The Tanium Module Server is now capable of executing  HTTP  requests against individual modules without the need of an intermediary  proxyplugin  binary and process.
  • The Tanium Server service on port  443  now allows for  .css  files to be cached by the browser, in the same way it allows it for  .js  and  .html  files.
  • The new parameter  clean_download_catalog_disabled  (ServerNumeric, Default =  0 ) will disable the automatic  /Downloads  directory cleaning function.  Setting this parameter to a non-zero value overrides the settings of any other  clean_download_catalog_*  scheduling parameters.
  • The Tanium Server and Module Server will now report a license ID number when fetching files from  content.tanium.com .
  • Tanium Server plugins have been updated to use the new  --out  parameter in TDownloader and acknowledge its return codes. This adds robustness to the interface between them.
  • Harmonized and cleaned up the treatment of conversions of strings to boolean types in XML parsing.
  • Reworded some of the errors associated with XML parsing to make them more meaningful and human readable.
  • Modified the LDAP-synchronization process to work around a limitation in Microsoft Active Directory where a maximum of 1,500 entries can be retrieved with a single request.
  • Added functionality for a high availability active-active pair of Tanium Servers to synchronize their latest license information and keep the  tanium.license  file on disk updated.
  • Tanium Module Servers will now automatically receive a copy of the  tanium.license  file.
  • The Tanium Server installer will no longer create an overall bandwidth throttle on installation or upgrade, but will instead create an overall limit of 300 connections if a limit is not set, or preserve the existing settings upon upgrade.
  • The Tanium Server's  /info  page will now track the overall number of reporting connections, as well as the number of linear-chain leader connections.
  • The Tanium Downloader binary ( TDownloader.exe  or  TaniumTDownloader ) supports a  check  command, to assist in the troubleshooting of file download issues.
  • The Question Parser now supports the form  Get?forceComputerIdFlag=1 ... , to force a Question to be emitted in a non-counting form (i.e. to include a  Computer ID ) with each result, aiding with questions that return a large number of strings.
  • The Tanium Server API now supports retrieving user information without all of its associated metadata, as a means to reduce the size of the result returned.
  • The Tanium Server's database cleaning procedure will now retire old, non-reissuing Scheduled Actions.
  • Optimized the Tanium Installer database upgrade step which deals with large  groups_filter_specs  tables.
  • Removed the  registrations_per_second  setting from Global Settings, which is no longer used by the Tanium Server v7.3+.
  • Fixed a problem with TDownloader when displaying protected configurations that it cannot decrypt successfully, which would lead to the error message:  Failed to finalize decryption .
  • A new log named  module-history  was added to the Tanium Module Server, which logs all module plugins executions.
  • Tanium Platform components now allow the configuration of configurable network buffer sizes for HTTPS and Tanium protocol communications.
  • Fixed an API issue where the interpretation of Sensor creation was incorrect, and temporary sensors were created even when the source Sensor was not parametrized.
  • LDAP synchronization and authentication now passes the user's domain name along with  samAccountName  when running in a "Sign and encrypt" configuration.
  • Rationalized and reduced the amount of messages logged to the  package-cleaner  log on the Tanium Server.
  • The Tanium platform components have been upgraded to use SQLite v3.26.0 .
  • The Tanium Platform components have been upgraded to use OpenSSL v1.0.2p .

Security Updates

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.

Bug Fixes

  • The behavior of the REST API has been changed to reject NULL  characters in strings, to add robustness in the handling of string parameters.
  • Fixed a PostgreSQL deadlock condition caused sporadically by the update_action_start_time stored procedure.
  • The Tanium Server log message SSL_read: unexpected EOF is now only logged at LogVerbosityLevel>60 , because it is a common occurrence in incomplete communications shutdown with a Tanium Client and spams the server logs.
  • Fixed a behavior in the Tanium API (both SOAP and REST) where updating or creating a content_set_role object would return a result the old set of privileges and not the ones just applied.
  • The Tanium API will no longer allow two Action Groups and Computer Groups to be created or renamed with the same name. This created problems if one of these groups was renamed as "Default".
  • Fixed a hardcoded table and column name in the database upgrade procedure.
  • Updating Saved Actions will now properly honor the "Bypass action approval" privilege.
  • Fixed access to the Tanium Server /info page which would return an HTTP-403 Forbidden error for SAML authenticated users.
  • Fixed an uninitialized operator type in the evaluation of SOAP query filters.
  • Fixed the use of an uninitialized object in the execution of Tanium Server plugins.
  • Fixed an issue where a Scheduled Action Group could not be deleted when old stopped actions had been associated with the group.
  • Fixed a harmless null pointer dereference in the code which builds Sensor history.
  • Tanium KeyUtility now supports more than one, comma-separated server name to be specified when self-signing a certificate.
  • Added support for encrypted XML elements in SAML Responses, which can be enabled by adding a private key and certificate (named SAMLEncryption.key and SAMLEncryption.crt) to the configuration folder (can be overloaded by setting SAMLEncryptionKeyPath , and SAMLEncryptionCertPath ).  The key/cert pair can be generated using KeyUtility selfsign SAMLEncryption.
  • Fixed a problem with Scheduled Actions and temporary sensors which could result in the error: Failed to build action: No sensor with what hash found.
  • Fixed an upgrade problem to Tanium v7.3 when an older database had invalid boolean settings in default group structures.
  • Fixed a harmless omission in the processing of sensor statistics received from clients in an active-active Tanium server pair.
  • The subnets manager plugin now defers input validation to the user interface.
  • Fixed the call to  server_info in the REST API to return proper name/ value pairs, which allows searching by value name.
  • Fixed an upgrade issue in the management of Question groups, where groups with id = 0 require special treatment and would cause the error: questions_subgroups should already have been migrated for question.
  • Fixed an issue apparent in the Tanium REST API where Sensor properties like delimiter, ignore_case_flag, and exclude_from_parse were overlooked and not set.
  • Fixed the setting of NATAddressMask on a Tanium Zone Server to receive decimal numeric inputs, when before only hexadecimal values could be used.
  • Fixed an issue in the Question Parser where square bracket characters ([]) used in regular expressions inside Sensor parameters would cause a repetition of values in the canonical text representation output.
  • Fixed a problem in the PostgreSQL stored procedure named update package_files which would result in the following Tanium Server log error: SQL Exception: 42702 ERROR: column reference 'id' is ambiguous .
  • Fixed potential Tanium Server crashes associated with the flattening of large Question results into CSV format.
  • Asynchronous import request through the REST API now return with an HTTP 202 code, as they used to.
  • Changed the behavior of the  cycle_job_thread_interval parameter so it no longer triggers a sequence of maintenance tasks like database cleaning every time it is reached, and will now have a default value of 600 seconds .
  • The Tanium Server now uses a default of RegistrationIntervalMinutes=2 when an explicit configuration is missing from Global Settings.
  • The default setting for a Zone Server's address mask is now zs_address_mask=0x00FFFFFF  to match the out of the box default of the Tanium Server.
  • Improved the robustness of the package and package file cleaning procedure to consider cases when a file is removed from a package and then added again, which could lead to a file being removed when still referenced. Setting clean_download_catalog_grace_period_hours to a very high value still remains a workaround for this issue in existing versions.
  • The Tanium Server API now allows users with the Administrator privilege to remove plugin schedules, whether they are assigned the Execute Plugin privilege or not and whether the plugin scheduled exists or not.  This helps with plugin schedule cleanup tasks.
  • Fixed a TDownloader problem where it would fail to run when its configuration contained empty protected strings which could not be decrypted. The error message logged before stopping was: InterpretAbsoluteTimeRepresentationFailed .
  • Fixed a typo in the configuration documentation for the Tanium Zone Server which incorrectly referred to the Tanium Server, instead of the Zone Server itself.
  • Fixed a Tanium Zone Server problem where it would synchronize an incorrect value for the platform's lowest stopped Action ID.
  • Changed the way the Tanium Module Server communicates with running module to do without the need of an intermediate proxy.  In doing so the  Content-Length and Transer-Encoding headers have been adjusted accordingly.
  • Added foreign key indices on the users_user_group table to improve performance and avoid UI timeout errors on very large databases.
  • The REST API now supports the GetResultInfo operation against an Action ID , which is necessary to establish Action results.
  • The Tanium Server installer now ensures that String cleaning is enabled by setting enable_string_cap=1, and it also ensures that max_strings_total and max_strings_total_mb are set according to the amount of RAM available in the system.
  • Fixed a minor issue where Saved Questions would not sort properly by their public_flag property.
  • Fixed a problem in the scheduling of Actions when under control of Action Approval, where either one-time or recurring Scheduled Actions could fire before being approved.
  • Fixed an undesirable interaction with a dynamically linked LDAP library (libldap) used by the PostgreSQL library (libpq.so), which would cause a crash when running: TaniumServer database upgrade.
  • Fixed an issue in the REST API when retrieving user detail which would return a nested "user":  entry in the result.
  • Fixed an issue with Tanium Platform components where they could fall in a state that consumed 100% of one CPU after running for some time.

Known Issues and Workarounds

  • N/A.

Additional Information

  • In this version of the Tanium Platform you can now safely remove the  cycle_job_thread_interval=0 setting and let take its default value of 600 seconds.
  • This version of Tanium Server shipped with Common UI Components version 1.3.2.0045.

Product Documentation and Resources