IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Tanium Server (Version 7.3.314.3641)
(Redirected from Release Notes (Version 7.3.314.3641))
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.3.314.3424)
Tanium Server for Windows and Linux v7.3.314.3641
General Availability Release Date: February 5, 2019.
Special Notes
- Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.3.314.4324 if you are using this version.
New Features
- Added support for encrypted XML elements in SAML Responses.
- Global settings can now be managed through the CLI.
Improvements
AuthnRequestqueries will automatically be signed when theSAMLEncryptionkey is configured.- Tanium Client registration messages reflecting highest Question and Action IDs and peer list have been added to the Tanium Server logging at
LogVerbosityLevel >=40. - Improved the performance of the Tanium Server in handling client connections through the use of the
SO_REUSEPORToption. - Performed some cleanup of older registration code no longer in use.
- The Tanium Module Server is now capable of executing
HTTPrequests against individual modules without the need of an intermediaryproxypluginbinary and process. - The Tanium Server service on port
443now allows for.cssfiles to be cached by the browser, in the same way it allows it for.jsand.htmlfiles. - The new parameter
clean_download_catalog_disabled(Server, Numeric, Default =0) will disable the automatic/Downloadsdirectory cleaning function. Setting this parameter to a non-zero value overrides the settings of any otherclean_download_catalog_*scheduling parameters. - The Tanium Server and Module Server will now report a license ID number when fetching files from
content.tanium.com. - Tanium Server plugins have been updated to use the new
--outparameter in TDownloader and acknowledge its return codes. This adds robustness to the interface between them. - Harmonized and cleaned up the treatment of conversions of strings to boolean types in XML parsing.
- Reworded some of the errors associated with XML parsing to make them more meaningful and human readable.
- Modified the LDAP-synchronization process to work around a limitation in Microsoft Active Directory where a maximum of 1,500 entries can be retrieved with a single request.
- Added functionality for a high availability active-active pair of Tanium Servers to synchronize their latest license information and keep the
tanium.licensefile on disk updated. - Tanium Module Servers will now automatically receive a copy of the
tanium.licensefile. - The Tanium Server installer will no longer create an overall bandwidth throttle on installation or upgrade, but will instead create an overall limit of 300 connections if a limit is not set, or preserve the existing settings upon upgrade.
- The Tanium Server's
/infopage will now track the overall number of reporting connections, as well as the number of linear-chain leader connections. - The Tanium Downloader binary (
TDownloader.exeorTaniumTDownloader) supports acheckcommand, to assist in the troubleshooting of file download issues. - The Question Parser now supports the form
Get?forceComputerIdFlag=1 ..., to force a Question to be emitted in a non-counting form (i.e. to include aComputer ID) with each result, aiding with questions that return a large number of strings. - The Tanium Server API now supports retrieving user information without all of its associated metadata, as a means to reduce the size of the result returned.
- The Tanium Server's database cleaning procedure will now retire old, non-reissuing Scheduled Actions.
- Optimized the Tanium Installer database upgrade step which deals with large
groups_filter_specstables. - Removed the
registrations_per_secondsetting from Global Settings, which is no longer used by the Tanium Server v7.3+. - Fixed a problem with TDownloader when displaying protected configurations that it cannot decrypt successfully, which would lead to the error message:
Failed to finalize decryption. - A new log named
module-historywas added to the Tanium Module Server, which logs all module plugins executions. - Tanium Platform components now allow the configuration of configurable network buffer sizes for HTTPS and Tanium protocol communications.
- Fixed an API issue where the interpretation of Sensor creation was incorrect, and temporary sensors were created even when the source Sensor was not parametrized.
- LDAP synchronization and authentication now passes the user's domain name along with
samAccountNamewhen running in a "Sign and encrypt" configuration. - Rationalized and reduced the amount of messages logged to the
package-cleanerlog on the Tanium Server. - The Tanium platform components have been upgraded to use SQLite v3.26.0 .
- The Tanium Platform components have been upgraded to use OpenSSL v1.0.2p .
Security Updates
- This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.
Bug Fixes
- The behavior of the REST API has been changed to reject
NULLcharacters in strings, to add robustness in the handling of string parameters. - Fixed a PostgreSQL deadlock condition caused sporadically by the
update_action_start_timestored procedure. - The Tanium Server log message
SSL_read: unexpected EOFis now only logged atLogVerbosityLevel>60, because it is a common occurrence in incomplete communications shutdown with a Tanium Client and spams the server logs. - Fixed a behavior in the Tanium API (both SOAP and REST) where updating or creating a
content_set_roleobject would return a result the old set of privileges and not the ones just applied. - The Tanium API will no longer allow two Action Groups and Computer Groups to be created or renamed with the same name. This created problems if one of these groups was renamed as "Default".
- Fixed a hardcoded table and column name in the database upgrade procedure.
- Updating Saved Actions will now properly honor the "Bypass action approval" privilege.
- Fixed access to the Tanium Server
/infopage which would return anHTTP-403 Forbiddenerror for SAML authenticated users. - Fixed an uninitialized operator type in the evaluation of SOAP query filters.
- Fixed the use of an uninitialized object in the execution of Tanium Server plugins.
- Fixed an issue where a Scheduled Action Group could not be deleted when old stopped actions had been associated with the group.
- Fixed a harmless null pointer dereference in the code which builds Sensor history.
- Tanium
KeyUtilitynow supports more than one, comma-separated server name to be specified when self-signing a certificate. - Added support for encrypted XML elements in SAML Responses, which can be enabled by adding a private key and certificate (named
SAMLEncryption.keyandSAMLEncryption.crt) to the configuration folder (can be overloaded by settingSAMLEncryptionKeyPath, andSAMLEncryptionCertPath). The key/cert pair can be generated usingKeyUtility selfsign SAMLEncryption. - Fixed a problem with Scheduled Actions and temporary sensors which could result in the error:
Failed to build action: No sensor with what hash found. - Fixed an upgrade problem to Tanium v7.3 when an older database had invalid boolean settings in default group structures.
- Fixed a harmless omission in the processing of sensor statistics received from clients in an active-active Tanium server pair.
- The subnets manager plugin now defers input validation to the user interface.
- Fixed the call to
server_infoin the REST API to return proper name/ value pairs, which allows searching by value name. - Fixed an upgrade issue in the management of Question groups, where groups with
id = 0require special treatment and would cause the error:questions_subgroups should already have been migrated for question. - Fixed an issue apparent in the Tanium REST API where Sensor properties like
delimiter,ignore_case_flag, andexclude_from_parsewere overlooked and not set. - Fixed the setting of
NATAddressMaskon a Tanium Zone Server to receive decimal numeric inputs, when before only hexadecimal values could be used. - Fixed an issue in the Question Parser where square bracket characters (
[]) used in regular expressions inside Sensor parameters would cause a repetition of values in the canonical text representation output. - Fixed a problem in the PostgreSQL stored procedure named update package_files which would result in the following Tanium Server log error:
SQL Exception: 42702 ERROR: column reference 'id' is ambiguous. - Fixed potential Tanium Server crashes associated with the flattening of large Question results into
CSVformat. - Asynchronous import request through the REST API now return with an
HTTP 202code, as they used to. - Changed the behavior of the
cycle_job_thread_intervalparameter so it no longer triggers a sequence of maintenance tasks like database cleaning every time it is reached, and will now have a default value of600 seconds. - The Tanium Server now uses a default of
RegistrationIntervalMinutes=2when an explicit configuration is missing from Global Settings. - The default setting for a Zone Server's address mask is now
zs_address_mask=0x00FFFFFFto match the out of the box default of the Tanium Server. - Improved the robustness of the package and package file cleaning procedure to consider cases when a file is removed from a package and then added again, which could lead to a file being removed when still referenced. Setting
clean_download_catalog_grace_period_hoursto a very high value still remains a workaround for this issue in existing versions. - The Tanium Server API now allows users with the Administrator privilege to remove plugin schedules, whether they are assigned the Execute Plugin privilege or not and whether the plugin scheduled exists or not. This helps with plugin schedule cleanup tasks.
- Fixed a TDownloader problem where it would fail to run when its configuration contained empty protected strings which could not be decrypted. The error message logged before stopping was:
InterpretAbsoluteTimeRepresentationFailed. - Fixed a typo in the configuration documentation for the Tanium Zone Server which incorrectly referred to the Tanium Server, instead of the Zone Server itself.
- Fixed a Tanium Zone Server problem where it would synchronize an incorrect value for the platform's lowest stopped Action ID.
- Changed the way the Tanium Module Server communicates with running module to do without the need of an intermediate proxy. In doing so the
Content-LengthandTranser-Encodingheaders have been adjusted accordingly. - Added foreign key indices on the
users_user_grouptable to improve performance and avoid UI timeout errors on very large databases. - The REST API now supports the
GetResultInfooperation against anAction ID, which is necessary to establish Action results. - The Tanium Server installer now ensures that String cleaning is enabled by setting
enable_string_cap=1, and it also ensures thatmax_strings_totalandmax_strings_total_mbare set according to the amount of RAM available in the system. - Fixed a minor issue where Saved Questions would not sort properly by their
public_flagproperty. - Fixed a problem in the scheduling of Actions when under control of Action Approval, where either one-time or recurring Scheduled Actions could fire before being approved.
- Fixed an undesirable interaction with a dynamically linked LDAP library (
libldap) used by the PostgreSQL library (libpq.so), which would cause a crash when running:TaniumServer database upgrade. - Fixed an issue in the REST API when retrieving user detail which would return a nested
"user":entry in the result. - Fixed an issue with Tanium Platform components where they could fall in a state that consumed
100%of one CPU after running for some time.
Known Issues and Workarounds
- N/A.
Additional Information
- In this version of the Tanium Platform you can now safely remove the
cycle_job_thread_interval=0setting and let take its default value of600 seconds. - This version of Tanium Server shipped with Common UI Components version 1.3.2.0045.