IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Tanium Server and Tanium Client (Version 7.4.4.1250)
(Redirected from Release Notes (Version 7.4.4.1250))
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server and Tanium Client.
This platform release includes the release of both a Windows and Linux Tanium Server and Tanium Client binaries for all supported platforms.
The previous version can be found here: Release Notes (Version 7.4.3.1242)
Tanium Server for Windows and Linux v7.4.4.1250
General Availability Release Date: November 2, 2020.
Tanium Client for all Platforms v7.4.4.1250
General Availability Release Date: November 2, 2020.
Special Notes
- Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.4.5.1240 if you are using this version.
- The Tanium Server now uses Console (Version 2.0.242.0000).
Security Updates
- N/A.
New Features
- The Tanium Client now offers support for the v315 protocol on AIX clients.
- The Tanium Server now offers the setting
max_audit_data_expire_days(Server, Numeric, Default=366 days) that controls the maximum number of days that audit records will be kept in the system's*_audittables. - The Tanium Server now offers timing metrics for
GetResultInfoandGetResultDatarequests. - The Tanium Server now logs the contents of the
X-Request-IDfield into itshttp-access.txtlogs, providing additional identification for each request. - The Tanium Server now adds
cache-expiration: 604800headers to requests for.svgand.icofiles.
Improvements
- Tanium now uses Python v3.8.5.
- Tanium components now use OpenSSL v1.0.2w.
- Tanium components now use SQLite v3.33.0 along with its SQLite Encryption Extension v3.33.0.
- The Tanium Client download API now supports using a
<download_identifier>in addition of the<url>to identify a file to download. - The Tanium software installers now make sure that all sensitive binaries in Linux are owned by the
rootaccount and not writeable. - The Tanium Client download API now recognizes the request parameter
timeout_secondswhich specifies the amount of time the client will continue to complete a requested download, and after which it will abandon and discard the request. The default timeout can be controlled with theURLRequestDefaultTimeoutInSecondsclient setting which defaults to604,800 seconds = 7 days. - The Tanium Server now does a deeper and more thorough cleaning of Package-associated tables when cleaning old, non-recurring Saved Actions.
- The Tanium Client installer now provides streamlined steps when the
tanium-init.datfile provided to it offers a value for theServerNameListconfiguration setting. - Tanium RBAC now offers a Content Export privilege to allow non-Administrator users to export content from their Tanium Servers.
- The Tanium Server now processes pending file downloads as a stream instead of in batches, shortening the time required to bring Packages to a usable cached state.
- Improved the performance of RBAC-related queries against the Tanium database, which could otherwise result in long wait times when editing a Persona definition.
- Optimized the performance of the Tanium Question Parser when dealing with character-escaped sequences.
- Improved a cosmetic issue in the Question Parser where it would add the modifiers "
any" or "all" to conditions even when they were redundant with the default evaluation of a filter condition. - Added additional detail to error messages returned when uninstalling a solution to make clear the nature of the failure.
- Optimized performance of the Tanium Server's API
/sessionroute. - The Tanium Client improves the handling of extra peering connections initiated as a result of using
ExtraConnectionLimit>0. These connections will now be re-established when actively closed by the extra peer. - Added an optimization to the Tanium Server's underlying handling of
GetResultInfoandGetResultDataAPI requests to make them slightly faster. - The Tanium Server RBAC API now offers a separate Read Public Key privilege to designate users which should have access to retrieve a system's public keys via the
/api/v2/keysroute. - The Tanium Server API will no longer return computer specifications for Manual Groups when invoking the
/api/v2/management_rights_groupsroute unless theinclude_computer_specs_flag=1is used. This avoid returning potentially huge result sets for very large groups when they are generally never used. - Improved the way in which the Tanium Server searches and manages its queue of Packages waiting for files to download, reducing the amount of CPU required to perform this recurrent task.
- Improved the way the Tanium Server queries PostgreSQL to identify Actions still active and waiting to be closed. A new
verify_expirationcolumn on theactionstable reduces the CPU resources in the database to complete this routine process. - Improved the way in which the Tanium Server identifies new Actions and Saved Actions in the database, reducing the number of rows that need to be retrieved with each database query.
- Improved the efficiency with which the Tanium Server handles the removal of Package files during clean-up procedures, making it much faster than before.
- Optimized the underlying SQL queries that service the content alignment UI in the Tanium Console for non-active users, reducing the time required to load this page.
- The Tanium Server's REST API now supports the
heart_beat_age_in_minuteparameter on the/api/v2/server_hostroute to provide parity with the SOAP API. - Introduced improvements in the way the Tanium Server handles concurrency when accessing its Questions results cache in order to increase performance at very large scales.
Bug Fixes
- Fixed a missing
<forbid_concurrent_execution>setting on a handful of import-related Tanium Server plugins which would sporadically cause solution import failures in thePluginsManagerorWorkbenchesManager. - The Tanium Server API now offers an audit_row_id parameter which can be used to filter audit results returned, allowing modules like Connect to extract and report only on new audit records since its last run.
- Fixed a limitation in the Tanium Client installer on Windows by which it failed managing the permissions of the installation directory when the local
Usersgroup had been renamed, throwing the error:Unable to revoke permissions for Users group: Cannot build new access control list. - Introduced a periodic task on the Tanium Server to resolve an API interaction in the creation of Scheduled Actions which could result in a database deadlock and Actions which would not be issued.
- The Tanium Server API now provides an optimized way to express a session's effective privileges over Content Sets, reducing the amount of data exchanged when sending request results to a client.
- Fixed a problem with the Tanium Client where Action folders under the
TC/Downloads/directory when the directories contained files marked as Read-Only. The client will now remove the Read-Only setting from the file and succeed in cleaning up these Actions. - Improved the processing efficiency of per-Sensor string retry counts while rendering the Tanium Server
/metricsURL and thus reducing CPU consumption during this operation. - Fixed a cosmetic element in the Tanium installers to make the "Next" button on the last installation window to read "Install" instead.
- The Tanium Server's Sensor string cleaning procedures are now controlled by its
Max StringsorMax String Agesettings independent of each other. - Fixed a metrics and resolution edge case in the Tanium Server's ability to handle String retries which could still result in Sensor results that would only return
[RCU]values. - The Tanium Server's
Action Statusesinternal and reserved Sensor now uses a default setting value ofMax String Age=45 days. - Fixed an issue where the Tanium Server would queue
StringRetrymessages for incoming[CRU]results. - Fixed a bug in the Tanium Server's API that, when requesting Questions associated to a Saved Question and specifying
saved_question_qids_include_expired_flag=0would return still return expired Questions in the request result. - Fixed an issue on the Tanium Server where filtering Question results from multi-parameter and multi-column Sensors would not return any results.
- Fixed an issue in the Tanium Server content import subsystem which would fail to update Packages associated with Scheduled Actions, causing them to distribute the old versions of a Package after import.
- Fixed an issue on the Tanium Server API where during import a Sensor's metadata would not be handled correctly to replace an existing definition, but it would append to it instead.
- Fixed an issue in the Tanium Server's management of its internal group caches by which after creating a large manual Computer Group, it would not be displayed by the Console until the server was restarted. When in an Active/ Active configuration the same Computer Group could be seen and used effectively on the second Tanium Server, but not on the one in which it was created.
- Fixed an issue in the Tanium Server's export API which would fail when select Whitelisted URLs were requested by their RegEx values, resulting in a
Not Founderror response. - Fixed an issue in the Tanium Downloader where concurrent access to CRL lists in its SQLite database could produce the error
SQLiteDatabase: gave up on busy handler after waiting 5sand fail a download and subsequent solution installation or upgrade. - Fixed a problem with the Tanium Server's export API that caused single-column Sensors to incorrectly include multiple columns when they are exported along with other multi-column Sensors.
- Fixed an issue with the Tanium Server installer where while doing an upgrade it would install an older version of the Tanium Console when a newer one had already been upgraded in the system through the Solutions page.
- Fixed an issue with the Tanium TDownloader where it failed to download UNC directories when the requested path's letter casing did not match that of the share being accessed, simply resulting in the error message:
boost::filesystem::file_size: The request is not supported. - Fixes and improvements to the Tanium Server's caches which could result in Questions that read like
Get number of machinesinstead of displaying the set of requested Sensors they were originally created with. - Fixed an issue in the Tanium Client where active API-initiated downloads would be abandoned after a client reset (every several hours) and which could affect the completion of very large downloads under limited bandwidth conditions.
- Fixed an issue in accessing the Tanium Server's
/metricsroute where an authenticated Administrator user would always get anHTTP-403: Forbiddenresponse. - Fixed the format of the
TANIUM_SERVER_IPenvironment variable for Tanium Client sub-processes to properly reflect the IP address that the client uses to connect to Tanium Servers, whether it be an intermediate proxy or an actual Tanium Server or Zone Server. - Fixed the value for
licensed_days_leftin the Tanium Server'sinfo.jsonand/metricsinstrumentation to show0(zero) days instead of1(one) when a license is expired. - Fixed an issue with the Tanium Server API where LDAP synchronization setup requests would return nested
[CDATA]structures within a<result_object>element, resulting in the console error:null is not an object (evaluating 'xmlDoc.getElementsByTagNameNS'). - Fixed an issue on the Tanium Server that would cause parametrized Sensors to loose their separator marks (
||) when imported, causing[CRU]results with every invocation. - The Tanium Server Question Parser will return column results with a data type that matches the declared type in the Sensor definition, improving the usability of comparison operators.
- Fixed an issue in the handling of solution workbench privilege definitions which could trigger the logging of SQL error:
more than one row returned by a subquery used as an expressionin theupdateModuleImpliedPrivilegesThread. - Changed the behavior of the Tanium Server API where a JSON-encoded zero value would be returned as
0.000000and will now be returned as simply0. - Fixed a problem in the Tanium Client's management of outgoing network message queues which would cause the client to go into a Blocked state when neighbor peers went offline under a configuration value of
ExtraConnectionLimit=0. - The Tanium Server import API will now ignore non-recurring definitions of Scheduled Actions in its input with End at times in the past, to avoid creating conflicts with already existing and active copies of the same actions in the system.
- Fixed a configuration and communications issue in the Tanium Client that caused
ExtraConnectionLimitconnections to be dropped and closed after ten seconds or so. - Fixed a problem in the way the Tanium Client tracked previously seen Questions by
IDafter a restart, when this information is loaded from thequestion-answers.dbdatabase. This results in client startup efficiencies as well as a reduction in network traffic during the first registration after a client reset. - Fixed the validation of Separated and Isolated subnet updates, which would allow invalid definitions to be added to the system.
- Fixed a problem with the Tanium Client that would leave API-downloaded files in the
TC/Downloads/directory under certain reset timing conditions, leading to unnecessary storage use. - Fixed an issue with the Tanium Server's
/api/v2/result_dataAPI route where it would return anHTTP-404error code when called on a newly-created Question by a non-Administrator account. - Fixed a problem with the Tanium Client's RPM post-install scripts which would fail with the error message:
command not found. - Corrected the spelling of the Tanium Server's
tanium_protocol_message_bytes_writen_totalto read:written. - Fixed an issue on the Tanium Server, by which when a new but identical Saved Question was imported into a system it would no longer consider the Recent Results stored by the prior definition.
- Fixed a problem in the way the text representation of targeting filters is generated in the Tanium Server, where expressions that used the
All Computersgroup in combination with others would not explicitly display this; making it confusing to users when such filters targeted more endpoints than expected. - Fixed an issue with the Tanium Server installer on Linux which failed to check properly for the existence of the
postgresuser on the system and would result in a number of errors referencing the absence of the account. - Improved the way the Tanium Server processes Packages that require file downloads, reducing the amount of CPU consumed by this operation.
- Fixed an issue with the Tanium Server REST API where it would not interpret correctly the
Ztimezone designator trailing an ISO-8601 formatted date. This could cause some parameter dates to be misinterpreted and take default values when manipulating Action objects. - Fixed a bug in the Tanium Server's import API where importing a content would not properly handle changes in its name and description when trying to overwrite.
- Added optimizations to the way the Tanium Server retrieves information from its database to exclude both expired and single-use, non-repetitive Actions, which reduces the amount of CPU required to process these queries.
- Fixed an issue with the Tanium Client where an Action's verification query would not be rescheduled after one initial failure, causing either its status to be recorded as failed or take much longer than expected to succeed.
- Improved the way the Tanium Server identifies the most recent Question issued for each Saved Question in the system, reducing the resource load on the database consumed by this operation.
- The Tanium Server will now remove unused Saved Question definitions from its database which were associated with Actions that no longer exist in the system, because they were also cleaned up.
- Improved the performance of RBAC evaluation when loading Saved Questions on the Tanium Server, to avoid much longer load times for non-Administrator users when compared to Administrators.
- Fixed a bug in the Tanium Server API which caused calls to the
/api/v2/session/currentroute to fail to return module privileges when using theserialize_authorization_flag. - Fixed a problem in the Tanium Server that produced an
RBACInsufficientPrivilegeerror when a non-Administrator user with unrestricted privileges attempted to load a Saved Question that was recently issued by an Administrator user, despite having all of the required authorizations. - Fixed a bug in the Tanium Server REST API which would return
HTTP-500when calling the/api/v2/audit_logs/authentication_auditroute, along with the error:invalid unordered_map key. - Eliminated an unnecessary cache reload in the Tanium Server when adding a new Question which reduces the amount of time to complete this operation.
Known Issues and Workarounds
- N/A.