IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Tanium Server (Version 7.5.3.1249)

From Tanium Knowledge Base
(Redirected from Release Notes (Version 7.5.3.1249))
Jump to navigation Jump to search

Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.5.2.3531)


Tanium Server for Windows and Linux v7.5.3.1249

General Availability Release Date: February 22, 2022.

Special Notes

  • Tanium Clients v7.4.7.1130+ are a prerequisite for the use of the new Intentional Subnets feature.
  • This version of Tanium Server shipped with: Console (Version 3.1.68.0000).
  • Tanium discourages new installations of this software version on Windows 2012 and 2012-R2 due to its scheduled End-Of-Life on 2023-10-10.

Security Updates

  • N/A.

New Features

  • The Tanium Server, Console and Tanium Client (v7.4.7.1130+) now implement the Intentional Subnets feature as a configurable mechanism to allow endpoints with different NAT addresses to peer with each other.
  • Changes in the Tanium Server database have been made to close gaps in schema differences between its Microsoft SQL and PostgreSQL implementations.
  • The Tanium Server now unifies both Import and standard API mechanisms for Actions so they both use the same implementation.
  • The Tanium Server now ensures transactional consistency in the creation and modification of policy-based Actions.
  • Made an internal improvement to the Tanium Server's RBAC computation of Users' effective group management, avoiding an unnecessary recalculation when updating users.effective_group_id.
  • The Tanium Server now uses its new RBAC caching model when accessing Package objects.
  • The Tanium Server will now allow the creation of a temporary Sensor from a parametrized source only if the requesting user has the permission to define new Questions.
  • The Tanium Server now exposes a grpc_request_duration_seconds metric for gRPC_ requests.
  • Introduced internal storage efficiencies in the way RBAC Content Set privileges are stored and evaluated when serving API requests.
  • The Tanium Server now offers a more consistent treatment and presentation of administrator effective privileges, avoiding an HTTP-404 request error when making requests to obtain current session information.
  • The Tanium Server API will now allow administrator users to read and execute plugins despite of their designated Content Set, even when it is not defined.
  • The Tanium Server has introduced performance improvements in its RBAC evaluation which will benefit deployments with complex configurations.
  • The Tanium Server now allows and honors the use of a Plugin-Timeout request header which defaults to 60 seconds.
  • Introduced significant performance improvements in the Tanium Server's Saved Actions API.
  • Implemented database and SQL improvements which make Package API POST requests much faster than they were before.

Improvements

  • The Tanium Server now supports defining whether a Persona requires an authentication prompt to switch to it. This is offered as a layer of security over chosen Persona capabilities.
  • The Tanium Server is now fitted with the ability to implement gRPC support.
  • The Tanium Server API now implements methods to retrieve differential Question results in increasing data draws. This allows large scale questions to retrieve newly received endpoint data in increments.
  • The Tanium Server now implements a more efficient internal-only mechanism to retrieve large Question results.
  • The Tanium Server authentication token API now allows specifying an optional Persona when creating a new token. This Persona must be associated with the requesting user account identity.
  • The Tanium Server now uses its latest database caching implementation for RBAC related queries and services, speeding up RBAC API requests.
  • The Tanium Server's /metric route now offers the tanium_install_date which indicates the time the server instance was first installed, in milliseconds since the epoch.
  • The Tanium Server Import API now offers better error feedback when a Group definition is not found, pointing out both the missing group and the context in which it was referenced.
  • The Tanium Server now adds foreign key constraints to Action and Scheduled Action objects against the groups they reference.
  • The Tanium Server now uses its improved Packages cache to manage its queue of package files pending downloads, thus reducing load on the database when querying this information.
  • The Tanium Server now implements a multi-threaded model for its internal updates of incoming Question results from clients, improving the rate and scale at which large cardinality data can be gathered in very large environments. The number of threads used in a system can be controlled with the Global Setting process_cache_batch_threads which defaults to 1 (one) and offers a set of metrics to track their performance in tanium_question_writer_*.
  • The Tanium Server will now clean up old *_archive directories left behind during the installation of module solutions, which would take up unnecessary storage.
  • The Tanium Server now implements cleanup of its package_files and server_package_files records for Packages which are deleted and no longer exist.
  • The Tanium Server will now remove orphaned download progress files from its Downloads directory.
  • The Tanium KeyUtility now lists the supported hashing algorithms for its calchash command in the help text provided.
  • The new Tanium Server API that offers differential updates for Question results now offers a total_computer_count field, reflecting the number of distinct endpoints present in the full result set.
  • The Tanium Server saml_settings Global Setting now allows the use of simple XPath predicates for the selection of username fields.
  • The Tanium Server now uses a more precise timing control to calculate bandwidth throttle limits which were not fully consumed. This increases performance in network operations.
  • The Tanium Server has modified its behavior to return the next-to-last date and time for last_login when requesting information for the current session. This offers better information than returning the date and time of the current login time.
  • The Tanium Server will now reset the Content Set that a group is associated with when its filter_flag is updated to be false. This had no effect in the operation of the system but offers the correct semantics to this type of object.
  • The Tanium Server will now produce individual audit records when modifying the User Group assignments for a user, avoiding the creation of excessing and unnecessary audit information.
  • Improved the performance of the purge_question_data stored procedure in PostgreSQL databases.
  • The Tanium Server RBAC API now allows retrieving User objects by name.
  • The Tanium Server instrumentation now offers the tanium_database_cleaner_seconds metric to reflect the duration of its database cleanup operations.
  • The Tanium Server LDAP-authentication will consider both the base search from which a user was synchronized as well as its registered distinguished name when validating a given password.
  • The PostgreSQL installation on a Tanium Module Server will now be configured to allow as many as 256 concurrent connections instead of the previous 100.
  • The Tanium Server will no longer use its database pool resources to communicate with the legacy tanium_archive database or data tables.
  • The Tanium Server will reset database connections associated with the very common /auth API requests as a way of reducing its connection pool size.
  • The Tanium Server's Action History API introduces performance enhancements in calculating the RBAC visibility of large numbers of objects.
  • The Tanium Server and Tanium Downloader now allow the use full URI prefixes to specify download authentication certificates, which makes it possible to configure separate credentials for URLs like https://download.foo.com/server/ and https://download.foo.com/desktop/.
  • TDownloader will not require a domain or port to be specified in root certificates for validation. They will be honored when downloading if specified, but they will no longer be required.
  • Improved the performance of the procedures that periodically perform cleanup of unused temporary Sensors.
  • Improved the performance of the procedures that periodically perform cleanup of old Questions.

Bug Fixes

  • Fixed an issue in the Tanium Server's reissuing of Saved Questions where it would not honor the Persona of the User that created the question.
  • Fixed a bug in the Tanium Server in which the Question Parser would not quote Sensor names when they contain reserved words, like "with" in Running Processes with Hash.
  • The Tanium Server components installers on TanOS now ensure that binary files are owned by root:root.
  • The Tanium Server Client Status/ System Status API now allows for proper sorting over its public_key_value field, making this ordering possible within the Console UI.
  • The Tanium Server now introduces integrity constraints between Action and Saved Action objects and will clean up old Actions which do not have a Saved Action object associated with them.
  • Fixed a bug in the Tanium Server Package import during the validation of downloaded files where content hash values were not compared in a case-insensitive way and would fail to download even when their contents were correct.
  • Fixed a memory growth condition in the Tanium Server associated with the storage of old issued Saved Question references.
  • The Tanium Server Action Groups API now returns information about the date and user indicating when the object was last modified.
  • Fixed an error in the Tanium Server's database maintenance cleanup subsystem which could cause premature deletion of Saved Questions and their associated Questions when purging them by their created_time instead of their modification_time.
  • Fixed an issue in the Tanium Server during shutdown where the destruction order of string cache and SOAP cache objects could cause a crash while stopping.
  • Fixed a referential integrity problem in the handling of legacy keys Tanium Server's pki.db which would result in the logging of the error: Failed to import legacy key: FOREIGN KEY constraint failed.
  • Fixed a condition in the Tanium Downloader (TDownloader) by which it would not ignore expired certificate authority certificates and produced certificate has expired download errors, of late against Let's Encrypt signed certificates.
  • Fixed an issue in the Tanium Server which would result in [CRU] errors in the preview available while editing a Sensor.
  • Fixed a bug in the Tanium Server API by which users' Last Sign In date and time would not be displayed after upgrading to v7.5.2.3053 version of the platform.
  • Fixed a bug in the Tanium Server when deploying Sensor-sourced packages where the source question contains a parametrized sensor, resulting in the error Exception: SensorNotFound as the result of its request to saved_actions.
  • Fixed a bug in the Tanium Server metrics where Total_Messages_Sent were reported with values of zero.
  • Fixed a bug in the Tanium Server where it could fail to invalidate and refresh its internal Action History cache, resulting in stale information being presented to the user.
  • Fixed an issue in the Tanium Server database which could cause a deadlock in update operations on the package_files table.
  • Fixed a bug in the Tanium Server's API by which creating a Filter Group with the same name as an existing Computer Group would not detect their name collision but would instead create a new group and mark the existing one as deleted.
  • Fixed a bug in the Tanium Server's authentication token API where PATCH requests to rotate a token would result in an HTTP-404: Item not found response.
  • Fixed the Tanium Client installer for MacOS in that it contained Universal Binaries but the package itself required the Rosetta subsystem to be present in order to execute the installation.
  • Fixed the handling of the disabled_flag in the export and import which would not be handled correctly, causing imported Saved Questions to be reissued every two minutes when they should not be reissued.
  • Fixed an issue in the Tanium Server's API where groups created with parametrized Sensors could have their parameters listed out of order.
  • The Tanium Server has introduced improvements in the management of its database connection pool to avoid a connection error that logs: SOAPRBACCache - SQLException: SQL Exception FATAL: sorry, too many clients already.
  • Fixed a condition in which exporting a Saved Action from the Tanium Server would fail with an HTTP-404: Item not found error if there happened to exist duplicate named Saved Actions present in the database.
  • Fixed the matching of AuthURL values configured for TDownloader so they can be used as prefixes to download URIs.
  • Fixed an issue in the Tanium Server database scripts which would fail an upgrade on improperly paired Sensor records, showing the error: DETAIL: Key (sensor_id)=(0) is not present in table "sensors".
  • Fixed a bug in the Tanium Server Sensor API where PATCH requests would incorrectly change the sensor's result type to Text.
  • Fixed an edge case in the Tanium Server's Question Parser where it might fail to parse a Question text generated by the Question Builder.
  • Sensor names will now be limited to 256 characters to match other type definitions in the Platform.
  • Fixed the handling of Content Set assignments when executing Tanium Server plugins.
  • Fixed a problem with the Tanium installer on Linux where Module Server SQLite *.db files failed to be delivered with tanium:tanium as their owner.
  • Fixed a bug in the Tanium Server Content Set Role API which would cause the description to fail to be updated when being changed during an update import operation.
  • Fixed a bug in the Tanium Server API where retrieving all Plugin Schedules by an administrator user would result in the error Content set not found if the object referenced a non-existing Content Set.
  • Fixed an issue in the Tanium Server that would stop the scheduling of Actions when a malformed policy-based Scheduled Action was missing its associated Question, logging ScheduleActionsNow: Caught exception SavedQuestionNotFound and not scheduling any more Actions after that.
  • Fixed an issue in the Tanium Server database upgrade process which would cause it to fail, claiming already existing *_audit_all_index indices on several audit tables.
  • Fixed a bug in the Tanium Server by which it would incorrectly mark all keys in pki_root_keys as legacy_314_flag=1.
  • Fixed a condition where the Tanium Server upgrade to v7.5.2 could result in no endpoints being able to complete registrations, with the telltale server log message: No current registrar snapshot.
  • Fixed a bug by which the Tanium Server could retrieve group row definitions from a database in an indeterminate order and produce unexpected results for filter and select specifications.

Known Issues and Workarounds

  • N/A.

Product Documentation and Resources