IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Tanium Server (Version 7.5.5.1140)

From Tanium Knowledge Base
(Redirected from Release Notes (Version 7.5.5.1140))
Jump to navigation Jump to search

Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.5.4.1165)


Tanium Server for Windows and Linux v7.5.5.1140

General Availability Release Date: August 16, 2022.

Special Notes

  • This version of Tanium Server shipped with: Console (Version 3.3.26.0000).
  • Tanium discourages new installations of this software version on Windows 2012 and 2012-R2 due to its scheduled End-Of-Life on 2023-10-10.
  • Technology preview: The Tanium Server now offers User and User Group synchronization with SCIM providers, starting with support for Microsoft Azure.
    Discuss with your TAM or Support Center if you are interested in this feature.

New Features

  • The Tanium Server is now offers User and User Group synchronization with SCIM for cross-domain identity management.
  • The Tanium Server will now enforce its server_timing_visibility setting on Server-Tming headers returned by components running on the Module Server.
  • The Tanium Server API now presents a CSP (Content-Security-Policy) header on API replies to satisfy security scanners.
  • The Tanium Server now provides new API methods and routes (api/v2/users/ID/metadata) to fetch, create, delete and modify with User metadata.
  • The Tanium Server /auth route will now accept only HTTP POST requests and return HTTP-405: Method not allowed otherwise. This is done to reduce the surface area of the authentication interface.
  • The Tanium Server now implements a mechanism for SCIM to access its API without the need of token renewals.
  • Tanium Platform components are now built using Curl v7.82.0 libraries.
  • The Tanium Server now implements a collection of tanium_ldap_* metrics to allow monitoring of LDAP synchronization and authentication operations.
  • The Tanium Server APIs will no longer require re-authentication when switching out from a Persona that requires it. Re-authentication will be required to enter that Persona identity but not to exit it.
  • Tanium Platform components now use Expat v2.4.8.
  • Tanium components now ship with OpenSSL v1.0.2ze.
  • The Tanium Server API implements a new route api/v2/preview_content_set_role_detailed that explicitly returns effective and denied privileges to avoid having to perform this calculations by the requester.
  • The Tanium Server now implements a metric tanium_active_user_count that tracks the number of active User accounts over the past thirty days.
  • The Tanium Server now implements tanium_server_challenge_* metrics which track the operation of server challenge requests and responses.
  • The Tanium Server Questions API now implements per-question settings that will benefit the efficiency of Sensor evaluation and data harvesting for Tanium Data Services (TDS).

Improvements

  • The Tanium Zone Server Hub will now relinquish communication and control of a Zone Server when it loses communication with its upstream Tanium Server. This enables proper fail-over to another Zone Server Hub when a Tanium Server is stopped.
  • The Tanium Server will now properly interpret and reflect the query text for Questions which use Filter Groups and filter expressions in their targeting clause.
  • The Tanium Module Server will now try all IPv4 and IPv6 addresses resolved when registering to a Tanium Server, which would fail before when both resolutions were provided but IPv4 traffic was disallowed.
  • The Tanium Server has improved the performance of its Questions API to reduce service times on requests that specify filters, benefiting response times to retrieve Question History as well as other Console interactions.
  • Tanium Components have dropped support for CBC -mode cipher suites: ECDHE-ECDSA-AES256-SHA384, ECDHE-RSA-AES256-SHA384, ECDHE-ECDSA-AES128-SHA256 and ECDHE-RSA-AES128-SHA256.
  • On upgrade the Tanium Server installer will now guarantee the removal of outdated AngularJS libraries possibly left behind by old solution module uninstallers.
  • The Tanium Server has refactored the handling of API session data within internal API request objects.
  • The Tanium Server Saved Action API now allows targeting anonymous filter groups by specifying them in canonical form text during object creation, obviating the need to first create a group and then create a Saved Action that references it.
  • Improved the multi-thread settings update guards in the Tanium Zone Server.
  • The Tanium Server will now interface with PostgreSQL requesting a WARNING level of logging instead of NOTICE. This can be changed using the PostgresClientMinMessages local setting.
  • The Tanium Zone Server setting zs_nat_address_mask and Tanium Server NATAddressMask now no longer take precedence over Intentional Subnet definitions, making it unnecessary to adjust their values when these subnets are configured.
  • Improved the Tanium Server SOAP API handling of cache_filter request settings which could result in a HTTP-400: CacheFilterNotYetImplementedForType error.
  • The Tanium Server API now adds the ability to filter requested elements by port_number.
  • The Tanium Server API now adds the ability to filter requested elements by id.
  • The Tanium Server config set-protected command line will now mask the input values provided by the user. Verification of the input can be achieved using the config get-protected command.
  • Improved the performance of the PKI server challenge operation.
  • Tanium server components will now retry failed downloads of solutions and workbenches. These Tanium contents are known to exist so retrying makes this mechanism more resilient to transient network errors.
  • Improved the way in which the Tanium Server evaluates Persona RBAC access to objects like Saved Actions to reduce request service times to Console pages like Roles and Personas.
  • Removed some old and used SQL code for RBAC control no longer in use by the Tanium Server.
  • The Tanium Server will now log SOAP requests with additional operation information into its http-access log.
  • The Tanium Server refactored access to RBAC privileges when evaluating Content Set allowed access to improve request performance.

Bug Fixes

  • Fixed an issue in the Tanium Downloader where concurrent access to CRL lists in its SQLite database could produce the error SQLiteDatabase: gave up on busy handler after waiting 5s and fail a download and subsequent solution installation or upgrade.
  • Fixed a bug in the Tanium Server api/v2/export API where it would return an HTTP-404 error when trying to export an existing Saved Action which has not been issued before, incorrectly returning the error: SavedActionNotFound.
  • Fixed an issue in the Tanium Server API where modifying a Computer Group using a specific Persona would return the id of the modifier but not its designated name, as is expected.
  • Improved the handling of duplicate named entries in the Tanium Server's database servers table which may contain duplicate names.
  • Fixed a bug in the Tanium Server where it could clean up old Packages which it should not and cause a PackageNotFound error when loading Action History on the Console.
  • Fixed an issue in the Tanium Server API where requesting api/v2/filter_groups using cache_filters would return an HTTP-400: CacheFilterNotYetImplementedForType error.
  • The Tanium Server will now not allow changing the type (Numeric or Text) for any Global Setting that has a default value, thus avoiding type selection mistakes in the field.
  • Fixed an issue with the Tanium Server which would keep it from starting up when encountering a malformed file under its SOAPUpload directory, logging InvalidUploadStateFile right before stopping.
  • Fixed a bug in the Tanium Server by which percent characters (%) in the password for a proxy configuration would be interpreted as a URL encoding, making it necessary to use a string like "foo%25bar" when trying to configure foo%bar as a password value.
  • The Tanium Installer removed misplaced END SQL commands which would result in log errors reporting No transaction in progress during database creation.
  • Fixed an omission in initializing the Content Set id in the processing of Computer Groups API.
  • Fixed the Tanium Server authentication API to report the X_Forwarded_For IP address to identify the source of the request originator.
  • Fixed an omission in the Tanium Server User Group API by which duplicate names could be specified.
  • Fixed an issue with Tanium Downloader where it would fail to detect and access SMB share directories marked read-only.
  • The Tanium Server API reinstated the ability to filter requests by some fields like group.type and metadata.admin_flag, name and value.
  • Fixed an issue with access to the Tanium Server API using an API Token which would generate the log error Invalid value for user's persona when the token was associated with a deleted Persona. Now the API will simply deny authentication as it should.
  • The Tanium Server API corrected an inconsistency between the /personas and /session/current responses where the first returned a setting named require_reauthentication_flag as singular where the second returned requires_reauthentication_flag as plural. Now both return this field label in the singular.
  • Fixed a bug in the Tanium Server api/v2/logout API where it would return an HTTP-403 response with error text reading "Forbidden".
  • Fixed a bug in the Tanium Server which caused Action audit reports to return empty details column values.
  • Fixed a bug in the Tanium Server Packages API where using the source_id, verify_expire_seconds, skip_lock_flag or process_group_flag fields for filtering would result in an HTTP-500 response along with the error: Invalid package field name.
  • Modified the Tanium Server and Module Server installers on Windows to avoid logging errors about missing certificates and signature verification when these elements are not yet available during installation.
  • Fixed a bug in the Tanium Server Personas API which would fail to correctly return the configured value for require_reauthentication_flag when calling api/v2/personas.
  • Fixed a condition in the Tanium Server where users that were auto-provisioned into the system were assigned unrestricted Computer Groups access instead of what their designated User Group specifies.
  • Fixed a problem with the database cleanup in the Tanium Server which would cause existing Saved Questions to be interpreted as Get number of machines instead of their original Sensor selections.
  • Fixed a bug in the Tanium Server SAML integration where XML namespaces failed to be interpreted correctly and result in the error: SAML authentication failed: XMLSignatureException.
  • Fixed a Tanium Server issue when retrieving Question where it wasn't possible to sort the results on rightmost columns when more than sixteen columns were returned. This fix will only apply to and work on data returned by v7.4+ clients.
  • Fixed an uncommon condition in the Tanium Server and Zone Server which could cause and log the error Cannot QueueRecv when recv state is not paused during periods of high server challenge request activity.
  • Fixed a bug in the Tanium Server which would cause policy-based Scheduled Actions to stop being issued when they were disabled and then re-enabled.
  • Fixed an omission in the Tanium Server installer where it would no longer create the allow_process_group_flag_edit setting, leaving it missing on new installations.
  • Fixed a TDownloader issue where it could fail to download files in authenticated SMB shares with the error: Unknown error fetching file: boost::filesystem::status: The user name or password is incorrect.
  • Fixed a bug in the Tanium Server Saved Question API where it would return QuestionNotFound if for any reason the original definition was missing. The API will now return [question definition is missing] instead, to avoid failures in Console.

Known Issues and Workarounds

  • SCIM integration does not work with the Okta application.
    Workaround: None available.
  • An issue has been found with this release causing the pre-login banner to not be functional. It will be addressed in a follow up 7.5.5 update.

Product Documentation and Resources