IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Tanium Server (Version 7.5.5.1140)
(Redirected from Release Notes (Version 7.5.5.1140))
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.5.4.1165)
Tanium Server for Windows and Linux v7.5.5.1140
General Availability Release Date: August 16, 2022.
Special Notes
- This version of Tanium Server shipped with: Console (Version 3.3.26.0000).
- Tanium discourages new installations of this software version on Windows 2012 and 2012-R2 due to its scheduled End-Of-Life on
2023-10-10. - Technology preview: The Tanium Server now offers User and User Group synchronization with SCIM providers, starting with support for Microsoft Azure.
Discuss with your TAM or Support Center if you are interested in this feature.
New Features
- The Tanium Server is now offers User and User Group synchronization with SCIM for cross-domain identity management.
- The Tanium Server will now enforce its
server_timing_visibilitysetting onServer-Tmingheaders returned by components running on the Module Server. - The Tanium Server API now presents a CSP (
Content-Security-Policy) header on API replies to satisfy security scanners. - The Tanium Server now provides new API methods and routes (
api/v2/users/ID/metadata) to fetch, create, delete and modify with User metadata. - The Tanium Server
/authroute will now accept only HTTPPOSTrequests and returnHTTP-405: Method not allowedotherwise. This is done to reduce the surface area of the authentication interface. - The Tanium Server now implements a mechanism for SCIM to access its API without the need of token renewals.
- Tanium Platform components are now built using Curl v7.82.0 libraries.
- The Tanium Server now implements a collection of
tanium_ldap_*metrics to allow monitoring of LDAP synchronization and authentication operations. - The Tanium Server APIs will no longer require re-authentication when switching out from a Persona that requires it. Re-authentication will be required to enter that Persona identity but not to exit it.
- Tanium Platform components now use Expat v2.4.8.
- Tanium components now ship with OpenSSL v1.0.2ze.
- The Tanium Server API implements a new route
api/v2/preview_content_set_role_detailedthat explicitly returns effective and denied privileges to avoid having to perform this calculations by the requester. - The Tanium Server now implements a metric
tanium_active_user_countthat tracks the number of active User accounts over the past thirty days. - The Tanium Server now implements
tanium_server_challenge_*metrics which track the operation of server challenge requests and responses. - The Tanium Server Questions API now implements per-question settings that will benefit the efficiency of Sensor evaluation and data harvesting for Tanium Data Services (TDS).
Improvements
- The Tanium Zone Server Hub will now relinquish communication and control of a Zone Server when it loses communication with its upstream Tanium Server. This enables proper fail-over to another Zone Server Hub when a Tanium Server is stopped.
- The Tanium Server will now properly interpret and reflect the query text for Questions which use Filter Groups and filter expressions in their targeting clause.
- The Tanium Module Server will now try all IPv4 and IPv6 addresses resolved when registering to a Tanium Server, which would fail before when both resolutions were provided but IPv4 traffic was disallowed.
- The Tanium Server has improved the performance of its Questions API to reduce service times on requests that specify filters, benefiting response times to retrieve Question History as well as other Console interactions.
- Tanium Components have dropped support for
CBC-mode cipher suites:ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256andECDHE-RSA-AES128-SHA256. - On upgrade the Tanium Server installer will now guarantee the removal of outdated AngularJS libraries possibly left behind by old solution module uninstallers.
- The Tanium Server has refactored the handling of API session data within internal API request objects.
- The Tanium Server Saved Action API now allows targeting anonymous filter groups by specifying them in canonical form
textduring object creation, obviating the need to first create a group and then create a Saved Action that references it. - Improved the multi-thread settings update guards in the Tanium Zone Server.
- The Tanium Server will now interface with PostgreSQL requesting a
WARNINGlevel of logging instead ofNOTICE. This can be changed using thePostgresClientMinMessageslocal setting. - The Tanium Zone Server setting
zs_nat_address_maskand Tanium ServerNATAddressMasknow no longer take precedence over Intentional Subnet definitions, making it unnecessary to adjust their values when these subnets are configured. - Improved the Tanium Server SOAP API handling of
cache_filterrequest settings which could result in aHTTP-400: CacheFilterNotYetImplementedForTypeerror. - The Tanium Server API now adds the ability to filter requested elements by
port_number. - The Tanium Server API now adds the ability to filter requested elements by
id. - The Tanium Server
config set-protectedcommand line will now mask the input values provided by the user. Verification of the input can be achieved using theconfig get-protectedcommand. - Improved the performance of the PKI server challenge operation.
- Tanium server components will now retry failed downloads of solutions and workbenches. These Tanium contents are known to exist so retrying makes this mechanism more resilient to transient network errors.
- Improved the way in which the Tanium Server evaluates Persona RBAC access to objects like Saved Actions to reduce request service times to Console pages like Roles and Personas.
- Removed some old and used SQL code for RBAC control no longer in use by the Tanium Server.
- The Tanium Server will now log SOAP requests with additional operation information into its
http-accesslog. - The Tanium Server refactored access to RBAC privileges when evaluating Content Set allowed access to improve request performance.
Bug Fixes
- Fixed an issue in the Tanium Downloader where concurrent access to CRL lists in its SQLite database could produce the error
SQLiteDatabase: gave up on busy handler after waiting 5sand fail a download and subsequent solution installation or upgrade. - Fixed a bug in the Tanium Server
api/v2/exportAPI where it would return anHTTP-404error when trying to export an existing Saved Action which has not been issued before, incorrectly returning the error:SavedActionNotFound. - Fixed an issue in the Tanium Server API where modifying a Computer Group using a specific Persona would return the
idof the modifier but not its designated name, as is expected. - Improved the handling of duplicate named entries in the Tanium Server's database
serverstable which may contain duplicate names. - Fixed a bug in the Tanium Server where it could clean up old Packages which it should not and cause a
PackageNotFounderror when loading Action History on the Console. - Fixed an issue in the Tanium Server API where requesting
api/v2/filter_groupsusingcache_filterswould return anHTTP-400: CacheFilterNotYetImplementedForTypeerror. - The Tanium Server will now not allow changing the type (Numeric or Text) for any Global Setting that has a default value, thus avoiding type selection mistakes in the field.
- Fixed an issue with the Tanium Server which would keep it from starting up when encountering a malformed file under its
SOAPUploaddirectory, loggingInvalidUploadStateFileright before stopping. - Fixed a bug in the Tanium Server by which percent characters (
%) in the password for a proxy configuration would be interpreted as a URL encoding, making it necessary to use a string like "foo%25bar" when trying to configurefoo%baras a password value. - The Tanium Installer removed misplaced
ENDSQL commands which would result in log errors reportingNo transaction in progressduring database creation. - Fixed an omission in initializing the Content Set id in the processing of Computer Groups API.
- Fixed the Tanium Server authentication API to report the
X_Forwarded_ForIP address to identify the source of the request originator. - Fixed an omission in the Tanium Server User Group API by which duplicate names could be specified.
- Fixed an issue with Tanium Downloader where it would fail to detect and access SMB share directories marked read-only.
- The Tanium Server API reinstated the ability to filter requests by some fields like
group.typeandmetadata.admin_flag,nameandvalue. - Fixed an issue with access to the Tanium Server API using an API Token which would generate the log error
Invalid value for user's personawhen the token was associated with a deleted Persona. Now the API will simply deny authentication as it should. - The Tanium Server API corrected an inconsistency between the
/personasand/session/currentresponses where the first returned a setting namedrequire_reauthentication_flagas singular where the second returnedrequires_reauthentication_flagas plural. Now both return this field label in the singular. - Fixed a bug in the Tanium Server
api/v2/logoutAPI where it would return anHTTP-403response with error text reading "Forbidden". - Fixed a bug in the Tanium Server which caused Action audit reports to return empty
detailscolumn values. - Fixed a bug in the Tanium Server Packages API where using the
source_id,verify_expire_seconds,skip_lock_flagorprocess_group_flagfields for filtering would result in anHTTP-500response along with the error:Invalid package field name. - Modified the Tanium Server and Module Server installers on Windows to avoid logging errors about missing certificates and signature verification when these elements are not yet available during installation.
- Fixed a bug in the Tanium Server Personas API which would fail to correctly return the configured value for
require_reauthentication_flagwhen callingapi/v2/personas. - Fixed a condition in the Tanium Server where users that were auto-provisioned into the system were assigned unrestricted Computer Groups access instead of what their designated User Group specifies.
- Fixed a problem with the database cleanup in the Tanium Server which would cause existing Saved Questions to be interpreted as
Get number of machinesinstead of their original Sensor selections. - Fixed a bug in the Tanium Server SAML integration where XML namespaces failed to be interpreted correctly and result in the error:
SAML authentication failed: XMLSignatureException. - Fixed a Tanium Server issue when retrieving Question where it wasn't possible to sort the results on rightmost columns when more than sixteen columns were returned. This fix will only apply to and work on data returned by v7.4+ clients.
- Fixed an uncommon condition in the Tanium Server and Zone Server which could cause and log the error
Cannot QueueRecv when recv state is not pausedduring periods of high server challenge request activity. - Fixed a bug in the Tanium Server which would cause policy-based Scheduled Actions to stop being issued when they were disabled and then re-enabled.
- Fixed an omission in the Tanium Server installer where it would no longer create the
allow_process_group_flag_editsetting, leaving it missing on new installations. - Fixed a TDownloader issue where it could fail to download files in authenticated SMB shares with the error:
Unknown error fetching file: boost::filesystem::status: The user name or password is incorrect. - Fixed a bug in the Tanium Server Saved Question API where it would return
QuestionNotFoundif for any reason the original definition was missing. The API will now return[question definition is missing]instead, to avoid failures in Console.
Known Issues and Workarounds
- SCIM integration does not work with the Okta application.
Workaround: None available. - An issue has been found with this release causing the pre-login banner to not be functional. It will be addressed in a follow up 7.5.5 update.