IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Patch (Version 3.2)

From Tanium Knowledge Base
Jump to navigation Jump to search

Tanium Patch 3.2.164.0000

Release Date: 23 February 2021

Improvements

  • Added user interface performance improvements.

Resolved Issues

  • Fixed an issue that resulted in a user interface error when a deployment was targeted to a computer group that included a parameterized sensor.
  • Improved workbench performance during the collection of patch list applicability results.

Known Issues and Workarounds

  • Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.
  • Targeting a deployment by question and using a parameterized sensor can result in a user interface error when attempting to display the deployment preview. The deployment can still be created successfully.
  • When editing patch lists, block lists, and deployments, opening the preview section can lead to excessive API calls to the Patch service. Eventually, 504 errors may be displayed in the Patch workbench and workbench performance will be affected for all users. To avoid this issue, only open the preview section briefly to save the item you are editing instead of leaving the preview page open.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+

Tanium Patch 3.2.160.0000

Release Date: 9 February 2021

New Features

  • Added support for Red Hat 8, CentOS 8, Oracle Linux 8, and SUSE 11-15. The new feature must be enabled at Settings > Operating Systems > RPM Patch to support these Linux distributions.
  • A single configuration item for each configuration type (scan configuration, maintenance window, patch list, block list, deployment, or deployment template) can be created that covers all of the supported Linux operating systems. For example, one deployment can be created that addresses all supported Linux operating systems.
  • Linux repositories now have targeting applied to them so that repositories for multiple operating systems and versions can be added to the same scan configuration. Targeting logic for repositories is best if it focuses on the complete set of systems that a repository could be used for. Scan configurations can further limit where they actually get used. Existing repositories will be migrated to the new RPM-based model by adding targeting.
  • Added new default repositories for newly supported operating systems.
  • Added New “Patch - Coverage Status Details” sensor to provide more detailed client health information for endpoints reporting “Needs Attention”. For example, systems with Corrupt RPMDB, Out of Date Scan Results, and Out of Date Patch tools Versions are now exposed.

Improvements

  • Added many user interface improvements and bug fixes.
  • Changed “Yum Repositories” to “Repositories” since DNF and zypper repositories are also now available.
  • Changed “Patch - Yum Repositories” sensor to “Patch - Repositories.”
  • Changed “Patch - Yum Variables” sensor to “Patch - Repository Variables.”
  • Improved Linux scan and deployment error messaging.
  • Endpoints with a targeted Tanium Scan configuration will skip to the next prioritized and targeted scan configuration if none of the repositories available in the Tanium Scan Configuration apply to it. This provides the ability to have a fall back Repo Scan for systems without Tanium Scan repositories.
  • Patch Support bundle now includes Endpoint Configuration and Interact bundles as well.
  • Patch Operators can now edit Tanium Scan for Windows configuration.
  • Patch Operators can now create and modify Linux repositories.
  • Updated default repositories for Red Hat and Oracle Linux to hardcode the “$releasever” variable to known values per supported version.

Resolved Issues

  • Fixed an issue that prevented the endpoint patch process from updating until after a restart on upgrade.
  • Fixed an issue that prevented Linux endpoints with FIPS 140-2 enabled from successfully scanning.
  • Fixed an issue that prevented Linux Patch scans from using the cachedir configuration defined on the endpoint.

Known Issues and Workarounds

  • SUSE 11 SP3+ support is limited to scanning only.
  • Disabling the “Use repositories configured on endpoint” option in repository scan configurations may not work with certain SUSE and Red Hat 8 repositories. As always, we recommend using the Tanium Scan scan method or enabling the "Use repositories configured on endpoint" option for repository scans.
  • CentOS 8 patches currently lack metadata like Advisory ID, CVE ID, and patch classification (e.g. security, package, recommended). This also prevents using the “Install All Security Patches” option with CentOS 8.
  • Deployment preview grids will switch patch applicability counts back and forth from targeted computers to all computers if you wait on the preview page long enough. This does not affect the actual deployment. It simply shows both lists in the user interface.
  • Repository snapshots are not yet supported for SLES/SLED repositories.
  • Tanium Scan for Linux is not compatible with LibZypp Service Plugins. Tanium Scan will scan repositories provided by the plugin, but will not have access to the metadata in these repositories, which leads to scan results with incomplete metadata. Patch list applicability reports packages with incomplete metadata, but Patch cannot install them. If possible, uninstall the plugin and create repositories using Tanium. For more information, see Tanium Scan incompatibility with LibZypp Services Plugins.
  • When editing patch lists, block lists, and deployments, opening the preview section can lead to excessive API calls to the Patch service. Eventually, 504 errors may be displayed in the Patch workbench and workbench performance will be affected for all users. To avoid this issue, only open the preview section briefly to save the item you are editing instead of leaving the preview page open.

Prerequisites

  • Red Hat and CentOS endpoints require a minimum YUM version of yum-3.2.29-22.el6 to engage in Tanium Patch.
  • Windows endpoints require a minimum operating system version of Windows 7 SP1 or Windows Server 2008 R2 SP1.

Supported Tanium Platforms

Tanium Server 7.3.314.4250+, 7.4+