IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Tanium Server (Version 7.4.1.1939)
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.3.314.4250)
Tanium Server for Windows and Linux v7.4.1.1939
General Availability Release Date: Jan 28, 2020.
Special Notes
- Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.4.5.1240 if you are using this version.
- If deploying on a Tanium Appliance, you must upgrade to TanOS v1.5.5 or greater before installing Tanium Server v7.4 .
- Tanium installers will not require a
tanium-init.datinitialization bundle when upgrading a component for which apki.dbalready exists. - Starting with v7.4 an installation of a Tanium Zone Server Hub will disable the local caching of file chunks.
Major Features
- A new and extensible version of the Tanium communications protocol:
v315. - Offer asymmetric client to client communications encryption.
- Root-Key rotation through creation of a new key and revocation of the current key. To learn more about this feature and how to implement, please review our documentation here: Keys Management
- A secured Active/Active Tanium Server setup where private keys do not have to be copied from one server to another.
- Forwarding of Protocol v315 messages within Tanium Client extensions (CXs).
- On-the-wire compression of Sensor Definition and Client Settings messages.
-
Personashave been introduced to allow for users to have multiple profiles assigned to them that restrict the computers they have access to and the Roles that have been assigned. Personas can be assigned to a User or User Group. To learn more about this feature and how to implement, please review our documentation here: Manage Personas -
Filter Groupshave been introduced to support a new type of computer group to be utilized for filtering and targeting. Having access to these groups will not affect the machines that a user has access to. To learn more about this feature and how to implement, please review our documentation here: Managing Filter Groups- With the introduction of this new feature,
computer groupsvisible in drop downs will now be limited to the computer groups assigned to the User as management rights and the filter groups in content sets a user has been granted Read\Write Filter Group on. All Computers and No Computers computer groups will always be visible.
- With the introduction of this new feature,
- New privileges added to support more granular Role-Based Access Control
- Micro-Admin Privileges
-
Import Signed Contentallows for a user to be able to import signed content including accessing the Tanium Solutions page and importing content from there. To understand what this new privilege provides, review the documentation here: Import Signed Content Permission -
Read Action Groupallows for a user to be able to view Action Groups. Due to the privilege change, existing user permissions may need to be updated to include this new micro-admin privilege. To understand what this new privilege provides, review the documentation here: Action Group Permissions -
Write Action Groupallows for a user to be able to view and edit Action groups.
-
- Advanced privileges - To learn more about these new advanced privileges, review the documentation here: Filter Group Permissions
-
Read Filter Groupwill allow a user to be able to see the Filter Groups in their assigned content set. Due to the privilege change, existing user permissions may need to be updated to include this new Advanced privilege. -
Write Filter Groupwill allow a user to view and create Filter Groups in the assigned content sets. This permission was introduced to allow teams to create and share computer groups for filtering and targeting amongst themselves.
-
- Micro-Admin Privileges
- The
Results Gridhas been enhanced to add an icon which links to Asset information if Asset is installed and privileges have been granted. To learn more about this feature, review the documentation here: Results Grid Asset Details view -
Computer Groupscan now be exported and imported from the Console. Review the documentation here: Import\Export Computer Groups - To improve, simplify and accelerate the
Tanium Solutionspage has introduced new features. To learn more about these features, review the documentation here: Solution Import- Multi-Solution import is now supported in environments with a Lab License
-
Import Signed Contentprivilege has been introduced to allow for administration of solution import to be grant to users other than the users with the Administrator Role - Ability to export the imported solution version to a URL from one environment and import that solution version from a URL into another environment
-
Administration>Userspage has been enhanced to be able to show and undelete users that have been previously deleted. To learn more about how to use this feature, review the documentation here: Manage deleted users - Additional configurations have been added to the console to help reduce direct server modifications
- The ability to upload a license file and view what is licensed and when it expires. To learn how to manage your license files from the console, review the documentation here: Manage Tanium License
- The ability to manage Tanium Server trusts. Review the documentation here: Tanium Server Trusts
- The ability to manage Tanium Zone Server trusts. Review the documentation here: Zone Server Trusts
- The ability to download infrastructure configuration keys for the client. Review the documentation here: Infrastructure Configuration Keys
- The ability to manage Root Keys. Review the documentation here: Key Management
- The ability to manage API Tokens. Review the documentation here: API Tokens
- The ability to view and modify local server settings. Review the documentation here: Console Tanium Server Settings
- A
user preferencehas been added to support translating the console to Japanese or French. Review the documentation here: User Preferences
- Module support through integrations, APIs and services.
- PostgreSQL database support for modules in the Tanium Module Server.
- Support for Python v3.8 .
- Performance improvements.
- Communications performance enhancements.
- Improved performance in the loading of the Tanium console.
Improvements
- Ability to revert the Console logo back to default.
- Automatic change to Yes/ No style confirmation prompts under SAML configurations.
- Disabling of proxy settings when the proxy type is set to
None. - Friendlier configuration options for non-counting Saved Questions.
- Support to synchronize individual members against LDAP.
- Ability to pause the operation of individual LDAP-sunchronization connections without the need to disable them.
- Ability to disable individual local accounts.
- The Tanium Server API now offers the ability to export both Computer Groups and Whitelisted URLs.
- The Tanium Server API now offers routes for the management of Filter Groups and Management Rights Groups.
- The Tanium Server API now supports
management_rights_groupsSOAP/ REST objects that can be used to retrieve computer groups that have theirmanagement_rights_flagset. - The Tanium Server API now allows retrieving
system_statusfor periods longer than 30 days. - The Tanium Server now supports authentication through JSON web-tokens, allowing it to integrate with Amazon Cognito for authentication.
- The Tanium Server API now offers an option called
filter_by_groups_with_trackingwhich allows a caller to specify a set of Computer Groups to specify the Computer IDs by which a question result should be filtered and, if necessary, aggregated. This is a much needed enhancement to be used by solution modules like Patch. - The Tanium Server now protects the privacy of API result snapshots by associating them with the User and Persona of the requester and not their Session ID. This allows for the user to be able to switch session identifiers without triggering the creation of a new snapshot.
- The Tanium Server REST-API now offers a specific route to perform Action Approval.
- The Tanium Server REST API now produces more consistent error messages when it fails to create both system and local settings.
- TLS encryption on the Tanium Client is now controlled by a single numeric setting:
TLSModewhich defaults to1(which means "required").
- The old
RequireIncomingEncryptionandReportingTLSModesettings are deprecated starting with the v7.4 client. - The Tanium Server also honors two Global Settings
require_client_tls_314_flag=0andrequire_client_tls_315_flag=1, which forces v315 clients to communicate over TLS but will still be compatible with older v314 clients without TLS support.
- The old
- The Tanium Server REST API now offers a route
/api/v2/session/currentwhich now returns the current session's user and privilege information. - The Tanium Server now allows for the use of the Token API (
/api_tokens/) without the having to provide a token ID. - The Tanium Server improves the API to retrieve Saved Question results so the
QuestionIDoffered in the result corresponds to the correct open, ongoing question being asked. This change avoids theQuestion is expiredseen in the execution of some Connect jobs. - The Tanium Server will now default to TLS v1.2 while negotiating connections on port
443thus discouraging connections using lower versions. - Improved the cache management of plugin schedules on the Tanium Server, thus avoiding the intermittent error
PluginScheduleExistsright after its deletion. - The Tanium Server API now returns a property named
signaturewhen content imports are called with theanalyze_conflicts_only. The value of this property will contain the signature associated with the content analyzed, or be empty when the content is not signed. - The Tanium Server REST API now consistently uses
management_rights_flaginstead of the previous shorthand:mr_flag. - The Tanium Server REST API now supports a route to retrieve a session's management rights:
GET /api/v2/session/management_rights. - The
pki showcommand can now take an optionaltanium-init.datortanium.pubfile, and print its content accordingly. - Improved the back-pressure handling of Package file chunks in the Tanium Zone Server Hub which could cause an increase in the
ZSHmemory footprint when communicating with dozens ofZSsover limited bandwidth links. - The Tanium Zone Server now implements the
HubPriorityListas a local setting containing a comma separated list of Zone Server Hub IP addresses listed in descending preferred order of priority. This allows each Zone Server to specify which hubs it wishes to have affinity to until there is a need for a fail-over due to a hub failure.
Bug Fixes
- The Tanium Server will no longer request endpoints to peer with IP addresses in their same
/24address space but detected to connect from a different NAT address. This will stop an endpoint withNetwork Location from Client=192.16.0.10andNetwork Location from Server=130.35.19.12with another that hasNetwork Location from Client=192.168.0.11butNetwork Location from Server=100.2.126.104. - Fixed a problem in the Tanium Server API where fetching
content_set_role_privilege_auditobjects would result in anInvalidAuditTypeerror. - Fixed an issue in the propagation of XML namespaces when canonicalizing SAML requests.
- Fixed a Tanium Server issue in the handling of session tokens, where requests made to services in the base Platform would work properly but requests made of Solution module services would return an
Unauthorizedresult indicating:Must provide valid Tanium session header. - Fixed a problem in the Tanium Server API where importing content with duplicate names and requesting the copy changing name behavior could cause the request to hang.
- Updated the Tanium Server string hash resolution code to work again with the database schema layout of latest versions, and resolving a problem where every attempt at a hash resolution would log the message:
Caught Exception in FlushAndSwap SQLStringHashes. - Fixed an issue in the Tanium Server by which it would refresh its
SOAPGroupCacheeven when it was unnecessary to do so, thus slowing down servicing of the Saved Questions page on the console. - Fixed a problem found with deleted Content Sets which would cause SQL errors during startup in
UpdateModuleImpliedPrivilegesWorkerthat would repeatedly log:Subquery returned more than 1 value. - Fixed an issue in the Package import API which would cause verification queries to be omitted in the imported package.
- Fixed a Tanium Server issue when importing Package meta-data which would cause a failure when two packages with the same name exist on a system.
- Fixed an issue with the Tanium Server API where querying for
content_set_role_privilegeerroneously returned acontent_set_role_privilege_liststructure instead. - Fixed an issue in the Tanium Server where it would not honor
disabled_flag=1on a Saved Question and would reissue it by itsissue_secondssetting anyway. - Fixed an issue in the Tanium Server and Zone Server installers where trailing spaces filled into the names of servers would not be removed and cause failures to communicate after installation.
- Fixed an issue when asking for column-filtered Question results through the REST API *
/api/v2/questionsusingquestion_text, where the column-filter is effectively dropped. - Fixed an issue with the Tanium Server REST API which would not return a proper export identifier when trying to export Question results in CSV format using the
export_flag=1option.
Known Issues and Workarounds
- The Tanium Server
/infopage may display a Zone Server Hub count of zero.
Workaround: There is no workaround for this condition. - The Tanium Server
/infopage does not provide any feedback under a failed authentication.
Workaround: There is no workaround for this condition. - Large manual Computer Groups fail to be recognized by the Tanium Server upon creation.
Workaround: There is no workaround for this behavior. Avoid current Tanium Server v7.4 if your make use of very large manual Computer Groups until a fix is released. If you must create such large groups please plan accordingly, since you may very well require a Tanium Server restart after having created them. NOTE that this behavior does not affect existing Computer Groups or Question and Action targeting, only the Console display of such groups.
Additional Information
- This version of Tanium Server shipped with Console (Version 1.4.1.0485).