IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Tanium Server (Version 7.4.3.1361)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.4.3.1242)


Tanium Server for Windows and Linux v7.4.3.1361

General Availability Release Date: February 9, 2021.

Special Notes

  • Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.4.5.1240 if you are using this version.
  • This version of Tanium Server shipped with Console v1.4.4.0007.

Security Updates

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.

New Features

  • The Tanium Server will only keep a 30 day record of known endpoints in SystemStatus.txt while in the past th is file was never flushed of old records, which would allow it to grow without bounds and turn specially large in environments with non-persistent and volatile clients. Deployments with a need to keep a longer record of past endpoints are suggested to use Connect and, only when strictly necessary, use the configuration parameter system_status_client_age_limit_days to extend this retention period.
  • The Tanium Server now offers a configuration parameter named https_timeout_seconds to configure HTTP timeouts in the communication between individual federated servers.
  • The Tanium software installers now make sure that all sensitive binaries in Linux are owned by the root account and not writeable.
  • The Tanium Server will now truncate incoming endpoint computer names upon registration to 255 characters to reduce the amount of memory consumed by extremely long hostnames.
  • The Tanium Server now offers timing metrics for GetResultInfo and GetResultData requests.
  • The Tanium Server now offers a host of measures through its /metrics route regarding the operation of protocol v315 TLS communications. All of these new measure names begin with the tanium_pki_tls prefix.
  • The Tanium Server now provides granular controls for the assignment of thread types to ProcessorGroups when SetThreadAffinityFlag=1 . This is only applicable to Windows platforms and allows granular control when balancing workloads in extremely high-load and high-CPU count environments. These thread assignments are also now exposed on the TS/info route.
  • A Tanium Zone Server will no longer present a v314 certificate when connected to and scanned if enable_protocol_314_flag is disabled in Global Settings.
  • The Tanium Server will now refuse to spawn TDownloader to fetch and store a file if this would result in a low disk storage condition, as defined by the MinFreeSpaceInMB setting which defaults to 1,024MB.
  • The Tanium Platform now introduces an improved tracking of connection states which allows tightening of the security involved in handling incoming connections, including potential rogue sources.
  • The Tanium Server now uses the tls_client_reverify_interval_seconds with a default value of 300 seconds as the maximum amount of time allowed before an incoming TLS connection will be re-verified.
  • The installer for the Tanium Server has modified its End User License Agreement (EULA).
  • Removed the logging of cryptographic fingerprint values on client connection failures.

Improvements

  • The Tanium Server API will now handle upgrades with unchanged Content Set definitions in a way that will not appear as if there are differences in the imported content. A lack of this functionality would be seen when importing the Deploy module solution.
  • Optimized the performance of the Tanium Question Parser when dealing with character-escaped sequences.
  • Improved a cosmetic issue in the Question Parser where it would add the modifiers "any" or "all" to conditions even when they were redundant with the default evaluation of a filter condition.
  • Tanium components now use SQLite v3.33.0 along with its SQLite Encryption Extension v3.33.0.
  • Added an optimization to the Tanium Server's underlying handling of GetResultInfo and GetResultData API requests to make them slightly faster.
  • The Tanium Server API will no longer return computer specifications for Manual Groups when invoking the /api/v2/management_rights_groups route unless the include_computer_specs_flag=1 is used. This avoid returning potentially huge result sets for very large groups when they are generally never used.
  • Added optimizations to the way the Tanium Server retrieves information from its database to exclude both expired and single-use, non-repetitive Actions, which reduces the amount of CPU required to process these queries.
  • Improved the performance of RBAC evaluation when loading Saved Questions on the Tanium Server, to avoid much longer load times for non-Administrator users when compared to Administrators.
  • Introduced improvements in the way the Tanium Server handles concurrency when accessing its Questions results cache in order to increase performance at very large scales.
  • Introduced efficiencies in the way the Tanium Server manages Question result caches to gain performance improvements at very large scales.
  • Introduced handshake performance improvements during TLS session ticket reuse for the Taniunm Server and Zone Servers. These allow for validation of the cryptographic information of thousands of incoming client connections with reduced CPU resource consumption.
  • Introduced efficiencies in the way the Tanium Server running threads manipulate cryptographic objects using the OpenSSL libraries to reduce lock contentions and improve high-scale performance in large systems.
  • Introduced a performance improvement in the instantiation of SSL objects which will help to increase CPU processing efficiency in large Tanium deployments.
  • Both the Tanium Server and Zone Server will now persist TLS session tickets in a file named ssl-session-ticket-keys.dat so they can be reused across restarts, thus reducing the incidence of new session negotiations on startup.
  • The Tanium Server and Zone Server now streamline the cryptographic verification of incoming Tanium Client connections, reducing the CPU workload required for this duty.
  • The Tanium Server now implements more efficient code to verify client cryptographic credentials and reduces this CPU overhead on incoming connections.
  • Tanium platform components now use OpenSSL v1.0.2x.
  • Introduced performance optimizations in the way the Tanium Server and Zone Server manage endpoint client connection authorization, thus reducing the amount of CPU resources consumed by each individual connection.
  • The Tanium Server now displays the database reset-sequences command help when using the database --help command line option.
  • The Tanium Server has improved efficiencies in by using incremental loads of Question definitions from its database, resulting in faster API response times.
  • Tanium Zone Servers will now persist client connection information in a way that endpoint clients can re-use their session information when the server is restarted.
  • Reduced some thread contention associated with cryptographic operations which will benefit very large customers that need to run many dozens of client connection service threads.
  • The Tanium Server now offers a Global Setting tls_session_duration_seconds that defaults to 3,600 seconds, forcing a full TLS handshake every hour instead of reusing session tickets.
  • As a performance improvement the Tanium Server will no longer load old and deleted (status=2) Saved Actions from the database and into its internal cache.
  • The Tanium Server has improved the way it evaluates RBAC privileges for Scheduled Action visibility, resulting in API request performance improvements.
  • Added and index to the implied_privileges_working_table_idx in the Tanium Server database which improves the performance of operations on Content Set Role Privileges across the system.
  • Introduced an optimization in the management of Content Set Role Privileges that brings performance improvements over a range of RBAC-related operations in the Tanium Server database.

Bug Fixes

  • Fixed an incorrect interaction of the Tanium Server with PostgreSQL databases which would sporadically cause Saved Questions to be displayed as Get Number of Machines instead of their correct definition. This fix also includes the command line option reset-sequences which will repair database contents where this condition appears,
  • Fixed a limitation in the Tanium Client installer on Windows by which it failed managing the permissions of the installation directory when the local Users group had been renamed, throwing the error: Unable to revoke permissions for Users group: Cannot build new access control list.
  • Fixed a bug in the Tanium Server's API that, when requesting Questions associated to a Saved Question and specifying saved_question_qids_include_expired_flag=0 would return still return expired Questions in the request result.
  • Fixed an issue in the Tanium Server's management of its internal group caches by which after creating a large manual Computer Group, it would not be displayed by the Console until the server was restarted. When in an Active/ Active configuration the same Computer Group could be seen and used effectively on the second Tanium Server, but not on the one in which it was created.
  • Fixed an issue in the Tanium Server's export API which would fail when select Whitelisted URLs were requested by their RegEx values, resulting in a Not Found error response.
  • Fixed a bug with the management of the Tanium Server's internal user cache which would cause some accounts to display a Last Login time years in the past (e.g. 1999-12-31) after the periodic LDAP-synchronization made changes in the system.
  • Fixed a problem with the Tanium Server's export API that caused single-column Sensors to incorrectly include multiple columns when they are exported along with other multi-column Sensors.
  • Fixed an issue with the Tanium TDownloader where it failed to download UNC directories when the requested path's letter casing did not match that of the share being accessed, simply resulting in the error message: boost::filesystem::file_size: The request is not supported.
  • Fixed an issue in accessing the Tanium Server's /metrics route where an authenticated Administrator user would always get an HTTP-403: Forbidden response.
  • Fixed an issue in the handling of solution workbench privilege definitions which could trigger the logging of SQL error: more than one row returned by a subquery used as an expression in the updateModuleImpliedPrivilegesThread.
  • Fixed a problem with the Tanium Client's RPM post-install scripts which would fail with the error message: command not found.
  • Fixed an issue on the Tanium Server, by which when a new but identical Saved Question was imported into a system it would no longer consider the Recent Results stored by the prior definition.
  • Fixed an issue with the Tanium Server installer on Linux which failed to check properly for the existence of the postgres user on the system and would result in a number of errors referencing the absence of the account.
  • Fixed an issue with the Tanium Server REST API where it would not interpret correctly the Z timezone designator trailing an ISO-8601 formatted date. This could cause some parameter dates to be misinterpreted and take default values when manipulating Action objects.
  • Fixed a bug in the Tanium Server which caused Scheduled Actions to be issued under their old account ownership after they had been transferred to another user, typically when managing non-active user content from the Tanium Console.
  • Fixed an issue in the Tanium Server API when exporting Content Set objects by which their content_set_role_privileges where not included in the output result.
  • Fixed a bug in the Tanium Server in the handling of Saved Question metadata that would trigger the Console error duplicate key value violates unique constraint "saved_questions_meta_data_unique" when importing content.
  • Fixed an issue with the Tanium Server installer where when installing a local PostgreSQL database instance, the Tanium Postgres service would fail to start due to missing access controls on its installation directories.
  • Fixed an issue in the Tanium Server where the use of sequence column values in some tables could produce repeated error messages reading: there is no transaction in progress.
  • Fixed a Tanium Server problem where users assigned the special Content Set Administrator role were not having their other privileges revoked, which is the way this role should work.
  • Fixed a bug in the Tanium Server that caused Isolated Subnet definitions from loading when the sequence column in their database row has a value of 0 (zero).
  • The Tanium Platform servers on Windows will use a faster random number generator to accelerate cryptographic processing of incoming client connections.
  • The Tanium Server installer on Windows will grant ownership and permissions to SYSTEM on the installation directory, this is to fix access settings on deployments which may have used inherited permissions in the past.

Known Issues and Workarounds

  • None.

Product Documentation and Resources