IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Tanium Server (Version 7.4.5.1200)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
This platform release includes the release of both a Windows and Linux Tanium Server.
The previous version can be found here: Release Notes (Version 7.4.4.1381)


Tanium Server for Windows and Linux v7.4.5.1200

General Availability Release Date: April 13, 2021.

Special Notes

  • Due to security issues against this release of Tanium Server, Tanium strongly recommends upgrading to at least v7.4.5.1240 if you are using this version.
  • The Tanium Server now uses Console (Version 2.0.250.0000).

Security Updates

  • This release includes security updates. Details of the issues, including affected versions and mitigation information, can be obtained within Tanium's Support Portal or by contacting your TAM.

New Features

  • Tanium components now use OpenSSL 1.0.2y.
  • The Tanium Server now uses OpenLDAP v2.4.58.
  • The Tanium Platform components now use the http-parser v2.9.4 library.
  • Changes in the Tanium Server database have been made to close gaps in schema differences between its Microsoft SQL and PostgreSQL implementations.
  • The Tanium Server will no longer provide the active Question estimate metric which duplicates the more accurate client_snapshot_question_count value.
  • The Tanium Server will now set the Host HTTP header in all requests proxied over to the Module Server.
  • Added the ability to verify single-use-request tokens before their use against the Tanium Server's single-use-request API route.

Improvements

  • The Tanium Server will now store a copy of its registration secret in pki.db, making a system recovery possible even when the tanium database has been lost.
  • The propagation of Zone Server metrics exposed in the Tanium Server's /metrics route has been improved, improving on some zero-valued measures which made it appear as if their implementation was flawed. This improvement introduces the hub_info_send_interval_minutes Global Setting with a default value of 1 minute which controls how often these measures are propagated between components.
  • The Tanium Server Audit API now offers text representations for a number of audit fields in order to make its output more human-readable.
  • The Tanium Server improvements to the storage of LDAP access information in the database.
  • The Tanium Server now offers an "All Computers" Action Group to support the new-style Console one-time deployment Actions.
  • LDAP Connectors in the Tanium Server now support the user_group_key setting which defines the user LDAP object property to associate when retrieving LDAP group members. It defaults to distinguishedName which works with most LDAP servers (Active Directory) but can be changed for other vendors.
  • The Tanium Server's pki show now displays the ServerNameList setting value embedded in a tanium-init.dat initialization bundle.
  • The Tanium Server now provides a preview_content_set_role to support the new Console UI for managing RBAC roles.
  • The Tanium Server now offers the command line option pki sync-hsm which will compare the contents of pki.db and those of a keystore HSM to ensure they are both synchronized, helping clear out situations where both sets of key names differ.
  • The Tanium Platform has refactored its v315 protocol message metrics to streamline their processing and make them more easily extensible to new message types.
  • The Tanium Server Export API now allows filtering of exported contents by Content Set id 's.
  • The Tanium Server API will now limit the allowable size of any individual parameter in an Action to 8KB in length.
  • The Tanium Server has improved its Group cache management strategy to avoid multiple and unnecessary refreshes when creating and managing deeply nested group structures.
  • The Tanium Server will now validate that parametrized Actions have all of their parameters fulfilled by the targeting Question used for deployment.
  • The Tanium Server enhances the Server-Timing details for saved_question API requests.

Bug Fixes

  • The Tanium Server and Zone Server Hubs will now start their synchronization tasks only after they have successfully established trust and registered with each other, no longer producing the log messages that read: WireMessage.sync_message/43.
  • All Tanium component uninstallers on Windows (Server, Module Server and Zone Server) will now uninstall and clean out the installation directory, or error out if the registry key for the installation path (Path) is not set. Additionally, they will refuse to uninstall if the uninstaller has a different version than the actual software installed.
  • Fixed an issue in the Tanium Server by which removing a User from a User Group would not produce a corresponding audit record.
  • Fixed a non-released internal build test over SOAPGroupCache::TestManualGroups.
  • The Tanium Server will now enforce a maximum expiration for API tokens 365 days into the future, as specified and controlled by the Global Setting (Server, Numeric) api_token_max_expiration_in_days.
  • Fixed a problem in the Tanium Server's API for RBAC privileges where the content_set_roles route would fail to return the privilege assignments seen when retrieving an individual content set through its id.
  • Fixed a race condition within the Tanium Server's Package cache refresh logic which could result in a server thread using stale data.
  • The Tanium Server will now install and treat the database_connection_periodic_job_interval_seconds Global Setting as a server and not client setting. NOTE: that upgrading from earlier versions will not modify the erroneous designation if it already exists.
  • Fixed a bug by which a Zone Server Hub would experience a process crash when it could not resolve the DNS name for one of its Zone Servers.
  • The Tanium Server will now keep track of the number of cryptographic keys generated as a way to avoid a synchronization problem when naming keys for management in a Hardware Security Module (HSM).
  • Fixed an issue with the Tanium Server's object ownership transfer API which was not honoring the force_transfer_flag setting in the REST API.
  • The Tanium Server Export/ Import API will now ignore compound Group definitions with All Computers as one of their subgroups which are functionally equivalent to targeting all endpoints. Groups which seek to filter for all machines must express this explicitly by referencing only the All Computers group.
  • Fixed a bug with the Tanium Server API which would return an HTTP-403 error when a user called api/v2/session/management_rights for an mr_group definition that was somehow malformed in the database.
  • Added the missing support for handling Groups' max_age_seconds and all_values_flag in the Tanium Server's export API.
  • Fixed an issue in the Tanium Server API where retrieving a Content Set definition by its id was not validated against RBAC privileges.
  • Fixed an issue with the Tanium Server API which would cause the error PackageNotFound when querying for a Package right after creating it.
  • Fixed a bug in the Tanium Server which could cause a process crash when GetResultData was called with a cache filter with empty text.
  • Fixed an issue in the Tanium Server which would cause a process crash during the refresh of the users cache last login information if its corresponding record was deleted from the system's users table.
  • Fixed a Tanium Server issue in the Import API with the treatment of of the All Computers group which would lead to GroupNotFound on some imports.
  • Fixed an issue with the Tanium Server RBAC API where not providing a content set to the preview_content_set_role route would result in an exception being thrown: No id or name specified for content set when it should not.
  • Fixed a regression in the performance of the SOAP GetObject::saved_questions API request.

Known Issues and Workarounds

  • N/A.

Product Documentation and Resources