Notes
If you're migrating from Google Santa, please see the Migration Guide for details on how to upgrade.
This release fixes an issue that could affect users that upgraded to v2024.11 from v2024.10. If you installed v2024.11, please see the discussion on potential remediation steps that might be necessary.
Fixed
❗ Critical binaries are now allowed by Signing ID instead of hash to address issues that could affect users when upgrading in Lockdown mode.
❗ Stronger checks were added to ensure users with root access cannot manually add rules when a sync server or static rules are being used.
Important
This release addresses a minor security issue that affects all previous Santa releases. We encourage users to upgrade as soon as possible.
What's Changed
- Fix: Add signing ID checks for critical binaries by @pmarkowsky in #164
- Enforce rule add checks on daemon by @mlw in #165
- Lockdown upgrade fix by @mlw in #166
- Fix upgrade rules teamid by @mlw in #167
- Rename migration plist due to tamper protection rules by @mlw in #168
- One more rename of the migration plist by @mlw in #169
Full Changelog: 2024.11...2024.12
