1.4.3
- Fix missing allow decision in fapolicyd-cli --test-filter
- Update the trust-db filter rules to add and drop some things
- Add new magic detections and drop a lot of old rules
- Performance improvement looking up mime-types
- Various code cleanups, hardening, and performance optimizing
- Classify ELF files with an unknown interpreter as application/x-bad-elf
- Consolidate the fapolicyd-cli return codes
- Add integrity value to state report

1.4.2
- Correct identification of kworker threads
- Fix various threading, initialization, and function attribute issues
- Add support for SHA512, replace SHA256HASH with FILE_HASH
- Add --filter option to fapolicyd-cli --file
- Update bash completions for new options
- Add an early subject cache evictions counter to the state report
- Add CPU cores to the state report
- Move mounts update to it's own thread to prevent deadlocks with LUKS
- Add db_max_size = auto support so db size is managed by the daemon
- In rpm backend, drop any file from trustdb that doesn't verify size or hash

1.4.1
- Fix deadlock on reconfigure
- On reconfigure, update the trust list and reload the rpm filter

1.4
- Add ignore_mounts option to fapolicyd to not watch some mount points
- add --check-ignore_mounts option to fapolicyd-cli
- Fix overlay filesystem detection in fapolicyd-cli --check-watch_fs
- Fix fapolicyd-cli --check-path so that it properly detects symlinked dirs
- In fapolicyd-cli, add --verbose flag to --check-ignore_mounts
- Watch the /run partition
- Update some config items in SIGHUP
- Clarify warnings for fapolicyd-cli --check-trustdb
- All trust source backend checks/updates performance improvement
- Fix line too long error when last line of conf file had no newline

1.3.7
- Refactor queue to unify enqueue and dequeue and make it lockless
- Improve text/x-shellscript detection
- Fix bug in fapolicyd-cli --ftype detection which was introduced in 1.3.6
- Add watched mount points to state report - important since they can change
- Warn when object cache eviction ratios are high
- Use uthash for trust file backend duplication detection
- Update subject identity collection to gather all uid/gid components

1.3.6
- Increase the default subject cache size
- Move fapolicyd-rpm-loader to bin directory
- Suppress the subject cache eviction for scripts run by interpreters
- Fix decriptor leak in previous release - only leaks on rpminstall/delete
- Improve performance of filter code
- Drop 'device' keyword for subject part of a rule
- Add documentation to fapolicyd-filter.conf for better understanding
- Fix build flags for Debian to include libmd
- Add --test-filter to fapolicy-cli to help test filter rules
- Fix bug in the filter that was allowing unexpected files though the filter
- Drop 2 more kinds of files from the rpm filter: html and md

1.3.5
- Raise default value for db_max_size
- Increase buffer size for reading process groups
- Pid read buffer size is defined using define rather than const
- Allow override of mounts file
- Fix leak and problematic memory managament
- Fix creation of RUN_DIR because it breaks rpm verify
- Add Microsoft Windows PE MIME magic definition
- Microsoft Windows PE rules
- Optimize path allocation
- Revert change to report interval logic (#325)
- Ensure fagenrules handles incomplete lines
- Describe how to handle nss-user-lookup correctly
- Fix normal pattern handling
- Improve AVL test
- Install gawk in test workflows
- Cleanup and document filesystem code
- Add AGENTS.md
- Revert "Fix for rpmdb with SQLite3 backend"
- Fix rpmdb locking issues by loading via separate process
- Fix an infinite loop (#345)
- Use memfd instead of pipe (#346)
- fapolicyd-cli --check-path  doesn't exit
- Fix null argv when spawning fapolicyd-rpm-loader (#343)
- Fix some concurrency issues
- Update comments in lru_evict header
- Update fd_fgets code
- On exit due to poll error, try to stop and save the database
- Improve update thread synchronization in fapolicyd
- Modify rpm_load_list for stop checks
- Fix a TODO that notes NULL should be returned
- Add some error cleanup in filter_load_file
- Increase buffer size when reading the PT_INTERP string in gather_elf()
- Add debug logs for STATE_LD_SO decisions
- Remove volatile qualifier from atomic types
- Add MEM_MMAP_FILE storage type for fd_fgets
- Fix segfault when writing to readonly memory
- Switch rpm-backend to mmap based list parsing
- Add memory statistics report
- To allow sealing, need to create with MFD_ALLOW_SEALING
- Ease SHA strings allocated on each iteration
- Skip to add non regular files to trustdb (#333)
- Fix segfault when socket is inside of the directory (#355)
- Subject cache eviction warning
- No eviction warnings on shutdown

1.3.4
- Fix race on fanotify fd on termination
- Improve efficiency loading the rpm database into trust db
- Fix issue where lock from rpmdb(Sqlite3 backend) is dropped when it shouldn't

1.3.3
- Improve dpkg support (Stephen Tridgell)
- Fix issue when no initial mount points (wjhunter3)
- Add RuntimeDirectory to the systemd service file
- Update code to limit the number group id's logged
- Improve mount point detection code
- Double the amount of groups a user could have (32)
- Small performance improvement by not double rewinding descriptor
- Improve logging: make stderr output more colourful; add timestamps (Kangie)
- Identify ruleset being loaded by a sha hash of the rule file (John Wass)
- Add 22-buildroot.rules to use if the machine builds software
- Add --with-asan for configure

1.3.2
- Remove LimitNOFILE and instead setrlimit more carefully
- Sync q_size to the documentation
- Fix multiple memory leaks

1.3.1
- Fix not complete patch for filter file renaming

1.3
- Be consistent in updating and removing file system marks
- Add escaping to /proc/mount entries
- Revise escaping of trust files
- Add LimitNOFILE to the service file
- Add dpkg support (Stephen Tridgell)
- Add support for runtime reloading of rules

1.2
- On shutdown when running reports, if trust db empty warn (Nobuhiro Iwamatsu)
- Extend state machine to skip opens after exec until dyn linker found
- Control filtering of unwanted files in rpm backend with config file
- Add support for logging rule number of decision in the audit event

1.1.7
- Re-add dropped FAN_MARK_MOUNT for monitoring events (Steven Brzozowski)
- Make some updates to allow running without an rpm back successful

1.1.6
- Correct the optional inclusion of code based on HAVE_DECL_FAN_MARK_FILESYSTEM

1.1.5
- If in debug mode, do not write audit events to audit system
- Update filesystems we dont care about
- Add --check-path to fapolicyd-cli to locate missed files
- Detect trusted static apps running programs by ld.so
- Add support for using FAN_MARK_FILESYSTEM to see bind mounted accesses

1.1.4
- Fix descriptor leak on enqueue failure (Steven Brzozowski)
- Switch SHA256 hashing to openssl
- Add --check-status to fapolicyd-cli
- If fapolicyd is already running, exit
- Do trust db size check on all fapolicyd updates
- Add bash completions

1.1.3
- Replace snprintf integer to char conversion with uitoa function
- Update the locking between the main and decision threads
- Speedup sha256 hashing by mmap'ing the object
- Add OOMScoreAdjust to fapolicyd.service

1.1.2
- Release the update lock if starting trust db read operations errors
- CVE-2022-1117 fapolicyd incorrectly detects the run time linker
- Add the btrfs to the watch_fs config option
- Fix a problem tracking trusted static apps that launch other apps

1.1.1
- Reorder patterns and loopholes in rule.d
- Add support for subject ppid rule matching
- Add support for reloading the trust database from SIGHUP

1.1
- Add support for a rules.d directory
- Add --check-config, --check-watch_fs, and --check-trustdb to fapolicyd-cli
- Add libgcrypt initialization
- Break up all the rules so they can be installed in rules.d
- Add text/x-nftables magic
- Add interpreter for s390x, ppc64le

1.0.4
- Tighten up ELF detection
- Add support for multiple trust files in a trust.d directory
- Add troubleshooting info for when the trust db is full
- In permissive mode, allow audit events when rules say to log it
- Add new rpm_sha256_only config option to the daemon
- Escape whitespaces in file names put into the file trust database

1.0.3
- Add startup and shutdown syslog message
- fapolicyd-cli open trustdb without locking to prevent daemon hang
- If db migration fails due to unlinking problem, fail startup
- Do not exit on fanotify_event read failure
- Add application/javascript to Language macro

1.0.2
- Add Group ID support for rules
- Add test cases for avl library
- Update support for multiple copies of a trusted executable
- Add support for dynamic trust updating

1.0.1
- If trust db is empty when fapolicyd-cli dumps it, say its empty
- Make fapolicyd-cli buffer bigger for rule listing
- Fix ignored db errors from check_trust_database
- Adjust ELF x-object detection
- Do device mime-type detection in-house instead of libmagic
- Allow arbitrarily large group statements
- Fix logging of object trust
- Correct denial accounting
- Add new form of LD_PRELOAD pattern detection
- Fix mount reading routine to get it all
- Update languages kept from /usr/share

1.0
- Add file size, IMA, and sha256 based integrity checking
- Add ability to send decision results to syslog
- Add ability to define the format of the syslog event
- Add support for sets in rules
- Add support for dumping the trustdb by fapolicyd-cli
- Print a warning if rpm backend doesn't have a sha256 hash
- In rpm backend, add back javascript from /usr/share

0.9.4
- Fix pattern detection in light of EXEC_PERM events
- Conserve memory by dropping unneeded lists after startup
- Do full reset of subject credentials when execve finishes 
- Drop files in /usr/share, /usr/src, and /usr/include to reduce memory use
- Add error checking of the trust database
- Fixed threading issue during rpm update
- Add option to delete the trust database to cli, --delete-db
- Add option to cli to add/delete/update the file trust database

0.9.3
- In fapolicyd-cli, add a --list option to list rules
- Change lmdb to use writable mmap for startup performance improvment
- Change the database to support duplicate keys
- Provide a magic override file and use it during file inspection
- Update rules to match new magic overrides
- Add --ftype command to fapolicyd-cli
- Add database statistics to usage report

0.9.2
- Split codebase into daemon, library and cli
- Add Admin defined trust database
- Make use of librpm optional
- Updated the man pages
- Setting boost, queue, user, and group on the command line are deprecated

0.9.1
- Make watched filesystems configurable
- Improve ELF file classification
- Expose file type in debug output
- Update rules for ansible and dracut
- Skip config files in database check
- Expand definition of doc files
- Create new rule format exposing Subj and Obj trust
- Redesign the rules for trust based rules

0.9
- Convert hashes to lowercase like sha256sum outputs
- Use FAN_OPEN_EXEC_PERM for subject cache management
- Add static pattern detection
- Performance improvements
- Switch from static mounts to hotplug configuration of mount points
- Dont collect documentation in trust database
- When path is longer than lmdb can store, use a sha512 hash (Attila Lakatos)
- Cache subject trustworthiness information after lookup (Radovan Sroka)

0.8.10
- Fix segfault for rules whose subject is number oriented
- When database problem is found on startup, rebuild database
- Don't flush empty caches on database rebuild
- Revise default settings for better performance

0.8.9
- Systemd usage updates
- File permission adjustments based on selinux policy review
- Fix unterminated reads of auid & sessionid values
- Deprecate ld_preload pattern until new method exists

0.8.8
- Add FAN_OPEN_EXEC_PERM Support (Matthew Bobrowski)
- Man page updates
- Add dnf plugin to sync database when rpms install

0.8.7
- If the path has a top level symlinked dir, retry db lookup without /usr
- Fix parsing of command line options (Matthew Bobrowski)
- Add more validation of mount types (Matthew Bobrowski)
- Elf parser updates (Matthew Bobrowski)

0.8.6
- Update object hash calculation to better determine uniqueness
- Override rpm's signal handling
- Use private database as trust store
- Update the rules for python 3.6 and remove systemd exclusion
- Rename exec_dir rule option unpackaged to untrusted
- Remove unneeded rpm code
- Add support for daemon config file
- Allow database size to be configurable
- Add permissive setting, q_size, and q_depth to usage report

0.8.5
- Update spec file and license info

0.8.4
- Mask signals from deadman's switch
- Reinstate strong umask before writing report
- Use pw_gid to set the group when changing gid
- Allow the use of account names for auid & uid in rules
- Support group option on command line

0.8.3
- Add audit support for the linux-4.15 kernel
- Don't close report descriptor in report
- Fix busy loop to use poll as originally intended
- Relax timing on deadman's switch

0.8.2
- Add seccomp filter support
- Fix leaked descriptor in exe_type processing
- Add LRU cache for subject and objects
- Create fapolicyd user on install
- Update systemd service file to run as user fapolicyd
- Adjust inter-thread queue default size
- Write statistics on shutdown
- Change attribute access to hash table
- Deny access to stale pid's or fd's
- Add new pattern subject detection
- Add executable report on shutdown
- Add --no-details  to suppress file/exe names on shutdown report

0.8.1
- Documentation updates
- Update rules
- Output how many rules are loaded in debug mode
- Add user commandline option

0.8
- Initial public release