mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge pull request #344 from NewKidOnTheBlock/patch-1 

Fixed 0.5.4 Changelog spellings
This commit is contained in:
DavidXanatos 2021-01-08 09:50:22 +01:00 committed by GitHub
parent 124d926c65 d5331e0de5
commit 0cc95953e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 40 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CHANGELOG.md
View File

@ -7,19 +7,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added ### Added
- Sandboxie now strips particularly problematic privileges from sandboxed system tokens - Sandboxie now strips particularly problematic privileges from sandboxed system tokens
-- with those a process could atempt to bypass the sandbox isolation (thanks Diversenok) -- with those a process could attempt to bypass the sandbox isolation (thanks Diversenok)
-- old legacy behavior can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended) -- old legacy behaviour can be enabled with "StripSystemPrivileges=n" (absolutely NOT Recommended)
- added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n" - added new isolation options "ClosePrintSpooler=y" and "OpenSmartCard=n"
-- those resources are open by default but for a hardened box its desired to close them -- those resources are open by default but for a hardened box its desired to close them
- added print spooler filter to prevent printers from being set up outside the sandbox - added print spooler filter to prevent printers from being set up outside the sandbox
-- the filter can be disabled with "OpenPrintSpooler=y" -- the filter can be disabled with "OpenPrintSpooler=y"
- added overwrite prompt when recovering an already existing file - added overwrite prompt when recovering an already existing file
- added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI - added "StartProgram=", "StartService=" and "AutoExec=" options to the SandMan UI
- added more compatybility templates (thanks isaak654) - added more compatibility templates (thanks isaak654)
### Changed ### Changed
- Changed Emulated SCM behavior, boxed services are no longer by default started as boxed system - Changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system
-- use "RunServicesAsSystem=y" to enable the old legacy behavior -- use "RunServicesAsSystem=y" to enable the old legacy behaviour
-- Note: sandboxed services with a system token are still sandboxed and restricted -- Note: sandboxed services with a system token are still sandboxed and restricted
-- However not granting them a system token in the first place removes possible exploit vectors -- However not granting them a system token in the first place removes possible exploit vectors
-- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence! -- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
@ -29,16 +29,16 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed ### Fixed
- fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok) - fixed a critical issue that allowed to create processes outside the sandbox (thanks Diversenok)
- fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation - fixed issues with dynamic IPC port handling that allowed to bypass IPC isolation
- fixed issue with ipc tracing - fixed issue with IPC tracing
- fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok) - fixed CVE-2019-13502 "\RPC Control\LSARPC_ENDPOINT" is now filtered by the driver (thanks Diversenok)
-- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y" -- this allowed some system options to be changed, to disable filtering use "OpenLsaEndpoint=y"
- fixed hooking issues SBIE2303 with chrome, edge and possibly others - fixed hooking issues SBIE2303 with Chrome, Edge and possibly others
- fixed failed check for running processes when performing snapshot operations - fixed failed check for running processes when performing snapshot operations
- fixed some box option checkboxes were not properly initialized - fixed some box option checkboxes were not properly initialized
- fixed unavailable options are not properly disabled when sandman is not connected to the driver - fixed unavailable options are not properly disabled when SandMan is not connected to the driver
- fixed MSI instalelr issue, not being able to create "C:\Config.Msi" folder on windows 20H2 - fixed MSI installer issue, not being able to create "C:\Config.msi" folder on Windows 20H2
- added missing localization to generic list commands - added missing localization to generic list commands
- fixed issue with "iconcache_*" when runngin sandboxed explorer - fixed issue with "iconcache_*" when running sandboxed explorer
- fixed more issues with groups - fixed more issues with groups
@ -79,7 +79,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- changed docs and update URLs to the new sandboxie-plus.com domain - changed docs and update URLs to the new sandboxie-plus.com domain
- greatly improved the setup script (thanks mpheath) - greatly improved the setup script (thanks mpheath)
- "OpenClsid=" and "ClosedClsid=" now support specifying a program or group name - "OpenClsid=" and "ClosedClsid=" now support specifying a program or group name
- by default, when started in portable mode, the sandbox folder will be located in the parent directory of the sandboxie instance - by default, when started in portable mode, the sandbox folder will be located in the parent directory of the Sandboxie instance
### Fixed ### Fixed
- grouping menu not fully working in the new SandMan UI - grouping menu not fully working in the new SandMan UI
@ -128,7 +128,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed menu issue in SandMan UI - fixed menu issue in SandMan UI
- fixed issue with stop behaviour page in SandMan UI - fixed issue with stop behaviour page in SandMan UI
- fixed issue with Plus installer not displaying kmdutil window - fixed issue with Plus installer not displaying kmdutil window
- fixed SandMan UI saving UI settings on windows shutdown - fixed SandMan UI saving UI settings on Windows shutdown
- fixed issue with Plus installer autorun - fixed issue with Plus installer autorun
- fixed issue with legacy installer not removing all files - fixed issue with legacy installer not removing all files
- fixed a driver compatibility issue with Windows 20H1 and later - fixed a driver compatibility issue with Windows 20H1 and later
@ -172,7 +172,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- when internet access is blocked it now can be exempted in real time by the user -- when internet access is blocked it now can be exempted in real time by the user
- added missing file recovery and auto/quick recovery functionality - added missing file recovery and auto/quick recovery functionality
- added silent MSG_1399 boxed process start notification to keep track of short lived boxed processes - added silent MSG_1399 boxed process start notification to keep track of short lived boxed processes
- added ability to prevent system wide process starts, sandboxie can now instead of just alerting also block processed on the alert list - added ability to prevent system wide process starts, Sandboxie can now instead of just alerting also block processed on the alert list
-- set "StartRunAlertDenied=y" to enable process blocking -- set "StartRunAlertDenied=y" to enable process blocking
- the process start alert/block mechanism can now also handle folders use "AlertFolder=..." - the process start alert/block mechanism can now also handle folders use "AlertFolder=..."
- added ability to merge snapshots - added ability to merge snapshots
@ -182,7 +182,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added more run commands and custom run commands per sandbox - added more run commands and custom run commands per sandbox
-- the box settings users can now specify programs to be available from the box run menu -- the box settings users can now specify programs to be available from the box run menu
-- also processes can be pinned to that list from the presets menu -- also processes can be pinned to that list from the presets menu
- added more windows 10 specific template presets - added more Windows 10 specific template presets
- added ability to create desktop shortcuts to sandboxed items - added ability to create desktop shortcuts to sandboxed items
- added icons to box option tabs - added icons to box option tabs
- added box grouping - added box grouping
@ -204,7 +204,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed an issue that would allow a malicious application to bypass the internet blockade - fixed an issue that would allow a malicious application to bypass the internet blockade
- fixed issue when logging messages from a non-sandboxed process, added process_id parameter to API_LOG_MESSAGE_ARGS - fixed issue when logging messages from a non-sandboxed process, added process_id parameter to API_LOG_MESSAGE_ARGS
- fixed issues with localization - fixed issues with localization
- fixed issue using file recovery in legacy ui SbieCtrl.exe when "SeparateUserFolders=n" is set - fixed issue using file recovery in legacy UI SbieCtrl.exe when "SeparateUserFolders=n" is set
- when a program is blocked from starting due to restrictions no redundant messages are issues anymore - when a program is blocked from starting due to restrictions no redundant messages are issues anymore
- fixed UI not properly displaying async errors - fixed UI not properly displaying async errors
- fixed issues when a snapshot operation failed - fixed issues when a snapshot operation failed
@ -217,7 +217,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.4.5 / 5.44.1] - 2020-11-16 ## [0.4.5 / 5.44.1] - 2020-11-16
### Added ### Added
- added "Terminate all processes" and "disable forced programs" commands to tray menu in SandMan ui - added "Terminate all processes" and "disable forced programs" commands to tray menu in SandMan UI
- program start restrictions settings now can be switched between a white list and a black list - program start restrictions settings now can be switched between a white list and a black list
-- programs can be terminated and blacklisted from the context menu -- programs can be terminated and blacklisted from the context menu
- added additional process context menu options, lingering and leader process can be now set from menu - added additional process context menu options, lingering and leader process can be now set from menu
@ -225,7 +225,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added text filter to template view - added text filter to template view
- added new compatibility templates: - added new compatibility templates:
-- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis -- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis
-- FireFox Quantum, access to windows FontCachePort for compatibility with Windows 7 -- Firefox Quantum, access to Windows FontCachePort for compatibility with Windows 7
- added experimental debug option "OriginalToken=y" which lets sandboxed processes retain their original unrestricted token - added experimental debug option "OriginalToken=y" which lets sandboxed processes retain their original unrestricted token
-- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, it BREAKS most SECURITY guarantees (!) -- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, it BREAKS most SECURITY guarantees (!)
- added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism - added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism
@ -239,15 +239,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
-- use ini option DebugTrace=y to enable -- use ini option DebugTrace=y to enable
### Changed ### Changed
- AppUserModelID sting no longer contains sandboxie version string - AppUserModelID sting no longer contains Sandboxie version string
- now by default sbie's application manifest hack is disabled, as it causes problems with version checking on windows 10 - now by default Sbie's application manifest hack is disabled, as it causes problems with version checking on Windows 10
-- to enable old behaviour add "PreferExternalManifest=y" to the global or the box specific ini section -- to enable old behaviour add "PreferExternalManifest=y" to the global or the box specific ini section
- the resource log mechanism can now handle multiple strings to reduce on string copy operations - the resource log mechanism can now handle multiple strings to reduce on string copy operations
### Fixed ### Fixed
- fixed issue with disabling some restriction settings failed - fixed issue with disabling some restriction settings failed
- fixed disabling of internet block from the presets menu sometimes failed - fixed disabling of internet block from the presets menu sometimes failed
- the software compatibility list in the sandman UI now shows the proper template names - the software compatibility list in the SandMan UI now shows the proper template names
- fixed use of freed memory in the driver - fixed use of freed memory in the driver
- replaced swprintf with snwprintf to prevent potential buffer overflow in SbieDll.dll - replaced swprintf with snwprintf to prevent potential buffer overflow in SbieDll.dll
- fixed bad list performance with resource log and api log in SandMan UI - fixed bad list performance with resource log and api log in SandMan UI
@ -265,14 +265,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- introduced a new driverless method to resolve wow64 ntdll base address - introduced a new driverless method to resolve wow64 ntdll base address
### removed ### removed
- removed support for windows vista x64 - removed support for Windows Vista x64
## [0.4.3 / 5.43.7] - 2020-11-03 ## [0.4.3 / 5.43.7] - 2020-11-03
### Added ### Added
- added disable forced programs menu command to the sandman ui - added disable forced programs menu command to the SandMan UI
### Fixed ### Fixed
- fixed file rename bug introduced with an earlier driver verifier fix - fixed file rename bug introduced with an earlier driver verifier fix
@ -290,13 +290,13 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed ### Fixed
- fixed thread handle leak in SbieSvc and other components - fixed thread handle leak in SbieSvc and other components
- msedge.exe is now categorized as a chromium derivate - msedge.exe is now categorized as a chromium derivate
- fixed chrome 86+ compatibility bug with chrome's own sandbox - fixed Chrome 86+ compatibility bug with Chrome's own sandbox
## [0.4.1 / 5.43.5] - 2020-09-12 ## [0.4.1 / 5.43.5] - 2020-09-12
### Added ### Added
- added core version compatibility check to sandman UI - added core version compatibility check to SandMan UI
- added shell integration options to SbiePlus - added shell integration options to SbiePlus
### Changed ### Changed
@ -309,8 +309,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed wrong path separators when adding new forced folders - fixed wrong path separators when adding new forced folders
- fixed directory listing bug introduced in 5.43 - fixed directory listing bug introduced in 5.43
- fixed issues with settings window when not being connected to driver - fixed issues with settings window when not being connected to driver
- fixed issue when starting sandman ui as admin - fixed issue when starting SandMan UI as admin
- fixed auto content delete not working with sandman ui - fixed auto content delete not working with SandMan UI
@ -318,7 +318,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added ### Added
- added a proper custom installer to the Plus release - added a proper custom installer to the Plus release
- added sandbox snapshot functionality to sbie core - added sandbox snapshot functionality to Sbie core
-- filesystem is saved incrementally, the snapshots built upon each other -- filesystem is saved incrementally, the snapshots built upon each other
-- each snapshot gets a full copy of the box registry for now -- each snapshot gets a full copy of the box registry for now
-- each snapshot can have multiple children snapshots -- each snapshot can have multiple children snapshots
@ -326,7 +326,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added setting to change border width - added setting to change border width
- added snapshot manager UI to SandMan - added snapshot manager UI to SandMan
- added template to enable authentication with an Yubikey or comparable 2FA device - added template to enable authentication with an Yubikey or comparable 2FA device
- added ui for program alert - added UI for program alert
- added software compatibility options to the UI - added software compatibility options to the UI
### Changed ### Changed
@ -359,7 +359,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- updated homepage links - updated homepage links
### Fixed ### Fixed
- fixed ini issue with sandman.exe when renaming sandboxes - fixed ini issue with SandMan.exe when renaming sandboxes
- fixed ini auto reload bug introduced in the last build - fixed ini auto reload bug introduced in the last build
- fixed issue when hooking delayed loaded libraries - fixed issue when hooking delayed loaded libraries
@ -370,7 +370,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added ### Added
- API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes - API_QUERY_PROCESS_INFO can be now used to get the original process token of sandboxed processes
-- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens -- Note: this capability is used by TaskExplorer to allow inspecting sandbox internal tokens
- Added option "KeepTokenIntegrity=y" to make the sbie token keep its initial integrity level (debug option) - Added option "KeepTokenIntegrity=y" to make the Sbie token keep its initial integrity level (debug option)
-- Note: Do NOT USE Debug Options if you don't know their security implications (!) -- Note: Do NOT USE Debug Options if you don't know their security implications (!)
- Added process id to log messages very useful for debugging - Added process id to log messages very useful for debugging
- Added finder to resource log - Added finder to resource log
@ -380,7 +380,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Built In Clsid whitelist can now be disabled with "OpenDefaultClsid=n" - Built In Clsid whitelist can now be disabled with "OpenDefaultClsid=n"
- Processes can be now terminated with the del key, and require a confirmation - Processes can be now terminated with the del key, and require a confirmation
- Added sandboxed window border display to SandMan.exe - Added sandboxed window border display to SandMan.exe
- Added notification for sbie log messages - Added notification for Sbie log messages
- Added Sandbox Presets sub menu allowing to quickly change some settings - Added Sandbox Presets sub menu allowing to quickly change some settings
-- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus -- Enable/Disable API logging, logapi_dll's are now distributed with SbiePlus
-- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on the network -- And other: Drop admin rights; Block/Allow internet access; Block/Allow access to files on the network
@ -389,7 +389,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Added info tooltips in SbieView - Added info tooltips in SbieView
### Changed ### Changed
- Reworked ApiLog, added pid and pid filter - Reworked ApiLog, added PID and PID filter
- Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes - Auto config reload on in change is now delayed by 500ms to not reload multiple times on incremental changes
- Sandbox names now replace "_" with " " for display allowing to use names that are made of separated words - Sandbox names now replace "_" with " " for display allowing to use names that are made of separated words
@ -430,7 +430,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Added progress window for async operations that take time - Added progress window for async operations that take time
- added DPI awareness - added DPI awareness
- the driver file is now obfuscated to avoid false positives - the driver file is now obfuscated to avoid false positives
- additional debug options to sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y - additional debug options to Sandboxie.ini OpenToken=y that combines UnrestrictedToken=y and UnfilteredToken=y
-- Note: using these options weakens the sandboxing, they are intended for debugging and may be used for better application virtualization later -- Note: using these options weakens the sandboxing, they are intended for debugging and may be used for better application virtualization later
### Changed ### Changed
@ -440,7 +440,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed ### Fixed
- IniWatcher did not work in portable mode - IniWatcher did not work in portable mode
- service path fix broke other services, now properly fixed, maybe - service path fix broke other services, now properly fixed, maybe
- found workaround for the msi installer issue - found workaround for the MSI installer issue
@ -448,12 +448,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added ### Added
- IniWatcher, no more clicking reload, the ini is now reloaded automatically every time it changes - IniWatcher, no more clicking reload, the ini is now reloaded automatically every time it changes
- Added Maintenance menu to the Sandbox menu, allowing to install/uninstall and start/stop sandboxie driver, service - Added Maintenance menu to the Sandbox menu, allowing to install/uninstall and start/stop Sandboxie driver, service
- SandMan.exe now is packed with Sbie files and when no sbie is installed acts as a portable installation - SandMan.exe now is packed with Sbie files and when no Sbie is installed acts as a portable installation
- Added option to clean up logs - Added option to clean up logs
### Changed ### Changed
- sbie driver now first checks the home path for the sbie ini before checking SystemRoot - Sbie driver now first checks the home path for the Sbie ini before checking SystemRoot
### Fixed ### Fixed
- Fixed a resource leak when running sandboxed - Fixed a resource leak when running sandboxed