diff --git a/CHANGELOG.md b/CHANGELOG.md index d6dda1c6..ecdc2f47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,18 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [1.14.1 / 5.69.1] - 2024-06-06 ### Added -- Add "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191) - - To use this feature SandboxieAllGroup=y must be enabled - - Note: that this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y" -- Added "EditAdminOnly=y" can now be configured per box -- Add UI for CoverBoxedWindows in NewBoxWizard. -- Add UI option to start unsandboxed process but force child processes in SelectBoxWindow. -- Add option "AlertBeforeStart".When it is set,a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself,if it is not, a warning pops up. -- Add option for EditAdminOnly in SetupWizard. +- added "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191) + - to use this feature "SandboxieAllGroup=y" must be enabled + - Note: this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y" +- added "EditAdminOnly=y" can now be configured per box +- added UI for CoverBoxedWindows in NewBoxWizard +- added UI option to start unsandboxed process but force child processes in SelectBoxWindow +- added option "AlertBeforeStart" + - when it is set, a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself, if it is not, a warning pops up +- added option for EditAdminOnly in SetupWizard ### Changed -- split the advanced new box wizard page in two +- splited the advanced new box wizard page in two - reorganized box options a bit ### Fixed @@ -33,19 +34,18 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [1.14.0 / 5.69.0] - 2024-05-17 ### Added -- Add option to limit the memory of sandboxed process and the number of process in single sandbox through job object. (thanks Yeyixiao) - - Use "TotalMemoryLimit"(Number,limit whole sandbox,Byte) and "ProcessMemoryLimit"(Number,limit single process,Byte) to set memory limit. - - Use "ProcessNumberLimit"(Number) to set process number limit. -- Add ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao) - - Use "UseChangeSpeed=y" to open this feature,use "AddTickSpeed"/"AddSleepSpeed"/"AddTimerSpeed"/"LowTickSpeed"/"LowSleepSpeed"/"LowTimerSpeed"(Number) to set. - - When set to "AddSleepSpeed=0", all sleep function calls will be skipped. -- Added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed - +- added option to limit the memory of sandboxed process and the number of process in single sandbox through job object (thanks Yeyixiao) + - use "TotalMemoryLimit" (Number, limit whole sandbox, Byte) and "ProcessMemoryLimit" (Number, limit single process, Byte) to set memory limit + - use "ProcessNumberLimit" (Number) to set process number limit +- added ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao) + - use "UseChangeSpeed=y" to open this feature, use "AddTickSpeed" / "AddSleepSpeed" / "AddTimerSpeed" / "LowTickSpeed" / "LowSleepSpeed" / "LowTimerSpeed" (Number) to set + - when set to "AddSleepSpeed=0", all sleep function calls will be skipped +- added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed - added ability to fore sandboxed processes to use a pre defined socks 5 proxy - added ability to intercept DNS queries so that they can be logged and/or redirected - added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir) - added Test Dialog UI for SOCKS5 proxy (thanks Deezzir) -- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox. +- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox ### Changed - validated compatibility with windows build 26217 and updated dyn data @@ -1363,7 +1363,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Sandboxie no longer issues message 1301 when forced processes are temporarily disabled - the message can be re-enabled with "NotifyForceProcessDisabled=y" - reworked the "Open COM" checkbox mechanism in the plus UI - - Now it uses a template and it can also keep COM closed while OpenIpcPath=* is set + - now it uses a template and it can also keep COM closed while OpenIpcPath=* is set ### Fixed - fixed compatibility issue with Proxifier [#2163](https://github.com/sandboxie-plus/Sandboxie/issues/2163) @@ -1534,7 +1534,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - re-engineered "SandboxieLogon=y"; it's on by default, as every sandbox gets its own SID now - - Note: this enforces strict isolation of sandboxes from each other. + - Note: this enforces strict isolation of sandboxes from each other ### Changed - reworked hook management, unloaded DLLs are properly unhooked now [#1243](https://github.com/sandboxie-plus/Sandboxie/issues/1243) @@ -1793,7 +1793,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Fixed - FIXED SECURITY ISSUE ID-17: Hard link creation was not properly filtered (thanks Diversenok) -- fixed issue with checking the certificate entry. +- fixed issue with checking the certificate entry @@ -1921,8 +1921,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added silent uninstall switch `/remove /S` for Classic installer (by sredna) [#1532](https://github.com/sandboxie-plus/Sandboxie/pull/1532) ### Changed -- The filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese) [#1497](https://github.com/sandboxie-plus/Sandboxie/pull/1497) -- The filename "sandman_ua" was changed to "sandman_uk" (Ukrainian) [#1527](https://github.com/sandboxie-plus/Sandboxie/issues/1527) +- the filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese) [#1497](https://github.com/sandboxie-plus/Sandboxie/pull/1497) +- the filename "sandman_ua" was changed to "sandman_uk" (Ukrainian) [#1527](https://github.com/sandboxie-plus/Sandboxie/issues/1527) - Note: translators are encouraged to follow the [Localization notes and tips](https://github.com/sandboxie-plus/Sandboxie/discussions/1123#discussioncomment-1203489) before creating a new pull request - updated Firefox update blocker (discovered by isaak654) [#1545](https://github.com/sandboxie-plus/Sandboxie/issues/1545#issuecomment-1013807831) @@ -2034,10 +2034,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - mechanism to hook Win32 system calls now also works for 32-bit applications running under WoW64 - added customization to Win32k hooking mechanism, as by default only GdiDdDDI* hooks are installed - - You can force the installation of other hooks by specifying them with "EnableWin32Hook=..." + - you can force the installation of other hooks by specifying them with "EnableWin32Hook=..." - or disable the installation of the default hooks with "DisableWin32Hook=..." - - Please note that some Win32k hooks may cause BSODs or undefined behaviour. (!) - - The most obviously problematic Win32k hooks are blacklisted, this can be bypassed with "IgnoreWin32HookBlacklist=y" + - please note that some Win32k hooks may cause BSODs or undefined behaviour (!) + - the most obviously problematic Win32k hooks are blacklisted, this can be bypassed with "IgnoreWin32HookBlacklist=y" - added debug option "AdjustBoxedSystem=n" to disable the adjustment of service ACLs running with a system token - added "NoUACProxy=y" option together with the accompanying template, in order to disable UAC proxy - Note: boxes configured in compartment mode activate this template by default @@ -2591,7 +2591,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Changed - replaced the Process List used by the driver with a much faster Hash Map implementation - Note: this change provides an almost static system call speed of 1.2µs regardless of the running process count - - The old list, with 100 programs running required 4.5µs; with 200: 12µs; and with 300: 18µs per syscall + - the old list, with 100 programs running required 4.5µs; with 200: 12µs; and with 300: 18µs per syscall - Note: some of the slowdown was also affecting non-sandboxed applications due to how the driver handles certain callbacks - replaced the per-process Thread List used by the driver with a much faster Hash Map implementation - replaced configuration section list with a hash map to improve configuration performance, and increased line limit to 100000 @@ -2652,7 +2652,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [0.8.0 / 5.50.0] - 2021-06-13 ### Added -- Normally Sandboxie applies "Close...=!,..." directives to non-excluded images if they are located in a sandbox +- normally Sandboxie applies "Close...=!,..." directives to non-excluded images if they are located in a sandbox - added 'AlwaysCloseForBoxed=n' to disable this behaviour as it may not be always desired, and it doesn't provide extra security - added process image information to SandMan UI - localized template categories in the Plus UI [#727](https://github.com/sandboxie-plus/Sandboxie/issues/727) @@ -2743,7 +2743,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - the following options are now deprecated: - "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y" - "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n", so use the new RPC templates instead - - See Templates.ini for usage examples + - see Templates.ini for usage examples ### Fixed - fixed process-specific hooks being applied to all processes in a given sandbox @@ -3010,10 +3010,10 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added more compatibility templates (thanks isaak654) [#294](https://github.com/sandboxie-plus/Sandboxie/pull/294) ### Changed -- Changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system +- changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system - use "RunServicesAsSystem=y" to enable the old legacy behaviour - Note: sandboxed services with a system token are still sandboxed and restricted - - However not granting them a system token in the first place removes possible exploit vectors + - however not granting them a system token in the first place removes possible exploit vectors - Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence! - reworked dynamic IPC port handling - improved Resource Monitor status strings @@ -3183,7 +3183,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - added check for updates to the legacy SbieCtrl UI ### Changed -- File migration limit can now be disabled by specifying "CopyLimitKb=-1" [#526](https://github.com/sandboxie-plus/Sandboxie/issues/526) +- file migration limit can now be disabled by specifying "CopyLimitKb=-1" [#526](https://github.com/sandboxie-plus/Sandboxie/issues/526) - improved and refactored message logging mechanism, reducing memory usage by factor of 2 - terminated boxed processes are now kept listed for a couple of seconds - reworked sandbox deletion mechanism of the new UI @@ -3219,7 +3219,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis [#120](https://github.com/sandboxie-plus/Sandboxie/issues/120) [#88](https://github.com/sandboxie-plus/Sandboxie/issues/88) - Firefox Quantum, access to Windows's FontCachePort for compatibility with Windows 7 - added experimental debug option "OriginalToken=y" which allows sandboxed processes to retain their original unrestricted token - - This option is comparable with "OpenToken=y" and is intended only for testing and debugging, as it breaks most security measures (!) + - this option is comparable with "OpenToken=y" and is intended only for testing and debugging, as it breaks most security measures (!) - added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism - Note: without an unrestricted token with this option applications won't be able to start - added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver