Merge pull request #3979 from APMichael/patch-1

Update CHANGELOG.md
This commit is contained in:
DavidXanatos 2024-06-10 11:26:44 +02:00 committed by GitHub
commit 79d22bc113
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 33 additions and 33 deletions

View File

@ -6,17 +6,18 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.1 / 5.69.1] - 2024-06-06
### Added
- Add "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191)
- To use this feature SandboxieAllGroup=y must be enabled
- Note: that this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
- Added "EditAdminOnly=y" can now be configured per box
- Add UI for CoverBoxedWindows in NewBoxWizard.
- Add UI option to start unsandboxed process but force child processes in SelectBoxWindow.
- Add option "AlertBeforeStart".When it is set,a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself,if it is not, a warning pops up.
- Add option for EditAdminOnly in SetupWizard.
- added "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191)
- to use this feature "SandboxieAllGroup=y" must be enabled
- Note: this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
- added "EditAdminOnly=y" can now be configured per box
- added UI for CoverBoxedWindows in NewBoxWizard
- added UI option to start unsandboxed process but force child processes in SelectBoxWindow
- added option "AlertBeforeStart"
- when it is set, a prompt pops up before launching a new program into the sandbox using "Start.exe" and checks if the program that started "Start.exe" is a Sandboxie component itself, if it is not, a warning pops up
- added option for EditAdminOnly in SetupWizard
### Changed
- split the advanced new box wizard page in two
- splited the advanced new box wizard page in two
- reorganized box options a bit
### Fixed
@ -33,19 +34,18 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.0 / 5.69.0] - 2024-05-17
### Added
- Add option to limit the memory of sandboxed process and the number of process in single sandbox through job object. (thanks Yeyixiao)
- Use "TotalMemoryLimit"(Number,limit whole sandboxByte) and "ProcessMemoryLimit"(Number,limit single process,Byte) to set memory limit.
- Use "ProcessNumberLimit"(Number) to set process number limit.
- Add ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao)
- Use "UseChangeSpeed=y" to open this feature,use "AddTickSpeed"/"AddSleepSpeed"/"AddTimerSpeed"/"LowTickSpeed"/"LowSleepSpeed"/"LowTimerSpeed"(Number) to set.
- When set to "AddSleepSpeed=0", all sleep function calls will be skipped.
- Added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
- added option to limit the memory of sandboxed process and the number of process in single sandbox through job object (thanks Yeyixiao)
- use "TotalMemoryLimit" (Number, limit whole sandbox, Byte) and "ProcessMemoryLimit" (Number, limit single process, Byte) to set memory limit
- use "ProcessNumberLimit" (Number) to set process number limit
- added ability to modified sandboxed process logic speed (reduced fixed latency, modified single-player speed, etc.) (thanks Yeyixiao)
- use "UseChangeSpeed=y" to open this feature, use "AddTickSpeed" / "AddSleepSpeed" / "AddTimerSpeed" / "LowTickSpeed" / "LowSleepSpeed" / "LowTimerSpeed" (Number) to set
- when set to "AddSleepSpeed=0", all sleep function calls will be skipped
- added /fcp /force_children commandline option to start.exe it allows to start a program unsandboxed but have all its children sandboxed
- added ability to fore sandboxed processes to use a pre defined socks 5 proxy
- added ability to intercept DNS queries so that they can be logged and/or redirected
- added support for SOCKS5 proxy authentication based on RFC1928 (thanks Deezzir)
- added Test Dialog UI for SOCKS5 proxy (thanks Deezzir)
- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox.
- added ability to automatically removes template references that begin with “Template_Temp_” in the sandbox
### Changed
- validated compatibility with windows build 26217 and updated dyn data
@ -1363,7 +1363,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Sandboxie no longer issues message 1301 when forced processes are temporarily disabled
- the message can be re-enabled with "NotifyForceProcessDisabled=y"
- reworked the "Open COM" checkbox mechanism in the plus UI
- Now it uses a template and it can also keep COM closed while OpenIpcPath=* is set
- now it uses a template and it can also keep COM closed while OpenIpcPath=* is set
### Fixed
- fixed compatibility issue with Proxifier [#2163](https://github.com/sandboxie-plus/Sandboxie/issues/2163)
@ -1534,7 +1534,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- re-engineered "SandboxieLogon=y"; it's on by default, as every sandbox gets its own SID now
- Note: this enforces strict isolation of sandboxes from each other.
- Note: this enforces strict isolation of sandboxes from each other
### Changed
- reworked hook management, unloaded DLLs are properly unhooked now [#1243](https://github.com/sandboxie-plus/Sandboxie/issues/1243)
@ -1793,7 +1793,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- FIXED SECURITY ISSUE ID-17: Hard link creation was not properly filtered (thanks Diversenok)
- fixed issue with checking the certificate entry.
- fixed issue with checking the certificate entry
@ -1921,8 +1921,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added silent uninstall switch `/remove /S` for Classic installer (by sredna) [#1532](https://github.com/sandboxie-plus/Sandboxie/pull/1532)
### Changed
- The filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese) [#1497](https://github.com/sandboxie-plus/Sandboxie/pull/1497)
- The filename "sandman_ua" was changed to "sandman_uk" (Ukrainian) [#1527](https://github.com/sandboxie-plus/Sandboxie/issues/1527)
- the filename "sandman_pt" was changed to "sandman_pt_BR" (Brazilian Portuguese) [#1497](https://github.com/sandboxie-plus/Sandboxie/pull/1497)
- the filename "sandman_ua" was changed to "sandman_uk" (Ukrainian) [#1527](https://github.com/sandboxie-plus/Sandboxie/issues/1527)
- Note: translators are encouraged to follow the [Localization notes and tips](https://github.com/sandboxie-plus/Sandboxie/discussions/1123#discussioncomment-1203489) before creating a new pull request
- updated Firefox update blocker (discovered by isaak654) [#1545](https://github.com/sandboxie-plus/Sandboxie/issues/1545#issuecomment-1013807831)
@ -2034,10 +2034,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Added
- mechanism to hook Win32 system calls now also works for 32-bit applications running under WoW64
- added customization to Win32k hooking mechanism, as by default only GdiDdDDI* hooks are installed
- You can force the installation of other hooks by specifying them with "EnableWin32Hook=..."
- you can force the installation of other hooks by specifying them with "EnableWin32Hook=..."
- or disable the installation of the default hooks with "DisableWin32Hook=..."
- Please note that some Win32k hooks may cause BSODs or undefined behaviour. (!)
- The most obviously problematic Win32k hooks are blacklisted, this can be bypassed with "IgnoreWin32HookBlacklist=y"
- please note that some Win32k hooks may cause BSODs or undefined behaviour (!)
- the most obviously problematic Win32k hooks are blacklisted, this can be bypassed with "IgnoreWin32HookBlacklist=y"
- added debug option "AdjustBoxedSystem=n" to disable the adjustment of service ACLs running with a system token
- added "NoUACProxy=y" option together with the accompanying template, in order to disable UAC proxy
- Note: boxes configured in compartment mode activate this template by default
@ -2591,7 +2591,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Changed
- replaced the Process List used by the driver with a much faster Hash Map implementation
- Note: this change provides an almost static system call speed of 1.2µs regardless of the running process count
- The old list, with 100 programs running required 4.5µs; with 200: 12µs; and with 300: 18µs per syscall
- the old list, with 100 programs running required 4.5µs; with 200: 12µs; and with 300: 18µs per syscall
- Note: some of the slowdown was also affecting non-sandboxed applications due to how the driver handles certain callbacks
- replaced the per-process Thread List used by the driver with a much faster Hash Map implementation
- replaced configuration section list with a hash map to improve configuration performance, and increased line limit to 100000
@ -2652,7 +2652,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.8.0 / 5.50.0] - 2021-06-13
### Added
- Normally Sandboxie applies "Close...=!<program>,..." directives to non-excluded images if they are located in a sandbox
- normally Sandboxie applies "Close...=!<program>,..." directives to non-excluded images if they are located in a sandbox
- added 'AlwaysCloseForBoxed=n' to disable this behaviour as it may not be always desired, and it doesn't provide extra security
- added process image information to SandMan UI
- localized template categories in the Plus UI [#727](https://github.com/sandboxie-plus/Sandboxie/issues/727)
@ -2743,7 +2743,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- the following options are now deprecated:
- "UseRpcMgmtSetComTimeout=some.dll,n", so use "RpcPortBinding=some.dll,*,TimeOut=y"
- "OpenUPnP=y", "OpenBluetooth=y", "OpenSmartCard=n", so use the new RPC templates instead
- See Templates.ini for usage examples
- see Templates.ini for usage examples
### Fixed
- fixed process-specific hooks being applied to all processes in a given sandbox
@ -3010,10 +3010,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added more compatibility templates (thanks isaak654) [#294](https://github.com/sandboxie-plus/Sandboxie/pull/294)
### Changed
- Changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system
- changed Emulated SCM behaviour, boxed services are no longer by default started as boxed system
- use "RunServicesAsSystem=y" to enable the old legacy behaviour
- Note: sandboxed services with a system token are still sandboxed and restricted
- However not granting them a system token in the first place removes possible exploit vectors
- however not granting them a system token in the first place removes possible exploit vectors
- Note: this option is not compatible with "ProtectRpcSs=y" and takes precedence!
- reworked dynamic IPC port handling
- improved Resource Monitor status strings
@ -3183,7 +3183,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- added check for updates to the legacy SbieCtrl UI
### Changed
- File migration limit can now be disabled by specifying "CopyLimitKb=-1" [#526](https://github.com/sandboxie-plus/Sandboxie/issues/526)
- file migration limit can now be disabled by specifying "CopyLimitKb=-1" [#526](https://github.com/sandboxie-plus/Sandboxie/issues/526)
- improved and refactored message logging mechanism, reducing memory usage by factor of 2
- terminated boxed processes are now kept listed for a couple of seconds
- reworked sandbox deletion mechanism of the new UI
@ -3219,7 +3219,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Windows 10 core UI component: OpenIpcPath=\BaseNamedObjects\[CoreUI]-* solving issues with Chinese Input and Emojis [#120](https://github.com/sandboxie-plus/Sandboxie/issues/120) [#88](https://github.com/sandboxie-plus/Sandboxie/issues/88)
- Firefox Quantum, access to Windows's FontCachePort for compatibility with Windows 7
- added experimental debug option "OriginalToken=y" which allows sandboxed processes to retain their original unrestricted token
- This option is comparable with "OpenToken=y" and is intended only for testing and debugging, as it breaks most security measures (!)
- this option is comparable with "OpenToken=y" and is intended only for testing and debugging, as it breaks most security measures (!)
- added debug option "NoSandboxieDesktop=y" it disables the desktop proxy mechanism
- Note: without an unrestricted token with this option applications won't be able to start
- added debug option "NoSysCallHooks=y" it disables the sys call processing by the driver