1.3.2
- Remove LimitNOFILE and instead setrlimit more carefully
- Sync q_size to the documentation

1.3.1
- Fix not complete patch for filter file renaming

1.3
- Be consistent in updating and removing file system marks
- Add escaping to /proc/mount entries
- Revise escaping of trust files
- Add LimitNOFILE to the service file
- Add dpkg support (Stephen Tridgell)
- Add support for runtime reloading of rules

1.2
- On shutdown when running reports, if trust db empty warn (Nobuhiro Iwamatsu)
- Extend state machine to skip opens after exec until dyn linker found
- Control filtering of unwanted files in rpm backend with config file
- Add support for logging rule number of decision in the audit event

1.1.7
- Re-add dropped FAN_MARK_MOUNT for monitoring events (Steven Brzozowski)
- Make some updates to allow running without an rpm back successful

1.1.6
- Correct the optional inclusion of code based on HAVE_DECL_FAN_MARK_FILESYSTEM

1.1.5
- If in debug mode, do not write audit events to audit system
- Update filesystems we dont care about
- Add --check-path to fapolicyd-cli to locate missed files
- Detect trusted static apps running programs by ld.so
- Add support for using FAN_MARK_FILESYSTEM to see bind mounted accesses

1.1.4
- Fix descriptor leak on enqueue failure (Steven Brzozowski)
- Switch SHA256 hashing to openssl
- Add --check-status to fapolicyd-cli
- If fapolicyd is already running, exit
- Do trust db size check on all fapolicyd updates
- Add bash completions

1.1.3
- Replace snprintf integer to char conversion with uitoa function
- Update the locking between the main and decision threads
- Speedup sha256 hashing by mmap'ing the object
- Add OOMScoreAdjust to fapolicyd.service

1.1.2
- Release the update lock if starting trust db read operations errors
- CVE-2022-1117 fapolicyd incorrectly detects the run time linker
- Add the btrfs to the watch_fs config option
- Fix a problem tracking trusted static apps that launch other apps

1.1.1
- Reorder patterns and loopholes in rule.d
- Add support for subject ppid rule matching
- Add support for reloading the trust database from SIGHUP

1.1
- Add support for a rules.d directory
- Add --check-config, --check-watch_fs, and --check-trustdb to fapolicyd-cli
- Add libgcrypt initialization
- Break up all the rules so they can be installed in rules.d
- Add text/x-nftables magic
- Add interpreter for s390x, ppc64le

1.0.4
- Tighten up ELF detection
- Add support for multiple trust files in a trust.d directory
- Add troubleshooting info for when the trust db is full
- In permissive mode, allow audit events when rules say to log it
- Add new rpm_sha256_only config option to the daemon
- Escape whitespaces in file names put into the file trust database

1.0.3
- Add startup and shutdown syslog message
- fapolicyd-cli open trustdb without locking to prevent daemon hang
- If db migration fails due to unlinking problem, fail startup
- Do not exit on fanotify_event read failure
- Add application/javascript to Language macro

1.0.2
- Add Group ID support for rules
- Add test cases for avl library
- Update support for multiple copies of a trusted executable
- Add support for dynamic trust updating

1.0.1
- If trust db is empty when fapolicyd-cli dumps it, say its empty
- Make fapolicyd-cli buffer bigger for rule listing
- Fix ignored db errors from check_trust_database
- Adjust ELF x-object detection
- Do device mime-type detection in-house instead of libmagic
- Allow arbitrarily large group statements
- Fix logging of object trust
- Correct denial accounting
- Add new form of LD_PRELOAD pattern detection
- Fix mount reading routine to get it all
- Update languages kept from /usr/share

1.0
- Add file size, IMA, and sha256 based integrity checking
- Add ability to send decision results to syslog
- Add ability to define the format of the syslog event
- Add support for sets in rules
- Add support for dumping the trustdb by fapolicyd-cli
- Print a warning if rpm backend doesn't have a sha256 hash
- In rpm backend, add back javascript from /usr/share

0.9.4
- Fix pattern detection in light of EXEC_PERM events
- Conserve memory by dropping unneeded lists after startup
- Do full reset of subject credentials when execve finishes 
- Drop files in /usr/share, /usr/src, and /usr/include to reduce memory use
- Add error checking of the trust database
- Fixed threading issue during rpm update
- Add option to delete the trust database to cli, --delete-db
- Add option to cli to add/delete/update the file trust database

0.9.3
- In fapolicyd-cli, add a --list option to list rules
- Change lmdb to use writable mmap for startup performance improvment
- Change the database to support duplicate keys
- Provide a magic override file and use it during file inspection
- Update rules to match new magic overrides
- Add --ftype command to fapolicyd-cli
- Add database statistics to usage report

0.9.2
- Split codebase into daemon, library and cli
- Add Admin defined trust database
- Make use of librpm optional
- Updated the man pages
- Setting boost, queue, user, and group on the command line are deprecated

0.9.1
- Make watched filesystems configurable
- Improve ELF file classification
- Expose file type in debug output
- Update rules for ansible and dracut
- Skip config files in database check
- Expand definition of doc files
- Create new rule format exposing Subj and Obj trust
- Redesign the rules for trust based rules

0.9
- Convert hashes to lowercase like sha256sum outputs
- Use FAN_OPEN_EXEC_PERM for subject cache management
- Add static pattern detection
- Performance improvements
- Switch from static mounts to hotplug configuration of mount points
- Dont collect documentation in trust database
- When path is longer than lmdb can store, use a sha512 hash (Attila Lakatos)
- Cache subject trustworthiness information after lookup (Radovan Sroka)

0.8.10
- Fix segfault for rules whose subject is number oriented
- When database problem is found on startup, rebuild database
- Don't flush empty caches on database rebuild
- Revise default settings for better performance

0.8.9
- Systemd usage updates
- File permission adjustments based on selinux policy review
- Fix unterminated reads of auid & sessionid values
- Deprecate ld_preload pattern until new method exists

0.8.8
- Add FAN_OPEN_EXEC_PERM Support (Matthew Bobrowski)
- Man page updates
- Add dnf plugin to sync database when rpms install

0.8.7
- If the path has a top level symlinked dir, retry db lookup without /usr
- Fix parsing of command line options (Matthew Bobrowski)
- Add more validation of mount types (Matthew Bobrowski)
- Elf parser updates (Matthew Bobrowski)

0.8.6
- Update object hash calculation to better determine uniqueness
- Override rpm's signal handling
- Use private database as trust store
- Update the rules for python 3.6 and remove systemd exclusion
- Rename exec_dir rule option unpackaged to untrusted
- Remove unneeded rpm code
- Add support for daemon config file
- Allow database size to be configurable
- Add permissive setting, q_size, and q_depth to usage report

0.8.5
- Update spec file and license info

0.8.4
- Mask signals from deadman's switch
- Reinstate strong umask before writing report
- Use pw_gid to set the group when changing gid
- Allow the use of account names for auid & uid in rules
- Support group option on command line

0.8.3
- Add audit support for the linux-4.15 kernel
- Don't close report descriptor in report
- Fix busy loop to use poll as originally intended
- Relax timing on deadman's switch

0.8.2
- Add seccomp filter support
- Fix leaked descriptor in exe_type processing
- Add LRU cache for subject and objects
- Create fapolicyd user on install
- Update systemd service file to run as user fapolicyd
- Adjust inter-thread queue default size
- Write statistics on shutdown
- Change attribute access to hash table
- Deny access to stale pid's or fd's
- Add new pattern subject detection
- Add executable report on shutdown
- Add --no-details  to suppress file/exe names on shutdown report

0.8.1
- Documentation updates
- Update rules
- Output how many rules are loaded in debug mode
- Add user commandline option

0.8
- Initial public release
