v10.1.5

Changes:

• 96fd591 Merge branch 'main' into release/10.1.x
• 0495ec1 changelog: update to 10.1.5
• 9455bf2 OrcLib: Log: FileSink: increase first logs buffer size to 128k
• 27a3349 toos: ci: test: Test-OrcOutcome: forward excludes to Get-OrcOutcome
• 5c2e24a OrcLib: MFTOnline: fix $MFT extents parsing
• 1da902b OrcLib: CompleteVolumeReader: do not check extent size on seek
• ecf64d4 WolfLauncher: Outcome: add to command_set.command.output.size
• 0babad9 OrcCommand: WolfLauncher: print parameter 'archive timeout'
• 28eb14d OrcCommand: WolfLauncher: print parameter 'command timeout'
• 0a58b92 OrcCommand: WolfLauncher: do not early check executable existance

See More

• cc53b85 OrcCommand: UtilitiesMain: remove ',' from location exclude configuration
• 5b1a1f3 OrcCommand: UtilitiesMain: fix boost stacktrace output on stderr
• 11b059e OrcLib: PEInfo: use CacheStream to parse VERSION resource
• 7eb4b6e OrcLib: CacheStream: use configurable heap buffer size
• 9164102 OrcLib: LocationSet: allow to exclude locations
• a1fed4b OrcLib: SnapshotVolumeReader: remove useless SecureZeroMemory
• 292e073 OrcLib: MFTWalker: fix error handling for nested record processing
• 880e9bf OrcLib: MftRecordAttribute: fix infinite loop on corruped mft
• 5d2da8d OrcLib: Authenticode: fix cases of incorrect AuthenticodeStatus
• 3217e00 OrcLib: Robustness: fix log on memory allocation exception
• f63963b OrcLib: MFTOnline: fix log
• f761880 OrcLib: modify some log level
• 0df1364 cmake: add '/INCREMENTAL:NO' to RelWithDebInfo

This list of changes was auto generated.

v10.1.4

Changes:

• e5379b8 Merge branch 'main' into release/10.1.x
• 842e503 changelog: update to v10.1.4
• fa4d319 OrcCommand: WolfLauncher: Outcome: only add defined keys
• 6c54608 OrcCommand: WolfLauncher: Outcome: fix empty command name on failure
• 323823b OrcLib: SnapshotVolumeReader: add workaround for MS VolumeShadowCopy issue
• 0fbbb77 OrcLib: CBinaryBuffer: fix iterator compatibility
• 464779d OrcLib: EmbeddedResource: add support for embedded archive checks
• 8b4e0b6 OrcLib: EmbeddedResource: update logs
• d4ddabc OrcLib: EmbeddedResource: modify regex to accept absolute path
• 621fce1 OrcLib: update log level

See More

• 3e8d4fb OrcLibTest: BinaryBufferTest: add debug logs
• 283bce4 cmake: remove uneeded link to VisualStudio::CppUnitTest
• 014db95 cmake: use '/SWAPRUN:NET' option instead of post build configuration
• ee0618b cmake: add '/OPT:REF', strip unrefenced functions from binary
• 7a881ae cmake: add '/WX', treat compile and link warning as error
• 31b2910 vcpkg: update Yara to 4.2.3

This list of changes was auto generated.

v10.1.3

Changes:

• f499ecd Merge branch 'main' into release/10.1.x
• c7fd933 changelog: update to 10.1.3
• 4a4085d OrcLib: NTFSStream: fix specific negative seek handling
• 6ebc5aa cmake: disable 7zip multithread support
• e19617d OrcLib: CompleteVolumeReader: fix seek position after Read
• 2c26726 OrcLib: CompleteVolumeReader: remove unused Read implementation
• 0bb7fc6 OrcLib: CompleteVolumeReader: fix rare Read issue
• 16f764f OrcLib: FatWalker: use CompleteVolumeReader::Read
• b584140 OrcLib: DiskExtent: always clear buffer before read
• 38c2e0f OrcLib: Rosbustness: add memory use statistics on MemoryException

See More

• 08757fa OrcCommand: Usage: fix message display
• 2bed946 OrcCommand: WolfLauncher: Outcome: add execution id
• aa268a5 OrcCommand: WolfLauncher: Outline: add execution id
• 35544e7 OrcCommand: WolfLauncher: add execution id
• bd11264 OrcCommand: WolfLauncher: Outline: fix xpath for command and sha1
• d481fd5 OrcCommand: WolfLauncher: fix BITS upload for 'Once' mode
• dff2099 OrcLib: fix log level for 'invalid BITS Mode'
• 4aad1f4 OrcLib: Utils: Guid: ToString: refactor
• efcb911 OrcLib: Utils: Guid: ToString: add braces
• 34b303d OrcLib: Utils: Guid: ToString: fix wide string handling
• 6463249 OrcLib: FileFind: remove debug code artefact
• e509b61 tools: ci: test: add Invoke-OrcOfflineTest
• 65ed6d1 tools: ci: test: Invoke-OrcOffline: add switch '-Temporary'
• d9061cd tools: ci: test: New-OrcLocalConfig: add switch '-Temporary'
• b8e4efc tools: ci: test: New-OrcLocalConfig: add switch '-Output'
• 4423bcd tools: ci: test: New-OrcLocalConfig: always use 'move' operation
• c97e378 tools: ci: test: make New-Temporary failure an error
• 5e3941f tools: ci: build: fix child exit code evaluation

This list of changes was auto generated.

v10.1.2

Changes:

• ecdb2d4 Merge branch 'main' into release/10.1.x
• e80475e changelog: update to 10.1.2
• 94cad21 tools: ci: test: fix Find-NuShell
• 59e78b0 tools: ci: test: rename Find-Command to Find-CommandPath
• d96f415 OrcLib: FileFind: Yara: use MemoryStream for performance
• af02729 OrcLib: EmbeddedResource: add compile check for Yara rule
• 6df9abe OrcLib: EmbeddedResource: add check for unreferenced resource
• 2abfb33 OrcLib: EmbeddedResource: add check for resource link in xml elements value
• 0cfbff3 OrcLib: EmbeddedResource: add function CreateXmlReader
• f45340b OrcLib: EmbeddedResource: simplify encoding hint use

See More

• 4a78687 OrcLib: EmbeddedResource: SplitResourceReference: fix 7z support
• 120257f OrcCommand: GetThis: fix missing error handling
• 9bfbe92 OrcCommand: FastFind: fix missing error handling
• dc5009a OrcLib: YaraScanner: fix missing error handling
• 0664e39 OrcLib: YaraScanner: fix log level and log messages
• 3e3c99e OrcLib: FileFind: fix missing error handling
• 6c3e076 OrcLib: FileFind: fix log level
• 9a62a64 OrcLib: CommandAgent: use job to kill childs on WolfLauncher exit
• e8dac7e fix typo

This list of changes was auto generated.

v10.1.1

Changes:

• 16c87f1 Merge branch 'main' into release/10.1.x
• 9a02558 changelog: update to 10.1.1
• 62522bd OrcLib: EmbeddedResource: check for broken rsrc link in xml configuration
• 0090659 OrcLib: Utils: String: add EndsWith case insensitive function
• ba3fff1 OrcLib: FileFind: fix yara rule named with wildcard display on match
• e348635 OrcLib: FileFind: add critical log when yara rule is missing
• 566132a OrcLib: MFTUtils: GetAttributeNRExtents: add sanitizing checks
• fc7207f OrcLib: MFTOnline: fix missing fixup record while parsing $MFT's $DATA
• 5d28038 OrcLib: MFTWalker: simplify GetFullNameAndIfInLocation buffer use
• 2d6b195 OrcLib: VolumeReader: adjust buffer size for path issue

See More

• 7ad59d6 OrcLib: UploadAgent: CheckFileUpload: avoid implicit behavior with optional
• 7ac3108 OrcLib: BITSAgent: add missing error notifications
• 78e530f OrcLib: BITSAgent: add detailed logs
• 8d85a95 OrcLib: BITSAgent: fix http error handling (changes upload behavior)
• dfe62bc OrcLib: BITSAgent: fix missing break in switch statement
• d684805 OrcLib: UploadAgent: add detailed log for BITS job failure
• 167536c OrcCommand: Log: UtilitiesLogger: set default backtrace log level to debug
• 4dceee4 OrcCommand: WolfLauncher: close console file to avoid access denied
• bd3f73d OrcCommand: set timeout log message to critical level
• 8cc547a OrcCommand: WolfLauncher: Outcome: fix mothership file hash
• a073e35 OrcCommand: WolfLauncher: parse cli for '/MothershipHandle'
• 9f374fa Orc: Mothership: append '/MothershipHandle=...' to WolfLauncher's cli
• fc99c2c OrcLib: SystemDetails: fix GetNetworkAdapters
• 4eeae87 OrcLib: Utils: add GUID functions
• a6f9b21 OrcLib: Text: add Hex.h
• 4272838 OrcCommand: GetThis: fix uneeded double '_' in artefacts file name
• 2e78b7e OrcLib: StdStrean: LazyFileStreamBuf: fix 32 bit cast warning
• 8905034 OrcLib: Write Result<> values in StructuredOutput
• a2a4861 OrcLib: SystemDetails: fix version string for recent Windows 10 releases
• 4d6510b OrcCommand: fix misleading error message
• f4ebe3c OrcLib: FileFormat: PeParser: add support for Debug directory
• e579cd4 OrcLib: OrcException: replace stored HRESULT with std::error_code
• 05d4afe OrcLib: DriverMgmt: use BufferSpan for DeviceIoControl
• ebd92e1 OrcLib: Log: Logger: remove warning about unused exception variable
• a2fd0ed OrcLib: Text: Print: fix Print function template
• 0848b5f OrcLib: add missing includes
• fb5ad16 OrcLib: CBinaryBuffer: make copy operator noexcept
• effbfb0 OrcLib: Buffer: add log critical for 'get_as' missuse
• 039571e OrcLib: Buffer: add conversion to BufferSpan
• d4a9da1 OrcLib: Utils: Result: use void as default type
• f49620c OrcCommand: WolfLauncher: fix missing log support for local configuration
• 31b7e8d OrcCommand: display syslog configuration on initialization
• 997e612 OrcLib: MFTWalker: fix possibly invalidated iterators on attribute list
• 1425ad1 OrcLib: ProfileList: fix log level
• 13eb84f tools: ci: fix README.md
• 2650597 vcpkg: remove uneeded dependencies tied to pkgconfig

This list of changes was auto generated.

v10.1.0

Changes:

• bb60937 Merge branch 'main' into release/10.1.x
• 5afec8c changelog: update to 10.1.0
• bc2d0a0 OrcLib: Print: FILE_NAME: fix typo in displayed message
• db6c887 OrcLib: MFTUtils: MultiSectorFixup: add boundary check
• 0a09d49 OrcLib: EmbeddedResource: remove dead code
• 25cfe92 Merge branch 'main' into release/10.1.x
• 15f0943 changelog: update to 10.1.0-rc10
• b31c631 azure: update Azure organization
• 6741c6b Revert "ci: azure: use binary caching with Azure Artifacts"
• 588af92 Revert "ci: azure: add additional artifact repository"

See More

• 6c07e24 tools: ci: add encryption keys for test ONLY
• 88fa147 tools: ci: add README.md
• c802e93 tools: ci: add test.ps1, test.psm1
• ad54378 OrcLib: EmbeddedResource: UpdateResources: retry for os race condition
• fa14d37 OrcCommand: ToolEmbed: fix error handling
• 3cb9cb2 OrcCommand: WolfLauncher: fix option parsing for '/console'
• 66500eb OrcCommand: WolfLauncher: add usage for option '/console'
• f9dede5 fix msvc warning
• c6aea55 Revert "OrcLib: ArchiveAgent: use custom callback for all archived item"
• 9b0976f Revert "OrcCommand: WolfLauncher: ArchiveNotification: add originating command"
• a011448 OrcCommand: WolfLauncher: ArchiveNotification: add originating command
• 341681e OrcLib: ArchiveAgent: use custom callback for all archived item
• 8db4374 OrcCommand: WolfLauncher: Outcome: Command: add orc's tool name
• 6a8000c OrcCommand: WolfLauncher: Outcome: Command: add sha1
• 6b322e4 OrcCommand: WolfLauncher: Outcome: Command: add Origin
• c0e8b9e OrcCommand: WolfLauncher: Outcome: Command: add IsSelfOrcExecutable
• 38ff15d OrcCommand: WolfLauncher: Outcome: Command: add output file
• 178c4c3 OrcCommand: WolfLauncher: Outcome: add Archive::InputType
• 2b5f60e OrcCommand: WolfLauncher: Outcome: add recipients
• 83bb14f OrcCommand: WolfLauncher: Outcome: add archives sha1
• e1ffe52 OrcCommand: WolfLauncher: Outcome: add outline file name
• 56f152e OrcCommand: WolfLauncher: Outcome: add console file name
• 072fdc8 OrcCommand: WolfLauncher: Outcome: add log file name
• fc3fd69 OrcCommand: WolfLauncher: Outcome: use full computer name for computer_name
• 05f2cf2 OrcCommand: WolfLauncher: Outcome: fix archive file name
• d4e93ca OrcCommand: WolfLauncher: fix log file upload
• a476533 OrcLib: Log: handle exception fmt::format_error
• 448e6b1 OrcLib: improve logs
• c3ed361 OrcCommand: update usage
• 1a61fc5 OrcLib: remove DecodeMessageStream since option to decode p7b was removed
• 69e9e26 OrcLib: CopyFileAgent: fix network password handling
• dc9bd45 OrcLib: BITSAgent: fix network password handling
• 8c410b1 OrcLib: Authenticode: add support for $CI.CatalogHint
• 9ce7ccf OrcLib: PeParser: move PeParser to FileFormat directory
• 3eeee86 OrcLib: FileInfo: only check SecurityDirectory for PE files
• 953d634 OrcLib: YaraScanner: Log: map level to Yara's warning level
• e2bd825 OrcCommand: CommandAgent: increase maximum command arguments length
• d2a1855 Rename 'cab' references to 'archive'
• 2880c24 OrcLib: EncodedMessageStream: fix broken p7b support
• 8e89bf5 Merge branch 'main' into release/10.1.x
• edfa39c changelog: update to 10.1.0-rc9
• ef27a1d OrcCommand: GetThis: fix possible missing sample having multiple matches
• a1727a3 OrcLib: Registry: Read: change log level
• 4fcf51b OrcLib: LocationSet: AddLocations: continue on a location failure
• 89fc875 OrcLib: LocationSet: ExpandStringsLocation: fix match expression
• 481ab1e OrcCommand: GetThis: fix possible temporary file conflict
• 856d0a3 OrcCommand: GetThis: move 'statistics.json' into output archive/directory
• 7984e0c OrcCommand: GetThis: fix missing GetThis.csv when using directory output
• 163c2d2 OrcCommand: WolfLauncher: fix archives output path with '/out'
• ee6737c OrcLib: Archive: ToCompressionLevel: return default level for empty string
• ea37a5e OrcLib: Archive: Appender: close temporary stream on Close
• 6e4825e OrcLib: Archive: fix empty file handling for compatibility
• e2550c3 OrcCommand: WolfLauncher: fix missing console redirection file upload
• 8458bd9 OrcLib: Utils: StdStream: StandardOutput: add method Flush
• 806d757 OrcLib: Utils: StdStream: rename EnableFileTee to EnableTeeRedirection
• 8c02aac OrcLib: Utils: StdStream: LazyFileStream: catch Close exceptions
• ec65efa OrcLib: Utils: StdStream: LazyFileStream: add method Flush
• 697e4ad OrcLib: Text: Print: use function overload instead of templates
• 5f7ae14 OrcLib: Text: make Tree an alias to BasicTree
• a1346ed Log: update level and prefer utf8 messages
• df22a50 OrcCommand: Console: add method Flush
• 0b2dd71 OrcCommand: NTFSInfo: volstats.csv: add MountPoint column
• 91bd040 OrcCommand: NTFSInfo: I30Info: add DataSize
• f8b0bb6 OrcLib: coding style
• 9b0dec2 OrcLib: CommandAgent: expand environment variables for ''
• f5a6f16 OrcLib: FileInfo: handle legacy OWNER[ID|SID] as empty columns
• f8ef4d1 OrcLib: FileInfo: do not log expected write column failures for directories
• 906eada OrcLib: remove TLSH
• b720905 OrcLib: Utils: Guard: add ServiceHandle
• 84e7475 OrcApacheOrcLib: fix missing header include
• 53b0178 tools: rcedit: fix [[nodiscard]] warning
• faa28a4 vcpkg: update to 2021.12.01
• e6a35e4 OrcLib: Log: fix utf-16 log strings support
• d283229 OrcCommand: NTFSInfo: add security descriptor binary dump
• 247a51c OrcCommand: add cmake options to individually unable/disable sub commands
• df2cceb OrcLib: ExtensionLibrary: fix 'desiredname' for extension library
• f125058 OrcLib: Text: move out std::error_code definition from forward header
• be16b3a OrcLib: Log: fix support for fmt::join
• eee61d6 Merge branch 'main' into release/10.1.x
• 623f5be cmake: add CMakePresets.json
• f1258fe OrcLib: Log: flush on error log level
• 94c9083 OrcParquet: ParquetWriter: improve utf-8 support
• 9f59050 azure: fix for 'The remote provider was unable to process the request'
• 593fda6 Remove ORCLIB_API
• 49055c7 OrcLib: Buffer: add check for empty format string
• 8630575 OrcCommand: Log: enable backtrace on Critical logs
• ed056bf changelog: update 10.1.0-rc8
• 37dbcc4 OrcLib: 7z: fix empty file handling for compatibility
• f2c0728 OrcLib: Utils: StdStream: add override xsputn for performance
• b59d24d OrcLib: Utils: StdStream: add StandardOutput
• dbb3987 OrcLib: Ntfs: update logs
• 47b698a OrcLib: Ntfs: Wof: fix WofStreamConcept decompression
• 219b503 OrcLib: Ntfs: Wof: move algorithm check to a better place
• d899e75 OrcLib: MftRecordAttribute: always use base record instead of host record
• d1ab5bb...

v10.1.0-rc10

Changes:

• 25cfe92 Merge branch 'main' into release/10.1.x
• 15f0943 changelog: update to 10.1.0-rc10
• b31c631 azure: update Azure organization
• 6741c6b Revert "ci: azure: use binary caching with Azure Artifacts"
• 588af92 Revert "ci: azure: add additional artifact repository"
• 6c07e24 tools: ci: add encryption keys for test ONLY
• 88fa147 tools: ci: add README.md
• c802e93 tools: ci: add test.ps1, test.psm1
• ad54378 OrcLib: EmbeddedResource: UpdateResources: retry for os race condition
• fa14d37 OrcCommand: ToolEmbed: fix error handling

See More

• 3cb9cb2 OrcCommand: WolfLauncher: fix option parsing for '/console'
• 66500eb OrcCommand: WolfLauncher: add usage for option '/console'
• f9dede5 fix msvc warning
• c6aea55 Revert "OrcLib: ArchiveAgent: use custom callback for all archived item"
• 9b0976f Revert "OrcCommand: WolfLauncher: ArchiveNotification: add originating command"
• a011448 OrcCommand: WolfLauncher: ArchiveNotification: add originating command
• 341681e OrcLib: ArchiveAgent: use custom callback for all archived item
• 8db4374 OrcCommand: WolfLauncher: Outcome: Command: add orc's tool name
• 6a8000c OrcCommand: WolfLauncher: Outcome: Command: add sha1
• 6b322e4 OrcCommand: WolfLauncher: Outcome: Command: add Origin
• c0e8b9e OrcCommand: WolfLauncher: Outcome: Command: add IsSelfOrcExecutable
• 38ff15d OrcCommand: WolfLauncher: Outcome: Command: add output file
• 178c4c3 OrcCommand: WolfLauncher: Outcome: add Archive::InputType
• 2b5f60e OrcCommand: WolfLauncher: Outcome: add recipients
• 83bb14f OrcCommand: WolfLauncher: Outcome: add archives sha1
• e1ffe52 OrcCommand: WolfLauncher: Outcome: add outline file name
• 56f152e OrcCommand: WolfLauncher: Outcome: add console file name
• 072fdc8 OrcCommand: WolfLauncher: Outcome: add log file name
• fc3fd69 OrcCommand: WolfLauncher: Outcome: use full computer name for computer_name
• 05f2cf2 OrcCommand: WolfLauncher: Outcome: fix archive file name
• d4e93ca OrcCommand: WolfLauncher: fix log file upload
• a476533 OrcLib: Log: handle exception fmt::format_error
• 448e6b1 OrcLib: improve logs
• c3ed361 OrcCommand: update usage
• 1a61fc5 OrcLib: remove DecodeMessageStream since option to decode p7b was removed
• 69e9e26 OrcLib: CopyFileAgent: fix network password handling
• dc9bd45 OrcLib: BITSAgent: fix network password handling
• 8c410b1 OrcLib: Authenticode: add support for $CI.CatalogHint
• 9ce7ccf OrcLib: PeParser: move PeParser to FileFormat directory
• 3eeee86 OrcLib: FileInfo: only check SecurityDirectory for PE files
• 953d634 OrcLib: YaraScanner: Log: map level to Yara's warning level
• e2bd825 OrcCommand: CommandAgent: increase maximum command arguments length
• d2a1855 Rename 'cab' references to 'archive'
• 2880c24 OrcLib: EncodedMessageStream: fix broken p7b support
• 8e89bf5 Merge branch 'main' into release/10.1.x
• edfa39c changelog: update to 10.1.0-rc9
• ef27a1d OrcCommand: GetThis: fix possible missing sample having multiple matches
• a1727a3 OrcLib: Registry: Read: change log level
• 4fcf51b OrcLib: LocationSet: AddLocations: continue on a location failure
• 89fc875 OrcLib: LocationSet: ExpandStringsLocation: fix match expression
• 481ab1e OrcCommand: GetThis: fix possible temporary file conflict
• 856d0a3 OrcCommand: GetThis: move 'statistics.json' into output archive/directory
• 7984e0c OrcCommand: GetThis: fix missing GetThis.csv when using directory output
• 163c2d2 OrcCommand: WolfLauncher: fix archives output path with '/out'
• ee6737c OrcLib: Archive: ToCompressionLevel: return default level for empty string
• ea37a5e OrcLib: Archive: Appender: close temporary stream on Close
• 6e4825e OrcLib: Archive: fix empty file handling for compatibility
• e2550c3 OrcCommand: WolfLauncher: fix missing console redirection file upload
• 8458bd9 OrcLib: Utils: StdStream: StandardOutput: add method Flush
• 806d757 OrcLib: Utils: StdStream: rename EnableFileTee to EnableTeeRedirection
• 8c02aac OrcLib: Utils: StdStream: LazyFileStream: catch Close exceptions
• ec65efa OrcLib: Utils: StdStream: LazyFileStream: add method Flush
• 697e4ad OrcLib: Text: Print: use function overload instead of templates
• 5f7ae14 OrcLib: Text: make Tree an alias to BasicTree
• a1346ed Log: update level and prefer utf8 messages
• df22a50 OrcCommand: Console: add method Flush
• 0b2dd71 OrcCommand: NTFSInfo: volstats.csv: add MountPoint column
• 91bd040 OrcCommand: NTFSInfo: I30Info: add DataSize
• f8b0bb6 OrcLib: coding style
• 9b0dec2 OrcLib: CommandAgent: expand environment variables for ''
• f5a6f16 OrcLib: FileInfo: handle legacy OWNER[ID|SID] as empty columns
• f8ef4d1 OrcLib: FileInfo: do not log expected write column failures for directories
• 906eada OrcLib: remove TLSH
• b720905 OrcLib: Utils: Guard: add ServiceHandle
• 84e7475 OrcApacheOrcLib: fix missing header include
• 53b0178 tools: rcedit: fix [[nodiscard]] warning
• faa28a4 vcpkg: update to 2021.12.01
• e6a35e4 OrcLib: Log: fix utf-16 log strings support
• d283229 OrcCommand: NTFSInfo: add security descriptor binary dump
• 247a51c OrcCommand: add cmake options to individually unable/disable sub commands
• df2cceb OrcLib: ExtensionLibrary: fix 'desiredname' for extension library
• f125058 OrcLib: Text: move out std::error_code definition from forward header
• be16b3a OrcLib: Log: fix support for fmt::join
• eee61d6 Merge branch 'main' into release/10.1.x
• 623f5be cmake: add CMakePresets.json
• f1258fe OrcLib: Log: flush on error log level
• 94c9083 OrcParquet: ParquetWriter: improve utf-8 support
• 9f59050 azure: fix for 'The remote provider was unable to process the request'
• 593fda6 Remove ORCLIB_API
• 49055c7 OrcLib: Buffer: add check for empty format string
• 8630575 OrcCommand: Log: enable backtrace on Critical logs
• ed056bf changelog: update 10.1.0-rc8
• 37dbcc4 OrcLib: 7z: fix empty file handling for compatibility
• f2c0728 OrcLib: Utils: StdStream: add override xsputn for performance
• b59d24d OrcLib: Utils: StdStream: add StandardOutput
• dbb3987 OrcLib: Ntfs: update logs
• 47b698a OrcLib: Ntfs: Wof: fix WofStreamConcept decompression
• 219b503 OrcLib: Ntfs: Wof: move algorithm check to a better place
• d899e75 OrcLib: MftRecordAttribute: always use base record instead of host record
• d1ab5bb OrcLib: FileFind: do not match raw WofCompressedData if not specified
• 156a8b9 OrcCommand: Console: optimize console output with WriteConsole
• e4ba846 OrcCommand: GetThis: remove tlsh from usage
• c0162fa OrcCommand: WolfLauncher: Console: flush LazyFileStream on dtor
• 42b766b...

v10.0.24

Changes:

• 198069a changelog: update to 10.0.24
• 4eaf193 OrcLib: YaraScanner: map YARA_ERROR_LEVEL_WARNING to log::Warning
• 7b2ca08 OrcLib: CopyFileAgent: fix network password handling
• 09a706c OrcLib: BITSAgent: fix network password handling
• bc44bdf OrcLib: FileInfo: handle legacy OWNER[ID|SID] as empty columns
• 4fb9ede OrcLib: LocationSet: AddLocations: continue on a location failure
• 2591d2d OrcLib: LocationSet: ExpandStringsLocation: fix match expression

This list of changes was auto generated.

v10.1.0-rc9

Changes:

• 8e89bf5 Merge branch 'main' into release/10.1.x
• edfa39c changelog: update to 10.1.0-rc9
• ef27a1d OrcCommand: GetThis: fix possible missing sample having multiple matches
• a1727a3 OrcLib: Registry: Read: change log level
• 4fcf51b OrcLib: LocationSet: AddLocations: continue on a location failure
• 89fc875 OrcLib: LocationSet: ExpandStringsLocation: fix match expression
• 481ab1e OrcCommand: GetThis: fix possible temporary file conflict
• 856d0a3 OrcCommand: GetThis: move 'statistics.json' into output archive/directory
• 7984e0c OrcCommand: GetThis: fix missing GetThis.csv when using directory output
• 163c2d2 OrcCommand: WolfLauncher: fix archives output path with '/out'

See More

• ee6737c OrcLib: Archive: ToCompressionLevel: return default level for empty string
• ea37a5e OrcLib: Archive: Appender: close temporary stream on Close
• 6e4825e OrcLib: Archive: fix empty file handling for compatibility
• e2550c3 OrcCommand: WolfLauncher: fix missing console redirection file upload
• 8458bd9 OrcLib: Utils: StdStream: StandardOutput: add method Flush
• 806d757 OrcLib: Utils: StdStream: rename EnableFileTee to EnableTeeRedirection
• 8c02aac OrcLib: Utils: StdStream: LazyFileStream: catch Close exceptions
• ec65efa OrcLib: Utils: StdStream: LazyFileStream: add method Flush
• 697e4ad OrcLib: Text: Print: use function overload instead of templates
• 5f7ae14 OrcLib: Text: make Tree an alias to BasicTree
• a1346ed Log: update level and prefer utf8 messages
• df22a50 OrcCommand: Console: add method Flush
• 0b2dd71 OrcCommand: NTFSInfo: volstats.csv: add MountPoint column
• 91bd040 OrcCommand: NTFSInfo: I30Info: add DataSize
• f8b0bb6 OrcLib: coding style
• 9b0dec2 OrcLib: CommandAgent: expand environment variables for ''
• f5a6f16 OrcLib: FileInfo: handle legacy OWNER[ID|SID] as empty columns
• f8ef4d1 OrcLib: FileInfo: do not log expected write column failures for directories
• 906eada OrcLib: remove TLSH
• b720905 OrcLib: Utils: Guard: add ServiceHandle
• 84e7475 OrcApacheOrcLib: fix missing header include
• 53b0178 tools: rcedit: fix [[nodiscard]] warning
• faa28a4 vcpkg: update to 2021.12.01
• e6a35e4 OrcLib: Log: fix utf-16 log strings support
• d283229 OrcCommand: NTFSInfo: add security descriptor binary dump
• 247a51c OrcCommand: add cmake options to individually unable/disable sub commands
• df2cceb OrcLib: ExtensionLibrary: fix 'desiredname' for extension library
• f125058 OrcLib: Text: move out std::error_code definition from forward header
• be16b3a OrcLib: Log: fix support for fmt::join
• eee61d6 Merge branch 'main' into release/10.1.x
• 623f5be cmake: add CMakePresets.json
• f1258fe OrcLib: Log: flush on error log level
• 94c9083 OrcParquet: ParquetWriter: improve utf-8 support
• 9f59050 azure: fix for 'The remote provider was unable to process the request'
• 593fda6 Remove ORCLIB_API
• 49055c7 OrcLib: Buffer: add check for empty format string
• 8630575 OrcCommand: Log: enable backtrace on Critical logs
• ed056bf changelog: update 10.1.0-rc8
• 37dbcc4 OrcLib: 7z: fix empty file handling for compatibility
• f2c0728 OrcLib: Utils: StdStream: add override xsputn for performance
• b59d24d OrcLib: Utils: StdStream: add StandardOutput
• dbb3987 OrcLib: Ntfs: update logs
• 47b698a OrcLib: Ntfs: Wof: fix WofStreamConcept decompression
• 219b503 OrcLib: Ntfs: Wof: move algorithm check to a better place
• d899e75 OrcLib: MftRecordAttribute: always use base record instead of host record
• d1ab5bb OrcLib: FileFind: do not match raw WofCompressedData if not specified
• 156a8b9 OrcCommand: Console: optimize console output with WriteConsole
• e4ba846 OrcCommand: GetThis: remove tlsh from usage
• c0162fa OrcCommand: WolfLauncher: Console: flush LazyFileStream on dtor
• 42b766b OrcCommand: WolfLauncher: fix console file output path
• 4c69a0d OrcCommand: WolfLauncher: fix missing upload for pre-existing archive
• 7ad6408 OrcCommand: FastFind: fix missing output file when directory is specified
• 013872b OrcLib: ArchiveAgent: fix archive support for output directory
• 7688d74 OrcLib: RegFind: fix false positive on key/value match
• 8869047 OrcLib: CommandAgent: allow extracted resources to be executed
• fb89071 OrcCommand: UtilitiesMain: add log flush exit handler
• 7a1e694 OrcLib: FileFind: write attribute name (ADS) for data elements
• 6c3ff52 tools: ci: build: add toolchain support for vs2022
• 729979d OrcCommand: UtilitiesLoggerConfiguration: fix syslog port parsing
• 4ae85be Merge branch 'fabienfl/yara_stream'
• 53b2bf8 OrcLib: FileFind: use specific matching yara rule(s) as description
• a525a37 OrcLib: FileFind: display file name on MatchYara errors
• fefc317 OrcLib: FileFind: add function IsExcludedDataAttribute
• 8b38b57 OrcLib: YaraScanner: use new memory block Yara API
• ffb9165 vcpkg: update for yara 4.1.3
• 22eefb6 Merge branch 'fabienfl/22_configuration_profiling'
• 2a82419 OrcCommand: FastFind: FileFind: write rules statistics
• 1925922 OrcCommand: FastFind: FileFind: print rules statistics
• ec78af1 OrcCommand: GetThis: FileFind: write rules statistics
• 4f3abd2 OrcCommand: GetThis: FileFind: print rules statistics
• 5ca5b3f OrcLib: Utils: String: add function StartsWith
• 6fd534c OrcLib: FileFind: add ntfs_find rule profiling
• 3622f0a OrcLib: FileFind: store xml rule in SearchTerm
• c57e09e OrcLib: Configuration: add method ConfigItem::ToXml
• 833c7cd OrcLib: Text: Tree: add comments
• 09ea825 OrcLib: ByteStream: add Read/Write wrapper for statistics
• 7a422dd OrcLib: MftRecordAttribute: fix stream caching
• cb06187 OrcLib: Log: Logger: disable Trace logs
• eb5ffbf OrcCommand: GetThis: add missing 'const'
• 0407b9c Merge branch 'fabienfl/10_location_exclude'
• b72c9f1 OrcCommand: Usage: update '/exclude'
• 01b7896 OrcCommand: USNInfo: add support for location option 'exclude'
• d1d599e OrcCommand: GetThis: add support for location option 'exclude'
• bf216c3 OrcCommand: FastFind: add support for location option 'exclude'
• 9578352 OrcCommand: NTFSInfo: add support for location option 'exclude'
• ac398fb OrcCommand: UtilitiesMain: add parser for option 'excludes'
• 3c3b4e9 OrcLib: Configuration: add option "exclude"
• 6329ecf OrcLib: LocationSet: add support for location exclusion based on path
• a5111b2 Merge branch 'fabienfl/11_shadows'
• 0801ce6 OrcCommand: Usage: update '/shadows'
• a316301 OrcCommand: USNInfo: add support for filters to shadows option
• 8410dad OrcCommand: GetThis: add support for filters to shadows option
• 26f2da7 OrcCommand: FastFind: add support for filters to shadows option
• c05...

v10.0.23

Changes:

• 05e15c7 changelog: update to 10.0.23
• 6d93080 OrcLib: 7z: fix empty file handling for compatibility
• f52d073 OrcLib: CommandAgent: expand environment variables for ''
• c1f1120 OrcCommand: NTFSInfo, FATInfo: volstats.csv: add MountPoint column
• c4da313 OrcCommand: NTFSInfo: I30Info: add DataSize

This list of changes was auto generated.