tag:github.com,2008:https://github.com/aide/aide/releasesRelease notes from aide2026-01-31T10:31:26Ztag:github.com,2008:Repository/166092725/v0.19.32026-01-31T10:40:30Zv0.19.3<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Fix st_rdev handling
* Fix typos in README, NEWS and aide.conf.5"><pre class="notranslate"><code>* Fix st_rdev handling
* Fix typos in README, NEWS and aide.conf.5
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.19.22025-08-14T14:00:42Zv0.19.2<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Security bug fixes
- CVE-2025-54389: Escape control characters in report and log output
- CVE-2025-54409: Fix null pointer dereference after reading incorrectly
encoded xattr attributes from database"><pre class="notranslate"><code>* Security bug fixes
- CVE-2025-54389: Escape control characters in report and log output
- CVE-2025-54409: Fix null pointer dereference after reading incorrectly
encoded xattr attributes from database
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.19.12025-07-06T05:27:31Zv0.19.1<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Fix race condition when adding new nodes
* Extend expiration dates of GPG key in SECURITY.md
* Define MAGIC constants added since Linux 4.9"><pre class="notranslate"><code>* Fix race condition when adding new nodes
* Extend expiration dates of GPG key in SECURITY.md
* Define MAGIC constants added since Linux 4.9
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.192025-04-05T16:58:40Zv0.19<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* BACKWARDS INCOMPATIBLE CHANGES
- switch from libmhash to libnettle
- semantic change of unrestricted negative rules (!<regex>): The
children and sub-directories of matching directories are no longer
ignored by default but recursed into and only ignored if they also
match the regular expression. This makes the behaviour consistent
with restricted (recursive) negative rules. Use the new non-recursive
negative rules (-<regex>) to always ignore children and
sub-directories of matched directories.
- 'database' config option is no longer supported, use
'database_in' instead
- 'summarize_changes' config option is no longer supported, use
'report_summarize_changes' instead
- 'grouped' config option is no longer supported, use
'report_grouped' instead
- an incomplete written input database is now handled as an error
- SIGHUP and SIGTERM are no longer ignored
- SIGINT, SIGTERM or SIGHUP are now handled by removing an incompletely
written database (if file was created by aide) and exiting aide (code 25)
- move COMPARE log level before RULE log level
- switch hashsum in default R group from md5 to sha3_256
- remove unsupported hashsums (haval, crc32, crc32b, tiger, whirlpool)
- H default group now contains all compiled in hashsums that are not
deprecated
- rules are no longer applied to the database entries but only to the
file system entries, meaning aide displays files/directories that are
no longer matched by any rule as removed entries in the report
- require pthread (remove --without-pthread configure option)
- remove contrib/ scripts
* Deprecations (to be removed in the release after next):
- md5 hashsum
- sha1 hashsum
- rmd160 hashsum
- gost hashsum
* Add support for file system type restricted rules (Linux only)
- add 'fstype' attribute
- add '--without-fstype' configure option
* Add 'version_ge' boolean operator
* Add limited support for hashsum transitions (see aide.conf(5) for details)
* Add 'sha512_256', sha3_256, and 'sha3_512' hashsums
* Add AIDE_VERSION macro variable
* Add progress bar (add '--no-progress' parameter)
* Add log level 'limit'
* Add colors to log output (add '--no-color' parameter)
* Add '--list' command (to list database in human readable format)
* Add new error codes
- 24: database error
- 25: received SIGINT, SIGTERM or SIGHUP signal
* Performance improvements
* Improve error handling
* Improve logging
* Update documentation
* Bug fixes
* Code clean up
* Add more unit tests"><pre class="notranslate"><code>* BACKWARDS INCOMPATIBLE CHANGES
- switch from libmhash to libnettle
- semantic change of unrestricted negative rules (!<regex>): The
children and sub-directories of matching directories are no longer
ignored by default but recursed into and only ignored if they also
match the regular expression. This makes the behaviour consistent
with restricted (recursive) negative rules. Use the new non-recursive
negative rules (-<regex>) to always ignore children and
sub-directories of matched directories.
- 'database' config option is no longer supported, use
'database_in' instead
- 'summarize_changes' config option is no longer supported, use
'report_summarize_changes' instead
- 'grouped' config option is no longer supported, use
'report_grouped' instead
- an incomplete written input database is now handled as an error
- SIGHUP and SIGTERM are no longer ignored
- SIGINT, SIGTERM or SIGHUP are now handled by removing an incompletely
written database (if file was created by aide) and exiting aide (code 25)
- move COMPARE log level before RULE log level
- switch hashsum in default R group from md5 to sha3_256
- remove unsupported hashsums (haval, crc32, crc32b, tiger, whirlpool)
- H default group now contains all compiled in hashsums that are not
deprecated
- rules are no longer applied to the database entries but only to the
file system entries, meaning aide displays files/directories that are
no longer matched by any rule as removed entries in the report
- require pthread (remove --without-pthread configure option)
- remove contrib/ scripts
* Deprecations (to be removed in the release after next):
- md5 hashsum
- sha1 hashsum
- rmd160 hashsum
- gost hashsum
* Add support for file system type restricted rules (Linux only)
- add 'fstype' attribute
- add '--without-fstype' configure option
* Add 'version_ge' boolean operator
* Add limited support for hashsum transitions (see aide.conf(5) for details)
* Add 'sha512_256', sha3_256, and 'sha3_512' hashsums
* Add AIDE_VERSION macro variable
* Add progress bar (add '--no-progress' parameter)
* Add log level 'limit'
* Add colors to log output (add '--no-color' parameter)
* Add '--list' command (to list database in human readable format)
* Add new error codes
- 24: database error
- 25: received SIGINT, SIGTERM or SIGHUP signal
* Performance improvements
* Improve error handling
* Improve logging
* Update documentation
* Bug fixes
* Code clean up
* Add more unit tests
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.82024-05-09T10:57:52Zv0.18.8<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Fix concurrent reading of extended attributes (xattrs)
* Raise warning if both input databases are the same"><pre class="notranslate"><code>* Fix concurrent reading of extended attributes (xattrs)
* Raise warning if both input databases are the same
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.72024-05-04T10:15:37Zv0.18.7<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Add missing library CFLAGS
* Fix typo in aide.conf manual page
* Fix 64-bit time_t on 32-bit architectures
* Fix debug logging for returned attributes
* Fix condition for error message of failing to open gzipped files"><pre class="notranslate"><code>* Add missing library CFLAGS
* Fix typo in aide.conf manual page
* Fix 64-bit time_t on 32-bit architectures
* Fix debug logging for returned attributes
* Fix condition for error message of failing to open gzipped files
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.62023-08-01T08:56:23Zv0.18.6<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Update GPG key in SECURITY.md
* Fix double free() during report generation
* Improve handling of ACL errors"><pre class="notranslate"><code>* Update GPG key in SECURITY.md
* Fix double free() during report generation
* Improve handling of ACL errors
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.52023-06-30T20:48:23Zv0.18.5<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Fix child directory processing on equal match"><pre class="notranslate"><code>* Fix child directory processing on equal match
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.42023-06-13T20:56:50Zv0.18.4<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Fix handling of extended attributes on symlinks
* Add missing ')' to log message
* Fix static linking of the aide binary
* Don't require database_out for --dry-init
* Remove strerror() calls from thread log messages
Please note:
The fix for extended attributes on symlinks might lead to reported changed entries
during the next AIDE run. You can use the `report_ignore_changed_attrs` option
(see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this
will not only exclude the expected changes (of the symlink files) but also the unexpected
changes (of other files)."><pre class="notranslate"><code>* Fix handling of extended attributes on symlinks
* Add missing ')' to log message
* Fix static linking of the aide binary
* Don't require database_out for --dry-init
* Remove strerror() calls from thread log messages
Please note:
The fix for extended attributes on symlinks might lead to reported changed entries
during the next AIDE run. You can use the `report_ignore_changed_attrs` option
(see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this
will not only exclude the expected changes (of the symlink files) but also the unexpected
changes (of other files).
</code></pre></div>hvhaugwitztag:github.com,2008:Repository/166092725/v0.18.32023-05-16T19:34:32Zv0.18.3<div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="* Handle readlink() errors"><pre class="notranslate"><code>* Handle readlink() errors
</code></pre></div>hvhaugwitz