cnspec client does not close os provider instances properly

Incident Report for Mondoo

Resolved

cnquery and cnspec v9.4.0 has been released. This release introduces a heartbeat for all providers, which guarantees that terminated providers don't leave behind stale processes in memory. It requires the use of v9.1.x or higher for all providers. These will update automatically. If you have deactivate automatic updates, please manually update your providers.

We've also updated Windows and Linux services to fail after 3 restarts.

We encourage all customer to update to v9.4.0 as soon as possible.
Posted Oct 27, 2023 - 01:06 UTC

Update

The problem has been identified and we are working on a fix.
Posted Oct 26, 2023 - 16:55 UTC

Identified

We have identified the issues with cnquery and cnspec. Provider instance are not being killed correctly whenever a scan encounters an error. When running status, login or logout commands os providers were being leaked as well. We are busy with patch releases for cnquery and cnspec that should make sure this isn't happening again.
Posted Oct 26, 2023 - 16:54 UTC

Update

We are continuing to investigate this issue.
Posted Oct 26, 2023 - 14:02 UTC

Investigating

We are investigating an issue where cnspec v9 is creating os provider process instances and not closing them properly. cnspec v8 clients are not affected.
Posted Oct 26, 2023 - 14:01 UTC
This incident affected: cnspec & cnspec.