http://open-source-security-software.net/releases.atomRecent releases2023-10-03T21:37:14.629558+00:00python-feedgenrocksdb v7.10.2rocksdb v7.10.22023-03-02T01:00:53+00:00## 7.10.2 (02/10/2023)
### Bug Fixes
* Fixed a bug in DB open/recovery from a compressed WAL that was caused due to incorrect handling of certain record fragments with the same offset within a WAL block.
## 7.10.1 (02/01/2023)
### Bug Fixes
* Fixed a data race on `ColumnFamilyData::flush_reason` caused by concurrent flushes.
* Fixed `DisableManualCompaction()` and `CompactRangeOptions::canceled` to cancel compactions even when they are waiting on conflicting compactions to finish
* Fixed a bug in which a successful `GetMergeOperands()` could transiently return `Status::MergeInProgress()`
* Return the correct error (Status::NotSupported()) to MultiGet caller when ReadOptions::async_io flag is true and IO uring is not enabled. Previously, Status::Corruption() was being returned when the actual failure was lack of async IO support.
## 7.10.0 (01/23/2023)
### Behavior changes
* Make best-efforts recovery verify SST unique ID before Version construction (#10962)
* Introduce `epoch_number` and sort L0 files by `epoch_number` instead of `largest_seqno`. `epoch_number` represents the order of a file being flushed or ingested/imported. Compaction output file will be assigned with the minimum `epoch_number` among input files'. For L0, larger `epoch_number` indicates newer L0 file.
### Bug Fixes
* Fixed a regression in iterator where range tombstones after `iterate_upper_bound` is processed.
* Fixed a memory leak in MultiGet with async_io read option, caused by IO errors during table file open
* Fixed a bug that multi-level FIFO compaction deletes one file in non-L0 even when `CompactionOptionsFIFO::max_table_files_size` is no exceeded since #10348 or 7.8.0.
* Fixed a bug caused by `DB::SyncWAL()` affecting `track_and_verify_wals_in_manifest`. Without the fix, application may see "open error: Corruption: Missing WAL with log number" while trying to open the db. The corruption is a false alarm but prevents DB open (#10892).
* Fixed a BackupEngine bug in which RestoreDBFromLatestBackup would fail if the latest backup was deleted and there is another valid backup available.
* Fix L0 file misorder corruption caused by ingesting files of overlapping seqnos with memtable entries' through introducing `epoch_number`. Before the fix, `force_consistency_checks=true` may catch the corruption before it's exposed to readers, in which case writes returning `Status::Corruption` would be expected. Also replace the previous incomplete fix (#5958) to the same corruption with this new and more complete fix.
* Fixed a bug in LockWAL() leading to re-locking mutex (#11020).
* Fixed a heap use after free bug in async scan prefetching when the scan thread and another thread try to read and load the same seek block into cache.
* Fixed a heap use after free in async scan prefetching if dictionary compression is enabled, in which case sync read of the compression dictionary gets mixed with async prefetching
* Fixed a data race bug of `CompactRange()` under `change_level=true` acts on overlapping range with an ongoing file ingestion for level compaction. This will either result in overlapping file ranges corruption at a certain level caught by `force_consistency_checks=true` or protentially two same keys both with seqno 0 in two different levels (i.e, new data ends up in lower/older level). The latter will be caught by assertion in debug build but go silently and result in read returning wrong result in release build. This fix is general so it also replaced previous fixes to a similar problem for `CompactFiles()` (#4665), general `CompactRange()` and auto compaction (commit 5c64fb6 and 87dfc1d).
* Fixed a bug in compaction output cutting where small output files were produced due to TTL file cutting states were not being updated (#11075).
### New Features
* When an SstPartitionerFactory is configured, CompactRange() now automatically selects for compaction any files overlapping a partition boundary that is in the compaction range, even if no actual entries are in the requested compaction range. With this feature, manual compaction can be used to (re-)establish SST partition points when SstPartitioner changes, without a full compaction.
* Add BackupEngine feature to exclude files from backup that are known to be backed up elsewhere, using `CreateBackupOptions::exclude_files_callback`. To restore the DB, the excluded files must be provided in alternative backup directories using `RestoreOptions::alternate_dirs`.
### Public API Changes
* Substantial changes have been made to the Cache class to support internal development goals. Direct use of Cache class members is discouraged and further breaking modifications are expected in the future. SecondaryCache has some related changes and implementations will need to be updated. (Unlike Cache, SecondaryCache is still intended to support user implementations, and disruptive changes will be avoided.) (#10975)
* Add `MergeOperationOutput::op_failure_scope` for merge operator users to control the blast radius of merge operator failures. Existing merge operator users do not need to make any change to preserve the old behavior
### Performance Improvements
* Updated xxHash source code, which should improve kXXH3 checksum speed, at least on ARM (#11098).
* Improved CPU efficiency of DB reads, from block cache access improvements (#10975).2023-03-02T01:00:53+00:00syncthing v1.23.2syncthing v1.23.22023-03-07T18:43:00+00:00Bugfixes:
- #8749: Relay listener does not restart sometimes
Enhancements:
- #8660: GUI editor for xattr filter patterns
- #8781: gui: Remove duplicate Spanish translation
Other issues:
- #8768: Update quic-go for Go 1.20
2023-03-07T18:43:00+00:00sslyze 5.1.2sslyze 5.1.22023-03-09T21:19:22+00:00* Updated cryptography to v39 (#596).
* Updated the trust stores.2023-03-09T21:19:22+00:00openssl openssl-3.1.0openssl openssl-3.1.02023-03-14T13:31:48+00:00Final version of OpenSSL 3.1.0 is now available: please download and upgrade!2023-03-14T13:31:48+00:00syncthing v1.23.3-rc.1syncthing v1.23.3-rc.12023-03-14T18:44:50+00:00Bugfixes:
- #5408: Selection of time in versions GUI not possible without editing the string inside the textfield
- #8556: Increased file size when sharing between encrypted devices
- #8599: Key generation at connect time is slow for encrypted connections
2023-03-14T18:44:50+00:00MISP v2.4.169MISP v2.4.1692023-03-14T20:45:17+00:00
We are pleased to announce the immediate availability of [MISP v2.4.169](https://github.com/MISP/MISP/releases/tag/v2.4.169) with various improvements and bug fixes.
It includes many improvement [release](https://github.com/MISP/misp-stix/releases/tag/v2.4.169) of [misp-stix](https://github.com/MISP/misp-stix), the core Python library for importing and exporting STIX (1, 2.0
and 2.1).
# Improvements
- New MISP workflow module to support Splunk HEC export.
- Sighting ReSTsearch reworked to make it faster.
- dashboard-widget:TrendingTags improved with new filtering and over time functionalities.
- New ApacheSecureAuth authentication scheme added.
# Fixes
- TAXII servers invalid baseurl field type fixed.
- Restore bro export (temporary fix until a complete rework of the bro export in ReSTsearch).
A huge thanks to all the contributors and supporters of the MISP project. This release wouldn't be possible without the help of all the organisations and people supporting us to make MISP a reality.
Go to the detailed [changelog](https://www.misp-project.org/Changelog.txt) for more details about the changes to the MISP core software.
# Other updates and changes in the MISP project
## MISP Objects
- A new MISP object `ransomware-group-post` has been created to support [ransomlook.io](https://www.ransomlook.io/).
- Improved `victim` object.
- A new MISP object `transport-ticket` has been created to share information about transports in MISP.
- Various improvements to `network-connection`, `network-socket`.
- A new MISP object `registry-key-value`
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- A new MISP galaxy `first-dns` matrix describing DNS abuse techniques has been added.
- Various improvements in different galaxy such as `threat-actors`, `sigma`, `stealer`, `tools`, `region`, `360net`, MITRE ATT&CK.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- New `captive-portals` warning list added.
- New `parking` page warning list added.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.
2023-03-14T20:45:17+00:00rocksdb v8.0.0rocksdb v8.0.02023-03-18T00:15:53+00:00## 8.0.0 (02/19/2023)
### Behavior changes
* `ReadOptions::verify_checksums=false` disables checksum verification for more reads of non-`CacheEntryRole::kDataBlock` blocks.
* In case of scan with async_io enabled, if posix doesn't support IOUring, Status::NotSupported error will be returned to the users. Initially that error was swallowed and reads were switched to synchronous reads.
### Bug Fixes
* Fixed a data race on `ColumnFamilyData::flush_reason` caused by concurrent flushes.
* Fixed an issue in `Get` and `MultiGet` when user-defined timestamps is enabled in combination with BlobDB.
* Fixed some atypical behaviors for `LockWAL()` such as allowing concurrent/recursive use and not expecting `UnlockWAL()` after non-OK result. See API comments.
* Fixed a feature interaction bug where for blobs `GetEntity` would expose the blob reference instead of the blob value.
* Fixed `DisableManualCompaction()` and `CompactRangeOptions::canceled` to cancel compactions even when they are waiting on conflicting compactions to finish
* Fixed a bug in which a successful `GetMergeOperands()` could transiently return `Status::MergeInProgress()`
* Return the correct error (Status::NotSupported()) to MultiGet caller when ReadOptions::async_io flag is true and IO uring is not enabled. Previously, Status::Corruption() was being returned when the actual failure was lack of async IO support.
* Fixed a bug in DB open/recovery from a compressed WAL that was caused due to incorrect handling of certain record fragments with the same offset within a WAL block.
### Feature Removal
* Remove RocksDB Lite.
* The feature block_cache_compressed is removed. Statistics related to it are removed too.
* Remove deprecated Env::LoadEnv(). Use Env::CreateFromString() instead.
* Remove deprecated FileSystem::Load(). Use FileSystem::CreateFromString() instead.
* Removed the deprecated version of these utility functions and the corresponding Java bindings: `LoadOptionsFromFile`, `LoadLatestOptions`, `CheckOptionsCompatibility`.
* Remove the FactoryFunc from the LoadObject method from the Customizable helper methods.
### Public API Changes
* Moved rarely-needed Cache class definition to new advanced_cache.h, and added a CacheWrapper class to advanced_cache.h. Minor changes to SimCache API definitions.
* Completely removed the following deprecated/obsolete statistics: the tickers `BLOCK_CACHE_INDEX_BYTES_EVICT`, `BLOCK_CACHE_FILTER_BYTES_EVICT`, `BLOOM_FILTER_MICROS`, `NO_FILE_CLOSES`, `STALL_L0_SLOWDOWN_MICROS`, `STALL_MEMTABLE_COMPACTION_MICROS`, `STALL_L0_NUM_FILES_MICROS`, `RATE_LIMIT_DELAY_MILLIS`, `NO_ITERATORS`, `NUMBER_FILTERED_DELETES`, `WRITE_TIMEDOUT`, `BLOB_DB_GC_NUM_KEYS_OVERWRITTEN`, `BLOB_DB_GC_NUM_KEYS_EXPIRED`, `BLOB_DB_GC_BYTES_OVERWRITTEN`, `BLOB_DB_GC_BYTES_EXPIRED`, `BLOCK_CACHE_COMPRESSION_DICT_BYTES_EVICT` as well as the histograms `STALL_L0_SLOWDOWN_COUNT`, `STALL_MEMTABLE_COMPACTION_COUNT`, `STALL_L0_NUM_FILES_COUNT`, `HARD_RATE_LIMIT_DELAY_COUNT`, `SOFT_RATE_LIMIT_DELAY_COUNT`, `BLOB_DB_GC_MICROS`, and `NUM_DATA_BLOCKS_READ_PER_LEVEL`. Note that as a result, the C++ enum values of the still supported statistics have changed. Developers are advised to not rely on the actual numeric values.
* Deprecated IngestExternalFileOptions::write_global_seqno and change default to false. This option only needs to be set to true to generate a DB compatible with RocksDB versions before 5.16.0.
* Remove deprecated APIs `GetColumnFamilyOptionsFrom{Map|String}(const ColumnFamilyOptions&, ..)`, `GetDBOptionsFrom{Map|String}(const DBOptions&, ..)`, `GetBlockBasedTableOptionsFrom{Map|String}(const BlockBasedTableOptions& table_options, ..)` and ` GetPlainTableOptionsFrom{Map|String}(const PlainTableOptions& table_options,..)`.
* Added a subcode of `Status::Corruption`, `Status::SubCode::kMergeOperatorFailed`, for users to identify corruption failures originating in the merge operator, as opposed to RocksDB's internally identified data corruptions
### Build Changes
* The `make` build now builds a shared library by default instead of a static library. Use `LIB_MODE=static` to override.
### New Features
* Compaction filters are now supported for wide-column entities by means of the `FilterV3` API. See the comment of the API for more details.
* Added `do_not_compress_roles` to `CompressedSecondaryCacheOptions` to disable compression on certain kinds of block. Filter blocks are now not compressed by CompressedSecondaryCache by default.
* Added a new `MultiGetEntity` API that enables batched wide-column point lookups. See the API comments for more details.
2023-03-18T00:15:53+00:00osquery 5.8.2osquery 5.8.22023-03-22T11:59:16+00:002023-03-22T11:59:16+00:00MONARC v2.12.6MONARC v2.12.62023-03-24T09:39:17+00:00**New features**
- Analysis background import.
- Support of PHP8.
- Specific error message on a wrong password input of analysis import.
**Fixes**
- Recommendations modification from the Knowledge Base when due date is set.
- Recommendations modification fix of loading the linked recommendation set.2023-03-24T09:39:17+00:00wazuh v4.4.0wazuh v4.4.02023-03-28T20:45:28+00:00## Manager
### Added
- Added new unit tests for cluster Python module and increased coverage to 99%. ([#9995](https://github.com/wazuh/wazuh/pull/9995))
- Added file size limitation on cluster integrity sync. ([#11190](https://github.com/wazuh/wazuh/pull/11190))
- Added unittests for CLIs script files. ([#13424](https://github.com/wazuh/wazuh/pull/13424))
- Added support for SUSE in Vulnerability Detector. ([#9962](https://github.com/wazuh/wazuh/pull/9962))
- Added support for Ubuntu Jammy in Vulnerability Detector. ([#13263](https://github.com/wazuh/wazuh/pull/13263))
- Added a software limit to limit the number of EPS that a manager can process. ([#13608](https://github.com/wazuh/wazuh/pull/13608))
- Added a new wazuh-clusterd task for agent-groups info synchronization. ([#11753](https://github.com/wazuh/wazuh/pull/11753))
- Added unit tests for functions in charge of getting ruleset sync status. ([#14950](https://github.com/wazuh/wazuh/pull/14950))
- Added auto-vacuum mechanism in wazuh-db. ([#14950](https://github.com/wazuh/wazuh/pull/14950))
- Delta events in Syscollector when data gets changed may now produce alerts. ([#10843](https://github.com/wazuh/wazuh/pull/10843))
### Changed
- wazuh-logtest now shows warnings about ruleset issues. ([#10822](https://github.com/wazuh/wazuh/pull/10822))
- Modulesd memory is now managed by jemalloc, this helps reduce memory fragmentation. ([#12206](https://github.com/wazuh/wazuh/pull/12206))
- Updated the Vulnerability Detector configuration reporting to include MSU and skip JSON Red Hat feed. ([#12117](https://github.com/wazuh/wazuh/pull/12117))
- Improved the shared configuration file handling performance. ([#12352](https://github.com/wazuh/wazuh/pull/12352))
- The agent group data is now natively handled by Wazuh DB. ([#11753](https://github.com/wazuh/wazuh/pull/11753))
- Improved security at cluster zip filenames creation. ([#10710](https://github.com/wazuh/wazuh/pull/10710))
- Refactor of the core/common.py module. ([#12390](https://github.com/wazuh/wazuh/pull/12390))
- Refactor format_data_into_dictionary method of WazuhDBQuerySyscheck class. ([#12497](https://github.com/wazuh/wazuh/pull/12390))
- Limit the maximum zip size that can be created while synchronizing cluster Integrity. ([#11124](https://github.com/wazuh/wazuh/pull/11124))
- Refactored the functions in charge of synchronizing files in the cluster. ([#13065](https://github.com/wazuh/wazuh/pull/))
- Changed MD5 hash function to BLAKE2 for cluster file comparison. ([#13079](https://github.com/wazuh/wazuh/pull/13079))
- Renamed wazuh-logtest and wazuh-clusterd scripts to follow the same scheme as the other scripts (spaces symbolized with _ instead of -). ([#12926](https://github.com/wazuh/wazuh/pull/12926))
- The agent key polling module has been ported to wazuh-authd. ([#10865](https://github.com/wazuh/wazuh/pull/10865))
- Added the update field in the CPE Helper for Vulnerability Detector. ([#13741](https://github.com/wazuh/wazuh/pull/13741))
- Prevented agents with the same ID from connecting to the manager simultaneously. ([#11702](https://github.com/wazuh/wazuh/pull/11702))
- wazuh-analysisd, wazuh-remoted and wazuh-db metrics have been extended. ([#13713](https://github.com/wazuh/wazuh/pull/13713))
- Minimized and optimized wazuh-clusterd number of messages from workers to master related to agent-info tasks. ([#11753](https://github.com/wazuh/wazuh/pull/11753))
- Improved performance of the `agent_groups` CLI when listing agents belonging to a group. ([#14244](https://github.com/wazuh/wazuh/pull/14244)
- Changed wazuh-clusterd binary behaviour to kill any existing cluster processes when executed. ([#14475](https://github.com/wazuh/wazuh/pull/14475))
- Changed wazuh-clusterd tasks to wait asynchronously for responses coming from wazuh-db. ([#14791](https://github.com/wazuh/wazuh/pull/14843))
- Use zlib for zip compression in cluster synchronization. ([#11190](https://github.com/wazuh/wazuh/pull/11190))
- Added mechanism to dynamically adjust zip size limit in Integrity sync. ([#12241](https://github.com/wazuh/wazuh/pull/12241))
- Deprecate status field in SCA. ([#15853](https://github.com/wazuh/wazuh/pull/15853))
- Agent group guessing (based on configuration hash) now writes the new group directly on the master node. ([#16066](https://github.com/wazuh/wazuh/pull/16066))
- Added delete on cascade of belongs table entries when a group is deleted. ([#16098](https://github.com/wazuh/wazuh/issues/16098))
- Changed `agent_groups` CLI output so affected agents are not printed when deleting a group. ([#16499](https://github.com/wazuh/wazuh/pull/16499))
### Fixed
- Fixed wazuh-dbd halt procedure. ([#10873](https://github.com/wazuh/wazuh/pull/10873))
- Fixed compilation warnings in the manager. ([#12098](https://github.com/wazuh/wazuh/pull/12098))
- Fixed a bug in the manager that did not send shared folders correctly to agents belonging to multiple groups. ([#12516](https://github.com/wazuh/wazuh/pull/12516))
- Fixed the Active Response decoders to support back the top entries for source IP in reports. ([#12834](https://github.com/wazuh/wazuh/pull/12834))
- Fixed the feed update interval option of Vulnerability Detector for the JSON Red Hat feed. ([#13338](https://github.com/wazuh/wazuh/pull/13338))
- Fixed several code flaws in the Python framework. ([#12127](https://github.com/wazuh/wazuh/pull/12127))
- Fixed code flaw regarding the use of XML package. ([#10635](https://github.com/wazuh/wazuh/pull/10635))
- Fixed code flaw regarding permissions at group directories. ([#10636](https://github.com/wazuh/wazuh/pull/10636))
- Fixed code flaw regarding temporary directory names. ([#10544](https://github.com/wazuh/wazuh/pull/10544))
- Fixed code flaw regarding try, except and pass block in wazuh-clusterd. ([#11951](https://github.com/wazuh/wazuh/pull/11951))
- Fixed framework datetime transformations to UTC. ([#10782](https://github.com/wazuh/wazuh/pull/10782))
- Fixed a cluster error when Master-Worker tasks where not properly stopped after an exception occurred in one or both parts. ([#11866](https://github.com/wazuh/wazuh/pull/11866))
- Fixed cluster logger issue printing 'NoneType: None' in error logs. ([#12831](https://github.com/wazuh/wazuh/pull/12831))
- Fixed unhandled cluster error when reading a malformed configuration. ([#13419](https://github.com/wazuh/wazuh/pull/13419))
- Fixed framework unit test failures when they are run by the root user. ([#13368](https://github.com/wazuh/wazuh/pull/13368))
- Fixed a memory leak in analysisd when parsing a disabled Active Response. ([#13405](https://github.com/wazuh/wazuh/pull/13405))
- Prevented wazuh-db from deleting queue/diff when cleaning databases. ([#13892](https://github.com/wazuh/wazuh/pull/13892))
- Fixed multiple data race conditions in Remoted reported by ThreadSanitizer. ([#14981](https://github.com/wazuh/wazuh/pull/14981))
- Fixed aarch64 OS collection in Remoted to allow WPK upgrades. ([#15151](https://github.com/wazuh/wazuh/pull/15151))
- Fixed a race condition in Remoted that was blocking agent connections. ([#15165](https://github.com/wazuh/wazuh/pull/15165))
- Fixed Virustotal integration to support non UTF-8 characters. ([#13531](https://github.com/wazuh/wazuh/pull/13531))
- Fixed a bug masking as Timeout any error that might occur while waiting to receive files in the cluster. ([#14922](https://github.com/wazuh/wazuh/pull/14922))
- Fixed a read buffer overflow in wazuh-authd when parsing requests. ([#15876](https://github.com/wazuh/wazuh/pull/15876))
- Applied workaround for bpo-46309 used in cluster to wazuh-db communication.([#16012](https://github.com/wazuh/wazuh/pull/16012))
- Let the database module synchronize the agent groups data before assignments. ([#16233](https://github.com/wazuh/wazuh/pull/16233))
- Fixed memory leaks in wazuh-analysisd when parsing and matching rules. ([#16321](https://github.com/wazuh/wazuh/pull/16321))
### Removed
- Removed the unused internal option `wazuh_db.sock_queue_size`. ([#12409](https://github.com/wazuh/wazuh/pull/12409))
- Removed all the unused exceptions from the exceptions.py file. ([#10940](https://github.com/wazuh/wazuh/pull/10940))
- Removed unused execute method from core/utils.py. ([#10740](https://github.com/wazuh/wazuh/pull/10740))
- Removed unused set_user_name function in framework. ([#13119](https://github.com/wazuh/wazuh/pull/13119))
- Unused internal calls to wazuh-db have been deprecated. ([#12370](https://github.com/wazuh/wazuh/pull/12370))
- Debian Stretch support in Vulnerability Detector has been deprecated. ([#14542](https://github.com/wazuh/wazuh/pull/14542))
## Agent
### Added
- Added support of CPU frequency data provided by Syscollector on Raspberry Pi. ([#11756](https://github.com/wazuh/wazuh/pull/11756))
- Added support for IPv6 address collection in the agent. ([#11450](https://github.com/wazuh/wazuh/pull/11450))
- Added the process startup time data provided by Syscollector on macOS. ([#11833](https://github.com/wazuh/wazuh/pull/11833))
- Added support of package retrieval in Syscollector for OpenSUSE Tumbleweed and Fedora 34. ([#11571](https://github.com/wazuh/wazuh/pull/11571))
- Added the process startup time data provided by Syscollector on macOS. Thanks to @LubinLew. ([#11640](https://github.com/wazuh/wazuh/pull/11640))
- Added support for package data provided by Syscollector on Solaris. ([#11796](https://github.com/wazuh/wazuh/pull/11796))
- Added support for delta events in Syscollector when data gets changed. ([#10843](https://github.com/wazuh/wazuh/pull/10843))
- Added support for pre-installed Windows packages in Syscollector. ([#12035](https://github.com/wazuh/wazuh/pull/12035))
- Added support for IPv6 on agent-manager connection and enrollment. ([#11268](https://github.com/wazuh/wazuh/pull/11268))
- Added support for CIS-CAT Pro v3 and v4 to the CIS-CAT integration module. Thanks to @hustliyilin. ([#12582](https://github.com/wazuh/wazuh/pull/12582))
- Added support for the use of the Azure integration module in Linux agents. ([#10870](https://github.com/wazuh/wazuh/pull/10870))
- Added new error messages when using invalid credentials with the Azure integration. ([#11852](https://github.com/wazuh/wazuh/pull/11852))
- Added reparse option to CloudWatchLogs and Google Cloud Storage integrations. ([#12515](https://github.com/wazuh/wazuh/pull/12515))
- Wazuh Agent can now be built and run on Alpine Linux. ([#14726](https://github.com/wazuh/wazuh/pull/14726))
- Added native Shuffle integration. ([#15054](https://github.com/wazuh/wazuh/pull/15054))
### Changed
- Improved the free RAM data provided by Syscollector. ([#11587](https://github.com/wazuh/wazuh/pull/11587))
- The Windows installer (MSI) now provides signed DLL files. ([#12752](https://github.com/wazuh/wazuh/pull/12752))
- Changed the group ownership of the Modulesd process to root. ([#12748](https://github.com/wazuh/wazuh/pull/12748))
- Some parts of Agentd and Execd have got refactored. ([#12750](https://github.com/wazuh/wazuh/pull/12750))
- Handled new exception in the external integration modules. ([#10478](https://github.com/wazuh/wazuh/pull/10478))
- Optimized the number of calls to DB maintenance tasks performed by the AWS integration. ([#11828](https://github.com/wazuh/wazuh/pull/11828))
- Improved the reparse setting performance by removing unnecessary queries from external integrations. ([#12404](https://github.com/wazuh/wazuh/pull/12404))
- Updated and expanded Azure module logging functionality to use the ossec.log file. ([#12478](https://github.com/wazuh/wazuh/pull/12478))
- Improved the error management of the Google Cloud integration. ([#12647](https://github.com/wazuh/wazuh/pull/12647))
- Deprecated `logging` tag in GCloud integration. It now uses `wazuh_modules` debug value to set the verbosity level. ([#12769](https://github.com/wazuh/wazuh/pull/12769))
- The last_dates.json file of the Azure module has been deprecated in favour of a new ORM and database. ([12849](https://github.com/wazuh/wazuh/pull/12849/))
- Improved the error handling in AWS integration's `decompress_file` method. ([#12929](https://github.com/wazuh/wazuh/pull/12929))
- Use zlib for zip compression in cluster synchronization. ([#11190](https://github.com/wazuh/wazuh/pull/11190))
- The exception handling on Wazuh Agent for Windows has been changed to DWARF2. ([#11354](https://github.com/wazuh/wazuh/pull/11354))
- The root CA certificate for WPK upgrade has been updated. ([#14696](https://github.com/wazuh/wazuh/pull/14696))
- Agents on macOS now report the OS name as "macOS" instead of "Mac OS X". ([#14822](https://github.com/wazuh/wazuh/pull/14822))
- The Systemd service stopping policy has been updated. ([#14816](https://github.com/wazuh/wazuh/pull/14816))
- Changed how the AWS module handles `ThrottlingException` adding default values for connection retries in case no config file is set.([#14793](https://github.com/wazuh/wazuh/pull/14793))
- The agent for Windows now verifies its libraries to prevent side loading. ([#15404](https://github.com/wazuh/wazuh/pull/15404))
### Fixed
- Fixed collection of maximum user data length. Thanks to @LubinLew. ([#7687](https://github.com/wazuh/wazuh/pull/7687))
- Fixed missing fields in Syscollector on Windows 10. ([#10772](https://github.com/wazuh/wazuh/pull/10772))
- Fixed the process startup time data provided by Syscollector on Linux. Thanks to @LubinLew. ([#11227](https://github.com/wazuh/wazuh/pull/11227))
- Fixed network data reporting by Syscollector related to tunnel or VPN interfaces. ([#11837](https://github.com/wazuh/wazuh/pull/11837))
- Skipped V9FS file system at Rootcheck to prevent false positives on WSL. ([#12066](https://github.com/wazuh/wazuh/pull/12066))
- Fixed double file handle closing in Logcollector on Windows. ([#9067](https://github.com/wazuh/wazuh/pull/9067))
- Fixed a bug in Syscollector that may prevent the agent from stopping when the manager connection is lost. ([#11949](https://github.com/wazuh/wazuh/pull/11949))
- Fixed internal exception handling issues on Solaris 10. ([#12148](https://github.com/wazuh/wazuh/pull/12148))
- Fixed duplicate error message IDs in the log. ([#12300](https://github.com/wazuh/wazuh/pull/12300))
- Fixed compilation warnings in the agent. ([#12691](https://github.com/wazuh/wazuh/pull/12691))
- Fixed the `skip_on_error` parameter of the AWS integration module, which was set to `True` by default. ([#1247](https://github.com/wazuh/wazuh/pull/12147))
- Fixed AWS DB maintenance with Load Balancer Buckets. ([#12381](https://github.com/wazuh/wazuh/pull/12381))
- Fixed AWS integration's `test_config_format_created_date` unit test. ([#12650](https://github.com/wazuh/wazuh/pull/12650))
- Fixed created_date field for LB and Umbrella integrations. ([#12630](https://github.com/wazuh/wazuh/pull/12630))
- Fixed AWS integration database maintenance error managament. ([#13185](https://github.com/wazuh/wazuh/pull/13185))
- The default delay at GitHub integration has been increased to 30 seconds. ([#13674](https://github.com/wazuh/wazuh/pull/13674))
- Logcollector has been fixed to allow locations containing colons (:). ([#14706](https://github.com/wazuh/wazuh/pull/14706))
- Fixed system architecture reporting in Syscollector on Apple Silicon devices. ([#13835](https://github.com/wazuh/wazuh/pull/13835))
- The C++ standard library and the GCC runtime library is included with Wazuh. ([#14190](https://github.com/wazuh/wazuh/pull/14190))
- Fixed missing inventory cleaning message in Syscollector. ([#13877](https://github.com/wazuh/wazuh/pull/13877))
- Fixed WPK upgrade issue on Windows agents due to process locking. ([#15322](https://github.com/wazuh/wazuh/pull/15322))
- Fixed FIM injection vulnerabilty when using `prefilter_cmd` option. ([#13044](https://github.com/wazuh/wazuh/pull/13044))
- Fixed the parse of ALB logs splitting `client_port`, `target_port` and `target_port_list` in separated `ip` and `port` for each key. ([14525](https://github.com/wazuh/wazuh/pull/14525))
- Fixed a bug that prevent processing Macie logs with problematic ipGeolocation values. ([15335](https://github.com/wazuh/wazuh/pull/15335))
- Fixed GCP integration module error messages. ([#15584](https://github.com/wazuh/wazuh/pull/15584))
- Fixed an error that prevented the agent on Windows from stopping correctly. ([#15575](https://github.com/wazuh/wazuh/pull/15575))
- Fixed Azure integration credentials link. ([#16140](https://github.com/wazuh/wazuh/pull/16140))
### Removed
- Deprecated Azure and AWS credentials in the configuration authentication option. ([#14543](https://github.com/wazuh/wazuh/pull/14543))
## RESTful API
### Added
- Added new API integration tests for a Wazuh environment without a cluster configuration. ([#10620](https://github.com/wazuh/wazuh/pull/10620))
- Added wazuh-modulesd tags to `GET /manager/logs` and `GET /cluster/{node_id}/logs` endpoints. ([#11731](https://github.com/wazuh/wazuh/pull/11731))
- Added Python decorator to soft deprecate API endpoints adding deprecation headers to their responses. ([#12438](https://github.com/wazuh/wazuh/pull/12438))
- Added new exception to inform that /proc directory is not found or permissions to see its status are not granted. ([#12486](https://github.com/wazuh/wazuh/pull/12486))
- Added new field and filter to `GET /agents` response to retrieve agent groups configuration synchronization status. ([#12362](https://github.com/wazuh/wazuh/pull/12483))
- Added agent groups configuration synchronization status to `GET /agents/summary/status` endpoint. ([12498](https://github.com/wazuh/wazuh/pull/12498))
- Added JSON log handling. ([#11171](https://github.com/wazuh/wazuh/pull/11171))
- Added integration tests for IPv6 agent's registration. ([#12029](https://github.com/wazuh/wazuh/pull/12029))
- Enable ordering by Agents count in `/groups` endpoints. ([#12887](https://github.com/wazuh/wazuh/pull/12887))
- Added hash to API logs to identify users logged in with authorization context. ([#12092](https://github.com/wazuh/wazuh/pull/12092))
- Added new `limits` section to the `upload_wazuh_configuration` section in the Wazuh API configuration. ([#14119](https://github.com/wazuh/wazuh/pull/14119))
- Added logic to API logger to renew its streams if needed on every request. ([#14295](https://github.com/wazuh/wazuh/pull/14295))
- Added `GET /manager/daemons/stats` and `GET /cluster/{node_id}/daemons/stats` API endpoints. ([#14401](https://github.com/wazuh/wazuh/pull/14401))
- Added `GET /agents/{agent_id}/daemons/stats` API endpoint. ([#14464](https://github.com/wazuh/wazuh/pull/14464))
- Added the possibility to get the configuration of the `wazuh-db` component in active configuration endpoints. ([#14471](https://github.com/wazuh/wazuh/pull/14471))
- Added distinct and select parameters to GET /sca/{agent_id} and GET /sca/{agent_id}/checks/{policy_id} endpoints. ([#15084](https://github.com/wazuh/wazuh/pull/15084))
- Added new endpoint to run vulnerability detector on-demand scans (`PUT /vulnerability`). ([#15290](https://github.com/wazuh/wazuh/pull/15290))
### Changed
- Improved `GET /cluster/healthcheck` endpoint and `cluster_control -i more` CLI call in loaded cluster environments. ([#11341](https://github.com/wazuh/wazuh/pull/11341))
- Removed `never_connected` agent status limitation when trying to assign agents to groups. ([#12595](https://github.com/wazuh/wazuh/pull/12595))
- Changed API version and upgrade_version filters to work with different version formats. ([#12551](https://github.com/wazuh/wazuh/pull/12551))
- Renamed `GET /agents/{agent_id}/group/is_sync` endpoint to `GET /agents/group/is_sync` and added new `agents_list` parameter. ([#9413](https://github.com/wazuh/wazuh/pull/9413))
- Added `POST /security/user/authenticate` endpoint and marked `GET /security/user/authenticate` endpoint as deprecated. ([#10397](https://github.com/wazuh/wazuh/pull/10397))
- Adapted framework code to agent-group changes to use the new wazuh-db commands. ([#12526](https://github.com/wazuh/wazuh/pull/12526))
- Updated default timeout for `GET /mitre/software` to avoid timing out in slow environments after the MITRE DB update to v11.2. ([#13791](https://github.com/wazuh/wazuh/pull/13791))
- Changed API settings related to remote commands. The `remote_commands` section will be hold within `upload_wazuh_configuration`. ([#14119](https://github.com/wazuh/wazuh/pull/14119))
- Improved API unauthorized responses to be more accurate. ([#14233](https://github.com/wazuh/wazuh/pull/14233))
- Updated framework functions that communicate with the `request` socket to use `remote` instead. ([#14259](https://github.com/wazuh/wazuh/pull/14259))
- Improved parameter validation for API endpoints that require component and configuration parameters. ([#14766](https://github.com/wazuh/wazuh/pull/14766))
- Improved `GET /sca/{agent_id}/checks/{policy_id}` API endpoint performance. ([#15017](https://github.com/wazuh/wazuh/pull/15017))
- Improved exception handling when trying to connect to Wazuh sockets. ([#15334](https://github.com/wazuh/wazuh/pull/15334))
- Modified _group_names and _group_names_or_all regexes to avoid invalid group names. ([#15671](https://github.com/wazuh/wazuh/pull/15671))
- Changed `GET /sca/{agent_id}/checks/{policy_id}` endpoint filters and response to remove `status` field. ([#15747](https://github.com/wazuh/wazuh/pull/15747))
- Removed RBAC group assignments' related permissions from `DELETE /groups` to improve performance and changed response structure. ([#16231](https://github.com/wazuh/wazuh/pull/16231))
### Fixed
- Fixed copy functions used for the backup files and upload endpoints to prevent incorrent metadata. ([#12302](https://github.com/wazuh/wazuh/pull/12302))
- Fixed a bug regarding ids not being sorted with cluster disabled in Active Response and Agent endpoints. ([#11010](https://github.com/wazuh/wazuh/pull/11010))
- Fixed a bug where `null` values from wazuh-db where returned in API responses. ([#10736](https://github.com/wazuh/wazuh/pull/10736))
- Connections through `WazuhQueue` will be closed gracefully in all situations. ([#12063](https://github.com/wazuh/wazuh/pull/12063))
- Fixed exception handling when trying to get the active configuration of a valid but not configured component. ([#12450](https://github.com/wazuh/wazuh/pull/12450))
- Fixed api.yaml path suggested as remediation at exception.py ([#12700](https://github.com/wazuh/wazuh/pull/12700))
- Fixed /tmp access error in containers of API integration tests environment. ([#12768](https://github.com/wazuh/wazuh/pull/12768))
- The API will return an exception when the user asks for agent inventory information and there is no database for it (never connected agents). ([#13096](https://github.com/wazuh/wazuh/pull/13096))
- Improved regex used for the `q` parameter on API requests with special characters and brackets. ([#13171](https://github.com/wazuh/wazuh/pull/13171)) ([#13386](https://github.com/wazuh/wazuh/pull/13386))
- Removed board_serial from syscollector integration tests expected responses. ([#12592](https://github.com/wazuh/wazuh/pull/12592))
- Removed cmd field from expected responses of syscollector integration tests. ([#12557](https://github.com/wazuh/wazuh/pull/12557))
- Reduced maximum number of groups per agent to 128 and adjusted group name validation. ([#12611](https://github.com/wazuh/wazuh/pull/12611))
- Reduced amount of memory required to read CDB lists using the API. ([#14204](https://github.com/wazuh/wazuh/pull/14204))
- Fixed a bug where the cluster health check endpoint and CLI would add an extra active agent to the master node. ([#14237](https://github.com/wazuh/wazuh/pull/14237))
- Fixed bug that prevent updating the configuration when using various <ossec_conf> blocks from the API ([#15311](https://github.com/wazuh/wazuh/pull/15311))
- Fixed vulnerability API integration tests' healthcheck. ([#15194](https://github.com/wazuh/wazuh/pull/15194))
### Removed
- Removed null remediations from failed API responses. ([#12053](https://github.com/wazuh/wazuh/pull/12053))
- Deprecated `GET /agents/{agent_id}/group/is_sync` endpoint. ([#12365](https://github.com/wazuh/wazuh/issues/12365))
- Deprecated `GET /manager/stats/analysisd`, `GET /manager/stats/remoted`, `GET /cluster/{node_id}stats/analysisd`, and `GET /cluster/{node_id}stats/remoted` API endpoints. ([#14230](https://github.com/wazuh/wazuh/pull/14230))
## Ruleset
### Added
- Added support for new sysmon events. ([#13594](https://github.com/wazuh/wazuh/pull/13594))
- Added new detection rules using Sysmon ID 1 events. ([#13595](https://github.com/wazuh/wazuh/pull/13595))
- Added new detection rules using Sysmon ID 3 events. ([#13596](https://github.com/wazuh/wazuh/pull/13596))
- Added new detection rules using Sysmon ID 7 events. ([#13630](https://github.com/wazuh/wazuh/pull/13630))
- Added new detection rules using Sysmon ID 8 events. ([#13637](https://github.com/wazuh/wazuh/pull/13637))
- Added new detection rules using Sysmon ID 10 events. ([#13639](https://github.com/wazuh/wazuh/pull/13639))
- Added new detection rules using Sysmon ID 11 events. ([#13631](https://github.com/wazuh/wazuh/pull/13631))
- Added new detection rules using Sysmon ID 13 events. ([#13636](https://github.com/wazuh/wazuh/pull/13636))
- Added new detection rules using Sysmon ID 20 events. ([#13673](https://github.com/wazuh/wazuh/pull/13673))
- Added new PowerShell ScriptBlock detection rules. ([#13638](https://github.com/wazuh/wazuh/pull/13638))
- Added HPUX 11i SCA policies using bastille and without bastille. ([#15157](https://github.com/wazuh/wazuh/pull/15157))
### Changed
- Updated ruleset according to new API log changes when the user is logged in with authorization context. ([#15072](https://github.com/wazuh/wazuh/pull/15072))
- Updated 0580-win-security_rules.xml rules. ([#13579](https://github.com/wazuh/wazuh/pull/13579))
- Updated Wazuh MITRE ATT&CK database to version 11.3. ([#13622](https://github.com/wazuh/wazuh/pull/13622))
- Updated detection rules in 0840-win_event_channel.xml. ([#13633](https://github.com/wazuh/wazuh/pull/13633))
- SCA policy for Ubuntu Linux 20.04 rework. ([#15070](https://github.com/wazuh/wazuh/pull/15070))
- Updated Ubuntu Linux 22.04 SCA Policy with CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0. ([#15051](https://github.com/wazuh/wazuh/pull/15051))
### Fixed
- Fixed OpenWRT decoder fixed to parse UFW logs. ([#11613](https://github.com/wazuh/wazuh/pull/11613))
- Bug fix in wazuh-api-fields decoder. ([#14807](https://github.com/wazuh/wazuh/pull/14807))
- Fixed deprecated MITRE tags in rules. ([#13567](https://github.com/wazuh/wazuh/pull/13567))
- SCA checks IDs are not unique. ([#15241](https://github.com/wazuh/wazuh/pull/15241))
- Fixed regex in check 5.1.1 of Ubuntu 20.04 SCA. ([#14513](https://github.com/wazuh/wazuh/pull/14513))
- Removed wrong Fedora Linux SCA default policies. ([#15251](https://github.com/wazuh/wazuh/pull/15251))
- SUSE Linux Enterprise 15 SCA Policy duplicated check ids 7521 and 7522. ([#15156](https://github.com/wazuh/wazuh/pull/15156))
## Other
### Added
- Added unit tests to the component in Analysisd that extracts the IP address from events. ([#12733](https://github.com/wazuh/wazuh/pull/12733))
- Added `python-json-logger` dependency. ([#12518](https://github.com/wazuh/wazuh/pull/12518))
### Changed
- Prevented the Ruleset test suite from restarting the manager. ([#10773](https://github.com/wazuh/wazuh/pull/10773))
- The pthread's rwlock has been replaced with a FIFO-queueing read-write lock. ([#14839](https://github.com/wazuh/wazuh/pull/14839))
- Updated Python dependency certifi to 2022.12.7. ([#15809](https://github.com/wazuh/wazuh/pull/15809))
- Updated Python dependency future to 0.18.3. ([#15896](https://github.com/wazuh/wazuh/pull/15896))
- Updated Werkzeug to 2.2.3. ([#16317](https://github.com/wazuh/wazuh/pull/16317))
- Updated Flask to 2.0.0. ([#16317](https://github.com/wazuh/wazuh/pull/16317))
- Updated itsdangerous to 2.0.0. ([#16317](https://github.com/wazuh/wazuh/pull/16317))
- Updated Jinja2 to 3.0.0. ([#16317](https://github.com/wazuh/wazuh/pull/16317))
- Updated MarkupSafe to 2.1.2. ([#16317](https://github.com/wazuh/wazuh/pull/16317))
### Fixed
- Fixed Makefile to detect CPU archivecture on Gentoo Linux. ([#14165](https://github.com/wazuh/wazuh/pull/14165))2023-03-28T20:45:28+00:00syncthing v1.23.3-rc.2syncthing v1.23.3-rc.22023-03-29T07:23:44+00:00Bugfixes:
- #5408: Selection of time in versions GUI not possible without editing the string inside the textfield
- #8277: Mutual encrypted sharing doesn't work (both sides with password)
- #8556: Increased file size when sharing between encrypted devices
- #8599: Key generation at connect time is slow for encrypted connections
Enhancements:
- #7859: Allow sub-second watcher delay (use case: remote development)
Other issues:
- #8828: cmd/stdiscosrv: TestDatabaseGetSet flake
2023-03-29T07:23:44+00:00Lookyloo v1.19.0Lookyloo v1.19.02023-03-30T10:25:46+00:00# New features
* The email notification now attaches the contacts, making takedown requests easier.
* (WiP) Add settings for comparing captures. It is not possible to ignore domains and/or a substring in a resource URL loaded from the landing page.
* Update [PyLookyloo](https://github.com/Lookyloo/PyLookyloo) to pass the settings when comparing captures
* [Admin users only] Modal to trigger admin-only tasks on a specific capture (hide/rebuild)
# Bugfixes
* Fix docker compose (thanks to @bib0x)
* Avoid exception at multiple places when a capture is invalid for any reason
# Changes
* Force protocol 5 for pickles (requires python 3.8, but lookyloo already required it anyway)
* Optimize pickle before storing, and archive them to reduce diskspace
* Bump dependencies (js & python)
* Improve logging (add capture UUID when possible, makes debugging easier)
* Always use `LookylooException` instead of `Exception`
* Update Playwright in [PlaywrightCapture](https://github.com/Lookyloo/PlaywrightCapture)
* Improve logging in [har2tree](https://github.com/Lookyloo/har2tree)2023-03-30T10:25:46+00:00maltrail 0.56maltrail 0.562023-03-31T22:11:05+00:00Start-of-month release2023-03-31T22:11:05+00:00sslyze 5.1.3sslyze 5.1.32023-04-01T13:44:31+00:00* Added native support for Apple Silicon (https://github.com/nabla-c0d3/nassl/pull/107).
* Fixed a crash when using older versions of PyOpenSSL (#600).2023-04-01T13:44:31+00:00tesseract 5.3.1tesseract 5.3.12023-04-01T19:55:17+00:00## What's Changed
* Update README.md by @seupedro in https://github.com/tesseract-ocr/tesseract/pull/3992
* Fix FP division by zero (issue #3995) by @stweil in https://github.com/tesseract-ocr/tesseract/pull/3996
* Fix linkage of icu and pango by @autoantwort in https://github.com/tesseract-ocr/tesseract/pull/4006
* Fix build with gcc 13 by including <cstdint> by @kraj in https://github.com/tesseract-ocr/tesseract/pull/4009
* msvc debug: fix wrong lib name in generated pkgconfig file by @autoantwort in https://github.com/tesseract-ocr/tesseract/pull/4008
* Fix libdir in tesseract.pc from CMake by @ferdnyc in https://github.com/tesseract-ocr/tesseract/pull/4013
* Replace 'can not' by 'cannot' by @stweil in https://github.com/tesseract-ocr/tesseract/pull/4015
* Readme: Link to list of supported languages by @tooomm in https://github.com/tesseract-ocr/tesseract/pull/4027
* Improve the DebugDump output by slightly adjusting the format. by @GerHobbelt in https://github.com/tesseract-ocr/tesseract/pull/4022
* Fix issue #4010 by @amitdo in https://github.com/tesseract-ocr/tesseract/pull/4041
## New Contributors
* @seupedro made their first contribution in https://github.com/tesseract-ocr/tesseract/pull/3992
* @autoantwort made their first contribution in https://github.com/tesseract-ocr/tesseract/pull/4006
* @kraj made their first contribution in https://github.com/tesseract-ocr/tesseract/pull/4009
* @ferdnyc made their first contribution in https://github.com/tesseract-ocr/tesseract/pull/4013
* @tooomm made their first contribution in https://github.com/tesseract-ocr/tesseract/pull/4027
**Full Changelog**: https://github.com/tesseract-ocr/tesseract/compare/5.3.0...5.3.12023-04-01T19:55:17+00:00dnstwist 20230402dnstwist 202304022023-04-02T12:48:54+00:00Changes:
- Replaced `--ssdeep` with new `--lsh` argument allowing to request particular fuzzy hash (ssdeep or tlsh)
- Updated and improved web application (session sharing, janitor thread, memory limit, input validation, etc.)
- Refactored debug messages
- Minor bug fixes2023-04-02T12:48:54+00:00mailvelope v5.0.0mailvelope v5.0.02023-04-02T13:23:39+00:00* Upgrade to OpenPGP.js v5
* Fix timeout error when loading large GnuPG keyrings2023-04-02T13:23:39+00:00syncthing v1.23.3syncthing v1.23.32023-04-04T07:19:46+00:00Bugfixes:
- #5408: Selection of time in versions GUI not possible without editing the string inside the textfield
- #8277: Mutual encrypted sharing doesn't work (both sides with password)
- #8556: Increased file size when sharing between encrypted devices
- #8599: Key generation at connect time is slow for encrypted connections
Enhancements:
- #7859: Allow sub-second watcher delay (use case: remote development)
Other issues:
- #8828: cmd/stdiscosrv: TestDatabaseGetSet flake
2023-04-04T07:19:46+00:00syncthing v1.23.4syncthing v1.23.42023-04-05T14:00:41+00:00Bugfixes:
- #8851: "Running global migration to fix encryption file sizes" on every start
2023-04-05T14:00:41+00:00wazuh v4.4.1wazuh v4.4.12023-04-12T09:53:51+00:00## Manager
### Changed
- Improve WazuhDB performance by avoiding synchronization of existing agent keys and removing deprecated agent databases from var/db/agents. ([#15883](https://github.com/wazuh/wazuh/pull/15883))
### Fixed
- Reverted the addition of some mapping fields in Wazuh template causing a bug with expanded search. ([#16546](https://github.com/wazuh/wazuh/pull/16546))
## RESTful API
### Changed
- Changed API limits protection to allow uploading new configuration files if `limit` is not modified. ([#16541](https://github.com/wazuh/wazuh/pull/16541))
## Ruleset
### Added
- Added Debian Linux 11 SCA policy. ([#16017](https://github.com/wazuh/wazuh/pull/16017))
### Changed
- SCA policy for Red Hat Enterprise Linux 9 rework. ([#16016](https://github.com/wazuh/wazuh/pull/16016))
## Other
### Changed
- Update embedded Python interpreter to 3.9.16. ([#16472](https://github.com/wazuh/wazuh/issues/16472))
- Update setuptools to 65.5.1. ([#16492](https://github.com/wazuh/wazuh/pull/16492))
2023-04-12T09:53:51+00:00dnstwist 20230413dnstwist 202304132023-04-13T07:41:56+00:00Changes:
- Bug fixes
- Minor optimizations2023-04-13T07:41:56+00:00MISP v2.4.170MISP v2.4.1702023-04-13T12:16:50+00:00We are pleased to announce the immediate availability of [MISP v2.4.170](https://github.com/MISP/MISP/releases/tag/v2.4.170) with new features, workflow improvements and bugs fixed.
It includes many improvement [release](https://github.com/MISP/misp-stix/releases/tag/v2.4.170) of [misp-stix](https://github.com/MISP/misp-stix), the core Python library for importing and exporting STIX (1, 2.0 and 2.1).

# Workflow
- A new feature has been added to the "misp-workflow-modules" module. It is an event threat level `if logic` module.
- The "workflow-module:send_mail" module now allows org admins to receive send_log_mail.
- The "workflow-module:send_mail" module now allows all admins to use it.
- The "workflow:tag_if" module now correctly compares cluster tags.
- The "workflow-module:enrich_event" module now does not run enrichment if no filtered elements are found. If a filtering condition was set and no item were matched, the whole event was enriched. Now nothing happens.
- The "workflow-module:tag_if" module now supports galaxy clusters. This fixes issue #8959.
- The data type of the workflows.data column has been changed from TEXT to LONGTEXT in the "db:workflows" module. This should fix issue #8979.
- The "workflows" module now requires misp-modules for email.
# New security features
- Improve security of the API authentication to pin IP in a single click.
- Seen IP addresses per API key added.
# Fixes
- Add support for a `breakOnDuplicate` named parameter on `/attributes/add` endpoint, default value is `true` which keeps the current behavior of throwing an error when the user tries to add duplicate attribute to an event. When set to `false` the endpoint will work as an upsert, updating the attributes `timestamp` and any other properties provided in the payload, no error logs will be written.
- The "'sharing_group_id' doesn't have a default value error" error when importing an OpenIOC file has been fixed.
# Security fix
- [app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. ](https://cvepremium.circl.lu/cve/CVE-2023-28884)
A huge thanks to all the contributors and supporters of the MISP project. This release wouldn't be possible without the help of all the organisations and people supporting us to make MISP a reality.
Go to the detailed [changelog](https://www.misp-project.org/Changelog.txt) for more details about the changes to the MISP core software.
# Other updates and changes in the MISP project
## MISP Objects and Relationships
- New [Greynoise](https://www.greynoise.io/)-ip object.
- [network-socket] Added MAC address attributes.
- New relationships `rewrite` added.
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- Sigma galaxy updated to the latest version.
- Threat actor galaxies updated with new threat actors and improved.
- Ransomware group updated to be inline with [ransomlook.io](https://www.ransomlook.io/).
- Stealer galaxy updated.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- New warning-lists added for Google Bot.
- Updated warning-lists for all sources.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.
2023-04-13T12:16:50+00:00suricata suricata-6.0.11suricata suricata-6.0.112023-04-13T16:39:42+00:00## Release Notes
https://forum.suricata.io/t/suricata-6-0-11-released
## Redmine Tracker
https://redmine.openinfosecfoundation.org/versions/187
## Download
https://www.openinfosecfoundation.org/download/suricata-6.0.11.tar.gz
https://www.openinfosecfoundation.org/download/suricata-6.0.11.tar.gz.sig
## Documentation
https://suricata.readthedocs.io/en/suricata-6.0.11/2023-04-13T16:39:42+00:00mailvelope v5.0.1mailvelope v5.0.12023-04-19T09:56:35+00:00* Replace QR code library
* Fix showing only first email address of key in recipient selection of Mailvelope editor
* Fix unknown signature has fingerprint instead keyId (GnuPG backend)2023-04-19T09:56:35+00:00wazuh v4.3.11wazuh v4.3.112023-04-20T07:16:35+00:00## Manager
### Fixed
- Fixed a dead code bug that might cause wazuh-db to crash. ([#16752](https://github.com/wazuh/wazuh/pull/16752)) 2023-04-20T07:16:35+00:00rocksdb v8.1.1rocksdb v8.1.12023-04-20T22:02:38+00:00## 8.1.1 (04/06/2023)
### Bug Fixes
* In the DB::VerifyFileChecksums API, ensure that file system reads of SST files are equal to the readahead_size in ReadOptions, if specified. Previously, each read was 2x the readahead_size.
## 8.1.0 (03/18/2023)
### Behavior changes
* Compaction output file cutting logic now considers range tombstone start keys. For example, SST partitioner now may receive ParitionRequest for range tombstone start keys.
* If the async_io ReadOption is specified for MultiGet or NewIterator on a platform that doesn't support IO uring, the option is ignored and synchronous IO is used.
### Bug Fixes
* Fixed an issue for backward iteration when user defined timestamp is enabled in combination with BlobDB.
* Fixed a couple of cases where a Merge operand encountered during iteration wasn't reflected in the `internal_merge_count` PerfContext counter.
* Fixed a bug in CreateColumnFamilyWithImport()/ExportColumnFamily() which did not support range tombstones (#11252).
* Fixed a bug where an excluded column family from an atomic flush contains unflushed data that should've been included in this atomic flush (i.e, data of seqno less than the max seqno of this atomic flush), leading to potential data loss in this excluded column family when `WriteOptions::disableWAL == true` (#11148).
### New Features
* Add statistics rocksdb.secondary.cache.filter.hits, rocksdb.secondary.cache.index.hits, and rocksdb.secondary.cache.filter.hits
* Added a new PerfContext counter `internal_merge_point_lookup_count` which tracks the number of Merge operands applied while serving point lookup queries.
* Add new statistics rocksdb.table.open.prefetch.tail.read.bytes, rocksdb.table.open.prefetch.tail.{miss|hit}
* Add support for SecondaryCache with HyperClockCache (`HyperClockCacheOptions` inherits `secondary_cache` option from `ShardedCacheOptions`)
* Add new db properties `rocksdb.cf-write-stall-stats`, `rocksdb.db-write-stall-stats`and APIs to examine them in a structured way. In particular, users of `GetMapProperty()` with property `kCFWriteStallStats`/`kDBWriteStallStats` can now use the functions in `WriteStallStatsMapKeys` to find stats in the map.
### Public API Changes
* Changed various functions and features in `Cache` that are mostly relevant to custom implementations or wrappers. Especially, asychronous lookup functionality is moved from `Lookup()` to a new `StartAsyncLookup()` function.
2023-04-20T22:02:38+00:00PyPCAPKit v1.0.0b9PyPCAPKit v1.0.0b92023-04-21T17:38:25+00:00- b30731a5 Bumped version to 1.0.0b9
- 052c174c use action for changelog
- cce0a9b3 Bumped version to 1.0.0b8
- 2c997c17 bugfix on changelog
- d3c9d225 Bumped version to 1.0.0b7
- cff847ba bugfix on changelog
- bac920a9 Bumped version to 1.0.0b6
- 8620ca61 generate changelog on release
- e2e820e8 Bumped version to 1.0.0b5
- 5e555489 dont tag in cron
- a419bd83 Bumped version to 1.0.0b4
- 22aa473e try to auto generate changelog on release
- 4ee367e5 Bumped version to 1.0.0b3
- e05e323f test on changelog generation
- 14748391 revised release action
- 65ce9cf0 Bumped version to 1.0.0b2
- 05420c9f use ncipollo/release-action for release
- cbe02fef Bumped version to 1.0.0b3
- 5090102b bugfix for cron (commit message)
- 61faadd6 setup for workflow chain test
- e5eb0930 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 1055b454 do not tag in cron-update
- bc29e909 Updated vendor constant enumerations at Fri Apr 21 15:34:32 UTC 2023
- 6e5bf095 setup for workflow chain test
- ae503e0f bugfix for bump_version.py
- 340d957a Updated vendor constant enumerations at Fri Apr 21 15:06:06 UTC 2023
- c04b9d2e typing_extensions usage bugfix
- ff323d23 bugfix for release action (tag name)
- c6bc64c0 renamed default branch to main
- 7bf28fa5 bugfix for cron (bump version before commit)
- ec458e0a bugfix for release action (skip existing)
- f89fedce Updated vendor constant enumerations at Fri Apr 21 13:56:26 UTC 2023
- 0d95c2dc bugfix for release action (use ubuntu)
- d7c61f9e Updated vendor constant enumerations at Fri Apr 21 13:40:12 UTC 2023
- 557ee6f1 setup for workflow chain test
- 98741dca Updated vendor constant enumerations at Fri Apr 21 12:44:31 UTC 2023
- 91d5b23f setup for workflow chain test
- 183b2a9d Updated vendor constant enumerations at Fri Apr 21 12:33:46 UTC 2023
- 0701dee5 setup for test
- 0c8296df Merge branch 'master' of https://github.com/JarryShaw/PyPCAPKit
- 52e5da30 revised vendor crawler for retry & CI/CD mode environ vars
- e36d03bb Update cron-update.yml
- afe1fd2e setting up github actions for auto release
- 2287d6f5 Create SECURITY.md
- bf591b3d Create dependabot.yml
- 9d437435 make isort
- 5d5c5117 version compat bugfix for enum.StrEnum
- eee65370 use local twine
- 1aaa05a4 revised distro workflow (Makefile)
- 50009806 make bandit
- f8b5f2ef revised setup/build system based on scapy
- 64408950 added todo for pcapng
- 9766f20e make isort
- 312a62a0 revised docs fonts
- f6acee0f revised docs config
- e1e5c5e8 bugfix in github pages action
- 7fb1943e bugfix in github pages action
- e9742e2a bumped version to 1.0.0b1
- 543bf9e2 finished docs revision
- e0aaaaf2 working on docs (pcapkit.protocols.application)
- 5920d961 debugging workflow
- 7bd79944 working on docs (pcapkit.protocols.transport)
- e8ac3779 working on docs (pcapkit.protocols.internet)
- 60823542 working on docs (pcapkit.protocols.link)
- 8a2916a5 working on docs (pcapkit.protocols.link)
- 0e52db30 renamed pcapkit.foundation.engine to engines
- 4801bf63 working on docs (pcapkit.protocols.misc)
- 04edf251 working on docs (pcapkit.protocols.misc)
- 5fb18791 working on docs (pcapkit.vendor)
- ca124d50 working on docs (pcapkit.utilities)
- 2f2116b3 working on docs (pcapkit.toolkit)
- c4060d9a working on docs (pcapkit.interface)
- 78c3bcf0 working on docs (pcapkit.foundation)
- 91764b56 working on docs (pcapkit.dumpkit)
- 50282e07 working on docs (pcapkit.corekit)
- 0209e049 working on docs (pcapkit.const)
- 30d2346d updated enumerations & vendor crawlers for docs
- 64a94f54 introducted book theme for docs
- d60e2152 introducted book theme for docs
- 55be2200 updated engine benchmarking in readme
- f2d62340 updated test_time
- c29f7e09 revised toplevel modules for docs generation
- 07bf98d4 updated vendor & const for docs generation
- df577930 updated test_time
- 08c2c9b8 added close methods to engins
- 54cd4041 updated setup.py
- 49e99017 revised repo files
- 90b4399c updated setup.py
- 25136f57 updated enumerations & vendor crawlers
- 3b209507 make isort
- 24edd30d added MH enumerations & vendor cralwers
- 3ed3b479 working on MH enumerations
- 26b8c148 working on MH enumerations
- 2160eb25 working on MH enumerations
- 6c06e896 working on MH enumerations
- e69e2967 working on MH enumerations
- 0befe0e0 working on MH enumerations
- 1f1399f6 working on MH enumerations
- a2668098 working on PCAPNG schema
- 2e1abeae no changes
- 5319c53e added VERBOSE support to warnings
- 29c5fd27 added PCAPNG block type enumeration/crawler
- 2d35a89a added engine registry APIs
- 502bc421 minor bugfix for pyshark engine support
- 0dc9b223 make isort
- e1ad64e3 renamed dumpkit.compat to dumpkit.common
- b3ed2c3a extracted dumper customised hooks to dumpkit.compat
- 232a5e6a extract header info for DPKT/Scapy
- b9b4cabd bugfix in Engine logic
- 2afffde7 integrated engines into Extractor
- 814b1056 implemented engine support classes (based on Extractor methods
- 9b46e476 general bugfix after reassembly/traceflow module revision
- 7bd22b1d updated sample output
- 73dc595e general bugfix after reassembly/traceflow module revision
- 54b3580e revised Extractor for reassembly & traceflow upgrade
- dcd536fc updated import path for reassembly & traceflow modules
- 595186d7 revised traceflow module organisation
- aa7350d8 revised reassembly module organisation
- 86966fd7 bugfix for Dict/List typing compatibility
- 5903ea32 updated import path for reassembly data models
- d4a88e7f revised reassembly - moved data models into the `data` module
- 7874714b Merge branch 'test/rc/schema'
- 930b9175 updated test_analysis
- a15e2b54 typing revision
- 8221b9f2 make isort
- 25c0e059 updated registry APIs
- 3475f360 updated TCP protocol registry (80 for HTTP/1.* only)
- 74c8993d revised HTTP protocol IDs (for generic matching)
- 4d8b7c46 revised _import_next_layer (calculate length by payload if arg not provided)
- 581ff2f6 revised exception logging output
- cc16cdb5 bugfix in beholder decorator for error handler using get_payload instead of self._file
- 5fbfe808 bugfix in HTTP._guess_version for use of self._data instead of self._file
- 752b1027 bugfix in ARP schema fields (length of operation field)
- ee6a3b27 bugfix in SchemaField unpacking logic
- af8f303b updated sample outputs
- 2ef23de1 revised application layer proto number (if not registered, directly use None)
- fb7586a3 revised enum dumping output format
- 4b8ae8e5 revised enum dumping output format
- ab5c9b1e revised fields __call__ methods (callback and length callback)
- 7bf38c50 pkt['__length__'] should be treated as the remaining length of data
- ebab5d87 use get_payload for payload data in Internet._import_next_layer
- 9f640a8b update field's template & length upon callback
- 2c1082e4 Ethernet schema's payload length should directly use __length__
- d5307a72 option parsers/constructors do not need Self in arglist
- b072d801 print exception stack in beholder under dev mode
- 7ad906c2 bugfix for NumberField __call__ not updating if length not changed
- edf46288 bugfix for Data/Schema dict conversion (excluded names & additional built-int names)
- 70a3e149 bugfix for EOF test in Schema.unpack's prepare decorator
- 2a141855 added PyCharm configs & updated .gitignore
- ff813236 added basic test case
- 86be6660 bugfix in Schema set/get/delattr funcs
- f87fad63 bugfix in HTTP/1.* for header length
- cfeb193e integrated HTTP/2 with schema
* renamed `RstStream` as `RSTSTREAM`
* revised frame type parsing & construction logic
* revised frame data models (added __value__ to flags & eliminate unnecessary usage of Optional)
- 5a780bce udpated docs for IPv6-Route
- a2e627a6 change Schema.pre/post_process to classmethods
- c1dafe24 TCP flags order by its actual bit position
- 5764358e Field.pack should also include packet data
- d116d941 make isort
- 321f872c integrated HTTP/1.\* with schema
* added message attribute to StatusCode enumeration
* revised & implemented HTTP/1.\* parsing & construction
- 94735db3 added enumeration and vendor crawler for HTTP/1.\* status code & methods
- 6909ec30 updated docs for FTP Coomand vendor
- 0dfaf007 isort: skip
- 38e47f90 integrated HTTP with schema
* bugfix in Protocol.from_schema for self init args
* removed HTTP base data model * revised HTTP base class for generic processing
- d6e1d7cb make pcapkit-vendor
- f432c8ab make isort
- 6cb4e701 integrated FTP with schema
* revised FTP return code & command enumeration/vendor crawler
* revised FTP data models
* revised FTP parsing logic (use regex)
- 47ac3878 make isort
- 3bba8a17 revised TCP schemas with OptionField/etc. & redesigned read funcs
- acd929b8 revised forward match fields usage in protocols
- 84d576f3 revised HOPOPT/IPv4/IPv6 for nonce values
* nonce type should be int
* revised MPL option seed ID when type is source IPv6 address
* added missing opt construction with data
- 449dd81f revised IPv6-Route schemas with OptionField/etc. & redesigned read funcs & added support for SRH de/compression
- 321759e6 added packet as a keyword args to be passed down protocol chain for parent level context
* revised _decode/import_next_layer implementations
* revised unpack implementation
* updated IPv6 for utilising packet arg to pass on src/dst IP address info
- b5ebf976 minor logic revision on ListField.unpack
- 1e1952c9 revised IPv6-Opts schemas with OptionField/etc. & redesigned read funcs
- 249d0406 make isort
- 5d390c7a added eool to OptionField
- 8043d09c revised docs in HOPOPT
- 89be9182 revised IPv4 schemas with OptionField/etc. & redesigned read funcs
- 6c892b2e minor bugfix in HOPOPT quick start option schema
- bcdebea1 make isort
- f0cea097 revised HOPOPT schemas with OptionField/etc. & redesigned read funcs
- e1a406c8 updated Schema for ForwardMatchField
- 5b99cd83 revised Fields
* added ForwardMatchField & NoValueField
* revised _Field.unpack arg list
- af379266 removed unused stmts in HIP
- 451f629c make isort
- ba875f8e revised HIP schemas with Schema/Option/ListFields & redesigned read funcs
- 30778f3b minor revision on fields and schema
* added pre/post-process to Schema unpacking
* added prepare decorator for Schema.unpack
* revised ListField for support of SchemaField
* include parsed options into packet in OptionField
- b307bd48 working on field type revision
* moved List/OptionField to collections module
* updated import statements accordingly
* added SchemaField & SwitchField
* working on ListField processing for the newly added field types
- df75014f added OptionField
* revised Schema.unpack/pack for support of Option/ListFields
* revised protocol schemas to integrate OptionField
- 9bd8f0b7 Field.__call__ should return a new instance instead of updating the original one
- f74bd64c allow smart detection of the schema/data definition on subclasses of Protocol
- ca6ea37e make isort
- 9ff5654d updated Transport for overwriting existing registry warnings
- ce811b15 updated UDP for subclass params & _make_data impl
- 3d2f09f6 general revision
* bugfix for missing subclass param for misc/link/internet protocols
* added data as additional subclass param in Protocol base class * added Protocol.from_data (& related util function: _make_data, _make_payload, etc.)
* implemented _make_data for misc/link/inet protocols
* added opt/param registry for HIP/IPv4
* revised opt/param registry method for protocols (added overwriting warnings)
* updated foundation.registry functions accordingly (new func added)
* added RegistryWarning for overwriting registry entries
* changed Schema.__fields__ to OrderedDict * added Schema.get_payload method to extract PayloadField data in given schema instance
* added Schema.__payload__ attribute for marking the name of PayloadField
- e9066248 bugfix
* Info class set map/resv attr on self
* protocol's schema argument * DEVMODE usage
- 9a8366e9 make isort
- aff32c8a vendor update
- 5e2797cc bugfix for fields impl & protocol constructors
- 819f8d8c integrated UDP with schema
- 77e33931 integrated Transport with schema
- 327a635d removed README.md files
- dc1df513 make isort
- 709bb3ad updated docs for IPX
- 1fa3c014 integrated MH with schema
- 88d51ffa integrated IPX with schema
- 45ebc600 integrated IPv6 with schema
- ef4dab07 make isort
- cb6dc13a minor revision
* revised make arglist for protocols (do not add support for Data as args)
* added __next_type/name__ to Data when _decode_next_layer returns (to keep track of payload protocol type & info name)
- 6a052f9e integrated IPv6-Route with schema
- 12b1095f updated docs for HIP
- 7b604190 updated docs for IPv6-Frag/IPv6-Opts/HOPOPT
- 69948b2f integrated IPv6-Opts with schema
- 696c76cc updated docs for HOPOPT
- 3521050d integrated IPv6_Frag with schema
- abb26008 make isort
- 03584d74 make isort
- 05407ca5 integrated IPv4 with schema
- 3e300e63 minor bugfix in HOPOPT quick start option handling
- 55a96c2e integrated IPv4 with schema (work in progress)
- 780d34d6 revised Schema unpacking to keep padding fields' value in buffer & dict as well
- 945ba9a1 integrated IPv4 with schema (work in progress)
- 6371faca revised IPv4 protection authority enumeration
- 392ed0ca integrated IPv4 with schema (work in progress)
- 08ec431a integrated IPv4 with schema (work in progress)
- c001462c revised HOPOPT for option list construction in consideration of auto padding & alignment
- ff1e4179 revised Schema's len as packed bytes length
- b3dcc470 updated docs
- a509663c make isort
- 25683edb integrated IP with schema
- 8baf986a integrated HOPOPT with schema
- b1e6f314 revised IP fields for pre/post-processing IP version check
- ba23c149 typo fix (nounce -> nonce)
- c465dd04 integrated HOPOPT with schema (work in progress)
- e30a7b99 Scheduled weekly dependency update for week 10 (#133)
- 1831bb60 integrated HOPOPT with schema (work in progress)
- 038c247c integrated HOPOPT with schema (work in progress)
- 4fae1153 minor bugfix for HIP
- 150b5f69 added IPv6 unknown option actions enumeration
- ebab2389 make isort
- ee6d2c4f revise HIP for parameter construction with specific args
- 64d7bca2 make isort
- e046c64f revise HIP for parameter construction with specific args (work in progress)
- 18efad76 revise HIP for parameter construction with specific args (work in progress)
- b728ca49 revise HIP for parameter construction with specific args
- a6133b9f minor revision on IPField to support more valid types in packing
- 6b6960e3 revised HIP schemas with IPFields
- c00370e4 added IPFields for IPv4/6 addresses in schema
- 8c13df91 integrated HIP with schema
- 9e6d79c1 integrated HIP with schema (work in progress)
- b78b3f47 integrated HIP with schema (work in progress)
- 129a9e79 integrated HIP with schema (work in progress)
- e46b58ac added EdDSA curve label enumerations
- 80abcb7b make isort
- ac053f24 integrated HIP with schema (work in progress)
- 0d953237 revised Schema's un/packing process, now buffer should always contain bytes
- 2b5776ad added item_type to ListField for auto unpacking & schema support for packing
- d5312477 revised NoValueType for its boolean repr
- 7ad62f02 added new field related exceptions
- d4d53f80 working on integrating Schema into HIP
- d3ae224c revised schema for change of field parameter list
- 8e2b4248 allow bytes as file stream input to protocols
- dc57a116 added data to schema support for OSPF cryto auth
- 1b3e138d allow bytes as file stream input to protocols
- c50305d3 updated Schema for ListField & bugfix for packet data
- 25634707 revised fields & added ListField for options & params
- 439cc688 integrated AH with schema
- 0a909da5 revised PaddingField usage
- e427511e revised __all__ statements & type names
- 51d7502b integrated Internet & IPsec (base classes) with schema
- c5051c32 updated docs
- ccf876eb updated docs
- 747275c7 integrated VLAN with schema
- 7b36e18f added bit_length for NumberFields
- bf6687d9 integrated OSPF with schema
- 4ec77f0f make isort
- e03e464b minor bugfix for the integrations
- 104f2e3b integrated L2TP with schema
- c85c9933 added PaddingField & bugfix in BitField
- 5affdfd3 make isort
- 358ae6f5 updated __init__.py files
- 2647a963 integrated Ethernet with schema
- 10a40e4e minor bugfix for PayloadField and ARP methods
- 9cab5028 minor revision on Header
- 8b5397f6 integrated ARP with schema
- 9b2cdcc1 added __init__.py placeholders
- 5b7a0bcf integrated ARP with schema
- 885cc5e2 integrated Link with schema
- 8f8704b5 bugfix in Header schema (enum length)
- 7cc93e69 keep length in arg list for Protocol.read
- 7ebfe06c updated __init__.py files
- d016593f integrated Frame with schema
- d5763fd8 support packing Schema instance in PayloadField
- 66bfe68b updated __init__.py files
- 8dbcf88f integrated Header with schema
- 1cdc0e7c integrated Raw with schema
- 7b8e66fa minor revision for pcapkit.protocols.__all__
- 526f873f revised schema pack & unpack flow
- b8e0ad59 integrated NoPayload with schema
- fa7140bf added field instance to callback arg list
- c9d13c99 added callback function to fields
- c46f8b63 renamed number fields by their lengths
- 1ae9a383 make isort
- f453a8d7 intergrated schema into protocol & revised read/make flow
- d31a9337 revised schema implementation (preparing for Protocol integration)
- a8cccc61 moved schema form corekit to protocols module
- 6c6fb947 added Data base class for protocol data models
- d2d56bc8 renamed DataType & RegType as Data & Enum
- f8a79bd7 updated setup.py with schema fields
- accf830a added init_subclass to Protocol to set schema upon class creation & added NoPayload schema as default
- 78fb6060 used IO[bytes] instead of BytesIO
- c5c48070 call post_init after from_dict in Schema construction
- 2d96e847 downgrade shpinx-autodoc-typehints
- 3ffde30a bugfix for github pages action
- 381c4688 updated vendor & const
- aa640b7a bugfix for circular imports in fields
- 70d57306 revised default value settings in fields & schema
- 3bd9330d added some util methods for schema
- 7a17d2bd updated pcapkit.all
- 95baabc9 implemented protocol schema
- ebb845af minor revision on Info magic methods' argument list
- 260566cb minor revision on field attributes and properties
- 821bd45e added length for payload fields
- 19b98fc9 revised fields implementation
* revised un/pack flow
* length can be a callback
* added packet info to un/pack and pre/post-process
* added another layer of aubstraction for text fields
- 9977bba1 reorgnised fields hirarchy
* added _Field for internal base field
* added PayloadField
* need to review field mechanism
- 1451a77e revised field impl
* seperate conditional fields
* revised number fields (with more presets)
* bugfix in bit fields
* added pack/unpack methods for general processing flow
- 19441990 moved fields to corekit
- 567650cc Scheduled weekly dependency update for week 05 (#129)
- e4c49bdf implemented protocol fields
- 06db201b profiling pcapkit
- 9487681f Update sphinx-autodoc-typehints from 1.19.4 to 1.19.5 (#123)
- 1cbda653 bugfix for github pages
- 5522d14b bugfix for github pages
- 7b30d703 bugfix for github pages
- 946cf059 bugfix for github pages
- 4b045787 bugfix for distro workflow
- 8205e8f5 version compat bugfix for minus 3.9
- 8d9cc217 bugfix for github pages deployment action
- 789e4925 bugfix for github pages action
- 8a522d38 bugfix for github pages action
- d14a9a56 removed Pipfile.lock
- 4d67f5e8 Update sphinx from 5.2.3 to 5.3.0 (#122)
- 8a695117 Updated Pipfile.lock at Mon Oct 31 12:17:40 UTC 2022
- 0f8d2e11 Updated Pipfile.lock at Mon Oct 24 12:19:48 UTC 2022
- 3e0d8011 Updated Pipfile.lock at Mon Oct 17 17:39:21 UTC 2022
- e28b8708 Scheduled weekly dependency update for week 41 (#119)
- 5077295b Updated Pipfile.lock at Mon Oct 10 12:18:29 UTC 2022
- 0687cf69 Updated Pipfile.lock at Mon Oct 3 12:12:05 UTC 2022
- 45883c10 Update sphinx from 5.1.1 to 5.2.1 (#118)
- ab1e8e2d Updated Pipfile.lock at Mon Sep 26 12:16:26 UTC 2022
- 7617898f Updated Pipfile.lock at Mon Sep 19 12:18:21 UTC 2022
- 912cc48e Updated Pipfile.lock at Mon Sep 12 12:15:41 UTC 2022
- f13f68c4 Updated Pipfile.lock at Mon Aug 29 12:15:24 UTC 2022
- b089e94a Updated Pipfile.lock at Mon Aug 22 12:14:28 UTC 2022
- cccfb40d Merge branch 'master' of https://github.com/JarryShaw/PyPCAPKit
- 602811e6 Scheduled weekly dependency update for week 33 (#117)
- 20d06740 Updated Pipfile.lock at Mon Aug 15 12:15:15 UTC 2022
- 91f4ef2b Updated Pipfile.lock at Mon Aug 8 12:13:55 UTC 2022
- dc06bc58 bumped version to 0.16.3
- f572c7a6 revised build chain (#114)
- fe8139c8 bugfix in reassembly property caches
- 3ab1f983 bugfix in README (for PyPI compliance)2023-04-21T17:38:25+00:00PyPCAPKit v1.0.0b11PyPCAPKit v1.0.0b112023-04-22T02:53:24+00:00- f68ec855 Bumped version to 1.0.0b11
- 1ba549e1 bugfix for distro workflow
- 20cb0f26 Bumped version to 1.0.0b10
- dac56d14 use multi matrix for distro
- 3e1a5c44 Bumped version to 1.0.0b10
- 6e682444 working on conda workflow
- 0ea3f01e check if tag exists
- 0669f972 bugfix in release (version cmp)
- e544b47d release only on new versions
- da295657 release only on new versions
- 2af128e7 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 34a9197e minor revision on vendor update action2023-04-22T02:53:24+00:00PyPCAPKit v1.0.0b12PyPCAPKit v1.0.0b122023-04-22T03:14:39+00:00- 419833d1 Bumped version to 1.0.0b12
- 12cddce3 pypi distro is universal
- f68ec855 Bumped version to 1.0.0b11
- 1ba549e1 bugfix for distro workflow2023-04-22T03:14:39+00:00PyPCAPKit v1.0.0b13PyPCAPKit v1.0.0b132023-04-22T03:24:41+00:00- cd03852a Bumped version to 1.0.0b13
- 63baf53e Update create-release.yml
- aa61222f bugfix in pypi distro python version
- 419833d1 Bumped version to 1.0.0b12
- 12cddce3 pypi distro is universal2023-04-22T03:24:41+00:00PyPCAPKit v1.0.0b14PyPCAPKit v1.0.0b142023-04-22T03:50:18+00:00- cfcc73d7 Bumped version to 1.0.0b14
- 70530963 ignore tests (for now)
- fa087e9d trigger release actions
- 4d05757e Update create-release.yml
- cd03852a Bumped version to 1.0.0b13
- 63baf53e Update create-release.yml
- aa61222f bugfix in pypi distro python version2023-04-22T03:50:18+00:00PyPCAPKit v1.0.0b15PyPCAPKit v1.0.0b152023-04-22T04:29:13+00:00- b82acc23 Bumped version to 1.0.0b15
- 4bfc2565 trigger release
- cac82034 conda label
- cfcc73d7 Bumped version to 1.0.0b14
- 70530963 ignore tests (for now)
- fa087e9d trigger release actions
- 4d05757e Update create-release.yml2023-04-22T04:29:13+00:00PyPCAPKit v1.0.0b16PyPCAPKit v1.0.0b162023-04-22T04:57:56+00:00- b59bfce8 Bumped version to 1.0.0b16
- 2f760f4c trigger release
- aebc21c3 use global version in pcapkit-vendor
- 77d789c5 bug fix for label
- b82acc23 Bumped version to 1.0.0b15
- 4bfc2565 trigger release
- cac82034 conda label2023-04-22T04:57:56+00:00PyPCAPKit v1.0.0b17PyPCAPKit v1.0.0b172023-04-22T05:15:40+00:00- 8076dee3 Bumped version to 1.0.0b17
- 55094f69 trigger release
- 11c99977 bug fix for label output
- b59bfce8 Bumped version to 1.0.0b16
- 2f760f4c trigger release
- aebc21c3 use global version in pcapkit-vendor
- 77d789c5 bug fix for label2023-04-22T05:15:40+00:00PyPCAPKit v1.0.0b18PyPCAPKit v1.0.0b182023-04-22T05:57:52+00:00- 7d567f41 Bumped version to 1.0.0b18
- 6d4b6f13 trigger release
- 1525df45 ignore 3.6/7 for conda
- 8076dee3 Bumped version to 1.0.0b17
- 55094f69 trigger release
- 11c99977 bug fix for label output2023-04-22T05:57:52+00:00PyPCAPKit v1.0.0b19PyPCAPKit v1.0.0b192023-04-24T05:44:36+00:00- 0f83ea57 Bumped version to 1.0.0b19
- 7c8a37bd working on pcapng schemas (option done, SHB done)
- b40b262a added pcapng option type vendor/const
- e2017818 use of typing.Self
- c7f5f06b sort whole project upon commit
- 2b97db98 only sort pcapkit.const in actions
- ed10fc60 general revision
- a03300c5 release on tag
- 90da7ea0 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 565cf693 bugfix in setup.py
- 1192ecd3 Update tbtrim requirement from ~=0.3.0 to ~=0.3.1 (#134)
- ae547557 Update dictdumper requirement from ~=0.8.0 to ~=0.8.4 (#135)
- 3bc4a8a7 no changes
- 7d567f41 Bumped version to 1.0.0b18
- 6d4b6f13 trigger release
- 1525df45 ignore 3.6/7 for conda2023-04-24T05:44:36+00:00PyPCAPKit v1.0.0b20PyPCAPKit v1.0.0b202023-04-24T11:24:18+00:00- dcf49ef4 Bumped version to 1.0.0b20
- db8aa9dc working on pcapng schemas (NRB & option done)
- 18e0b4af added pcapng NRB record type vendor/const
- c1e74e01 added pcapng option type vendor/const (ns options)
- 3cfc8ede revised schema.pre/post_process signature & usage (added __packet__ to Schema init call as well)
- 0b92cd4f working on pcapng schemas (SPB & option done)
- 2bdb1f9b working on pcapng schemas (EPB & option done)
- f202b67d sort vendor imports as well
- 276751b5 working on pcapng schemas (IDB & option done)
- a85c78a3 added pcapng option type vendor/const (if options)
- 859682e1 revised IP fields * renamed IPField to IPAddressField (v4/v6) * added IPInterfaceField (v4/v6)
- 0f83ea57 Bumped version to 1.0.0b19
- 7c8a37bd working on pcapng schemas (option done, SHB done)
- b40b262a added pcapng option type vendor/const
- e2017818 use of typing.Self
- c7f5f06b sort whole project upon commit
- 2b97db98 only sort pcapkit.const in actions
- ed10fc60 general revision
- a03300c5 release on tag
- 90da7ea0 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 565cf693 bugfix in setup.py
- 1192ecd3 Update tbtrim requirement from ~=0.3.0 to ~=0.3.1 (#134)
- ae547557 Update dictdumper requirement from ~=0.8.0 to ~=0.8.4 (#135)
- 3bc4a8a7 no changes2023-04-24T11:24:18+00:00restic v0.15.2restic v0.15.22023-04-24T18:40:25+00:00We're very pleased to present you restic 0.15.2! This is just (another) small bugfix release.
restic is distributed as a standalone binary: download the correct file for your operating system and architecture, extract the file and just run it. If you run into any issues, please report them at [the GitHub issue tracker](https://github.com/restic/restic/issues/new) or visit [the forum](https://forum.restic.net). If you already have restic >= 0.9.4, you can use `restic self-update` to get the latest version in a secure way.
The binaries released with each restic version are [reproducible](https://reproducible-builds.org/), which means that you can reproduce a byte identical version from the source code for that release. Instructions on how to do that in the [Developer Documentation](https://github.com/restic/restic/blob/master/doc/developer_information.rst).
Changelog for restic 0.15.2 (2023-04-24)
=======================================
The following sections list the changes in restic 0.15.2 relevant to restic users. The changes are ordered by importance.
Summary
-------
* Sec [#4275](https://github.com/restic/restic/issues/4275): Update golang.org/x/net to address CVE-2022-41723
* Fix [#2260](https://github.com/restic/restic/issues/2260): Sanitize filenames printed by `backup` during processing
* Fix [#4211](https://github.com/restic/restic/issues/4211): Make `dump` interpret `--host` and `--path` correctly
* Fix [#4239](https://github.com/restic/restic/issues/4239): Correct number of blocks reported in mount point
* Fix [#4253](https://github.com/restic/restic/issues/4253): Minimize risk of spurious filesystem loops with `mount`
* Enh [#4180](https://github.com/restic/restic/pull/4180): Add release binaries for riscv64 architecture on Linux
* Enh [#4219](https://github.com/restic/restic/pull/4219): Upgrade Minio to version 7.0.49
Details
-------
* Security #4275: Update golang.org/x/net to address CVE-2022-41723
[#4275](https://github.com/restic/restic/issues/4275) [#4213](https://github.com/restic/restic/pull/4213)
* Bugfix #2260: Sanitize filenames printed by `backup` during processing
The `backup` command would previously not sanitize the filenames it printed during processing, potentially causing newlines or terminal control characters to mangle the status output or even change the state of a terminal.
Filenames are now checked and quoted if they contain non-printable or non-Unicode characters.
[#2260](https://github.com/restic/restic/issues/2260) [#4191](https://github.com/restic/restic/issues/4191) [#4192](https://github.com/restic/restic/pull/4192)
* Bugfix #4211: Make `dump` interpret `--host` and `--path` correctly
A regression in restic 0.15.0 caused `dump` to confuse its `--host=<host>` and `--path=<path>` options: it looked for snapshots with paths called `<host>` from hosts called `<path>`. It now treats the options as intended.
[#4211](https://github.com/restic/restic/issues/4211) [#4212](https://github.com/restic/restic/pull/4212)
* Bugfix #4239: Correct number of blocks reported in mount point
Restic mount points reported an incorrect number of 512-byte (POSIX standard) blocks for files and links due to a rounding bug. In particular, empty files were reported as taking one block instead of zero.
The rounding is now fixed: the number of blocks reported is the file size (or link target size) divided by 512 and rounded up to a whole number.
[#4239](https://github.com/restic/restic/issues/4239) [#4240](https://github.com/restic/restic/pull/4240)
* Bugfix #4253: Minimize risk of spurious filesystem loops with `mount`
When a backup contains a directory that has the same name as its parent, say `a/b/b`, and the GNU `find` command was run on this backup in a restic mount, `find` would refuse to traverse the lowest `b` directory, instead printing `File system loop detected`. This was due to the way the restic mount command generates inode numbers for directories in the mount point.
The rule for generating these inode numbers was changed in 0.15.0. It has now been changed again to avoid this issue. A perfect rule does not exist, but the probability of this behavior occurring is now extremely small.
When it does occur, the mount point is not broken, and scripts that traverse the mount point should work as long as they don't rely on inode numbers for detecting filesystem loops.
[#4253](https://github.com/restic/restic/issues/4253) [#4255](https://github.com/restic/restic/pull/4255)
* Enhancement #4180: Add release binaries for riscv64 architecture on Linux
Builds for the `riscv64` architecture on Linux are now included in the release binaries.
[#4180](https://github.com/restic/restic/pull/4180)
* Enhancement #4219: Upgrade Minio to version 7.0.49
The upgraded version now allows use of the `ap-southeast-4` region (Melbourne).
[#4219](https://github.com/restic/restic/pull/4219)2023-04-24T18:40:25+00:00PyPCAPKit v1.0.0b21PyPCAPKit v1.0.0b212023-04-26T08:08:24+00:00- 7adc41cf Bumped version to 1.0.0b21
- 33cda9b7 working on pcapng (data model done, revised header schema)
- b23cf6a5 updated Data typing info
- 2ec51d5a added __post_init__ to Info
- 75006b0c added pcapng filter_type vendor/const
- a44946e1 no changes
- b0465908 exit on error for bash
- 99fa93c7 bugfix in pcapng
- 0d858f8e updated pcapng const/vendor docs
- c0e65296 pcapng imports
- 94b68f70 make isort
- 4b82b94a pcapng schemas done
- c07c9b0c type comment fix
- 1b99c324 updated pcapng option_type with Packet Block options
- d53a0ac6 added pcapng secrets_type vendor/const
- 78d0cf94 bugfix in number fields (negative bit_length)
- a07952e1 minor changes to Raw schema (removed unnecessary args)
- b397b093 sort vendor/const when make isort
- 147c054a revised fields length usage (for packing)
- c074ea8f revised docs req
- 019588f9 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- b3c59c71 Scheduled weekly dependency update for week 17 (#136)
- 582a8d68 working on pcapng schemas (systemd journal export block done)
- 4fb5e870 working on pcapng schemas (ISB & option done)
- 694cefc2 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 51bec4e5 added pcapng ISB record type vendor/const
- dcf49ef4 Bumped version to 1.0.0b20
- db8aa9dc working on pcapng schemas (NRB & option done)
- 18e0b4af added pcapng NRB record type vendor/const
- c1e74e01 added pcapng option type vendor/const (ns options)
- 3cfc8ede revised schema.pre/post_process signature & usage (added __packet__ to Schema init call as well)
- 0b92cd4f working on pcapng schemas (SPB & option done)
- 2bdb1f9b working on pcapng schemas (EPB & option done)
- f202b67d sort vendor imports as well
- 276751b5 working on pcapng schemas (IDB & option done)
- a85c78a3 added pcapng option type vendor/const (if options)
- 859682e1 revised IP fields * renamed IPField to IPAddressField (v4/v6) * added IPInterfaceField (v4/v6)2023-04-26T08:08:24+00:00maltrail 0.57maltrail 0.572023-04-30T22:11:05+00:00Start-of-month release2023-04-30T22:11:05+00:00DC3-MWCP 3.12.0DC3-MWCP 3.12.02023-05-01T15:07:20+00:002023-05-01T15:07:20+00:00HyperDbg v0.2.0HyperDbg v0.2.02023-05-03T11:56:58+00:00# HyperDbg v0.2 is released!
**If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!**
Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**.
### Added
- HyperDbg Software Development Kit (SDK) is now available
- **flush()** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/flush))
- **memcpy()** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/memory/memcpy))
### Changed
- Global code refactor and fixing bugs!
- Compiling HyperDbg by using the latest Windows 11 WDK
- **enable_event** function name changed to **event_enable** ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_enable))
- **disable_event** function name changed to **event_disable** ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_disable))
- The "**settings**" command now preserves the configurations in the config file
- The communication buffer is now separated from the hyperlogger buffer chunks and the buffer size is increased X10 times ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/increase-communication-buffer-size))
- Zydis submodule is updated to version 4 ([link](https://github.com/zyantific/zydis/releases/tag/v4.0.0))
### Removed
- **enable_event** script engine function
- **disable_event** script engine function
2023-05-03T11:56:58+00:00PyPCAPKit v1.0.0rc1PyPCAPKit v1.0.0rc12023-05-04T06:22:48+00:00- f7104d3a bugfix in create release action
- a284431b bugfix in create release action
- 968dfc1e bumped version to 1.0.0rc1
- 11851893 updated sample output
- 0396511c revised pcapng schema (set section length to -1 if needed)
- a5654f8a bugfix in PCAPNG docstrings
- 9b53763a added pcapng docs
- 27774a36 updated docs (general fix)
- 3e04b57e minor bugfix for pcapng protocol (method name typo)
- 1a6aea9a make isort
- edd1c078 finished implementation of PCAPNG protocol
- e67088c0 added pcapng samples
- 428c60cc general cleanup for PCAPNG engine
- c59a387a updated docs for warning/exception changes
- 10775075 bugfix in PCAPNG protocol
- 2d4256a1 bugfix in PCAPNG schema
- 6507d474 added Protocol._get_payload for customisable payload retrieving methods
- 32ad44a3 bugfix in schema
- 54cbba03 bugfix for PCAP Frame timestamp out of range handling
- dbca330b bugfix for PCAPNG engine init
- a29e9fdb quiet on MultiDict.get
- d85cfac4 bugfix in fields (added length property and revised __call__)
- 88c0a2cc added SchemaWarning
- b19fee0a added pcapng test files
- 9950e0d7 revised switch field arglist (removed length)
- fc657f19 added pycharm profiles
- 7eb43a6e revised Extractor input file extension check
- e409b9a2 added test_pcapng
- afa20e7b revised PCAP Frame timestamp handling
- 383bc323 working on pcapng protocol impl (added all block parsing)
- c999984a working on pcapng protocol impl (added IDB parsing)
- d13ff171 bugfix for circular imports in PCAPNG protocol
- f618b521 make isort
- 43e62583 working on pcapng protocol impl (added all secrets/records)
- 945242c3 make isort
- 49049586 revised PCAP Frame timestamp making process
- 468bbcf2 working on pcapng protocol impl (added all options parsing/making)
- 873dd6c8 Update requirements.txt
- c4bceebb Scheduled weekly dependency update for week 18 (#137)
- d7d491be working on pcapng protocol impl (added PACK options making)
- 4ba37227 make isort
- acd2823f working on pcapng protocol impl (added ISB & PACK options parsing)
- 56daf530 working on pcapng protocol impl (added NRB options)
- dc87cba0 working on pcapng protocol impl (added EPB options)
- 755a3624 added namespace check of options
- 3fb3b9c2 revised pcapng schema for the redesign of OptionType enum
- a2fd7fed revised const/vendor for _missing_ & type hints
- f8958ab4 working on pcapng protocol impl (added IF options)
- 83127277 working on pcapng protocol impl (adding IF options)
- 9cd07ad4 working on pcapng protocol impl (added general opts)
- b276e8b2 added custom option enums for direct reference
- d58a1a0a working on pcapng protocol impl (added shb & option generic handling)
- 965130fe bugfix in doc for TCP
- 693621fd added CustomOption schema/data
- 3e4b3e8e updated sample output
- ffc13c6c make isort
- 54566967 revised schema's packet context usage * added packet param to SchemaField * use packet arg in SchemaField.un/pack as __packet__ dict key * added docs for OptionField's __option_padding__ dict key * added snaplen for PCAPNG engine extraction process (for ISB) * revised usage of callback functions in schemas * bugfix in PCAPNG schema for PayloadField usage
- e8e715b5 make isort
- 2af3f994 renamed Schema.pre_process as pre_unpack; added .pre_pack
- dfac5d17 revised default dumper object_hook
- dde3420d working on pcapng protocol impl (added unknown block read/make)
- b52bd7ca bugfix in PCAPNG schema typing annotations
- c42248c2 removed packets attribute from PCAPNG context (unused)
- 5f50a738 make isort
- 9715d381 revised dpkt engine workflow
- 49e57bbe working on pcapng protocol impl (added _make_data, _decode_next_layer)
- 74707ebc removed unnecessary call in scapy engine
- ecbb99d8 revised Extractor * added PCAPNG engine support * bugfix in engine module mapping * added magic_number property
- 429f1a09 revised 3rd party engines (no need to call builtin engine)
- 1dfd66b2 bugfix in PCAPNG secrets name mapping
- 8fdc205e make isort
- 8a9a2a65 added registry method to PCAPNG
- d021ade4 working on pcapng protocol impl (make done)
- 92da1a28 updated docs for HTTP/2
- 7ebd4cfd working on pcapng protocol impl (read done)
- 37387739 updated docs for Frame
- 58d979c9 bugfix in Frame (~._data should be the entire packet)
- 9efaca9a bugfix for Extractor.read_frames (no return)
- fc79049f updated docs for PCAPNG engine
- 70f1c221 make isort
- c3df3648 working on pcapng protocol impl * added context/nanosecond/linktype properties & revised name * added pack/unpack impl with self._ctx support * added __post_init__ to define the init args
- 0ea78420 revised first block processing in pcapng engine
- 5e01e59d updated docs for DeprecatedFormatWarning
- 5ddbdb66 added DeprecatedFormatWarning
- 23b737b3 added checks for interface ID in packet related blocks
- 689feeb7 implemented PCAPNG engine support
- 7f6de7b4 added necessary attributes to PCAPNG data models for compatibility support
- 25f216f4 implemented toolkit functions for PCAPNG
- aeee9a17 working on pcapng protocol impl
- bca119c3 working on pcapng engine
- 5d86eb27 renamed pcapkit.toolkit.default as pcapkit.toolkit.pcap
- 9290f655 bugfix in data imports
- e49e463e updated extraction typings
- cc726906 make isort
- fd3cee56 revised engines & extraction * merged unnecessary properties to engine instance * updated docs accordingly
- 4744f08d working on pcapng protocol impl (added default mappings)
- 4c95a769 make isort
- edef4a40 added unknown secrets data model & header schema
- 9014c8b2 updated docs for PCAP Frame
- 63fce1d8 working on pcapng protocol impl
- 74916c62 bugfix for PCAPNG schema with a generic BlockType
- b782149b updated Enum output format in dumpkit & updated sample outputs
- da9a08b7 bugfix in Frame._decode_next_layer for NoPayload compat
- 02912e2c bugfix in NumberField for default bitmask
- cbd7034d added test_tcp for TCP options test
- 66d24e2d WIP: 33cda9b7 working on pcapng (data model done, revised header schema)2023-05-04T06:22:48+00:00PyPCAPKit v1.0.0PyPCAPKit v1.0.02023-05-09T02:11:44+00:00- 8b7d9cb4 bumped version to 1.0.0
- abe00ee5 updated pep docs
- c3549b7d added vermin config
- f1950035 updated license copyright year
- 0079c3c6 minor revision for docs
- 814c8745 minor revision on scapy engine (dont use scapy.all)
- 6311fb00 added pyperf test case
- 7870f494 minor revision on scapy toolkit
- 231e5eac Update builtin.rst
- 4ad7df1f Update pep.rst
- b80f08be added Context to docs
- f7104d3a bugfix in create release action
- a284431b bugfix in create release action
- 968dfc1e bumped version to 1.0.0rc1
- 11851893 updated sample output
- 0396511c revised pcapng schema (set section length to -1 if needed)
- a5654f8a bugfix in PCAPNG docstrings
- 9b53763a added pcapng docs
- 27774a36 updated docs (general fix)
- 3e04b57e minor bugfix for pcapng protocol (method name typo)
- 1a6aea9a make isort
- edd1c078 finished implementation of PCAPNG protocol
- e67088c0 added pcapng samples
- 428c60cc general cleanup for PCAPNG engine
- c59a387a updated docs for warning/exception changes
- 10775075 bugfix in PCAPNG protocol
- 2d4256a1 bugfix in PCAPNG schema
- 6507d474 added Protocol._get_payload for customisable payload retrieving methods
- 32ad44a3 bugfix in schema
- 54cbba03 bugfix for PCAP Frame timestamp out of range handling
- dbca330b bugfix for PCAPNG engine init
- a29e9fdb quiet on MultiDict.get
- d85cfac4 bugfix in fields (added length property and revised __call__)
- 88c0a2cc added SchemaWarning
- b19fee0a added pcapng test files
- 9950e0d7 revised switch field arglist (removed length)
- fc657f19 added pycharm profiles
- 7eb43a6e revised Extractor input file extension check
- e409b9a2 added test_pcapng
- afa20e7b revised PCAP Frame timestamp handling
- 383bc323 working on pcapng protocol impl (added all block parsing)
- c999984a working on pcapng protocol impl (added IDB parsing)
- d13ff171 bugfix for circular imports in PCAPNG protocol
- f618b521 make isort
- 43e62583 working on pcapng protocol impl (added all secrets/records)
- 945242c3 make isort
- 49049586 revised PCAP Frame timestamp making process
- 468bbcf2 working on pcapng protocol impl (added all options parsing/making)
- 873dd6c8 Update requirements.txt
- c4bceebb Scheduled weekly dependency update for week 18 (#137)
- d7d491be working on pcapng protocol impl (added PACK options making)
- 4ba37227 make isort
- acd2823f working on pcapng protocol impl (added ISB & PACK options parsing)
- 56daf530 working on pcapng protocol impl (added NRB options)
- dc87cba0 working on pcapng protocol impl (added EPB options)
- 755a3624 added namespace check of options
- 3fb3b9c2 revised pcapng schema for the redesign of OptionType enum
- a2fd7fed revised const/vendor for _missing_ & type hints
- f8958ab4 working on pcapng protocol impl (added IF options)
- 83127277 working on pcapng protocol impl (adding IF options)
- 9cd07ad4 working on pcapng protocol impl (added general opts)
- b276e8b2 added custom option enums for direct reference
- d58a1a0a working on pcapng protocol impl (added shb & option generic handling)
- 965130fe bugfix in doc for TCP
- 693621fd added CustomOption schema/data
- 3e4b3e8e updated sample output
- ffc13c6c make isort
- 54566967 revised schema's packet context usage * added packet param to SchemaField * use packet arg in SchemaField.un/pack as __packet__ dict key * added docs for OptionField's __option_padding__ dict key * added snaplen for PCAPNG engine extraction process (for ISB) * revised usage of callback functions in schemas * bugfix in PCAPNG schema for PayloadField usage
- e8e715b5 make isort
- 2af3f994 renamed Schema.pre_process as pre_unpack; added .pre_pack
- dfac5d17 revised default dumper object_hook
- dde3420d working on pcapng protocol impl (added unknown block read/make)
- b52bd7ca bugfix in PCAPNG schema typing annotations
- c42248c2 removed packets attribute from PCAPNG context (unused)
- 5f50a738 make isort
- 9715d381 revised dpkt engine workflow
- 49e57bbe working on pcapng protocol impl (added _make_data, _decode_next_layer)
- 74707ebc removed unnecessary call in scapy engine
- ecbb99d8 revised Extractor * added PCAPNG engine support * bugfix in engine module mapping * added magic_number property
- 429f1a09 revised 3rd party engines (no need to call builtin engine)
- 1dfd66b2 bugfix in PCAPNG secrets name mapping
- 8fdc205e make isort
- 8a9a2a65 added registry method to PCAPNG
- d021ade4 working on pcapng protocol impl (make done)
- 92da1a28 updated docs for HTTP/2
- 7ebd4cfd working on pcapng protocol impl (read done)
- 37387739 updated docs for Frame
- 58d979c9 bugfix in Frame (~._data should be the entire packet)
- 9efaca9a bugfix for Extractor.read_frames (no return)
- fc79049f updated docs for PCAPNG engine
- 70f1c221 make isort
- c3df3648 working on pcapng protocol impl * added context/nanosecond/linktype properties & revised name * added pack/unpack impl with self._ctx support * added __post_init__ to define the init args
- 0ea78420 revised first block processing in pcapng engine
- 5e01e59d updated docs for DeprecatedFormatWarning
- 5ddbdb66 added DeprecatedFormatWarning
- 23b737b3 added checks for interface ID in packet related blocks
- 689feeb7 implemented PCAPNG engine support
- 7f6de7b4 added necessary attributes to PCAPNG data models for compatibility support
- 25f216f4 implemented toolkit functions for PCAPNG
- aeee9a17 working on pcapng protocol impl
- bca119c3 working on pcapng engine
- 5d86eb27 renamed pcapkit.toolkit.default as pcapkit.toolkit.pcap
- 9290f655 bugfix in data imports
- e49e463e updated extraction typings
- cc726906 make isort
- fd3cee56 revised engines & extraction * merged unnecessary properties to engine instance * updated docs accordingly
- 4744f08d working on pcapng protocol impl (added default mappings)
- 4c95a769 make isort
- edef4a40 added unknown secrets data model & header schema
- 9014c8b2 updated docs for PCAP Frame
- 63fce1d8 working on pcapng protocol impl
- 74916c62 bugfix for PCAPNG schema with a generic BlockType
- b782149b updated Enum output format in dumpkit & updated sample outputs
- da9a08b7 bugfix in Frame._decode_next_layer for NoPayload compat
- 02912e2c bugfix in NumberField for default bitmask
- cbd7034d added test_tcp for TCP options test
- 66d24e2d WIP: 33cda9b7 working on pcapng (data model done, revised header schema)2023-05-09T02:11:44+00:00syncthing v1.23.5-rc.1syncthing v1.23.5-rc.12023-05-09T10:48:05+00:00Bugfixes:
- #8503: "syncthing cli config devices add" reflect error when using --addresses flag
- #8764: Ignore patterns creating during folder addition are not loaded
- #8778: Tests fail on Windows with Go 1.20
- #8779: Test cleanup fails all model tests on Windows on Go 1.20
- #8859: Incorrect handling of path for auto accepted folder
Other issues:
- #8799: "fatal error: checkptr: converted pointer straddles multiple allocations" in crypto tests
2023-05-09T10:48:05+00:00dnstwist 20230509dnstwist 202305092023-05-09T16:48:45+00:00Changes:
- Improved homoglyph fuzzer: more accurate permutations for selected country-code TLD and extended homograph mapping
- Tuned webdriver timeout value2023-05-09T16:48:45+00:00suricata suricata-6.0.12suricata suricata-6.0.122023-05-09T17:50:04+00:00## Release Notes
https://forum.suricata.io/t/suricata-6-0-12-released
## Redmine Tracker
https://redmine.openinfosecfoundation.org/versions/189
## Download
https://www.openinfosecfoundation.org/download/suricata-6.0.12.tar.gz
https://www.openinfosecfoundation.org/download/suricata-6.0.12.tar.gz.sig
## Documentation
https://suricata.readthedocs.io/en/suricata-6.0.11/
(6.0.12 not yet generated, see https://redmine.openinfosecfoundation.org/issues/6059)2023-05-09T17:50:04+00:00PyPCAPKit v1.0.1PyPCAPKit v1.0.12023-05-14T15:40:58+00:00- 6ddd2f50 bumped version to 1.0.1
- f1a998f0 updated readme for time benchmark
- aeb72729 pre-finalise infoclass to save runtime
- 43cf904f pre-finalise schema to save runtime
- 8b7d9cb4 bumped version to 1.0.0
- abe00ee5 updated pep docs
- c3549b7d added vermin config
- f1950035 updated license copyright year
- 0079c3c6 minor revision for docs
- 814c8745 minor revision on scapy engine (dont use scapy.all)
- 6311fb00 added pyperf test case
- 7870f494 minor revision on scapy toolkit
- 231e5eac Update builtin.rst
- 4ad7df1f Update pep.rst
- b80f08be added Context to docs2023-05-14T15:40:58+00:00caddy v2.7.0-beta.1caddy v2.7.0-beta.12023-05-16T17:22:16+00:00This is our first beta release of Caddy 2.7! Please try it out before we tag the stable release.
## Highlights
- :warning: The `ask` endpoint is now required to enable On-Demand TLS (b97c76fb4789b8da0b80f5a2c1c1c5bebba163b5) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. The `ask` endpoint is not required for local-only or internal-only names (#5384 and a7af7c486e5240da974e02b7dfee9d265aaa654a).
- New default template for the file server's "browse" listings - more modern, easier to use, grid view, filetype-specific icons, and better dark mode (see #5427 for more screenshots and info)


- Reverse proxy now supports the PROXY protocol (#5424)
- Caddyfile import arg placeholders support slice syntax, e.g. `{args[2:]}` (#5249)
- Experimental new short flags for the CLI. (#5379)
- HTTP/3 performance improvements (upstream in quic-go) including enabling 0-RTT.
- Caddyfile now supports Heredoc syntax for long embedded strings/documents. (#5385)
- @francislavoie implemented a suite of enhancements to bring you more reliable, trustworthy client IP information, even through proxies and CDNs (#5104)
- :warning: The long-deprecated `lookup_srv` feature of the reverse proxy has been removed. It was replaced with the [dynamic upstreams feature in 2.6](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#dynamic-upstreams). (#5396)
- Customizable "fallback" policy for reverse proxy in case the primary policy isn't applicable (#5488)
- EXPERIMENTAL: Define "named routes" to reuse them without copying. Caddyfile snippets are useful for reusing config, but reusing the same HTTP routes involves lots of copied config and memory bloat. Named routes let you define a route once and reuse it throughout your HTTP server without copying. It is available for JSON and Caddyfile configs. (#5107)
- Many many bug fixes you may or may not notice :upside_down_face:
Thank you to everyone who contributed! And thank you to our [sponsors](https://github.com/sponsors/mholt) who truly make this project possible.
## New Contributors
* @esell made their first contribution in https://github.com/caddyserver/caddy/pull/5417
* @krak3n made their first contribution in https://github.com/caddyserver/caddy/pull/5147
* @trea made their first contribution in https://github.com/caddyserver/caddy/pull/5435
* @heimoshuiyu made their first contribution in https://github.com/caddyserver/caddy/pull/5464
* @gucki made their first contribution in https://github.com/caddyserver/caddy/pull/5424
* @kidonng made their first contribution in https://github.com/caddyserver/caddy/pull/5475
* @taophp made their first contribution in https://github.com/caddyserver/caddy/pull/5497
* @eanavitarte made their first contribution in https://github.com/caddyserver/caddy/pull/5515
* @jonatan5524 made their first contribution in https://github.com/caddyserver/caddy/pull/5521
* @jjiang-stripe made their first contribution in https://github.com/caddyserver/caddy/pull/5531
* @TP-O made their first contribution in https://github.com/caddyserver/caddy/pull/5504
**Full Changelog**: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.0-beta.1
## Changelog
* 3f20a7c9 acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)
* b1366c7e build(deps): bump actions/setup-go from 3 to 4 (#5474)
* f3379f65 caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
* 960150bb caddyfile: Implement heredoc support (#5385)
* 8bc05e59 caddyfile: Implement variadics for import args placeholders (#5249)
* 53b6fab1 caddyfile: Stricter parsing, error for brace on new line (#5505)
* cfc85ae8 caddyhttp: Add a getter for Server.name (#5531)
* 05e99745 caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* c05e3898 caddyhttp: Enable 0-RTT QUIC (#5425)
* 85375861 caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)
* 1c9ea011 caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)
* cbf16f6d caddyhttp: Implement named routes, `invoke` directive (#5107)
* 2b3046de caddyhttp: Log request body bytes read (#5461)
* 96919acc caddyhttp: Refactor cert Managers (fix #5415) (#5533)
* d8d87a37 caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
* 808b05c3 caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
* a7af7c48 caddytls: Allow on-demand w/o ask for internal-only
* a02ecb0f caddytls: Check for nil ALPN; close #5470 (#5473)
* faf0399e caddytls: Configurable fallback SNI (#5527)
* e16a8868 caddytls: Eval replacer on automation policy subjects (#5459)
* be53e432 caddytls: Relax the warning for on-demand (#5384)
* b97c76fb caddytls: Require 'ask' endpoint for on-demand TLS
* 0cc49c05 caddytls: Zero out throttle window first (#5443)
* b301a3df celmatcher: Implement `pkix.Name` conversion to string (#5492)
* 096971e3 ci/cd: ship tarballs with vendored deps (#5403)
* 5ded5804 cmd: Adjust documentation for commands (#5377)
* 508cf2aa cmd: Create pidfile before config load (close #5477)
* 9e691955 cmd: Expand cobra support, add short flags (#5379)
* 5ebb7d49 cmd: Reduce spammy logs from --watch
* 79de6df9 cmd: Strict unmarshal for validate (#5383)
* 205b1426 cmd: Support `'` quotes in envfile parsing (#5437)
* bf54892a cmd: make `caddy fmt` hints more clear (#5378)
* f6bab8ba context: Rename func to `AppIfConfigured` (#5397)
* 99d47050 core: Eliminate unnecessary shutdown delay on Unix (#5413)
* c6ac350a core: Return default logger if no modules loaded
* b3f0cea2 encode: flush status code when hijacked. (#5419)
* c8032867 fastcgi: Fix `capture_stderr` (#5515)
* 571fc034 feature: watch include directory (#5521)
* f9bd2d3e fileserver: Add color-scheme meta tag (#5475)
* 6cc3cbbc fileserver: New file browse template (#5427)
* 94d41a9d fileserver: Remove trailing slash on fs filenames (#5417)
* 52d7335c fileserver: Use EscapedPath for browse (#5534)
* 1af419e7 go.mod: Update some dependencies
* 774f2288 go.mod: Upgrade CertMagic
* 0de6064c go.mod: Upgrade CertMagic again
* 9e943319 go.mod: Upgrade dependencies
* 8cb1bb4a go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
* 36546cd8 go.mod: Upgrade several dependencies
* e8352aef headers: Add > Caddyfile shortcut for enabling defer (#5535)
* dd86171d headers: Support deleting all headers as first op (#5464)
* 330be2d8 httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
* 1aef807c log: Make sink logs encodable (#5441)
* cdce452e logging: Actually honor the SoftStart parameter
* f0e39817 logging: Add traceID field to access logs when tracing is active (#5507)
* f3e8b9d9 logging: Soft start for net writer (close #5520)
* b6fe5d4b proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)
* f5a13a4a replacer: Add HTTP time format (#5458)
* 48598e1f reverseproxy: Add `fallback` for some policies, instead of always random (#5488)
* f8b59e77 reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)
* 66e571e6 reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
* 75b690d2 reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* 335cd2e8 reverseproxy: Fix active health check header canonicalization, refactor (#5446)
* 2b04e09f reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
* 10b265d2 reverseproxy: Header up/down support for CLI command (#5460)
* b19946f6 reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
* 4636109c reverseproxy: Remove deprecated `lookup_srv` (#5396)
* 2182270a reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
* 941eae5f reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)
* e3909cc3 reverseproxy: refactor HTTP transport layer (#5369)
* 13a37688 rewrite: use escaped path, fix #5278 (#5504)
* 2943c418 templates: Add `fileStat` function (#5497)
* b4205617 tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
2023-05-16T17:22:16+00:00PyPCAPKit v1.0.1.post1PyPCAPKit v1.0.1.post12023-05-17T10:07:11+00:00- a89b5b49 Bumped version to 1.0.1.post1
- bce11119 bugfix in default vendor for code generation template
- c6debe37 make isort
- cd47c993 bugfix in default vendor for code generation template
- fd8e27e7 added MH CGA related const/vendor
- 561c0372 moved isort after vendor change check
- 99d480f6 revised MH AuthSubtyp names
- 8470b854 revised info/schema_final type annotations
- e2236929 make isort
- 91c64f1a minor bugfix in protocols
- 55cde1b3 added MH LLA Option Code const/vendor
- 0438f267 Update index.rst
- d3bef085 Update README.rst
- 6ddd2f50 bumped version to 1.0.1
- f1a998f0 updated readme for time benchmark
- aeb72729 pre-finalise infoclass to save runtime
- 43cf904f pre-finalise schema to save runtime
- 8b7d9cb4 bumped version to 1.0.0
- abe00ee5 updated pep docs
- c3549b7d added vermin config
- f1950035 updated license copyright year
- 0079c3c6 minor revision for docs
- 814c8745 minor revision on scapy engine (dont use scapy.all)
- 6311fb00 added pyperf test case
- 7870f494 minor revision on scapy toolkit
- 231e5eac Update builtin.rst
- 4ad7df1f Update pep.rst
- b80f08be added Context to docs2023-05-17T10:07:11+00:00MISP v2.4.171MISP v2.4.1712023-05-18T07:46:20+00:00We are pleased to announce the immediate availability of [MISP v2.4.171](https://github.com/MISP/MISP/releases/tag/v2.4.171) with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.

# Dashboard rework
- In order to support communities' need to monitor ongoing trends, community growth and sharing activities in general, we've added and reworked a host of dashboard widgets.
- A large focus of the improvements was making the widgets more configurable, especially in terms of being able to create dashboards showing individual data per groups of organisations. Groupings happen on the metadata of organisations, such as country, sector or the adaptable "type" field, allowing administrators to lump organisations into buckets based on commonalities in their community, such as membership status, sub-groups, etc.

- Additionally time range definitions have been added for a host of the new and reworked widgets, allowing to see changes in the current month, past x days or the current year.
- New widgets include:
- A new, filterable **organisation evolution** line-chart widget
- **World map** showing country representation of the given community
- A ticker showing the **latest Users** being enrolled in the system
- A ticker showing the **latest organisations** being enrolled in the system
- List of **UI login counts** for the configured timeframe
- List of **UI authentications** for the configured timeframe
- **Published event** line-chart
- Contributing **organisation** and **user top lists** (the latter requires the enabling of a security setting)
- Filterable **trending attribute values** widget
# Workflows
- Work has begun on a larger rework allowing the creation of filtered paths in workflows, allowing the workflow creator to temporarily restrict the data in individual paths based on custom, configurable filtering.
- This will further allow administrators to configure workflow execution paths that only trigger on more refined subsets of the data, rather than on anything passing through
- As always, workflows are still heavily a work in progress and are becoming tighter integrated with the core MISP functionalities with each release.
# STIX 2.1 and TAXII integration improvements
- We would like to thank all users reporting unexpected misalignments in the STIX 2.1 conversion, we're striving for a 100% coverage of the standard and at times removing the ambiguity created by such a large standard can be difficult to catch until we see those edge cases actually used by the various implementations.
- We appreciate the submission of any (sanitised) STIX 2.1 samples that cause unwanted results when ingested in MISP or any (sanitised) MISP events that cause incorrect or inconsistently mapped STIX 2.1 to be generated
- This release addresses a host of the bugs and misalignments reported, thanks to the tireless work of @chrisr3d
- TAXII integration is still in its infancy and currently only supporting a subset of tested target tools. Please let us know about anything that doesn't work for you or if you have (successfully or unsuccessfully) integrated a taxii server with MISP using the new feature.
# Fixes
- A long list of fixes affecting:
- the workflows
- the event index search, including the ability to search for attributes via performant full string searches
- STIX 2.1
- TAXII
- PyMISP
For a detailed list of changes affecting the MISP core in this release, head over to the [changelog](https://www.misp-project.org/Changelog.txt).
# Other updates and changes in the MISP project
## MISP Objects and Relationships
- New risk-assessment-report object to share risk assessment report such as the ones generated by [MONARC](https://www.monarc.lu/).
- New object template for [AI chat prompt](https://www.misp-project.org/objects.html#_ai_chat_prompt) such as ChatGPT.
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- MITRE ATT&CK galaxy updated to version 13.
- Sigma galaxy updated to the latest version.
- Threat actor galaxies updated with new threat actors and improved.
- Major improvements in the list of relationship between the threat-actor galaxy and the other galaxies.
- Microsoft new threat-actor taxonomy added along with the relationships from the previous microsoft naming.
- Improve tooling to manage relationships between the different galaxy clusters.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- Updated warning-lists for all sources.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
## MISP taxonomies
- Updated and expanded dark-web taxonomy.
For more details, the [misp-taxonomies changelog](https://www.misp-project.org/Changelog-misp-taxonomies.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow [@misp@misp-community.org ](https://misp-community.org/@misp) on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.
2023-05-18T07:46:20+00:00timesketch 20230518timesketch 202305182023-05-18T11:58:15+00:00Timesketch release 202305182023-05-18T11:58:15+00:00wazuh v4.4.2wazuh v4.4.22023-05-18T14:50:20+00:00## Manager
### Changed
- Remove an unused variable in wazuh-authd to fix a _String not null terminated_ Coverity finding. ([#15957](https://github.com/wazuh/wazuh/pull/15957))
### Fixed
- Fixed a bug causing agent groups tasks status in the cluster not to be stored. ([#16394](https://github.com/wazuh/wazuh/pull/16394))
- Fixed memory leaks in Vulnerability Detector after disk failures. ([#16478](https://github.com/wazuh/wazuh/pull/16478))
- Fixed a pre-decoder problem with the + symbol in the macOS ULS timestamp. ([#16530](https://github.com/wazuh/wazuh/pull/16530))
## Agent
### Added
- Added a new module to integrate with Amazon Security Lake as a subscriber. ([#16515](https://github.com/wazuh/wazuh/pull/16515))
- Added support for `localfile` blocks deployment. ([#16847](https://github.com/wazuh/wazuh/pull/16847))
### Changed
- Changed _netstat_ command on macOS agents. ([#16743](https://github.com/wazuh/wazuh/pull/16743))
### Fixed
- Fixed an issue with MAC address reporting on Windows systems. ([#16517](https://github.com/wazuh/wazuh/pull/16517))
- Fixed Windows unit tests hanging during execution. ([#16857](https://github.com/wazuh/wazuh/pull/16857))
## RESTful API
### Fixed
- Fixed agent insertion when no key is specified using `POST /agents/insert` endpoint. ([#16381](https://github.com/wazuh/wazuh/pull/16381))
## Ruleset
### Added
- Added macOS 13.0 Ventura SCA policy. ([#15566](https://github.com/wazuh/wazuh/pull/15566))
- Added new ruleset for macOS 13 Ventura and older versions. ([#15567](https://github.com/wazuh/wazuh/pull/15567))
- Added a new base ruleset for log sources collected from Amazon Security Lake. ([#16549](https://github.com/wazuh/wazuh/pull/16549))
## Other
### Added
- Added `pyarrow` and `numpy` Python dependencies. ([#16692](https://github.com/wazuh/wazuh/pull/16692))
- Added `importlib-metadata` and `zipp` Python dependencies. ([#16692](https://github.com/wazuh/wazuh/pull/16692))
### Changed
- Updated `Flask` Python dependency to 2.2.5. ([#17053](https://github.com/wazuh/wazuh/pull/17053))2023-05-18T14:50:20+00:00PyPCAPKit v1.0.1.post2PyPCAPKit v1.0.1.post22023-05-20T10:13:02+00:00- 9afb7157 Bumped version to 1.0.1.post2
- 689bd26a working on MH protocol impl (message types)
- 7c3a8279 working on MH protocol impl (message types)
- a33af0d4 make isort
- 2ebca5ec working on MH protocol impl (message types)
- 373b6510 minor bugfix in PCAPNG constructor func
- 4b46cf56 working on MH protocol impl (options)
- 1319659d revised info/schema_final decorators
- 03b930d8 working on MH protocol impl (options)
- a89b5b49 Bumped version to 1.0.1.post1
- bce11119 bugfix in default vendor for code generation template
- c6debe37 make isort
- cd47c993 bugfix in default vendor for code generation template
- fd8e27e7 added MH CGA related const/vendor
- 561c0372 moved isort after vendor change check
- 99d480f6 revised MH AuthSubtyp names
- 8470b854 revised info/schema_final type annotations
- e2236929 make isort
- 91c64f1a minor bugfix in protocols
- 55cde1b3 added MH LLA Option Code const/vendor
- 0438f267 Update index.rst
- d3bef085 Update README.rst2023-05-20T10:13:02+00:00Stegano v0.11.2Stegano v0.11.22023-05-23T08:17:09+00:00* improved typing of various functions;
* updated dependencies.2023-05-23T08:17:09+00:00opencanary v0.9.0opencanary v0.9.02023-05-23T13:02:45+00:00This release includes a few new enhancements:
- RDP service
- HTTPS service
- Helpful build scripts
- various fixes2023-05-23T13:02:45+00:00HyperDbg v0.2.1HyperDbg v0.2.12023-05-24T11:31:23+00:00# HyperDbg v0.2.1 is released!
**If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!**
Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**.
### Changed
- Fixing bugs!
- The parameters of !cpuid extension command is changed, and a new EAX index parameter is added ([link](https://docs.hyperdbg.org/commands/extension-commands/cpuid#parameters))
- The problem with removing EPT hooks (!monitor and !epthook) is fixed ([link](https://github.com/HyperDbg/HyperDbg/commit/e2ea08ac35834ff869512c3c450004bc50a06390))
2023-05-24T11:31:23+00:00wazuh v4.4.3wazuh v4.4.32023-05-26T05:59:55+00:00## Agent
### Changed
- Added support for Apple Silicon processors to the macOS agent. ([#16521](https://github.com/wazuh/wazuh/pull/16521))
- Prevented the installer from checking the old users "ossecm" and "ossecr" on upgrade. ([#2211](https://github.com/wazuh/wazuh-packages/pull/2211))
- The deployment variables capture has been changed on macOS. ([#17195](https://github.com/wazuh/wazuh/pull/17195))
### Fixed
- The temporary file "ossec.confre" is now removed after upgrade on macOS. ([#2217](https://github.com/wazuh/wazuh-packages/pull/2217))
- Prevented the installer from corrupting the agent configuration on macOS when deployment variables were defined on upgrade. ([#2208](https://github.com/wazuh/wazuh-packages/pull/2208))
- The installation on macOS has been fixed by removing calls to launchctl. ([#2218](https://github.com/wazuh/wazuh-packages/pull/2218))
## Ruleset
### Changed
- The SCA policy names have been unified. ([#17202](https://github.com/wazuh/wazuh/pull/17202))2023-05-26T05:59:55+00:00timesketch 20230526timesketch 202305262023-05-26T09:20:15+00:00Version 202305262023-05-26T09:20:15+00:00PyPCAPKit v1.0.1.post3PyPCAPKit v1.0.1.post32023-05-27T10:10:58+00:00- d5b14258 Bumped version to 1.0.1.post3
- ac33339d make isort
- 60055ffe Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 27467f10 working on MH protocol impl (message types)
- 6d1853bd added MH Binding Error Status Code vendor/const
- c30c8f09 revised Protocol._make_index overload signatures
- c6ed3692 bugfix in MH vendor crawler links & regenerated MH const
- 9afb7157 Bumped version to 1.0.1.post2
- 689bd26a working on MH protocol impl (message types)
- 7c3a8279 working on MH protocol impl (message types)
- a33af0d4 make isort
- 2ebca5ec working on MH protocol impl (message types)
- 373b6510 minor bugfix in PCAPNG constructor func
- 4b46cf56 working on MH protocol impl (options)
- 1319659d revised info/schema_final decorators
- 03b930d8 working on MH protocol impl (options)2023-05-27T10:10:58+00:00openssl openssl-3.1.1openssl openssl-3.1.12023-05-30T13:24:18+00:00OpenSSL 3.1.1 is now available, including bug and security fixes2023-05-30T13:24:18+00:00openssl openssl-3.0.9openssl openssl-3.0.92023-05-30T13:26:19+00:00OpenSSL 3.0.9 is now available, including bug and security fixes2023-05-30T13:26:19+00:00openssl OpenSSL_1_1_1uopenssl OpenSSL_1_1_1u2023-05-30T13:28:07+00:00OpenSSL 1.1.1u is now available, including bug and security fixes2023-05-30T13:28:07+00:00kinto 16.0.0kinto 16.0.02023-05-30T15:26:55+00:00
**Breaking Changes**
- Drop support of Python 3.7 (end-of-life 2023-06-27)
**New features**
- Add request id to ``request.summary`` logs (read from ``X-Request-Id`` header and defaults to 16 hex string)
**Documentation**
- Fix typos on the Concepts page (#3151)2023-05-30T15:26:55+00:00maltrail 0.58maltrail 0.582023-05-31T22:11:04+00:00Start-of-month release2023-05-31T22:11:04+00:00Lookyloo v1.20.0Lookyloo v1.20.02023-06-01T14:21:18+00:00This release is the outcome of a good two months of work on Lookyloo itself but also [Lacus](https://github.com/ail-project/lacus) and its dependencies leading to the [v1.5.0 release](https://github.com/ail-project/lacus/releases/tag/v1.5.0).
It also improves the support for the [monitoring interface](https://github.com/Lookyloo/monitoring) (still to be considered beta).
# New features
* Compare captures via the API
* Submit any for to [Pandora](https://github.com/pandora-analysis/pandora) (if available)
* Allow automatic reporting via the API
* Can set an email to notify in the monitoring form
# Changes
* Improve handling of long running processes,
* Improve logging all over the place
* Changes related to Lacus/LacusCore/PyLacus changes
* Easy way to check if two captures are different or not
* Store capture settings in the capture directory for potential later use
* Show proxy in UI if one was given
* Improve response when comparing captures
# Bugfixes
* Avoid issues when the pickle requires too much recursivity
* Cloudflare services was always flagging URLs as their own
* The usual batch of bugfixes all over the place2023-06-01T14:21:18+00:00HyperDbg v0.2.2HyperDbg v0.2.22023-06-02T05:03:29+00:00# HyperDbg v0.2.2 is released!
**If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!**
Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**.
### Changed
- Fixing bugs!
- The problem with the callstack command (k) is fixed ([link](https://github.com/HyperDbg/HyperDbg/commit/4194880a2e5578a4bb9055e2ac3e2fdb564e3d82))2023-06-02T05:03:29+00:00PyPCAPKit v1.0.2PyPCAPKit v1.0.22023-06-05T10:50:26+00:00- d684a4f9 bumped version to 1.0.2
- d862649a added wheel_rename to handle python tags in wheel distro
- dfb6d231 bugfix in numbers fields for version compat (use of | in types)
- a2556621 revised setup req (bpc deps update)
- 43311967 Merge branch 'main' of https://github.com/JarryShaw/PyPCAPKit
- 3b3e83bc updated readme
- eb872766 clean up unused imports
- e3b6af63 replaced decimal.localcontext usage with compat version (bugfix #139)
- 9af2733d added decimal.localcontext for compat (kwarg support, bugfix #139)
- a78145a8 updated readme
- 3041e994 added decimal.localcontext for compat (kwarg)
- 588e45a8 Update README.rst
- 3abfb3cf build doc on pull requests2023-06-05T10:50:26+00:00PyPCAPKit v1.0.2.post1PyPCAPKit v1.0.2.post12023-06-05T11:05:37+00:002023-06-05T11:05:37+00:00syncthing v1.23.5syncthing v1.23.52023-06-06T07:47:53+00:00Bugfixes:
- #8503: "syncthing cli config devices add" reflect error when using --addresses flag
- #8764: Ignore patterns creating during folder addition are not loaded
- #8778: Tests fail on Windows with Go 1.20
- #8779: Test cleanup fails all model tests on Windows on Go 1.20
- #8859: Incorrect handling of path for auto accepted folder
Other issues:
- #8799: "fatal error: checkptr: converted pointer straddles multiple allocations" in crypto tests
2023-06-06T07:47:53+00:00AIL-framework v5.0AIL-framework v5.02023-06-06T12:52:49+00:00AIL v5.0 introduces significant improvements and new features:
- **Codebase Rewrite**: The codebase has undergone a substantial rewrite resulting in enhanced performance and speed improvements.
- **Database Upgrade**: The database has been migrated from ARDB to Kvrocks.
- **New Correlation Engine**: AIL v5.0 introduces a new powerful correlation engine with two new correlation types: CVE and Title.
- **Enhanced Logging**: The logging system has been improved to provide better troubleshooting capabilities.
- **Tagging Support**: [AIL objects](./doc/README.md#ail-objects) now support tagging, allowing users to categorize and label extracted information for easier analysis and organization.
- **Trackers**: Improved objects filtering, PGP and decoded tracking added.
- **UI Leak Visualization**: The user interface has been upgraded to visualize extracted and tracked information.
- **New Crawler [Lacus](https://github.com/ail-project/lacus)**: improve crawling capabilities.
- **Modular [Importers](https://github.com/ail-project/ail-framework/blob/master/doc/README.md#ail-importers) and Exporters**: New [importers](https://github.com/ail-project/ail-framework/blob/master/doc/README.md#ail-importers) (ZMQ, AIL Feeders) and exporters (MISP, Mail, TheHive) modular design.
Allow easy creation and customization by extending an abstract class.
- **Module Queues**: improved the queuing mechanism between detection modules.
- **New Object CVE and Title**: Extract an correlate CVE IDs and web page titles.
### Correlation:

### UI Extracted/Tracked content:

2023-06-06T12:52:49+00:00PyPCAPKit v1.0.2.post2PyPCAPKit v1.0.2.post22023-06-07T06:09:25+00:002023-06-07T06:09:25+00:00PyPCAPKit v1.0.2.post3PyPCAPKit v1.0.2.post32023-06-07T06:15:30+00:002023-06-07T06:15:30+00:00PyPCAPKit v1.0.2.post4PyPCAPKit v1.0.2.post42023-06-07T07:42:12+00:002023-06-07T07:42:12+00:00PyPCAPKit v1.0.2.post5PyPCAPKit v1.0.2.post52023-06-07T10:46:51+00:002023-06-07T10:46:51+00:00HyperDbg v0.3.0HyperDbg v0.3.02023-06-08T14:23:56+00:00# HyperDbg v0.3 is released!
**If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!**
Please visit [Build & Install](https://docs.hyperdbg.org/getting-started/build-and-install) to configure the environment for running **HyperDbg**. Check out the [Quick Start](https://docs.hyperdbg.org/getting-started/quick-start) and [Frequently Asked Questions (FAQs)](https://docs.hyperdbg.org/getting-started/faq) to learn more. You can use the examples of [using the debugger](https://docs.hyperdbg.org/using-hyperdbg/kernel-mode-debugging/examples) and the [script engine](https://docs.hyperdbg.org/commands/scripting-language/examples) to get started with **HyperDbg**.
### Added
- The event short-circuiting mechanism ([link](https://docs.hyperdbg.org/tips-and-tricks/misc/event-short-circuiting))
- New pseudo-registers (**$tag**, **$id**) in the script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/assumptions-and-evaluations#pseudo-registers))
- The breakpoint interception manipulation option is added to the '**test**' command ([link](https://docs.hyperdbg.org/commands/debugging-commands/test))
- The '**!track**' command to create the tracking records of function CALLs and RETs along with registers ([link](https://docs.hyperdbg.org/commands/extension-commands/track))
- **disassemble_len(Address)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/diassembler/disassemble_len))
- **disassemble_len32(Address)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/diassembler/disassemble_len32))
- **event_sc(DisableOrEnable)** function in script engine ([link](https://docs.hyperdbg.org/commands/scripting-language/functions/events/event_sc))
### Changed
- The old Length Disassembler Engine is replaced by Zydis ([link](https://github.com/HyperDbg/HyperDbg/pull/234))
2023-06-08T14:23:56+00:00osquery 5.9.0osquery 5.9.02023-06-08T21:07:50+00:00_Draft_2023-06-08T21:07:50+00:00PyPCAPKit v1.0.2.post6PyPCAPKit v1.0.2.post62023-06-10T10:15:51+00:002023-06-10T10:15:51+00:00MISP v2.4.172MISP v2.4.1722023-06-13T10:01:14+00:00We are pleased to announce the immediate availability of [MISP v2.4.172](https://github.com/MISP/MISP/releases/tag/v2.4.172) with new TOTP/HTOP authentication, many improvements and bugs fixed.
# Time-based and Single Use One-time password support (TOTP / HOTP)
New TOTP support are now included in MISP. This functionality works in two modes:
- (default) optional (T/H)OTP for users (when required libraries are installed)
- (optional) mandatory (T/H)OTP for all users
When logging in the user can enter either the TOTP or the HOTP (one time paper token)
OTP attempts are also limited by the Bruteforce component. So multiple failed attempts will result in a temporary blocking. HTOP is available for recovery and also for security environment where mobile phone or electronic devices are forbidden.
User can generate TOTP through their Profile page:

A QR code is generated and they need to fill in the code once to confirm all is well:

Then they get directed to the page containing their next 50 HOTP/paper tokens:

Their profile then shows they have a token, they can also check again what their paper tokens are:

So does the admin page (the phone icon)

(org)Admins can delete the secret of a user:

When they have their TOTP secret, after user/pass window they are prompted to enter the or the HOTP.

Logging is also generated:

The `MISP.totp_required` security setting allows enforcing TOTP for the whole MISP instance.
In this case users are invited to store their TOTP at next login. They cannot access any other page until they validated the TOTP. The server wide parameter has a beforeHook to ensure the required PHP libraries are installed, as otherwise the admin might lock themselves out.
Requires 2 additional PHP libraries to be installed through composer:
- "spomky-labs/otphp"
- "bacon/bacon-qr-code"
# TAXII preview
TAXII integration is still in its infancy in MISP, but with the current release we aim to make the process of interacting with a TAXII server more in-depth. Prior to the current release, you could add a taxii server connection, pointing to a collection and initiate a filtered push of your MISP data - however, there was no way to view the contents of the collection nor to see your data reflected after a push.
The current release aims to complete the work on the initial TAXII push functionalities, with a TAXII browser built into the tool along with various fixes to bugs and issues that were reported to the prior implementation.
## Adding a TAXII connection
Simply add a TAXII server via the the TAXII connections interface (sync actions -> List TAXII servers)

Make sure that you configure the filters used to decide which of your events should be pushed to the given server. Creating a local tag such as "taxii_push" allows you to manually control and label events to be pushed as in the example above.
Once the basic server information has been encoded, use the wrench button on top of the `API root` field to populate the dropdown with the valid options found on the TAXII server and once you've selected a root, click the wrench on top of the `collection` field to populate it and select the target colleciton for the connection.

## Viewing the connection and browsing the contents
Once a connection is established, you can view the connection object and list its collections and the objects in the configured collection on the taxii_servers/view/[id] endpoint, as follows:

You can view individual collections and browse their contents, paginating through all STIX objects (the default collection is shown at the bottom of the page). By clicking view on a STIX object, you can view the STIX 2.1 JSON object in full:

Simply use the push button on the TAXII server index to initiate a push to the selected collection with the pre-defined filters.
# Other updates and changes in the MISP project
## Roles and permission
- [role permission] updated for viewing feed correlations
- added additional role permission
- allows hiding feed correlations from users
- main purpose is with very large instances, to reduce the load on redis
## Dashboard
- [usage data widget] added a global caching for attribute counts.
## Bugs/performance
- [performance] fix for events with large numbers of attributes and
multiple tags from the same taxonomy. [iglocska]
- the taxonomy conflict checks were causing multiple issues:
- non taxonomy tags were counted as a taxonomy with namespace ''
- once we identified a tag pair that could cause a conflict (same taxonomy) we loaded the taxonomy into redis
- however, in order to see if we already have the taxonomy loaded, we went to redis to do a GET
- In the case of 1 million attributes with at least 1 tag pair, at the minimum this means 1 million GETs on reddit with an event
- Resolution
- remove the checks for non taxonomy tags
- store the identified taxonomies temporarily on the model itself in memory
- only go to redis when the model doesn't have the taxonomy cached in memory
- still using the old approach when dealing with multiple small events
- thanks to @github-germ for flagging the issue
## MISP Objects and Relationships
- New object for [scanning result](https://www.misp-project.org/objects.html#_scan_result) (network and local).
- New object for [CrowdSec Threat Intelligence - IP CTI search.](https://www.misp-project.org/objects.html#_crowdsec_ip_context).
- New object for [Cobalt Strike Beacon Config](https://www.misp-project.org/objects.html#_cs_beacon_config)
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- Updated [attck4fraud](https://github.com/MISP/misp-galaxy/blob/main/clusters/attck4fraud.json) updated with [EAST data](https://www.association-secure-transactions.eu/).
- Updated [Malpedia](https://github.com/MISP/misp-galaxy/blob/main/clusters/malpedia.json) information.
- Updated [Threat actor](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json) database.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- Updated warning-lists for all sources.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
## MISP taxonomies
- Updated [workflow taxonomy](https://www.misp-project.org/taxonomies.html#_workflow).
- Added [information-origin](https://www.misp-project.org/taxonomies.html#_information_origin) Taxonomy for tagging information by its origin: human-generated or AI-generated.
- Added [crowdsec](https://www.misp-project.org/taxonomies.html#_crowdsec) - Crowdsec IP address classifications and behaviors taxonomy.
For more details, the [misp-taxonomies changelog](https://www.misp-project.org/Changelog-misp-taxonomies.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.2023-06-13T10:01:14+00:00wazuh v4.4.4wazuh v4.4.42023-06-14T08:29:39+00:00## Manager
### Fixed
- The vulnerability scanner stops producing false positives for some Windows 11 vulnerabilities due to a change in the feed's CPE. ([#17178](https://github.com/wazuh/wazuh/pull/17178))
- Prevented the VirusTotal integration from querying the API when the source alert is missing the MD5. ([#16908](https://github.com/wazuh/wazuh/pull/16908))
## Agent
### Changed
- The Windows agent package signing certificate has been updated. ([#17506](https://github.com/wazuh/wazuh/pull/17506))
## Ruleset
### Changed
- Updated all current rule descriptions from "Ossec" to "Wazuh". ([#17211](https://github.com/wazuh/wazuh/pull/17211))2023-06-14T08:29:39+00:00syncthing v1.23.6-rc.1syncthing v1.23.6-rc.12023-06-14T08:33:12+00:00Bugfixes:
- #8899: Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server
- #8920: Untrusted device should be disallowed from being an introducer
Other issues:
- #8897: v1.23.5-rc.1 / v1.23.5: Missing sha1sum.txt.asc & sha256sum.txt.asc
- #8898: v1.23.5-rc.1: Missing .debs for i386, armel, armhf
2023-06-14T08:33:12+00:00suricata suricata-6.0.13suricata suricata-6.0.132023-06-15T14:54:55+00:00## Release Notes
https://forum.suricata.io/t/suricata-6-0-13-released/
## Redmine Tracker
https://redmine.openinfosecfoundation.org/versions/192
## Download
https://www.openinfosecfoundation.org/download/suricata-6.0.13.tar.gz
https://www.openinfosecfoundation.org/download/suricata-6.0.13.tar.gz.sig
## Documentation
https://suricata.readthedocs.io/en/suricata-6.0.13
2023-06-15T14:54:55+00:00suricata suricata-7.0.0-rc2suricata suricata-7.0.0-rc22023-06-15T17:55:06+00:00## Release Notes
https://forum.suricata.io/t/suricata-7-0-0-rc2-released/
## Redmine Tracker
https://redmine.openinfosecfoundation.org/versions/186
## Download
https://www.openinfosecfoundation.org/download/suricata-7.0.0-rc2.tar.gz
https://www.openinfosecfoundation.org/download/suricata-7.0.0-rc2.tar.gz.sig
## Documentation
https://docs.suricata.io/en/suricata-7.0.0-rc2/
2023-06-15T17:55:06+00:00osquery 5.9.1osquery 5.9.12023-06-16T15:16:33+00:00Draft2023-06-16T15:16:33+00:00PyPCAPKit v1.0.2.post7PyPCAPKit v1.0.2.post72023-06-17T10:17:49+00:002023-06-17T10:17:49+00:00caddy v2.7.0-beta.2caddy v2.7.0-beta.22023-06-22T01:03:20+00:00This is our second and hopefully final beta release of Caddy 2.7! Please try it out before we tag the stable release.
Big thank you to everyone who contributed! You're awesome.
## Highlights
- :warning: The `ask` endpoint is now required to enable On-Demand TLS (b97c76fb4789b8da0b80f5a2c1c1c5bebba163b5) for catch-all or wildcard hosts. Our docs have always mentioned this is required in production environments, but now the code enforces it. The `ask` endpoint is not required for local-only or internal-only names (#5384 and a7af7c486e5240da974e02b7dfee9d265aaa654a).
- New default template for the file server's "browse" listings - more modern, easier to use, grid view, filetype-specific icons, and better dark mode (see #5427 for more screenshots and info)


- Reverse proxy now supports the PROXY protocol (#5424)
- Caddyfile import arg placeholders support slice syntax, e.g. `{args[2:]}` (#5249)
- Experimental new short flags for the CLI. (#5379)
- HTTP/3 performance improvements (upstream in quic-go) including enabling 0-RTT and using GSO. Caddy users should notice significantly better throughput for HTTP/3. Thanks for the fantastic work, @marten-seeman!
- Caddyfile now supports Heredoc syntax for long embedded strings/documents. (#5385)
- @francislavoie implemented a suite of enhancements to bring you more reliable, trustworthy client IP information, even through proxies and CDNs (#5104)
- Certificate private keys will no longer be reused when renewing certificates.
- :warning: The long-deprecated `lookup_srv` feature of the reverse proxy has been removed. It was replaced with the [dynamic upstreams feature in 2.6](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#dynamic-upstreams). (#5396)
- :warning: The `remote_ip forwarded` matcher has been deprecated because it assumes trusting downstream proxies. Instead, the `client_ip` matcher should be used along with `trusted_proxies` configuration. (#5103 and #5104)
- Customizable "fallback" policy for reverse proxy in case the primary policy isn't applicable (#5488)
- Etags are generated more sensibly for NixOS environments which all have Modified time of 1; and if you set your own Etag, it will not be overwritten.
- EXPERIMENTAL: The reverse proxy may be configured to keep WebSockets open through config reloads. (#5567)
- EXPERIMENTAL: Define "named routes" to reuse them without copying. Caddyfile snippets are useful for reusing config, but reusing the same HTTP routes involves lots of copied config and memory bloat. Named routes let you define a route once and reuse it throughout your HTTP server without copying. It is available for JSON and Caddyfile configs. (#5107)
- Many many bug fixes you may or may not notice :upside_down_face:
Thank you to everyone who contributed! And thank you to our [sponsors](https://github.com/sponsors/mholt) who truly make this project possible.
## New Contributors
* @esell made their first contribution in https://github.com/caddyserver/caddy/pull/5417
* @krak3n made their first contribution in https://github.com/caddyserver/caddy/pull/5147
* @trea made their first contribution in https://github.com/caddyserver/caddy/pull/5435
* @heimoshuiyu made their first contribution in https://github.com/caddyserver/caddy/pull/5464
* @gucki made their first contribution in https://github.com/caddyserver/caddy/pull/5424
* @kidonng made their first contribution in https://github.com/caddyserver/caddy/pull/5475
* @taophp made their first contribution in https://github.com/caddyserver/caddy/pull/5497
* @eanavitarte made their first contribution in https://github.com/caddyserver/caddy/pull/5515
* @jonatan5524 made their first contribution in https://github.com/caddyserver/caddy/pull/5521
* @jjiang-stripe made their first contribution in https://github.com/caddyserver/caddy/pull/5531
* @TP-O made their first contribution in https://github.com/caddyserver/caddy/pull/5504
* @pistasjis made their first contribution in https://github.com/caddyserver/caddy/pull/5536
* @charles-dyfis-net made their first contribution in https://github.com/caddyserver/caddy/pull/5547
* @jpds made their first contribution in https://github.com/caddyserver/caddy/pull/5554
* @kassienull made their first contribution in https://github.com/caddyserver/caddy/pull/5553
* @Phrynobatrachus made their first contribution in https://github.com/caddyserver/caddy/pull/5532
* @365cent made their first contribution in https://github.com/caddyserver/caddy/pull/5564
* @oncilla made their first contribution in https://github.com/caddyserver/caddy/pull/5573
* @testwill made their first contribution in https://github.com/caddyserver/caddy/pull/5576
* @mmm444 made their first contribution in https://github.com/caddyserver/caddy/pull/5567
* @sabify made their first contribution in https://github.com/caddyserver/caddy/pull/5579
* @omerdemirok made their first contribution in https://github.com/caddyserver/caddy/pull/5586
**Full Changelog**: https://github.com/caddyserver/caddy/compare/v2.6.4...v2.7.0-beta.2
## Changelog
* 3f20a7c9 acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)
* b1366c7e build(deps): bump actions/setup-go from 3 to 4 (#5474)
* f3379f65 caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
* 960150bb caddyfile: Implement heredoc support (#5385)
* 8bc05e59 caddyfile: Implement variadics for import args placeholders (#5249)
* 53b6fab1 caddyfile: Stricter parsing, error for brace on new line (#5505)
* cee4441c caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
* 9cde7155 caddyfile: Track import name instead of modifying filename (#5540)
* cfc85ae8 caddyhttp: Add a getter for Server.name (#5531)
* 05e99745 caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* c05e3898 caddyhttp: Enable 0-RTT QUIC (#5425)
* 85375861 caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)
* 1c9ea011 caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)
* cbf16f6d caddyhttp: Implement named routes, `invoke` directive (#5107)
* 2b3046de caddyhttp: Log request body bytes read (#5461)
* 96919acc caddyhttp: Refactor cert Managers (fix #5415) (#5533)
* d8d87a37 caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
* 808b05c3 caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
* 29452647 caddyhttp: Fix h3 shutdown (#5541)
* 6a41b62e caddyhttp: Support custom network for HTTP/3 (#5573)
* a7af7c48 caddytls: Allow on-demand w/o ask for internal-only
* a02ecb0f caddytls: Check for nil ALPN; close #5470 (#5473)
* faf0399e caddytls: Configurable fallback SNI (#5527)
* e16a8868 caddytls: Eval replacer on automation policy subjects (#5459)
* be53e432 caddytls: Relax the warning for on-demand (#5384)
* b97c76fb caddytls: Require 'ask' endpoint for on-demand TLS
* 0cc49c05 caddytls: Zero out throttle window first (#5443)
* 4ba03c9d caddytls: Clarify some JSON config docs
* b301a3df celmatcher: Implement `pkix.Name` conversion to string (#5492)
* 096971e3 ci/cd: ship tarballs with vendored deps (#5403)
* 5ded5804 cmd: Adjust documentation for commands (#5377)
* 508cf2aa cmd: Create pidfile before config load (close #5477)
* 9e691955 cmd: Expand cobra support, add short flags (#5379)
* 5ebb7d49 cmd: Reduce spammy logs from --watch
* 79de6df9 cmd: Strict unmarshal for validate (#5383)
* 205b1426 cmd: Support `'` quotes in envfile parsing (#5437)
* bf54892a cmd: make `caddy fmt` hints more clear (#5378)
* 38cb587e cmd: Avoid spammy log messages (fix #5538)
* 078f130a cmd: Implement storage import/export (#5532)
* f6bab8ba context: Rename func to `AppIfConfigured` (#5397)
* 806341e0 core: Properly preserve unix sockets (fix #5568)
* 942fbb37 core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
* 99d47050 core: Eliminate unnecessary shutdown delay on Unix (#5413)
* c6ac350a core: Return default logger if no modules loaded
* b3f0cea2 encode: flush status code when hijacked. (#5419)
* c8032867 fastcgi: Fix `capture_stderr` (#5515)
* 571fc034 feature: watch include directory (#5521)
* f9bd2d3e fileserver: Add color-scheme meta tag (#5475)
* 6cc3cbbc fileserver: New file browse template (#5427)
* 94d41a9d fileserver: Remove trailing slash on fs filenames (#5417)
* 52d7335c fileserver: Use EscapedPath for browse (#5534)
* 5bd9c490 fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)
* 5336bc0f fileserver: Fix file browser breadcrumb font (#5543)
* 2d236ead fileserver: Fix file browser footer in grid mode (#5536)
* bd34cb6b fileserver: More filetypes for browse icons
* 2615c9c5 fileserver: Only set Etag if not already set (fix #5546) (#5547)
* 56af1ceb fileserver: browse: Better grid layout (#5564)
* cdd3884b fileserver: browse: minor tweaks for grid view, dark mode (#5545)
* 1af419e7 go.mod: Update some dependencies
* 774f2288 go.mod: Upgrade CertMagic
* 0de6064c go.mod: Upgrade CertMagic again
* 9e943319 go.mod: Upgrade dependencies
* 8cb1bb4a go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
* 36546cd8 go.mod: Upgrade several dependencies
* 398c12ae go.mod: Update quic-go to v0.36.0 (#5584)
* 0468508e go.mod: Upgrade CertMagic for hotfix
* 9c180a59 go.mod: Upgrade quic-go to 0.35.1
* 415d1e7b go.mod: Upgrade some dependencies
* e8352aef headers: Add > Caddyfile shortcut for enabling defer (#5535)
* dd86171d headers: Support deleting all headers as first op (#5464)
* 3b19aa2b headers: Allow `>` to defer shortcut for replacements (#5574)
* 330be2d8 httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
* ca14b6ed httpcaddyfile: Sort Caddyfile slice
* 1aef807c log: Make sink logs encodable (#5441)
* cdce452e logging: Actually honor the SoftStart parameter
* f0e39817 logging: Add traceID field to access logs when tracing is active (#5507)
* f3e8b9d9 logging: Soft start for net writer (close #5520)
* b6fe5d4b proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)
* f5a13a4a replacer: Add HTTP time format (#5458)
* 48598e1f reverseproxy: Add `fallback` for some policies, instead of always random (#5488)
* f8b59e77 reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)
* 66e571e6 reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
* 75b690d2 reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* 335cd2e8 reverseproxy: Fix active health check header canonicalization, refactor (#5446)
* 2b04e09f reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
* 10b265d2 reverseproxy: Header up/down support for CLI command (#5460)
* b19946f6 reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
* 4636109c reverseproxy: Remove deprecated `lookup_srv` (#5396)
* 2182270a reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
* 941eae5f reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)
* e3909cc3 reverseproxy: refactor HTTP transport layer (#5369)
* 424ae0f4 reverseproxy: Experimental streaming timeouts (#5567)
* 2ddb7171 reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)
* 361946eb reverseproxy: weighted_round_robin load balancing policy (#5579)
* 13a37688 rewrite: use escaped path, fix #5278 (#5504)
* 2943c418 templates: Add `fileStat` function (#5497)
* 31d75acc templates: Add `readFile` action that does not evaluate templates (#5553)
* b4205617 tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
2023-06-22T01:03:20+00:00rocksdb v8.3.2rocksdb v8.3.22023-06-23T23:45:37+00:00## 8.3.2 (06/14/2023)
### Bug Fixes
* Reduced cases of illegally using Env::Default() during static destruction by never destroying the internal PosixEnv itself (except for builds checking for memory leaks). (#11538)
## 8.3.1 (06/07/2023)
### Performance Improvements
* Fixed higher read QPS during DB::Open() reading files created prior to #11406, especially when reading many small file (size < 52 MB) during DB::Open() and partitioned filter or index is used.
## 8.3.0 (05/19/2023)
### New Features
* Introduced a new option `block_protection_bytes_per_key`, which can be used to enable per key-value integrity protection for in-memory blocks in block cache (#11287).
* Added `JemallocAllocatorOptions::num_arenas`. Setting `num_arenas > 1` may mitigate mutex contention in the allocator, particularly in scenarios where block allocations commonly bypass jemalloc tcache.
* Improve the operational safety of publishing a DB or SST files to many hosts by using different block cache hash seeds on different hosts. The exact behavior is controlled by new option `ShardedCacheOptions::hash_seed`, which also documents the solved problem in more detail.
* Introduced a new option `CompactionOptionsFIFO::file_temperature_age_thresholds` that allows FIFO compaction to compact files to different temperatures based on key age (#11428).
* Added a new ticker stat to count how many times RocksDB detected a corruption while verifying a block checksum: `BLOCK_CHECKSUM_MISMATCH_COUNT`.
* New statistics `rocksdb.file.read.db.open.micros` that measures read time of block-based SST tables or blob files during db open.
* New statistics tickers for various iterator seek behaviors and relevant filtering, as \*`_LEVEL_SEEK_`\*. (#11460)
### Public API Changes
* EXPERIMENTAL: Add new API `DB::ClipColumnFamily` to clip the key in CF to a certain range. It will physically deletes all keys outside the range including tombstones.
* Add `MakeSharedCache()` construction functions to various cache Options objects, and deprecated the `NewWhateverCache()` functions with long parameter lists.
* Changed the meaning of various Bloom filter stats (prefix vs. whole key), with iterator-related filtering only being tracked in the new \*`_LEVEL_SEEK_`\*. stats. (#11460)
### Behavior changes
* For x86, CPU features are no longer detected at runtime nor in build scripts, but in source code using common preprocessor defines. This will likely unlock some small performance improvements on some newer hardware, but could hurt performance of the kCRC32c checksum, which is no longer the default, on some "portable" builds. See PR #11419 for details.
### Bug Fixes
* Delete an empty WAL file on DB open if the log number is less than the min log number to keep
* Delete temp OPTIONS file on DB open if there is a failure to write it out or rename it
### Performance Improvements
* Improved the I/O efficiency of prefetching SST metadata by recording more information in the DB manifest. Opening files written with previous versions will still rely on heuristics for how much to prefetch (#11406).
2023-06-23T23:45:37+00:00AIL-framework v5.1AIL-framework v5.12023-06-26T12:03:46+00:00

Version 5.1 (2023-06-26) includes several changes, fixes, and updates. The changes include fixing gzipped pastes in the pystemon importer, showing a message when the maximum number of nodes is reached in the correlation graph, and adding the ability to auto tag crawled domains. Additionally, new features were added such as pagination for title searches, the ability to search title IDs and contents, and the inclusion of a favicon object.
Several fixes were implemented, including resolving issues with base64 encoding in the pystemon importer, maintaining the same capture UUID for already crawled domains in the crawler, and handling empty queues in the IPAdress module. Other fixes addressed issues with title searches returning empty results, incomplete responses in the crawler, and errors related to user tokens and deletion.
Various improvements were made to different modules and objects, such as the addition of a new `cookie-name` object along with its correlation, enhancements to importers, improvements to the HOWTO guide, and updates to correlation graphs and statistics. The Phone module was also updated to filter invalid phone numbers and display extracted information in the user interface.
In addition to the changes and fixes, there were updates to the MISP export, domains explorer, daterange object, tracker module, and various other components. The README.md file and CI badge were corrected, the installer was fixed for YARA and pycld3 installations, and tests were updated and replaced.
Lastly, there were some general updates, including merging changes from the old CIRCL/AIL-framework repository (the official repository is [ail-project/ail-framework](https://github.com/ail-project/ail-framework) and incorporating a pull request related to email categorization.
Overall, version 5.1 introduced new features, addressed several issues, and included various updates and improvements to different parts of the system.
# Detailed Change Log
## v5.1 (2023-06-26)
### Changes
* [pystemon importer] fix gzipped pastes. [Terrtia]
* [correlation graph] show message if max_nodes reached + fix cookie-name sparkline. [Terrtia]
* [crawler] auto tag crawled domains. [Terrtia]
* [correlation] add an option to remove max number of nodes if max_node == 0. [Terrtia]
* [object cookie-name] add new cookie-name object + correlation. [Terrtia]
* [title search] add pagination. [Terrtia]
* [titles] add title IDs and contents search. [Terrtia]
* [favicon object] add favicon object. [Terrtia]
* [sow item] show item investigations. [Terrtia]
* [kvrocks migration] mv update/v.50. [Terrtia]
* [redis] update minimal version. [Terrtia]
* [doc] add AIL v5.0 + objects + Importers + sync. [Terrtia]
* [correlation] filter blank screenshots. [Terrtia]
* [importers] improve abstract class and logs. [Terrtia]
* [domains explorer] unsafe tag default image. [Terrtia]
* [README.md] update. [Terrtia]
* [HOWTO] improve HOWTO. [Terrtia]
* [correlation graph] update node legend. [Terrtia]
* [correlation graph] select correlation depth. [Terrtia]
* [correlation] correlation graph: filter title objects. [Terrtia]
* [correlation] add direct correlation stats. [Terrtia]
* [new title object] add new title object + correlation on page title. [Terrtia]
* [Phone module] Filter Invalid Phone numbers + UI Show extracted. [Terrtia]
* [importers] add Dir/File Importer. [Terrtia]
### Fix
* [pystemon importer] fix base64 encoding. [Terrtia]
* [crawler] same capture uuid if a domain is already crawled. [Terrtia]
* [IPAdress module] empty queue if no IP ranges provided. [Terrtia]
* [retro hunt] fix object tag queue + decoded content. [Terrtia]
* [daterange object] fix objects by date. [Terrtia]
* [title] fix title search empty result. [Terrtia]
* [crawler] fix incomplete response. [Terrtia]
* [user] fix get user token #163. [Terrtia]
* [user] fix user delete #163. [Terrtia]
* [MISP export] fix ail object first/last seen + obj logger. [Terrtia]
* [MISP export] fix empty event. [Terrtia]
* [d4] change enable d4. [Terrtia]
* [kvrocks migration] [Terrtia]
* [objects] fix investigation + ail2ail + screenshot MISP export. [Terrtia]
* [domains explorer] None screeenshot. [Terrtia]
* [show domains] fix down domains. [Terrtia]
* [domains explorer] domain screeenshot. [Terrtia]
* [domains explorer] fix empty screenshots. [Terrtia]
* [correlation] fix tagging nb nodes. [Terrtia]
* [README.md] fix CI badge. [Terrtia]
* [README.md] fix logo. [Terrtia]
* [module.cfg] fix templateModule example. [Terrtia]
* [module extractor] fix tracker extractor. [Terrtia]
* [tracker] fix tracker delete. [Terrtia]
* [tracker] fix webhook. [Terrtia]
* [crawler] fix undefined capture status. [Terrtia]
* [correlation btc info] catch btc txs error. [Terrtia]
* [Phone module] Filter Invalid Phone numbers. [Terrtia]
* [phone] fix phone module. [Terrtia]
* [domain search] fix template domain types filter. [Terrtia]
* [domain search] fix template domain types filter. [Terrtia]
* [MISP auto export] fix module input message. [Terrtia]
* [tests] replace unmaintened nose by nose2. [Terrtia]
* [tests] fix tests. [Terrtia]
* [instaler] fix yara and pycld3 install. [Terrtia]
* [tests] github workflow. [Terrtia]
* [tests] github workflow. [Terrtia]
* [flask] remove old import. [Terrtia]
### Other
* Merge github.com:CIRCL/AIL-framework. [Terrtia]
* Merge pull request #592 from shadow2033/patch-2. [Thirion Aurélien]
Update Categ Mail
* Update Mail. [shadow2033]
///English
added (inbox; zoho)
///Russian
добавлен (inbox; zoho)
2023-06-26T12:03:46+00:00PyPCAPKit v1.0.2.post8PyPCAPKit v1.0.2.post82023-06-27T10:42:44+00:002023-06-27T10:42:44+00:00timesketch 20230628timesketch 202306282023-06-28T13:08:01+00:00## What's Changed
* Update changelog by @berggren in https://github.com/google/timesketch/pull/2768
* Scenarios model refactor by @berggren in https://github.com/google/timesketch/pull/2672
* Ssh bruteforce analyzer by @roshanmaskey in https://github.com/google/timesketch/pull/2769
* Add missing dependency for e2e container by @berggren in https://github.com/google/timesketch/pull/2783
* 🐛 Handle None response from ip2geo by @pemontto in https://github.com/google/timesketch/pull/2770
* Fix #2784 - pandas.read_csv arguments by @jkppr in https://github.com/google/timesketch/pull/2785
* Add tzdata to all container builds by @berggren in https://github.com/google/timesketch/pull/2788
* Fix for #2738 - Analyzer not in AnalyzerList by @jkppr in https://github.com/google/timesketch/pull/2786
* Fixing #2393 - analysis of broken timelines by @jkppr in https://github.com/google/timesketch/pull/2787
* Helm k8s by @wajihyassine in https://github.com/google/timesketch/pull/2661
* Enable settings from environment (needs Flask 2.1+) by @bpereto in https://github.com/google/timesketch/pull/2417
* Add 🐀 emoji for remote access tools by @pemontto in https://github.com/google/timesketch/pull/2779
* Switch to Compose V2 by @koromodako in https://github.com/google/timesketch/pull/2654
* Return user defined aggregation name when using the API client by @sydp in https://github.com/google/timesketch/pull/2507
* Bump cryptography from 39.0.1 to 41.0.0 by @dependabot in https://github.com/google/timesketch/pull/2778
* Bump pyjwt from 1.7.1 to 2.4.0 by @dependabot in https://github.com/google/timesketch/pull/2192
* Update Helm README to refer to OSDFIR Infrastructure by @wajihyassine in https://github.com/google/timesketch/pull/2790
* DFIQ support by @berggren in https://github.com/google/timesketch/pull/2782
* Fix for importing small JSONL files by @berggren in https://github.com/google/timesketch/pull/2793
* Restyle timeline chips by @Annoraaq in https://github.com/google/timesketch/pull/2777
* Windows bruteforce analyzer by @roshanmaskey in https://github.com/google/timesketch/pull/2792
* Automate verbose analyzer output metadata collection by @jkppr in https://github.com/google/timesketch/pull/2798
* Update the event tags UI by @jkppr in https://github.com/google/timesketch/pull/2805
* UI support for verbose analyzer output by @jkppr in https://github.com/google/timesketch/pull/2797
* New UI build (automated) by @berggren in https://github.com/google/timesketch/pull/2806
## New Contributors
* @bpereto made their first contribution in https://github.com/google/timesketch/pull/2417
* @koromodako made their first contribution in https://github.com/google/timesketch/pull/2654
**Full Changelog**: https://github.com/google/timesketch/compare/20230526...202306282023-06-28T13:08:01+00:00PyPCAPKit v1.0.3PyPCAPKit v1.0.32023-06-29T05:22:53+00:002023-06-29T05:22:53+00:00PyPCAPKit v1.0.3.post1PyPCAPKit v1.0.3.post12023-06-30T02:50:49+00:002023-06-30T02:50:49+00:00Lookyloo v1.21.0Lookyloo v1.21.02023-06-30T20:46:08+00:00# New Features
* Allow to pass a timezone, geolocation coordinates, locale, and color scheme to a capture
* Add a global proxy option in the settings
* Improve SMTP auth for notifications
# Changes
* Store the capture settings in order to reuse them later (like for re-capture)
* Avoid failing if Lacus isn't available ant retry a few times
# Bugfixes
* Properly handle captures with errors, improve logging accordingly
* Resubmit captures if they were deleted on Lacus without storing a response (generally if something crashed)2023-06-30T20:46:08+00:00maltrail 0.59maltrail 0.592023-06-30T22:11:04+00:00Start-of-month release2023-06-30T22:11:04+00:00PyPCAPKit v1.0.3.post2PyPCAPKit v1.0.3.post22023-07-03T16:27:47+00:002023-07-03T16:27:47+00:00PyPCAPKit v1.0.3.post3PyPCAPKit v1.0.3.post32023-07-04T04:33:34+00:002023-07-04T04:33:34+00:00PyPCAPKit v1.1.0PyPCAPKit v1.1.02023-07-09T07:59:03+00:002023-07-09T07:59:03+00:00PyPCAPKit v1.1.0.post1PyPCAPKit v1.1.0.post12023-07-09T08:01:33+00:002023-07-09T08:01:33+00:00MISP v2.4.173MISP v2.4.1732023-07-11T07:00:01+00:00---
title: MISP 2.4.173 released with various bugfixes and improvements
date: 2023-07-11
layout: post
---
We are pleased to announce the immediate availability of [MISP v2.4.173](https://github.com/MISP/MISP/releases/tag/v2.4.173) with a new password reset feature, along with a host of quality of life improvements and fixes.
# Password reset self-service
We have added a new functionality allowing administrators to enable user self-service for forgotten passwords. When enabled, users will have an additional link below the login screen, allowing them to enter their e-mails and receive a token that can be used to reset their passwords.
The feature requires the user to have a valid encryption key and the lifetime of the tokens is hard-coded to be 10 minutes.

# New dashboard widgets
The dashboard has seen another round of improvements, with various fixes and new widgets added. 2.4.173 includes the following new widgets:
- Logarithmic events/org chart (Thanks @vincenzocaputo)
- ATT&CK heatmap widget
Additionally, you can now download the raw data used to feed each widget.

# Security fixes
2 vulnerabilities have also been resolved:
## Stored XSS via select page titles
Improper sanitisation of user-controlled data ending up in view titles lead to stored XSS
Huge thanks to Ulaş Deniz İlhan from Zigrin Security (absolute heroes at discovering vulnerabilities in MISP!)
[CVE-2023-37307](https://cve.circl.lu/cve/CVE-2023-37307)
## RCE via uploaded certificates
Malicious administrators could trigger RCE by uploading a well crafted file as an SSL certificate for the sync connection.
[CVE-2023-37306](https://cvepremium.circl.lu/cve/CVE-2023-37306)
Additional information on the vulnerability can be found at the excellent [blog post from synacktiv](https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle)
Huge thanks to @righel for finding and fixing the vulnerability!
# A long list of fixes
As always, we have been diligent with including a long list of fixes, including for issues with server sync certificate handling, url encoding of spaces in search strings, CSRF errors and much more! For a detailed list of fixes, please refer to the [changelog](https://www.misp-project.org/Changelog.txt).
## MISP Objects and Relationships
- Updated relationships to include the ones used by [LookyLoo](https://lookyloo.circl.lu)
- Many improvements following [OASIS STIX TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti)
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- Updated threat actor database to include Budapest Convention relation.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- New warning list digitalSide.IT warninglist added.
- Updated warning-lists for all sources.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
## MISP taxonomies
For more details, the [misp-taxonomies changelog](https://www.misp-project.org/Changelog-misp-taxonomies.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.2023-07-11T07:00:01+00:00AIL-framework v5.2AIL-framework v5.22023-07-12T13:21:27+00:00
The latest release, version 5.2 of the AIL project framework, introduces several changes, fixes, and improvements. Some notable changes include the removal of old updates prior to version 5.0, a refactoring of the background updater along with the addition of the v5.2 update, and the introduction of a new etag object. The correlation graph now offers an option to hide objects/nodes and reset functionality using the "H" key. Additionally, an object comment feature has been added to investigations.
Several fixes have been implemented in this release. The environment issues in the updater and background update modules have been resolved. The crawler now includes timeouts for Unknown captures and exception handling for ping_lacus. It also performs an existence check for screenshot sets. The decoding process for downloaded files has been fixed, and the tag functionality for correlation objects has been improved. Fixes have also been made to the updater module, including the removal of old ARDB environment references. Lastly, issues with MISP event JSON export and retro hunt date search and description in the hunter module have been addressed.
In terms of contributors, [Thirion Aurélien](https://github.com/terrtia) and [fukusuket](https://github.com/fukusuket) have made significant contributions to this release, addressing specific issues and providing fixes.
# Detailed Change Log
## v5.2 (2023-07-12)
### Changes
* [update] remove old updates < 5.0. [Terrtia]
* [updater] refactor background updater + add v5.2 update. [Terrtia]
* [crawler har] compress HAR. [Terrtia]
* [correlation] correlation graph, add an option to hide an object/node by pressing H + reset correlation graph. [Terrtia]
* [etag] add new etag object. [Terrtia]
* [investigation] add object comment. [Terrtia]
### Fix
* [updater] fix env. [Terrtia]
* [background update] fix logger. [Terrtia]
* [crawler] add timeout to Unknown captures. [Terrtia]
* [crawler] add exception handing for ping_lacus. [fukusuket]
* [crawler] added existence check for screenshot set. [fukusuket]
* [decoded] fix download file. [Terrtia]
* [updater] fix db checker. [Terrtia]
* [correlation tags] fix tag all objects. [Terrtia]
* [correlation card decoded meta] mimetype + size. [Terrtia]
* [correlation card decoded meta] mimetype + size. [Terrtia]
* [updater] remove old ARDB env. [Terrtia]
* [hunter + misp export] fix misp event json export + retro hunt date search and description. [Terrtia]
### Other
* Merge pull request #174 from fukusuket/fix-500-erro-when-invalid-lacus-url. [Thirion Aurélien]
fix: [crawler] add exception handing for `ping_lacus`
* Merge pull request #176 from fukusuket/fix-500-error-when-crawler-screenshot-setting-off. [Thirion Aurélien]
fix: [crawler] added existence check for screenshot set
2023-07-12T13:21:27+00:00