Releases: OpenCTI-Platform/opencti
Version 5.3.16
Dear community, OpenCTI version 5.3.16 has been released π₯³! This version fixes all known bugs of the platform and introduces minor enhancements in different views of the user interface π. Also, a new type of observable is available to modelize media content (Twitter, Facebook, Telegram, Website article, etc.) π°.
π¨ This release contains important security fixes, we strongly advise all organizations to upgrade as soon as possible their instance. π¨
Big thanks to @sandeshkumart for the security report/analysis
Enhancements:
- #2402 Add media content SCO
- #2400 Cannot create Indicator Sighting for Sectors
- #1905 Add "Rust" to Malware programming languages + allow Admins to add custom languages
- #1903 From a Report, view what other Reports have IOCs in common
- #1831 Inferred targeting of sectors or regions are called "Direct targeting"
- #1813 Bug of display when moving in the chronology (date not correctly taken into account
- #1794 Trying to import STIX2 with a
resolves-torelationship between two observables results in an error - #1783 When viewing the targetting of a sector by a threat actor, the intrusion sets used should be more visible
- #1766 MITRE implemented non-standard STIX relationship
detects - #1756 Export observables (and other objects) from and SDO's Knowledge page
Bug Fixes:
- #2403 Not possible to view export when report's title contains some special characters
- #2396 Target type filter not working in the observable section of threats
- #2391 Not possible to empty the author field
- #2395 Subscriptions & digests error
- #2381 The "Subscriptions & digests" email returns "{defaultValue(entry)}"
Pull Requests:
- Expand list of Event types by @mattreduce in #2393
New Contributors:
- @mattreduce made their first contribution in #2393
Full Changelog: 5.3.15...5.3.16
Contributors
Assets 4
Version 5.3.15
Dear community, OpenCTI 5.3.15 has been released π‘! This version fixes a few minor bugs in some connectors, the Python library and the frontend π€.
Enhancements:
- #2377 Avoid automatic enrichment when editing in the built-in editor
Bug Fixes:
- #2358 There are some Bugs in Content menu(download)
Full Changelog: 5.3.14...5.3.15
Version 5.3.14
Dear community, OpenCTI version 5.3.14 is out π₯³! This version fixes a major bug in stream connectors and some other minor issues in the frontend and connectors work management β¨.
Bug Fixes:
- #2376 Truncate history/errorcontent message to prevent elastic/opensearch query errors
- #2374 Stream connectors can have an erroneous state with "-0-0"
- #2372 Content's table looks weird (version : 5.3.12)
Full Changelog: 5.3.13...5.3.14
Version 5.3.13
Dear community, OpenCTI 5.3.13 is out π€―! This minor release fixes some minor bugs in the user interface graphs and the rule engine data update π. Also, it significantly improves the memory footprint of the platform when merging entities with a lot of relationships π‘.
In the Python library, the stream manager and helper has been enhanced to fix all known issues when consuming streams from connectors or in third-party systems π‘.
Enhancements:
- #2366 [api] Improve merging memory footprint
- #2357 [api] Relation check for type detection improvement for observables
- #2356 [api] Improve stream delay and heartbeat occurrence
Bug Fixes:
- #2367 [api] Upsert of inferred entity fail
- #2360 Text adjustment in lateral panel
- #2359 Images are missing in graphs for new types of entity
Pull Requests:
- Adjust content to be shorter by @febrezo in #2361
- [api] Improve merging memory footprint (#2366) by @richard-julien in #2368
- Fix typo in 'agent' role by @febrezo in #2364
- More tiny fixes in the Spanish translation by @febrezo in #2363
Full Changelog: 5.3.12...5.3.13
Contributors
Assets 4
Version 5.3.12
Dear community, OpenCTI 5.3.12 is out π€―! This new minor version fixes some important bugs especially in background tasks and connectors π©Ή. Also, the format of the STIX IDs (and internal IDs) is now verified before ingestion and creation of objects π§½.
If you have developed connectors that directly call the API through GraphQL, you will have to migrate some query definitions from string type to StixId type.
Enhancements:
- #2337 Validate STIX IDs and internal IDs when creating entities / relationships
- #2344 The relationship type "uses" is not allowed between Artifact and Attack-Pattern
- #2325 Extend the supported entity types for a CSV feed
Bug Fixes:
- #2343 "Select all" for Bulk update within Analysis Report "Observables" view causes edit to apply to all observables in system
- #2342 Search bar results for Channels
- #2338 In StixSighting: TypeError: null is not an object (evaluating 'd.entity_type')
Pull Requests:
- Fix typos (and linting) in French locales by @febrezo in #2328
- Add extra spanish locales by @febrezo in #2340
Full Changelog: 5.3.11...5.3.12
Contributors
Assets 4
Version 5.3.11
Dear community, OpenCTI version 5.3.11 has been released π₯³! This version is a hotfix for a few minor bugs in the user interface and some connectors π€.
Enhancements:
- #2332 [Front] Add Spanish translation
Bug Fixes:
- #2333 [Front] Some special characters in report names are not escaped when uri is generated
- #2329 GraphQL playground not working in Docker releases
- #2326 image file(png,jpg,webp etc.) upload fail in html content
Pull requests:
New Contributors:
Full Changelog: 5.3.10...5.3.11
Contributors
Assets 4
Version 5.3.10
Dear community, OpenCTI 5.3.10 has been released π₯³! This minor version includes some Python client bugfixes as well as the resolution of 2 other bugs in the main platform π¨.
Bug Fixes:
- #2323 External reference files automatic import can lead to errors
- #2305
observedDatasquery does not filter byobjectContains
Full Changelog: 5.3.9...5.3.10
Version 5.3.9
Dear community, OpenCTI 5.3.9 is out π! This minor version intends to hotfix minor bugs affecting files import, data export and migration to TLPv2 πΌ.
Also, multiple connectors have been fixed like Mandiant, MISP platform, MISP feeds, VirusTotal and IpInfoπ.
Enhancements:
- #2322 Prevent files upload / modification to be part of the history
- #2321 Let user query the API bypassing 2FA when using Token authentication
- #2319 Create observables from indicator improved to handle more situation.
- #2318 Bucket initialization can fail if platform use a remote managed bucket
- #2315 Let user work with the playground without internet connection
- #2310 Alignment mismatch in data entities / relationships loaders and data
Bug Fixes:
- #2314 Data export inside container cant find any elements
- #2313 Migrate is not possible if white marking has been deleted
- #2312 Alignment loading problem in data entities and relationships
- #2311 Global upload job trigger compatible connectors twice
Pull Requests:
- [api] Offline playground deployment (#2315) by @richard-julien in #2316
Full Changelog: 5.3.8...5.3.9
Contributors
Assets 4
Version 5.3.8
Dear community, we are proud to announce the release of OpenCTI 5.3.8 π₯³! Even if this version is shipped as minor, it introduces many enhancements and several connectors π₯. Also, all known bugs have been fixed π!
Foremost, new features have been implemented such as:
- New entities and relationships for Foreign Information Manipulation and Interference (FIMI) modelization β‘οΈ.
- Built-in two-factor authentication π.
- Huge improvement on synchronization engine speed (using workers instead of background process) π.
- Data segregation in the history / audit log displayed in the entities ποΈ.
- Migration to TLPv2 π¦.
- New massive operations such as enrichment, promoting observables to indicators, etc π.
- New observable types: Payment Cards, Bank Accounts and Phone numbers π¦.
Then, we would like to warmly thank all the contributors of the community for the considerable effort made on the connectors:
- New connectors for standalone MISP Feeds (JSON), Intel471, URLScan, Maltiverse, MWDB, Orange Cyberdefense, etc π.
- Multiple fixes in Mandiant, Elastic Security and globally stream-based connectors π§βπ.
- Improvements in the ImportDocument connector as well as VirusTotal and Splunk π.
This version includes the full compatibility with ElasticSearch 8 (including latest 8.4.1) and OpenSearch 2 (including latest 2.2.0) and major bug fixes in stream / TAXII / migrations π.
Enhancements:
- #2303 Implement background tasks on relationships screen
- #2298 Improve platform history manager to handle marking definition of modifications
- #2290 Implement new SROs for Vulnerability and Infrastructure
- #2280 Ability to filter on Observable type in the Knowledge view on a specific object
- #2273 Background task for indicator / observables creation
- #2267 TLP v2 Standard
- #2261 Implement 2FA authentication
- #2252 Additional Observable/Indicator Types - Credit Card, Bank Card,Phone Number
- #2251 Better management of enrichment / expired works in Redis
- #2240 Observable Filters to be added Reports > Observables
- #2237 "Expand labels" functionality in Investigations view
- #2224 Click on TTPs matrix to create a new relationship
- #2223 [BUCKET] All needed new relationship types and screens to modelize desinformation / interferences
- #2222 [BUCKET] All needed new entity types to modelize desinformation / interferences
- #2219 On dashboard, be able to only display reports in the "latest analysis" section
- #2211 Be able to filter on relationship type in subscriptions
- #2210 Rename attribute to column in CSV feed configuration
- #2208 Migrate synchronizer to use workers absorption. Improve speed and prevent hung up
- #2207 Increase the maximum number of results in global search
- #2199 Add vhost configuration for RabbitMQ
- #2186 Cannot modify External ID on Courses of Action
- #2178 When exporting observables, include all information about them (including file name(s), hashes, etc)
- #2132 Content files has a trash button that should prompt for a confirmation
- #1715 Bulk Enrichment of compatible elements
- #1429 (small) Issues with PNG exports
- #1375 Graph improvement: add a search bar in graphs display
Bug Fixes:
- #2302 Home dashboard not reloading
- #2295 Static resources are being incorrectly rewritten behind NGINX reverse proxy
- #2292 Sighting link not working in inference explanation graph
- #2286 Can't create "uses" relationship from File to Attack Pattern
- #2279 Multiple Startup errors with migration from 5.2.4 to 5.3.7
- #2265 Default stream URL is flooding with heartbeats
- #2247 Artifact file not included in stream files extensions
- #2246 MITRE "will produce only internal modification" error
- #2241 Malware first_seen and last_seen not updated during "upsert"
- #2227 Date picker crashes when language is not correctly set for a user
- #2205 Multiple errors "this update will only produce internal modifications"
- #2291 In v5.3.7 /taxii2/root/collections/:id/objects no longer works.
- #2184 Can't see mitigates relationships data in relationship tab
- #1608 Display of some HTML files uploaded as attachment is incorrect
Pull Requests:
- Add rabbitmq:vhost config option (#2199) by @rlynch-ironnet in #2200
- Switch object storage to use AWS S3 SDK by @jake-walker in #2260
- Loading refactor to support partial access rights in relationship by @richard-julien in #2277
- Introduce Disinformation entities (channel / event / language / narrative) by @richard-julien in #2297
- Refactor of relation stix generation / File upload auto enrichment by @richard-julien in #2304
New Contributors:
- @rlynch-ironnet made their first contribution in #2200
Full Changelog: 5.3.7...5.3.8
Contributors
Assets 4
Version 5.3.7
Dear community, OpenCTI 5.3.7 has been released π₯³! This new version fixes minor bugs, especially in the report graph view (adding of new entities) 𫧠and in export of observables πͺ£ .
Also, the overall date / time management in the user interface has been enhanced to reflect proper formats, languages and precision π . Last but not least, it's now possible to use S3 credentials from AWS IAM execution role πββοΈ.
Enhancements:
- #2175 Timestamp entry in forms should permit entering better resolution than just date
- #2154 Allow MinIO Credentials to be fetched from AWS ECS attached IAM Execution Role
- #2146 GraphQL Issue when visualising Connectors in data section
- #2024 Allow EC2 metadata credentials.