Moloch Versions Save

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

v4.5.0

6 months ago

Changelog

  • release - node 16.20.2
  • release - added missingok to default logrotate for arkime
  • capture - dns answers were double parsed
  • capture - custom-fields honors viewerOnly:true
  • capture - added dns.https fields
  • capture - added cert:certificate-authority tag (thanks mcgillowen )
  • cont3xt - remove raw view button for link groups on the cont3xt search page
  • cont3xt - Overview shortcut
  • cont3xt - fixed overviews not updating on switch
  • db.pl - don't allow '.' to be used for sync/add path
  • viewer - fixed ipv6 session display issues when :: in ip
  • viewer - http display rewritten to not depending on nodejs internals
  • viewer - gpe display improvements

v4.4.0

6 months ago

Changelog

  • release - cyberchef 10.5.2
  • release - update arkime_update_geo.sh to use different manuf location
  • all - improved json verification
  • all - better logging when requiredAuthHeader fails
  • all - better role creation/usage validation
  • all - don't allow circular role dependencies
  • all - now need to be an userAdmin and *Admin to update *Admin change settings for another user
  • all - more auth debugging
  • all - can now change the password of another *Admin user if you have userAdmin and all the same *Admin
  • all - hide webEnable, headerAuthEnable checkboxes for roles
  • all - oidc now uses sameSite: Lax instead of sameSite: Strict for cookies
  • capture - handle tcp port reuse better
  • capture - fix kafka memory leak when produce fails
  • cont3xt - New overview cards
  • cont3xt - fix startup race condition with db init
  • cont3xt - new search protocol to prepare for bulk
  • parliament - fix parliament clean start not letting auth be set up
  • viewer - gtp decoding
  • viewer - demo mode improvements, arkimeAdmin can use normally
  • viewer - fix unique endpoint not enforcing user time limit

v4.3.2

6 months ago

Changelog

  • release - cyberchef 10.4.0 libpcap 1.10.4
  • all - config 'prefix' can be at most 50 characters
  • all - new cookie generation code
  • capture - handle packets better at epoch time
  • cont3xt - add twilio country code tidbit
  • cont3xt - add httpRealm to sample config
  • cont3xt - help improvements
  • cont3xt - minor UI improvements
  • db.pl - set ISM deleteTime for sessions correctly
  • esproxy - add tests
  • parliament - fixed occasional missing token error
  • viewer/wise - Field/Value actions now support all:true to show on every instance
  • viewer - Fix Src/Dst mouse over for packets/bytes
  • viewer - Field Actions didn't work in expanded meta
  • viewer - Fix sending/receiving sessions not working

v4.3.1

6 months ago

Changelog

  • BREAKING - If running mixed versions of Arkime, broken cron queries error might show on OLD version
  • release - fix ubuntu22 kafka dep
  • all - passwordSecret log message now has the right [section]
  • capture - --tags option now works as well as --tag
  • viewer - new auto cronQueries setting
  • viewer - change where primary viewer info is stored to not cause constant mapping change
  • viewer - fixed ipv6 not working, now assumes zero filled with mask (if not provided)
  • viewer - code refactor into javascript classes

v4.3.0

6 months ago

Changelog

  • BREAKING - Only SuperAdmin can assign *Admin roles now
  • release - fix kafka library linking
  • release - al2023 support
  • release - improve arkime_config_interfaces.sh
  • release - Configure doesn't offer demo Elasticsearch on Arch
  • release - reqBodyOnlyUtf8=true in sample config file
  • all - support colon in OpenSearch/Elasticsearch password
  • all - fix some prototype pollution
  • all - improve roles enforcement
  • all - New authTrustProxy setting
  • capture - tcpClosingTimeout setting controls delay before saving tcp sessions after close
  • capture - default dbBulkSize to 1M, min 500K, max 15M and removed from sample config file
  • capture - s3 writer now writes multiple files based on packetThreads
  • capture - s3 writer supports zstd, s3Compression setting
  • capture - s3 writer compression level, s3CompressionBlockSize setting
  • capture - s3 writer block size, s3CompressionBlockSize setting
  • capture - s3 writer gap encoding, s3GapPacketPos setting
  • capture - s3 writer when s3UseECSEnv is true use container env vars to find the id/key/token for s3 auth
  • capture - improve Gh0st parser (#2225)
  • capture - new dnp3 & finger classifier
  • capture - tcphealthcheck adding debugging
  • capture/viewer - includes setting ignores missing files starting with -
  • cont3xt - add malicious tidbit from urlscan results
  • cont3xt - add malicious and brand columns to results table for urlscan
  • cont3xt - link group UI improvements
  • cont3xt - add createDate for whois data
  • db.pl - new --ifneeded option to init/upgrade that will exit if not needed
  • parliament - fix digest auth
  • parliament - better auth support
  • parliament - improve issue page and filters
  • viewer - display errors when cronQueries isn't configured
  • viewer - fix first sessions table row obscured sometimes
  • viewer - disable more apis in demo mode
  • viewer - allow roles forced expression without user forced expression (#2213)
  • viewer - s3 now use each file's bucket to determine access style
  • wise - only send csp headers in initial request for wise page

v4.2.0

6 months ago

Changelog

  • release - node 16.19.1, support node v18
  • release - fix arch build issues
  • release - EL9 build uses sha256 digest
  • all - OpenSearch/Elasticsearch name cleanup
  • all - cleanup nodejs dependencies
  • all - refactor how authentication is done, everything now uses passportjs
  • all - support oidc authentication method
  • all - caTrustFile setting should work everywhere
  • capture - support ERSPAN Type I and vlan for Type II
  • capture - new kafka plugin for sessions
  • capture - use malloc instead of GSlice
  • capture - corrupt DNS alt name memory leak fixed
  • capture - Added simpleFreeOutputBuffers setting
  • cont3xt - raw create link groups
  • cont3xt - two clicks to delete link groups or links
  • cont3xt - classify domains with multiple dashes correctly
  • cont3xt - added ability to copy links between link groups
  • cont3xt - support intl phonenumbers
  • db.pl - Initial OpenSearch ISM support
  • db.pl - Better error text for cert verify failure
  • esproxy - fix converting basic auth to base64
  • viewer - fix field actions crash
  • viewer - can now use expression http.request.FIELD or http.response.FIELD with headers-http-request, headers-http-response defined fields
  • viewer - support viewing ipv6 DLT_RAW (#1293)
  • viewer - ESAdmin -> Unflood works on users cluster now also
  • viewer - support running in s2s auth mode only

v4.1.0

6 months ago

Changelog

  • release - glib 2.72.4 cyberchef 9.55.0 flot 4.2.3 d3 7.7
  • db.pl - backup/restore wasn't dealing with templates correctly
  • db.pl - upgrade failed if there was no moloch_shared user
  • db.pl - repair now fixes missing history/ecs templates
  • db.pl - fix users-export/users-import
  • cont3xt - support missing auth and userTmpl settings
  • cont3xt - Hide link group when no links match filter
  • cont3xt - Added landing page
  • capture - allow wise field dst.ip:port
  • capture - add VNI field
  • capture - initial tzsp reader support
  • capture - y2038 fixes
  • capture - Integer ops in rules now support a leading min or max which only sets the value if less than or greater than current value
  • wise - added usersElasticsearchBasicAuth setting and lmdb cache support
  • wise - add passivetotal value action if at least key is defined
  • viewer - fix es node stats for different node.roles
  • viewer/cont3xt - can now search roles
  • viewer/cont3xt - don't show change password menu item if web auth is enabled for user and disableUserPasswordUI is true

v4.0.3

6 months ago

Changelog

  • release - cyberchef 9.54.0
  • release - copy systemd files instead of soft linking
  • releaes - capture/viewer systemd files now After OpenSearch/Elasticsearch
  • capture - on short runs, field definitions weren't getting updated
  • capture - s3 writer sets s3Compress to false with s3WriteGzip true
  • capture - JA3s value was sometimes incorrect
  • cont3xt - fixed digest mode fetching settings from config file
  • db.pl - fixed init not working with OpenSearch sometimes
  • db.pl - will now count data or data_hot node roles
  • viewer - fixed showing more than 10 roles

v4.0.2

6 months ago

Changelog

  • release - cyberchef 9.48.0
  • all - better console output sanitization
  • capture/viewer - Add TLS Certificate Organisational Unit field parsing (PR #2038)
  • capture - use arkime_update_geo.sh in error msg
  • capture - log error and exit if fields loading fails
  • release - Stop Configure from destroying systemd files

v4.0.1

6 months ago

Changelog

  • addUser.js - remove WARNING adding first user
  • addUser.js - --webauthonly now sets header auth flag
  • all - better console output sanitization
  • capture - offline pcap allows more outstanding packets based on maxPacketsInQueue
  • db.pl - Fixed some OpenSearch compatibility
  • db.pl - Fixed upgrading to 4.x with no _moloch_shared user
  • viewer - Fix cert notbefore/notafter showing bad dates in sessions table