Mwdb Core Versions Save

Upgrade highlights:

If you use plugins that are adding new endpoints to the API, you need to fix Resource imports before upgrade: What's changed

New features and improvements:

• Support for Prometheus metrics (https://github.com/CERT-Polska/mwdb-core/pull/908, Prometheus metrics docs)
• Refactored search engine to improve search performance for configs, attributes and file names (https://github.com/CERT-Polska/mwdb-core/pull/906)
• UI: changed attribute adding modal to always show preview and make JSON values less concerning (https://github.com/CERT-Polska/mwdb-core/pull/921)
• Limited default verbosity of logs (https://github.com/CERT-Polska/mwdb-core/pull/909, see note about enable_debug_log)
• Added support for execute attribute that is passed to Karton to enable/disable execution in sandbox (https://github.com/CERT-Polska/mwdb-core/pull/904, thanks @msm-cert)
• Flask-Limiter was replaced with direct use of limits library (https://github.com/CERT-Polska/mwdb-core/pull/915)
• Dropped usage of Flask-Restful (https://github.com/CERT-Polska/mwdb-core/pull/916)

Bug fixes:

• Fix: installation issues on Debian 12 (bumped psycopg2-binary to 2.9.9, https://github.com/CERT-Polska/mwdb-core/pull/922)
• Fix: ISE 500 on user removal (https://github.com/CERT-Polska/mwdb-core/pull/913)
• Fix: Don't treat 0 number as an empty attribute value (https://github.com/CERT-Polska/mwdb-core/pull/920)
• Fix: MWDB doesn't surrender on Karton when can't be loaded eagerly and tries to load it lazily (https://github.com/CERT-Polska/mwdb-core/pull/919)
• Web: Fixed race condition with applying request_timeout value (https://github.com/CERT-Polska/mwdb-core/pull/905)

Full Changelog: https://github.com/CERT-Polska/mwdb-core/compare/v2.11.0...v2.12.0

New features and improvements:

• Simple UI for uploading configurations and blobs (by @postrowinski in https://github.com/CERT-Polska/mwdb-core/pull/803)
• Object tabs are extendable via plugins (by @yankovs in https://github.com/CERT-Polska/mwdb-core/pull/896)
• Bump karton-core to v5.3.2 (by @yankovs in https://github.com/CERT-Polska/mwdb-core/pull/902)

Full Changelog: https://github.com/CERT-Polska/mwdb-core/compare/v2.10.3...v2.11.0

Bugfixes:

• Bumped Werkzeug to 3.0.1 including critical fix for very slow upload of huge files having speciifc layout (see https://github.com/CERT-Polska/mwdb-core/pull/885)
• Fixed uneditable parent field in Upload view (https://github.com/CERT-Polska/mwdb-core/pull/879)

Bugfixes:

• Fixed default web_bundle_dir so webapp works correctly in standalone PyPi installation (https://github.com/CERT-Polska/mwdb-core/pull/873)

Most important change in this bugfix release is rollback to libfuzzy2 for ssdeep hash evaluation instead of ppdeep introduced in v2.9.0. It means that for standalone installation (from PyPi) you need to install libfuzzy2 before applying this upgrade.

Bugfixes:

• Removed ppdeep dependency in favor of previously used python-ssdeep (libfuzzy2) that caused worker timeouts when big file (>30MB) was uploaded (https://github.com/CERT-Polska/mwdb-core/pull/868)
• Search in Search tab wasn't working (https://github.com/CERT-Polska/mwdb-core/pull/871)
• Fixed flickering and showing wrong results when user navigated to query URL (https://github.com/CERT-Polska/mwdb-core/pull/867)
• Fixed multiple issues in Rich attributes:
  • wrong search URL for searchable fields in lists (https://github.com/CERT-Polska/mwdb-core/pull/869)
  • search link was not rendering correctly when searchable field value contained space (https://github.com/CERT-Polska/mwdb-core/pull/870)

Other changes:

• included PID argument and before_request entries in log (https://github.com/CERT-Polska/mwdb-core/pull/861)

Small, minor release that provides bugfixes and Karton integration improvements:

It's recommended to upgrade karton-system to v5.2.0 before upgrading mwdb-core (if Karton is used within your pipeline).

Minor improvements:

• Karton: quality and share_3rd_party headers are using persistent headers and they're automatically added to all tasks within analysis (https://github.com/CERT-Polska/mwdb-core/pull/858)
• Bumped Karton to v5.2.0

Bugfixes:

• Fixed issues related with "hex" sample preview mode (https://github.com/CERT-Polska/mwdb-core/pull/859)
• Bumped PyYAML to v6.0.1 solving installation problems related with Cython release (https://github.com/CERT-Polska/mwdb-core/pull/857)

This release includes huge database migrations made for query optimization, which includes rewriting of object permission tables. Database backup is highly recommended before upgrade.

Also there is a long changelog ahead, so please read information about most important changes in What's changed section before upgrade.

Major changes:

• Huge improvements in Web part which includes:
  • Beautified login/registration pages (https://github.com/CERT-Polska/mwdb-core/pull/726)
  • Usage of Vite and Rollup for building instead of Create React App and Webpack (#741). If you have in-house plugins, read the What's changed section in documentation.
  • Rewrite to TypeScript (https://github.com/CERT-Polska/mwdb-core/issues/807, kudos @postrowinski!)
  • Closable error messages (https://github.com/CERT-Polska/mwdb-core/pull/763)
• Search should be much much faster because of these changes:
  • Counting of all results before applying actual query is optional and disabled by default as it has huge impact on performance (https://github.com/CERT-Polska/mwdb-core/pull/718)
  • When user has access_all_objects capability, exclusive object permissions are not even considered in query (https://github.com/CERT-Polska/mwdb-core/pull/783). It also means that access_all_objects really gives access to all objects in system (it's not "autosharing" of all added objects as before), so everything group is effectively useless and is not created by default.
• Changes in shares representation, so it's more clear who is the actual uploader of the sample. It's better described here (https://github.com/CERT-Polska/mwdb-core/pull/717)
• certpl/mwdb Docker image uses gunicorn instead of uwsgi, as uwsgi project was mostly abandoned (https://github.com/CERT-Polska/mwdb-core/pull/735)
• v2.9.0 comes with additional small feature that enables you to ask your users for consent to share samples with 3rd party services (https://github.com/CERT-Polska/mwdb-core/pull/801)
• Karton is bumped to v5.1.0 and its producer shows in services tab in Karton Dashboard
• Object listing endpoints are accepting count parameter, so you can load them in chunks bigger than 10 (https://github.com/CERT-Polska/mwdb-core/pull/755)

Minor changes and improvements:

• Dedicated group is created for each OpenID Connect provider (https://github.com/CERT-Polska/mwdb-core/pull/668)
• ssdeep is replaced with pure-Python implementation - ppdeep (https://github.com/CERT-Polska/mwdb-core/pull/692)
• sharing_objects capability was renamed to sharing_with_all which better describes its real meaning (https://github.com/CERT-Polska/mwdb-core/pull/696)
• Backslashes are better handled in configuration search (https://github.com/CERT-Polska/mwdb-core/pull/690)
• Rich attributes: field can be rendered as search link using special {{@value}} syntax (https://github.com/CERT-Polska/mwdb-core/pull/628)
• Sample preview downloads sample in obfuscated form (with negated bits) to not trigger EDR/AV solutions (https://github.com/CERT-Polska/mwdb-core/pull/721, thanks @middleware99!)
• Added access_uploader_info capability to make users able to search for uploaders from the outside of our groups without giving powerful sharing_with_all capability (#705)
• Rich preview in AttributeAddModal (https://github.com/CERT-Polska/mwdb-core/pull/724)
• Handle 'misc:' as a proper tag (https://github.com/CERT-Polska/mwdb-core/pull/742, thanks @jasperla!)
• OAuth logout, so you can easily logout yourself from OAuth provider e.g. to switch accounts (https://github.com/CERT-Polska/mwdb-core/pull/732)
• Configurable upload size (https://github.com/CERT-Polska/mwdb-core/pull/756)
• Critical error in Web shows JS stack information (https://github.com/CERT-Polska/mwdb-core/pull/790)
• Capabilities can be changed also in User/Group view instead of only Access control page (https://github.com/CERT-Polska/mwdb-core/pull/770)
• User is warned in Relations tab when number of relations exceeds 1000 (https://github.com/CERT-Polska/mwdb-core/pull/791)
• use_x_forwarded_for option in configuration to respect X-Forwarded-For header, enabled by default in Docker images (https://github.com/CERT-Polska/mwdb-core/pull/845)

Bugfixes:

• NetworkError exceptions in Web are a bit better handled and they shouldn't crash whole application so often (https://github.com/CERT-Polska/mwdb-core/pull/846)
• OpenID Connect: fixed provider registration (https://github.com/CERT-Polska/mwdb-core/commit/4e015b66c522b517df1486227a0152f51216c8ce, thanks @v-rzh!)

Special thanks to @yankovs for tracking some regressions during development!

And finally thanks to development team that worked on this release: @KWMORALE, @Repumba, @postrowinski, @olivergav, @nazywam.

Hopefully we'll be publishing stable releases a bit more often so the changelogs won't be that long :smiling_face_with_tear:

This release contains bugfixes related mostly with S3 object storage. Regressions were introduced by migration from py-minio to Boto3 AWS SDK which apparently wasn't tested enough.

Bugfixes:

• Fix: Karton re-analysis was not possible when sample was stored on S3 (https://github.com/CERT-Polska/mwdb-core/pull/695)
• Fix: AWS IAM authentication doesn't work since v2.8.0 (https://github.com/CERT-Polska/mwdb-core/pull/704)
• Fix: Unable to delete objects with comments (https://github.com/CERT-Polska/mwdb-core/pull/702)

Bugfixes:

• Fixed attribute adding in Upload view (https://github.com/CERT-Polska/mwdb-core/pull/686)

This release includes huge database migrations made for query optimization, which includes rewriting of Object and Tag tables. Database backup is highly recommended before upgrade.

New features and improvements:

• Markdown/Mustache templates for rich rendering of attribute values (https://github.com/CERT-Polska/mwdb-core/pull/602)
• Optimized model to improve query time (https://github.com/CERT-Polska/mwdb-core/pull/661)
• Range queries are allowed in JSON-like fields (for attributes and configurations - https://github.com/CERT-Polska/mwdb-core/pull/666)
• Download file as encrypted zip with "infected" password (https://github.com/CERT-Polska/mwdb-core/pull/587)
• Bumped React Router to v6, queries in URI are no longer double-escaped (https://github.com/CERT-Polska/mwdb-core/pull/612)
• Bumped Karton to v5 (https://github.com/CERT-Polska/mwdb-core/pull/648)
• sha1 is exposed in /api/file listing (https://github.com/CERT-Polska/mwdb-core/pull/683, thanks @DISREL!)

Bugfixes:

• Fixed ISE 500 on legacy file download endpoint (https://github.com/CERT-Polska/mwdb-core/pull/589)
• Fixed ISE 500 when libmagic fails with MagicException (https://github.com/CERT-Polska/mwdb-core/pull/605)
• Fixed ISE 500 on user delete with stored quick queries (https://github.com/CERT-Polska/mwdb-core/pull/665)
• Fixed failed upload when duplicated tags are passed (https://github.com/CERT-Polska/mwdb-core/pull/594)
• Fixed wrong configuration template generated by mwdb-core configure (https://github.com/CERT-Polska/mwdb-core/pull/595)
• Web: Fixed pagination in group member settings (https://github.com/CERT-Polska/mwdb-core/pull/598)

Thanks @jvoisin and @JohnConnorRF for contributions!