More secure checks of JWT tokens
v4.5.0.stable9
Improvements:
- Sysmon identification
Features:
- S3 IAM role based access (CyDefender)
v4.5.0.stable8
Additions
- Include service configuration to support term inclusivity/exclusivity for OCR detection rather than just term override.
- Documentation: [OCR Service Configuration](https://cybercentrecanada.github.io/assemblyline4_docs/administration/service_management/#ocr-configuration)
Improvements
- Improve identification of `code/javascript`
v4.5.0.stable7
New Features
- New Assemblyline context aware AI Assistant
- Added community services to the service management page
- Add additional metadata validation for Ingest and Submit APIs
- Allow custom labels to be added to service containers
Hotfix
- Fix issue with the classification picker not sending the right classification on resubmit
- Fix Issue where IOCs in the alert would not get their classification propagated properly
v4.5.0.stable6
- Bugfix for replay component
- Expand file identification for ebooks
v4.5.0.stable5
Bugfixes:
- Fix bug in Replay when using the direct client for searches
Features:
- Allow the ability to sync data in hash lists similar to Signatures
- Add HSTS support (microblag)
- Allow configuring SameSite attribute on Flask (microblag)
- Allow submissions of files within the JSON data block (mback2k)
v4.5.0.stable26
- Improve service stability in some systems
v4.5.0.stable25
Bugfix
- Convert scores to verdict before sending report to the AI because they are not good at Math
- Streamline default AI prompt using a per AI type extra context
- Fix UI Report view trying to reach the AI for a summary even when the AI is disabled
- Handle index error when listing containers in update pods
New
- Add timeout values to all search related datastore API calls
- Added support for per user daily quotas
v4.5.0.stable24
- performance enhancements in the expiry module
v4.5.0.stable23
Hotfix for **Expiry** not being able to keep up when under heavy backlog
v4.5.0.stable22
Bugfixes
- Ontology: Add request information when generating OID for NetworkConnections to ensure uniqueness to track intent
v4.5.0.stable21
Bugfixes
- Fix SSLErrors raised when fetching container versions of services
- Fix bugs related to external file fetching
- Fix descriptions for URL submissions
v4.5.0.stable20
Additions
Malware archive
- Add webhook support to archiving so archived files can go through an external validation process before making their way in the archive
- Add optional metadata functionality to the archiver that can force the user to answer questions and provide rational on why these files needs to be kept in the archive
- Add an optional alternate DTL to archiver configuration so files in the archive can either kept forever or for the alternate DTL value
AI
- Added support for multiple AI backends with prioritization (`ui.ai_backends`), this allows you two use faster models first to answer questions with low token count and fallback to slower models when the token counts gets higher
File Sources (successor to SHA256 Sources) (https://github.com/CybercentreCanada/assemblyline/issues/168)
- Create a new configuration (`submission.file_sources`) that will be the successor to `submission.sha256_sources`
- This will allow users to specify multiple hash types per source as well as define custom types for remote file fetching
- You will be able to submit URL or hashes or custom identifiers on the Submit page and the UI will auto-detect the type of input as well as the affiliated sources to fetch the file from as suggestions
- You can also be able to set the input field and the classification of the Submit page using `input` & `classification` params of the Submit path
- This is useful if you want to construct a link for submitting a file and share it
- Example to submit: `https://assemblyline/submit?input=some_string&classification=TLP:CLEAR`
Bugfixes
- Handle KeyErrors that can arise when there's no _source returned from an Elastic mget
- Correct typo for promoting overall tag verdict to malicious in `/submission/<sid>/file/<sha256>` API (https://github.com/CybercentreCanada/assemblyline/issues/215)
- Correct conditions necessary for using Assemblyline-based health checks in Docker (https://github.com/CybercentreCanada/assemblyline/issues/218)
- Have Scaler restart service deployments if we believe they're stuck since the last sync check (https://github.com/CybercentreCanada/assemblyline/issues/216)
- Handle issues with service installs from Services page in UI (https://github.com/CybercentreCanada/assemblyline/issues/219)
v4.5.0.stable19
New features:
- Added suport for multiple AI backend (currently supporting OpenAI and Cohere)
- Added support for OBO via an oAuth provider JWT token
- Allow returning the original classification definition from the help API so the AL Client can create a Classification engine
- Improve JWT token parsing security
Bug fixes:
- Fix headers sent to service server form the service client
v4.5.0.stable18
Update retrohunt support to latest build
v4.5.0.stable17
Bugfixes
- Correct headers to be standards compliant when authenticating between service to updaters
- Allow the ability to page through service image tags from DockerHub (sid1033224)
Debugging
- Log the file path on hash mismatch errors on file upload errors to service-server so we have the proper context
- Add an extension to the files generated for ImageResult sections
- Log request timeouts to service-server
v4.5.0.stable16
Bugfix
- Include the Classification to Signature objects in Ontology.
v4.5.0.stable15
New Features
- The Service Detail page now uses an Autocomplete component to handle list parameters;
- The file tree will have its files sorted alphabetically;
- Added the promoted sections available in the File Detail page to the Submission Report page;
- Added the classfication to Signature objects in Ontology.
Bugfixes
- The Action Menu option to submit an URI will not be shown if the parameter "allow_url_submissions" is set to false;
- Fixed a bug where the Workflow Detail page wasn't changing when navigating between workflows;
- If a file doesn't exists in the DB, the response from the ASCII and STRINGS endpoint will return a "file not found" instead of a crash response;
- Replace service-server container details if the former doesn't exist anymore.
v4.5.0.stable14
Bugfixes
- Revert S3 IAM role-based access changes
- Ref: https://discord.com/channels/908084610158714900/1227352219431473263
v4.5.0.stable13
Bugfix
- Have an explicit call for updating OCR configuration from the service base
v4.5.0.stable12
Bugfix
- Restore support for no auth to private container registries
Improvements
- Normalize SHA256, SHA1, and MD5 hash input given to the `hash_search` API
- Allow paging of messages from the notification queues
- Ensure tracking of unique term hits for OCR scoring
v4.5.0.stable11
Additions
- Allow the ability to remove labels from Alerts
- Support token-based + OAuth 2.0 flow for authentication to container registries (https://github.com/CybercentreCanada/assemblyline/issues/200, https://github.com/CybercentreCanada/assemblyline/issues/100)
Bugfixes
- Preserve the updated service_manifest.yml between task runs in unprivileged services
- Ensure labels on Workflows are always uppercased (both on the frontend and at the API)
v4.5.0.stable10
Bugfix build
- minor bugfix in vacuum
- type error fixed in alerter