Synapse

=====================

Automatic Migrations
--------------------
- Migrate the ``ou:campaign:name`` property from a ``str`` to an
``ou:campname`` type and create the ``ou:campname`` nodes as needed.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- Migrate the ``risk:vuln:type`` property from a ``str`` to a
``risk:vuln:type:taxonomy`` type and create the ``risk:vuln:type:taxonomy``
nodes as needed.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- See :ref:`datamigration` for more information about automatic migrations.

Features and Enhancements
-------------------------
- Updates to the ``dns``, ``inet``, ``it``, ``ou``, ``ps``, and ``risk``
models.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
(`3108 <https://github.com/vertexproject/synapse/pull/3108>`_)
(`3113 <https://github.com/vertexproject/synapse/pull/3113>`_)

``inet:dns:answer``
Add a ``mx:priority`` property to record the priority of the MX response.

``inet:dns:dynreg``
Add a form to record the registration of a domain with a dynamic DNS
provider.

``inet:proto``
Add a form to record a network protocol name.

``inet:web:attachment``
Add a form to record the instance of a file being sent to a web service
by an account.

``inet:web:file``
Deprecate the ``client``, ``client:ipv4``, and ``client:ipv6`` properties
in favor of using ``inet:web:attachment``.

``inet:web:logon``
Remove incorrect ``readonly`` markings for properties.

``it:app:snort:rule``
Add an ``id`` property to record the snort rule id.
Add an ``author`` property to record contact information for the rule
author.
Add ``created`` and ``updated`` properties to track when the rule was
created and last updated.
Add an ``enabled`` property to record if the rule should be used for
snort evaluation engines.
Add a ``family`` property to record the software family the rule is
designed to detect.

``it:prod:softid``
Add a form to record an identifier issued to a given host by a specific
software application.

``ou:campname``
Add a form to record the name of campaigns.

``ou:campaign``
Change the ``name`` and ``names`` secondary properties from ``str`` to
``ou:campname`` types.

``ps:contact``
Add a ``place:name`` to record the name of the place associated with the
contact.

``risk:threat``
Add an ``active`` property to record the interval of time when the threat
cluster is assessed to have been active.
Add a ``reporter:published`` property to record the time that a reporting
organization first publicly disclosed the threat cluster.

``risk:tool:software``
Add a ``used`` property to record the interval when the tool is assessed
to have been deployed.
Add a ``reporter:discovered`` property to record the time that a reporting
organization first discovered the tool.
Add a ``reporter:published`` property to record the time that a reporting
organization first publicly disclosed the tool.

``risk:vuln:soft:range``
Add a form to record a contiguous range of software versions which
contain a vulnerability.

``risk:vuln``
Change the ``type`` property from a ``str`` to a
``risk:vuln:type:taxonomy``.

``risk:vuln:type:taxonomy``
Add a form to record a taxonomy of vulnerability types.

- Add a new Storm command, ``auth.user.allowed`` that can be used to check
if a user is allowed to use a given permission and why.
(`3114 <https://github.com/vertexproject/synapse/pull/3114>`_)
- Add a new Storm command, ``gen.ou.campaign``, to assist with generating or
creating ``ou:campaign`` nodes.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- Add a boolean ``default`` key to the permissions schema definition. This
allows a Storm package permission to note what its default value is.
(`3099 <https://github.com/vertexproject/synapse/pull/3099>`_)
- Data model migrations which fail to normalize existing secondary values into
their new types now store those values in Node data on the affected nodes
and remove those bad properties from the affected nodes.
(`3117 <https://github.com/vertexproject/synapse/pull/3117>`_)

Bugfixes
--------
- Fix an issue with the search functionality in our documentation missing
the required jQuery library.
(`3111 <https://github.com/vertexproject/synapse/pull/3111>`_)
- Unique nodes when performing multi-layer lifts on secondary properties
without a value.
(`3110 <https://github.com/vertexproject/synapse/pull/3110>`_)

Improved Documentation
----------------------
- Add a section about managing data model deprecations to the Synapse
Admin guide.
(`3102 <https://github.com/vertexproject/synapse/pull/3102>`_)

Deprecations
------------
- Remove the deprecated ``synapse.lib.httpapi.HandlerBase.user()`` and
``synapse.lib.httpapi.HandlerBase.getUserBody()`` functions. Remove the
deprecated ``synapse.axon.AxonFileHandler.axon()`` function.
(`3115 <https://github.com/vertexproject/synapse/pull/3115>`_)

=====================

Bugfixes
--------
- Fix an issue where the ``proxy`` argument was not being passed to the Axon
when attempting to post a file via Storm with the ``$lib.inet.http.post()``
API.
(`3109 <https://github.com/vertexproject/synapse/pull/3109>`_)
- Fix an issue where adding a readonly layer that does not already exist
would raise an error.
(`3106 <https://github.com/vertexproject/synapse/pull/3106>`_)

=====================

Bugfixes
--------
- Fix a race condition in a Telepath unit test which was happening
during CI testing.
(`3104 <https://github.com/vertexproject/synapse/pull/3104>`_)

=====================

Features and Enhancements
-------------------------
- Updates to the ``infotech`` model.
(`3095 <https://github.com/vertexproject/synapse/pull/3095>`_)

``it:host``
Add an ``ext:id`` property for recording an external identifier for
a host.

- Add support for deleting node properties by assigning ``$lib.undef`` to
the property to be removed through ``$node.props``.
(`3098 <https://github.com/vertexproject/synapse/pull/3098>`_)
- The ``Cell.ahaclient`` is longer cached in the
``synapse.telepath.aha_clients`` dictionary. This isolates the Cell
connection to Aha from other clients.
(`3008 <https://github.com/vertexproject/synapse/pull/3008>`_)
- When the Cell mirror loop exits, it now reports the current ``ready`` status
to the Aha service. This allows a service to mark itself as "not ready" when
the loop restarts and it is a follower, since it may no longer be in the
realtime change window.
(`3008 <https://github.com/vertexproject/synapse/pull/3008>`_)
- Update the required versions of the ``nbconvert``, ``sphinx`` and
``hide-code`` libraries used for building documentation. Increased the
allowed ranges for the ``pygments`` and ``jupyter-client`` libraries.
(`3103 <https://github.com/vertexproject/synapse/pull/3103>`_)

Bugfixes
--------
- Fix an issue in backtick format strings where single quotes in
certain positions would raise a syntax error.
(`3096 <https://github.com/vertexproject/synapse/pull/3096>`_)
- Fix an issue where permissions were not correctly checked when
assigning a property value through ``$node.props``.
(`3098 <https://github.com/vertexproject/synapse/pull/3098>`_)
- Fix an issue where the Cell would report a static ``ready`` value to the Aha
service upon reconnecting, instead of the current ``ready`` status. The
``Cell.ahainfo`` value was replaced with a ``Cell.getAhaInfo()`` API which
returns the current information to report to the Aha service.
(`3008 <https://github.com/vertexproject/synapse/pull/3008>`_)

=====================

Features and Enhancements
-------------------------
- Updates to the ``ou`` and ``risk`` models.
(`3080 <https://github.com/vertexproject/synapse/pull/3080>`_)

``ou:campaign``
Add a ``names`` property to record alternative names for the campaign.
Add ``reporter`` and ``reporter:name`` properties to record information
about a reporter of the campaign.

``risk:attack``
Add ``reporter`` and ``reporter:name`` properties to record information
about a reporter of the attack.

``risk:compromise``
Add ``reporter`` and ``reporter:name`` properties to record information
about a reporter of the compromise.

``risk:vuln``
Add ``reporter`` and ``reporter:name`` properties to record information
about a reporter of the vulnerability.

- Add leader status to the ``synapse.tools.aha.list`` tool output.
This will only be available if a leader has been registered for
the service.
(`3078 <https://github.com/vertexproject/synapse/pull/3078>`_)
- Add support for private values in Storm modules, which are specified
by beginning the name with a double underscore (``__``). These values
cannot be dereferenced outside of the module they are declared in.
(`3079 <https://github.com/vertexproject/synapse/pull/3079>`_)
- Update error messages for Axon.wget, Axon.wput, and Axon.postfiles
to include more helpful information.
(`3077 <https://github.com/vertexproject/synapse/pull/3077>`_)
- Update ``it:semver`` string normalization to attempt parsing
improperly formatted semver values.
(`3080 <https://github.com/vertexproject/synapse/pull/3080>`_)
- Update Axon to always pass size value when saving bytes.
(`3084 <https://github.com/vertexproject/synapse/pull/3084>`_)

Bugfixes
--------
- Add missing ``toprim()`` calls on arguments to some ``auth:user``
and ``auth:role`` APIs.
(`3086 <https://github.com/vertexproject/synapse/pull/3086>`_)
- Fix the regular expression used to validate custom STIX types.
(`3093 <https://github.com/vertexproject/synapse/pull/3093>`_)

Improved Documentation
----------------------
- Add sections on user and role permissions to the Synapse Admin guide.
(`3073 <https://github.com/vertexproject/synapse/pull/3073>`_)

=====================

Automatic Migrations
--------------------
- Migrate the ``file:bytes:mime:pe:imphash`` property from a ``guid`` to a
``hash:md5`` type and create the ``hash:md5`` nodes as needed.
(`3056 <https://github.com/vertexproject/synapse/pull/3056>`_)
- Migrate the ``ou:goal:name`` property from a ``str`` to a ``ou:goalname``
type and create the ``ou:goalname`` nodes as needed.
(`3056 <https://github.com/vertexproject/synapse/pull/3056>`_)
- Migrate the ``ou:goal:type`` property from a ``str`` to a
``ou:goal:type:taxonomy`` type and create the ``ou:goal:type:taxonomy``
nodes as needed.
(`3056 <https://github.com/vertexproject/synapse/pull/3056>`_)
- See :ref:`datamigration` for more information about automatic migrations.

Features and Enhancements
-------------------------
- Updates to the ``belief``, ``file``, ``lang``, ``it``, ``meta``, ``ou``,
``pol``, and ``risk`` models.
(`3056 <https://github.com/vertexproject/synapse/pull/3056>`_)

``belief:tenet``
Add a ``desc`` property to record the description of the tenet.

``file:bytes``
Change the type of the ``mime:pe:imphash`` from ``guid`` to ``hash:md5``.

``inet:flow``
Add a ``raw`` property which may be used to store additional protocol
data about the flow.

``it:app:snort:rule``
Add a ``desc`` property to record a brief description of the snort rule.

``ou:goal``
Change the type of ``name`` from ``str`` to ``ou:goalname``.
Change the type of ``type`` from ``str`` to ``ou:goal:type:taxonomy``.
Add a ``names`` array to record alternative names for the goal.
Deprecate the ``prev`` property in favor of types.

``ou:goalname``
Add a form to record the name of a goal.

``ou:goalname:type:taxonomy``
Add a taxonomy of goal types.

``ou:industry``
Add a ``type`` property to record the industry taxonomy.

``ou:industry:type:taxonomy``
Add a taxonomy to record industry types.

``pol:immigration:status``
Add a form to track the immigration status of a contact.

``pol:immigration:status:type:taxonomy``
Add a taxonomy of immigration types.

``risk:attack``
Add a ``detected`` property to record the first confirmed detection time
of the attack.
Add a ``url`` property to record a URL that documents the attack.
Add a ``ext:id`` property to record an external identifier for the attack.

``risk:compromise``
Add a ``detected`` property to record the first confirmed detection time
of the compromise.

- Add a Storm command ``copyto`` that can be used to create a copy of a node
from the current view to a different view.
(`3061 <https://github.com/vertexproject/synapse/pull/3061>`_)
- Add the current View iden to the structured log output of a Cortex executing
a Storm query.
(`3068 <https://github.com/vertexproject/synapse/pull/3068>`_)
- Update the allowed versions of the ``lmdb``, ``msgpack``, ``tornado`` and
``xxhash`` libraries.
(`3070 <https://github.com/vertexproject/synapse/pull/3070>`_)
- Add Python 3.11 tests to the CircleCI configuration. Update some unit tests
to account for Python 3.11 related changes.
(`3070 <https://github.com/vertexproject/synapse/pull/3070>`_)
- Allow dereferencing from Storm expressions.
(`3071 <https://github.com/vertexproject/synapse/pull/3071>`_)
- Add an ``ispart`` parameter to ``$lib.tags.prefix`` to skip ``syn:tag:part``
normalization of tag names.
(`3074 <https://github.com/vertexproject/synapse/pull/3074>`_)
- Add ``getEdges()``, ``getEdgesByN1()``, and ``getEdgesByN2()`` APIs to the
``layer`` object.
(`3076 <https://github.com/vertexproject/synapse/pull/3076>`_)

Bugfixes
--------
- Fix an issue which prevented the ``auth.user.revoke`` Storm command from
executing.
(`3069 <https://github.com/vertexproject/synapse/pull/3069>`_)
- Fix an issue where ``$node.data.list()`` only returned the node data from
the topmost layer containing node data. It now returns all the node data
accessible for the node from the current view.
(`3061 <https://github.com/vertexproject/synapse/pull/3061>`_)

Improved Documentation
----------------------
- Update the Developer guide to note that the underlying Python runtime in
Synapse images may change between releases.
(`3070 <https://github.com/vertexproject/synapse/pull/3070>`_)