Synapse

=====================

Bugfixes
--------
- Fix an issue which caused the Docker image tags for
``vertexproject/synapse-cryotank:v2.141.1``,
``vertexproject/synapse-jsonstor:v2.141.1``, and
``vertexproject/synapse-stemcell:v2.141.1``, to refer to same image.
(`3249 <https://github.com/vertexproject/synapse/pull/3249>`_)

=====================

Bugfixes
--------
- Fix an issue which prevented the publication of the Synapse containers with
``v2.x.x`` tags.
(`3248 <https://github.com/vertexproject/synapse/pull/3248>`_)

=====================

Automatic Migrations
--------------------
- Renormalize the ``risk:vuln:cvss:v2`` and ``risk:vuln:cvss:v3`` properties.
(`3224 <https://github.com/vertexproject/synapse/pull/3224>`_)
- Migrate the ``risk:vuln:name`` type from a ``str`` to a ``risk:vulnname``
form.
(`3227 <https://github.com/vertexproject/synapse/pull/3227>`_)
- See :ref:`datamigration` for more information about automatic migrations.

Model Changes
-------------
- Update to the ``it``, ``ou``, and ``risk`` models.
(`3224 <https://github.com/vertexproject/synapse/pull/3224>`_)
(`3227 <https://github.com/vertexproject/synapse/pull/3227>`_)
(`3237 <https://github.com/vertexproject/synapse/pull/3237>`_)

**New Forms**

``risk:vulnname``
Add a form to capture vulnerability name such as log4j or rowhammer.

**Updated Types**

``hex``
The ``hex`` base type now accepts a ``zeropad`` option that can be used
to zero-extend a hex string during normalization.

``cvss:v2``
The type now accepts and normalizes unordered CVSS vectors.

``cvss:v3``
The type now accepts and normalizes unordered CVSS vectors.

**New Properties**

``it:sec:c2:config``
The form had the following properties added to it:

``decoys``
An array of URLs used as decoy connections to obfuscate the C2 servers.

``ou:technique``
The form had the following properties added to it:

``reporter``
The organization reporting on the technique.

``reporter:name``
The name of the organization reporting on the technique.

``risk:vuln``
The form had the following properties added to it:

``names``
An array of alternate names for the vulnerability.

Features and Enhancements
-------------------------
- Always convert dictionary keys to their primitive values when working with
dictionary objects in Storm. Dictionary objects can no longer have keys
set which are mutable objects, such as Nodes.
(`3233 <https://github.com/vertexproject/synapse/pull/3233>`_)
- Add support for octal constants, such as ``0o755``, in Storm expressions.
(`3231 <https://github.com/vertexproject/synapse/pull/3231>`_)
- Add additional events to the Behold API message stream for the addition
and removal of extended model elements.
(`3228 <https://github.com/vertexproject/synapse/pull/3228>`_)
- Update the ``$lib.dmon.add()`` variable capture to record variables
from embedded query objects.
(`3230 <https://github.com/vertexproject/synapse/pull/3230>`_)
- Add a ``.title()`` method on Storm strings to get title case formatted
strings.
(`3242 <https://github.com/vertexproject/synapse/pull/3242>`_)
- Add a general purpose process pool using forked workers in order to speed
up certain processing operations. This includes the Storm operations for
JSONSchema parsing, HTML parsing, STIX validation, and XML parsing.
(`3033 <https://github.com/vertexproject/synapse/pull/3033>`_)
(`3229 <https://github.com/vertexproject/synapse/pull/3229>`_)
- Add a new Cell configuration option, ``max:users``. This can be set to limit
the maximum number of non-``root`` users on Cell.
(`3244 <https://github.com/vertexproject/synapse/pull/3244>`_)
- Add an ``/api/v1/aha/services`` HTTP API to the Aha service. This
can be used to get a list of the services registered with Aha.
(`3238 <https://github.com/vertexproject/synapse/pull/3238>`_)
- Add support for Cosign signatures of tagged Synapse containers. See
additional information at :ref:`dev_docker_verification`.
(`3196 <https://github.com/vertexproject/synapse/pull/3196>`_)
- Adjust internal names for Storm objects.
(`3229 <https://github.com/vertexproject/synapse/pull/3229>`_)

Bugfixes
--------
- Fix a bug in the scrape for ``inet:ipv4`` where IP addresses were found
when there was leading or trailing numbers around the IP addresses.
(`3234 <https://github.com/vertexproject/synapse/pull/3234>`_)
- Fix a bug where ``$lib.model.ext.delForm()`` did not check for extended
property definitions before deletion. Extended properties on a custom form
must be deleted prior to deleting the form.
(`3223 <https://github.com/vertexproject/synapse/pull/3223>`_)
- Always remove the ``mirror`` configuration option from ``cell.yaml`` file
when provisioning a service via Aha. The previous behavior prevented the
correct restoration of a service from a backup which was previously
provisioned as a mirror and is being restored as a leader.
(`3240 <https://github.com/vertexproject/synapse/pull/3240>`_)
- Add additional type checking when adding extended model forms and properties
to the Cortex. Previously invalid types could raise an ``AttributeError``.
(`3243 <https://github.com/vertexproject/synapse/pull/3243>`_)

Improved Documentation
----------------------
- Update the Storm lift reference to add an example of lifting nodes by the
universal ``.created`` property.
(`3245 <https://github.com/vertexproject/synapse/pull/3245>`_)

=====================

Model Changes
-------------
- Update to the ``it`` and ``lang`` models.
(`3219 <https://github.com/vertexproject/synapse/pull/3219>`_)

**New Properties**

``it:host``
The form had the following properties added to it:

``keyboard:language``
The primary keyboard input language configured on the host.

``keyboard:layout``
The primary keyboard layout configured on the host.

``lang:language``
The form had the following property added to it:

``code``
The language code for this language.

Features and Enhancements
-------------------------
- Update ``$lib.infosec.cvss.vectToScore()`` to include a normalized
CVSS vector in the output.
(`3211 <https://github.com/vertexproject/synapse/pull/3211>`_)
- Optimize the addition and removal of lightweight edges when operating
on N1 edges in Storm.
(`3214 <https://github.com/vertexproject/synapse/pull/3214>`_)
- Added ``$lib.gen.langByCode``.
(`3219 <https://github.com/vertexproject/synapse/pull/3219>`_)

Bugfixes
--------
- Fix bug with regular expression comparisons for some types.
(`3213 <https://github.com/vertexproject/synapse/pull/3213>`_)
- Fix a ``TypeError`` being raised when passing a heavy Number object to
``$lib.math.number()``.
(`3215 <https://github.com/vertexproject/synapse/pull/3215>`_)
- Fix an issue with the Cell backup space checks. They now properly calculate
the amount of free space when the Cell backup directory is configured
on a separate volume from the Cell storage directory.
(`3216 <https://github.com/vertexproject/synapse/pull/3216>`_)
- Prevent the ``yield`` operator from directly emitting nodes into the Storm
pipeline if those node objects came from a different view. Nodes previously
lifted in this manner must be lifted by calling the ``iden()`` function on
the object to ensure the node being lifted into the pipeline reflects the
current view.
(`3218 <https://github.com/vertexproject/synapse/pull/3218>`_)
- Always remove the ``mirror`` configuration option from ``cell.mods.yaml``
when provisioning a service via Aha. The previous behavior prevented the
correct restoration of a service from a backup which had been changed from
being a leader to being a mirror.
(`3220 <https://github.com/vertexproject/synapse/pull/3220>`_)

=====================

Bugfixes
--------
- Fix a typo which prevented the Synapse package for ``v2.140.0`` from being
published on PyPI.
(`3212 <https://github.com/vertexproject/synapse/pull/3212>`_)

=====================

Announcement
------------

Synapse now only supports Python 3.11+.

Model Changes
-------------
- Update to the ``inet``, ``file``, and ``ou`` models.
(`3192 <https://github.com/vertexproject/synapse/pull/3192>`_)
(`3202 <https://github.com/vertexproject/synapse/pull/3202>`_)
(`3207 <https://github.com/vertexproject/synapse/pull/3207>`_)

**New Types**

``file:archive:entry``
Add a type to capture an archive entry representing a file and metadata
from within a parent archive file.

**Updated Types**

``time``
Time values with precision beyond milliseconds are now truncated to
millsecond values.

``hex``
Hex types now have whitespace and colon ( ``:`` ) characters stripped
from them when lifting and normalizing them.

``inet:ipv6``
Add comparators for ``>=``, ``>``, ``<=``, ``<`` operations when lifting
and filtering IPV6 values.

``ou:naics``
Update the type to allow recording NIACS sector and subsector prefixes.

Features and Enhancements
-------------------------
- Synapse now only supports Python 3.11+. The library will now fail to import
on earlier Python interpeters, and the published modules on PyPI will no
longer install on Python versions < 3.11.
(`3156 <https://github.com/vertexproject/synapse/pull/3156>`_)
- Replace ``setup.py`` with a ``pyproject.toml`` file.
(`3156 <https://github.com/vertexproject/synapse/pull/3156>`_)
(`3195 <https://github.com/vertexproject/synapse/pull/3195>`_)
- Usages of ``hashlib.md5()`` and ``hashlib.sha1()`` have been updated to add
the ``usedforsecurity=False`` argument.
(`3163 <https://github.com/vertexproject/synapse/pull/3163>`_)
- The Storm ``diff`` command is now marked as safe for ``readonly`` execution.
(`3207 <https://github.com/vertexproject/synapse/pull/3207>`_)
- Add a ``svc:set`` event to the Behold API message stream. This event is
fired when a Cortex connects to a Storm Service.
(`3205 <https://github.com/vertexproject/synapse/pull/3205>`_)

Bugfixes
--------
- Catch ``ZeroDivisionError`` and ``decimal.InvalidOperation`` errors in Storm
expressions and raise a ``StormRuntimeError``.
(`3203 <https://github.com/vertexproject/synapse/pull/3203>`_)
- Fix a bug where ``synapse.lib.platforms.linux.getTotalMemory()`` did not
return the correct value in a process running in cgroupsv1 without a
maximum memory limit set.
(`3198 <https://github.com/vertexproject/synapse/pull/3198>`_)
- Fix a bug where a Cron job could be created with an invalid Storm query.
Cron jobs now have their queries parsed as part of creation to ensure that
they are valid Storm. ``$lib.cron`` APIs now accept heavy Storm query
objects as query inputs.
(`3201 <https://github.com/vertexproject/synapse/pull/3201>`_)
(`3207 <https://github.com/vertexproject/synapse/pull/3207>`_)
- Field data sent via Storm ``$lib.inet.http`` APIs that uses a multipart
upload without a valid ``name`` field now raises a ``BadArg`` error.
Previously this would result in a Python ``TypeError``.
(`3199 <https://github.com/vertexproject/synapse/pull/3199>`_)
(`3206 <https://github.com/vertexproject/synapse/pull/3206>`_)

Deprecations
------------
- Remove the deprecated ``synapse.common.lockfile()`` function.
(`3191 <https://github.com/vertexproject/synapse/issue/3191>`_)