Synapse

=====================

Bugfixes
--------
- Fix an issue where the Storm query hashing added in ``v2.133.0`` did not
account for handling erroneous surrogate pairs in query text.
(`3130 <https://github.com/vertexproject/synapse/pull/3130>`_)

Improved Documentation
----------------------
- Update the Storm API Guide to include the ``hash`` key in the ``init``
message.
(`3130 <https://github.com/vertexproject/synapse/pull/3130>`_)

=====================

Model Changes
-------------
- Updates to the ``risk`` model.
(`3123 <https://github.com/vertexproject/synapse/pull/3123>`_)

**New Properties**

``risk:vuln``
The ``risk:vuln`` form had the following properties added to it:

``cvss:v2``
The CVSS v2 vector for the vulnerability.
``cvss:v2_0:score``
The CVSS v2.0 overall score for the vulnerability.
``cvss:v2_0:score:base``
The CVSS v2.0 base score for the vulnerability.
``cvss:v2_0:score:temporal``
The CVSS v2.0 temporal score for the vulnerability.
``cvss:v2_0:score:environmental``
The CVSS v2.0 environmental score for the vulnerability.
``cvss:v3``
The CVSS v3 vector for the vulnerability.
``cvss:v3_0:score``
The CVSS v3.0 overall score for the vulnerability.
``cvss:v3_0:score:base``
The CVSS v3.0 base score for the vulnerability.
``cvss:v3_0:scare:temporal``
The CVSS v3.0 temporal score for the vulnerability.
``cvss:v3_0:score:environmental``
The CVSS v3.0 environmental score for the vulnerability.
``cvss:v3_1:score``
The CVSS v3.1 overall score for the vulnerability.
``cvss:v3_1:score:base``
The CVSS v3.1 base score for the vulnerability.
``cvss:v3_1:scare:temporal``
The CVSS v3.1 temporal score for the vulnerability.
``cvss:v3_1:score:environmental``
The CVSS v3.1 environmental score for the vulnerability.

**Deprecated Properties**

``risk:vuln``
The ``risk:vuln`` form had the following properties marked as deprecated:

* ``cvss:av``
* ``cvss:ac``
* ``cvss:pr``
* ``cvss:ui``
* ``cvss:s``
* ``cvss:c``
* ``cvss:i``
* ``cvss:a``
* ``cvss:e``
* ``cvss:rl``
* ``cvss:rc``
* ``cvss:mav``
* ``cvss:mac``
* ``cvss:mpr``
* ``cvss:mui``
* ``cvss:ms``
* ``cvss:mc``
* ``cvss:mi``
* ``cvss:ma``
* ``cvss:cr``
* ``cvss:ir``
* ``cvss:ar``
* ``cvss:score``
* ``cvss:score:temporal``
* ``cvss:score:environmental``

Features and Enhancements
-------------------------
- Update the base Synapse images to use Debian bookworm and use Python 3.11
as the Python runtime. For users which build custom images from our
published images, see additional information at
:ref:`dev_docker_working_with_images` for changes which may affect you.
(`3025 <https://github.com/vertexproject/synapse/pull/3025>`_)
- Add a ``highlight`` parameter to BadSyntaxError and some exceptions raised
during the execution of a Storm block. This contains detailed information
about where an error occurred in the Storm code.
(`3063 <https://github.com/vertexproject/synapse/pull/3063>`_)
- Allow callers to specify an ``iden`` value when creating a Storm Dmon or a
trigger.
(`3121 <https://github.com/vertexproject/synapse/pull/3121>`_)
- Add support for STIX export configs to specify pivots to include additional
nodes.
(`3122 <https://github.com/vertexproject/synapse/pull/3122>`_)
- The Storm ``auth.user.addrule`` and ``auth.role.addrule`` now have an
optional ``--index`` argument that allows specifying the rule location
as a 0-based index value.
(`3124 <https://github.com/vertexproject/synapse/pull/3124>`_)
- The Storm ``auth.user.show`` command now shows the user's ``admin`` status
on authgates.
(`3124 <https://github.com/vertexproject/synapse/pull/3124>`_)
- Add a ``--only-url`` flag to the ``synapse.tools.aha.provision.service`` and
``synapse.tools.aha.provision.user`` CLI tools. When set, the tool only
prints the URL to stdout.
(`3125 <https://github.com/vertexproject/synapse/pull/3125>`_)
- Add additional layer validation in the View schema.
(`3128 <https://github.com/vertexproject/synapse/pull/3128>`_)
- Update the allowed version of the ``cryptography``, ``coverage``,
``idna``, ``pycryptodome``, ``python-bitcoin``, and ``vcrpy`` libraries.
(`3025 <https://github.com/vertexproject/synapse/pull/3025>`_)

Bugfixes
--------
- Ensure the CLI tools ``synapse.tools.cellauth``, ``synapse.tools.csvtool``,
and ``synapse.tools.easycert`` now return ``1`` on an execution failure. In
some cases they previously returned ``-1``.
(`3118 <https://github.com/vertexproject/synapse/pull/3118>`_)

=====================

Features and Enhancements
-------------------------
- Update the minimum required version of the ``fastjsonschema``, ``lark``,
and ``pytz`` libraries. Update the allowed version of the ``packaging`` and
``scalecodec`` libraries.
(`3118 <https://github.com/vertexproject/synapse/pull/3118>`_)

Bugfixes
--------
- Cap the maximum version of the ``requests`` library until downstream use of
that library has been updated to account for changes in ``urllib3``.
(`3119 <https://github.com/vertexproject/synapse/pull/3119>`_)

- Properly add parent scope vars to ``background`` command context.
(`3120 <https://github.com/vertexproject/synapse/pull/3120>`_)

=====================

Automatic Migrations
--------------------
- Migrate the ``ou:campaign:name`` property from a ``str`` to an
``ou:campname`` type and create the ``ou:campname`` nodes as needed.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- Migrate the ``risk:vuln:type`` property from a ``str`` to a
``risk:vuln:type:taxonomy`` type and create the ``risk:vuln:type:taxonomy``
nodes as needed.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- See :ref:`datamigration` for more information about automatic migrations.

Features and Enhancements
-------------------------
- Updates to the ``dns``, ``inet``, ``it``, ``ou``, ``ps``, and ``risk``
models.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
(`3108 <https://github.com/vertexproject/synapse/pull/3108>`_)
(`3113 <https://github.com/vertexproject/synapse/pull/3113>`_)

``inet:dns:answer``
Add a ``mx:priority`` property to record the priority of the MX response.

``inet:dns:dynreg``
Add a form to record the registration of a domain with a dynamic DNS
provider.

``inet:proto``
Add a form to record a network protocol name.

``inet:web:attachment``
Add a form to record the instance of a file being sent to a web service
by an account.

``inet:web:file``
Deprecate the ``client``, ``client:ipv4``, and ``client:ipv6`` properties
in favor of using ``inet:web:attachment``.

``inet:web:logon``
Remove incorrect ``readonly`` markings for properties.

``it:app:snort:rule``
Add an ``id`` property to record the snort rule id.
Add an ``author`` property to record contact information for the rule
author.
Add ``created`` and ``updated`` properties to track when the rule was
created and last updated.
Add an ``enabled`` property to record if the rule should be used for
snort evaluation engines.
Add a ``family`` property to record the software family the rule is
designed to detect.

``it:prod:softid``
Add a form to record an identifier issued to a given host by a specific
software application.

``ou:campname``
Add a form to record the name of campaigns.

``ou:campaign``
Change the ``name`` and ``names`` secondary properties from ``str`` to
``ou:campname`` types.

``ps:contact``
Add a ``place:name`` to record the name of the place associated with the
contact.

``risk:threat``
Add an ``active`` property to record the interval of time when the threat
cluster is assessed to have been active.
Add a ``reporter:published`` property to record the time that a reporting
organization first publicly disclosed the threat cluster.

``risk:tool:software``
Add a ``used`` property to record the interval when the tool is assessed
to have been deployed.
Add a ``reporter:discovered`` property to record the time that a reporting
organization first discovered the tool.
Add a ``reporter:published`` property to record the time that a reporting
organization first publicly disclosed the tool.

``risk:vuln:soft:range``
Add a form to record a contiguous range of software versions which
contain a vulnerability.

``risk:vuln``
Change the ``type`` property from a ``str`` to a
``risk:vuln:type:taxonomy``.

``risk:vuln:type:taxonomy``
Add a form to record a taxonomy of vulnerability types.

- Add a new Storm command, ``auth.user.allowed`` that can be used to check
if a user is allowed to use a given permission and why.
(`3114 <https://github.com/vertexproject/synapse/pull/3114>`_)
- Add a new Storm command, ``gen.ou.campaign``, to assist with generating or
creating ``ou:campaign`` nodes.
(`3082 <https://github.com/vertexproject/synapse/pull/3082>`_)
- Add a boolean ``default`` key to the permissions schema definition. This
allows a Storm package permission to note what its default value is.
(`3099 <https://github.com/vertexproject/synapse/pull/3099>`_)
- Data model migrations which fail to normalize existing secondary values into
their new types now store those values in Node data on the affected nodes
and remove those bad properties from the affected nodes.
(`3117 <https://github.com/vertexproject/synapse/pull/3117>`_)

Bugfixes
--------
- Fix an issue with the search functionality in our documentation missing
the required jQuery library.
(`3111 <https://github.com/vertexproject/synapse/pull/3111>`_)
- Unique nodes when performing multi-layer lifts on secondary properties
without a value.
(`3110 <https://github.com/vertexproject/synapse/pull/3110>`_)

Improved Documentation
----------------------
- Add a section about managing data model deprecations to the Synapse
Admin guide.
(`3102 <https://github.com/vertexproject/synapse/pull/3102>`_)

Deprecations
------------
- Remove the deprecated ``synapse.lib.httpapi.HandlerBase.user()`` and
``synapse.lib.httpapi.HandlerBase.getUserBody()`` functions. Remove the
deprecated ``synapse.axon.AxonFileHandler.axon()`` function.
(`3115 <https://github.com/vertexproject/synapse/pull/3115>`_)

=====================

Bugfixes
--------
- Fix an issue where the ``proxy`` argument was not being passed to the Axon
when attempting to post a file via Storm with the ``$lib.inet.http.post()``
API.
(`3109 <https://github.com/vertexproject/synapse/pull/3109>`_)
- Fix an issue where adding a readonly layer that does not already exist
would raise an error.
(`3106 <https://github.com/vertexproject/synapse/pull/3106>`_)

=====================

Bugfixes
--------
- Fix a race condition in a Telepath unit test which was happening
during CI testing.
(`3104 <https://github.com/vertexproject/synapse/pull/3104>`_)