v2.8.1

Bugfixes:

• Fixed attribute adding in Upload view (#686)

v2.8.0

This release includes huge database migrations made for query optimization, which includes rewriting of Object and Tag tables. Database backup is highly recommended before upgrade.

New features and improvements:

• Markdown/Mustache templates for rich rendering of attribute values (#602)
• Optimized model to improve query time (#661)
• Range queries are allowed in JSON-like fields (for attributes and configurations - #666)
• Download file as encrypted zip with "infected" password (#587)
• Bumped React Router to v6, queries in URI are no longer double-escaped (#612)
• Bumped Karton to v5 (#648)
• sha1 is exposed in /api/file listing (#683, thanks @DISREL!)

Bugfixes:

• Fixed ISE 500 on legacy file download endpoint (#589)
• Fixed ISE 500 when libmagic fails with MagicException (#605)
• Fixed ISE 500 on user delete with stored quick queries (#665)
• Fixed failed upload when duplicated tags are passed (#594)
• Fixed wrong configuration template generated by mwdb-core configure (#595)
• Web: Fixed pagination in group member settings (#598)

Thanks @jvoisin and @JohnConnorRF for contributions!

v2.7.0

New features and improvements:

• Refactored mechanism that handles JWT tokens used for authorization (#542, @KWMORALE)
  It's recommended to rollup your API keys after upgrade because they use slightly different format that is more compliant with RFC7519. All previously generated API keys will be honored by further 2.x.x releases of MWDB Core.
• API key token is shown only just after creation due to security reasons (#524, @KWMORALE)
• Repository name shown in navbar can be set directly in MWDB configuration (#521, @KWMORALE)
• Added new hooks for various MWDB actions that can be intercepted in plugins (#513, @wklimek)
• Added configurable rate limits for specific endpoints and methods (#523, @wklimek)
• Karton analysis association can be removed from object (#533, @wklimek)
• Added relative date-time ranges in search (#555, @wklimek)
• Added visual indicator for non-editable groups in Administration panel (#519, @wklimek)
• Extendable upload form (#541, thanks @yankovs!)

Bugfixes:

• Fixed exception handling for exceptions that happen out of request context (#522)
• Fixed crash in web application when user clicks "Add" in Attributes box and no attributes are available to add (#539, thanks @chivay!)
• Removed too short limit of field length in OpenID Connect Provider configuration (#552)
• Fixed ISE 500 caused by concurrent assign of Karton analysis on the same object (#576)
• Fixed remove of self-loop relationship that causes removal of all permissions to the object (#579)
• Various fixes in documentation

Special thanks to @wklimek for all contributions and @dd8917vk for catching few regressions during development!

v2.6.1

Bugfix release that bumps Flask and Karton dependencies. In addition, we pin itsdangerous==2.0.1 due to 2.1.0 release that breaks installation of MWDB Core 2.6.0.

Changes:

• Pinned itsdangerous to 2.0.1
• Bumped versions of the following dependencies:
  • karton-core from 4.2.0 to 4.3.0
  • Flask from 1.1.2 to 2.0.2 and related dependencies to latest versions
  • Werkzeug from 1.0.1 to 2.0.3
  • uwsgi from 2.0.19.1 to 2.0.20

v2.6.0-post1

Release made to create correct Docker image for v2.6.0 version by fixed CI workflow

v2.6.0

Key changes:

• Support for OpenID Connect authentication
  You can play with it using our development setup: https://github.com/CERT-Polska/mwdb-core/blob/master/dev/oidc/README.md
• JSON values in attributes
  Whole objects can be stored as attribute value instead of single string. In future: we plan to implement template-based rich formatting to visually represent these objects in tables, lists, collapsible trees etc.
• New Attribute API - better designed API for accessing attriibutes that supersedes old Metakey API

New features and improvements:

• Transactional tag adding during upload. Now you can upload your file and related tags within the same request (7b05dfb)
• comment_author: search field that allows to search for objects commented by selected user (#454)
• upload_count: search field that allows to search for objects related with more than N different user uploads. (#466)
• multi: search field that allows to search for multiple hashes separated by spaces (#470)
• MWDB stores all file names that object appeared with, not only the first one (#482)
• Introduced server-side statement timeout, along with customizable client-side timeouts (currently hardcoded to 8 seconds for general Web requests and 60 seconds for file upload from Web)

Bugfixes and improvements:

• Fixed faulty login/recover password page that responds with Session expired instead of actual error (#461)
• Fixed password recover in Settings page when administrator wants to send new password link to different user (#475)
• Fixed race conditions resulting in ISE 500 on adding/removing the same tags concurrently (#459)
• Correct handling of missing API endpoint when static files are served by Flask (#472)
• Fixed ISE 500 when non-UUID value was passed to karton attribute (#474)
• Fixed wrong type conflict check during object upload (#477)
• karton:<uuid> search field supports single wildcard to filter out not analyzed samples (#451)
• CRC32 hash is zero-padded to 8 bytes (#495)
• Added mouseover text for attribute keys (#490)

v2.6.0-dev1

CI pipeline testing before the actual stable v2.6.0 release.

v2.5.1

Bugfixes:

• Plugins were not built correctly in Docker environments due to change from npm install to npm ci in Dockerfile. That change was reverted (#449)

v2.5.0

Release focused on Karton integration bugfixes and small improvements

New features and improvements:

• Added support for AWS IAM authentication for Minio (#443, thanks @alex-ilgayev!)
• Built-in Karton integration allows to bind Karton analyses that doesn't origin from MWDB (#430, #436)

Bugfixes:

• Fixed handling of escape characters contained in config field and referenced by search query (#437)
• Fixed scrollbar issues in react-ace component (#441)
• Fixed requests package dependency conflict (#440)

v2.4.0

Small release that includes minor improvements of existing features.

New features and improvements:

• API keys have names in addition to UUID identifier, so user can describe the purpose of API key (#420)
• Web: DagreD3Plot and SwaggerUI components are lazy-loaded, so the main JS bundle is much smaller. This should boost the loading time of MWDB webapp (#418, #427)
• User can delete all attributes under the same key via single API request. This is mainly a workaround for deletion of attribute values that are too long for URI query part of DELETE request. (#426)

Bugfixes:

• Web: Multiple bugfixes in recent objects (#417):
  • Fix for Number of results does not display after making a query using URL (#404)
  • RecentView doesn't ask the server for count of all objects when query field is cleared
  • Improved component stability