Malcolm v25.12.1

Malcolm v25.12.1 contains a few critical bug fixes and component version updates.

v25.12.0...v25.12.1

• ✨ Features and enhancements
  • Installer splash screen shows "HEDGEHOG" when using Hedgehog run profile
• ✅ Component version updates
  • supercronic to v0.2.40
  • Alpine (Docker base image) to v3.23
  • NetBox to v4.4.8
  • urllib3 to v2.6.0 (CVE-2025-66471, 8.9 High, GHSA-2xpw-w6gg-jr37)
• 🐛 Bug fixes
  • Changed field used in Threat Intelligence dashboard's file type table from zeek.intel.file_mime_type to file.mime_type so filters created from it can work on other dashboards
  • link for threat intelligence URL doesn't work correctly from dashboards (behind reverse proxy) (#832)
  • self-signed certificates not accepted by Chrome (#833)
  • Malcolm ISO installer's automatic partitioning may create too-small /var partition (#835)
• 🧹 Code and project maintenance
  • Added new Analytics section to documentation

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.