<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Dear community,</p>
<p>Today we have again a twin release 2.2.1 for both IntelMQ as well
as IntelMQ Manager. This IntelMQ Manager version requires IntelMQ
>= 2.2.1. There are currently issues with the signature in the
package repositories for Debian/Ubuntu. I hope to get them
resolved soon.<br>
</p>
<p>IntelMQ Installation documentation:<br>
<a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/blob/2.2.1/docs/INSTALL.md">https://github.com/certtools/intelmq/blob/2.2.1/docs/INSTALL.md</a><br>
IntelMQ Upgrade documentation:<br>
<a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/blob/2.2.1/docs/UPGRADING.md">https://github.com/certtools/intelmq/blob/2.2.1/docs/UPGRADING.md</a><br>
IntelMQ Manager Installation instructions:<br>
<a
href="https://github.com/certtools/intelmq-manager/blob/2.2.1/docs/INSTALL.md">https://github.com/certtools/intelmq-manager/blob/2.2.1/docs/INSTALL.md</a></p>
<p><b>The changelog for IntelMQ Manager:</b><br>
<br>
### Backend<br>
- Fix loading paths from `intelmqctl` executable (PR #205 by Einar
Felipe Lanfranco).<br>
<br>
### Documentation<br>
- User Guide:<br>
- Add section on configuration paths.<br>
- Add section on named queues / paths.<br>
- Readme:<br>
- Update screenshots (#201, PR#207 by Mladen Markovic).<br>
<br>
### Known issues<br>
* Graph jumps around on "Add edge" (#148).<br>
* wrong error message for new bots with existing ID (#152).<br>
* Monitor page: Automatic log refresh reset log page to first one
(#190).<br>
</p>
<p><b>The News for IntelMQ:</b><br>
</p>
<p>### Requirements<br>
#### MaxMind GeoIP Expert Bot<br>
The current python library versions of geoip (version 4) and
maxminddb (version 2) no longer support Python 3.5. Keep older
versions of these libraries if you are using this Python version.<br>
<br>
### Configuration<br>
#### Abuse.ch URLHaus<br>
<br>
The current documented value for the `column` parameter was:<br>
```json<br>
['time.source', 'source.url', 'status',
'extra.urlhaus.threat_type', 'source.fqdn', 'source.ip',
'source.asn', 'source.geolocation.cc']<br>
```<br>
Better is:<br>
```json<br>
['time.source', 'source.url', 'status',
'classification.type|__IGNORE__', 'source.fqdn|__IGNORE__',
'source.ip', 'source.asn', 'source.geolocation.cc']<br>
```<br>
</p>
<p><b>And the changelog for IntelMQ:</b><br>
</p>
<p>### Core<br>
- `intelmq.lib.upgrades`:<br>
- Add upgrade function for changed configuration of the feed
"Abuse.ch URLHaus" (#1571, PR#1572 by Filip Pokorný).<br>
- Add upgrade function for removal of *HPHosts Hosts file* feed
and `intelmq.bots.parsers.hphosts` parser (#1559).<br>
- `intelmq.lib.harmonization`:<br>
- For IP Addresses, explicitly reject IPv6 addresses with
scope ID (due to changed behavior in Python 3.9, #1550).<br>
<br>
### Development<br>
- Ignore line length (E501) in code-style checks altogether.<br>
<br>
### Bots<br>
#### Collectors<br>
- `intelmq.bots.collectors.misp`: Fix access to actual MISP object
(PR#1548 by Tomas Bellus @tomas321)<br>
- `intelmq.bots.collectors.stomp`: Remove empty `client.pem` file.<br>
<br>
#### Parsers<br>
- `intelmq.bots.parsers.shadowserver.config`:<br>
- Add support for Accessible-CoAP feed (PR #1555 by Thomas
Hungenberg).<br>
- Add support for Accessible-ARD feed (PR #1584 by Tomas Bellus
@tomas321).<br>
- `intelmq.bots.parser.anubisnetworks.parser`: Ignore
"TestSinkholingLoss" events, these are not intended to be sent out
at all.<br>
- `intelmq.bots.parsers.generic.parser_csv`: Allow values of type
dictionary for parameter `type_translation`.<br>
- `intelmq.bots.parsers.hphosts`: Removed, feed is unavailable
(#1559).<br>
- `intelmq.bots.parsers.cymru.parser_cap_program`: Add support for
comment "username" for "scanner" category.<br>
- `intelmq.bots.parsers.malwareurl.parser`: Check for valid FQDN
and IP address in URL and IP address columns (PR#1585 by Marius
Urkis).<br>
<br>
#### Experts<br>
- `intelmq.bots.experts.maxmind_geoip`: On Python < 3.6,
require maxminddb < 2, as that version does no longer support
Python 3.5.<br>
<br>
#### Outputs<br>
- `intelmq.bot.outputs.udp`: Fix error handling on sending, had a
bug itself.<br>
<br>
### Documentation<br>
- Feeds:<br>
- Update documentation of feed "Abuse.ch URLHaus" (#1571,
PR#1572 by Filip Pokorný).<br>
- Bots:<br>
- Overhaul of all bots' description fields (#1570).<br>
- User-Guide:<br>
- Overhaul pipeline configuration section and explain named
queues better (#1577).<br>
<br>
### Tests<br>
- `intelmq.tests.bots.experts.cymru`: Adapt `test_empty_result`,
remove `test_unicode_as_name` and `test_country_question_mark`
(#1576).<br>
<br>
### Tools<br>
- `intelmq.bin.intelmq_gen_docs`: Format parameters of types lists
with double quotes around values to produce conform JSON, ready to
copy and paste the value into the IntelMQ Manager's bot parameter
form.<br>
- `intelmq.bin.intelmqctl`:<br>
- `debug`: In JSON mode, use dictionaries instead of lists.<br>
- `debug`: Add `PATH` to the paths shown.<br>
- `check`: Show `$PATH` environment variable if executable
cannot be found.<br>
<br>
### Contrib<br>
- `malware_name_mapping`: Change MISP Threat Actors URL to new URL
(branch master -> main) in download script.<br>
<br>
### Known issues<br>
- Bots started with IntelMQ-Manager stop when the webserver is
restarted. (#952).<br>
- Corrupt dump files when interrupted during writing (#870).<br>
- Bash completion scripts search in wrong directory in packages
(#1561).<br>
- Cymru Expert: Wrong Cache-Key Calculation (#1592).<br>
</p>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 1 5056416 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>