<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<pre class="code highlight" lang="plaintext"><span id="LC1" class="line" lang="plaintext">Dear community,</span>
<span id="LC2" class="line" lang="plaintext"></span>
<span id="LC3" class="line" lang="plaintext">Over the past two months, IntelMQ contributors had no summer pause, but did the final finish for IntelMQ 3.0.</span>
<span id="LC4" class="line" lang="plaintext"></span>
<span id="LC5" class="line" lang="plaintext">A special thanks goes to Mikk Margus Möll (CERT.ee) who has put tremendous efforts in the IntelMQ Manager tackling structural and usability issues, mainly in the JavaScript-components!</span>
<span id="LC6" class="line" lang="plaintext"></span>
<span id="LC7" class="line" lang="plaintext">The deb/rpm repositories did not receive the 3.0.0 release at beginning of July to get more experience with the major changes before doing automatic upgrades, but now they deliver the brand-new 3.0.1 version. Please note, that the automatic upgrade procedures may still not be fully smooth. Just now, we have noticed, that the packages contain a small flaw, which harms the upgrade experience: The packages ship a default configuration (the file is now called `runtime.yaml`), but only if the file does not exist before - for new installations. But now in this special case, we renamed the configuration from `runtime.conf` to `runtime.yaml` and therefore, the new - default shipped - configuration takes precedence. I hope the following commands and hints will be of help to you.</span>
<span id="LC8" class="line" lang="plaintext"></span>
<span id="LC9" class="line" lang="plaintext"># remove the runtime configuration shipped by the package (can be called /etc/intelmq/runtime.*) and rename your original one to /etc/intelmq/runtime.yaml</span>
<span id="LC10" class="line" lang="plaintext"># the previously used runtime.conf can be used as drop-in to runtime.yaml (YAML is backwards-compatible with JSON)</span>
<span id="LC11" class="line" lang="plaintext">sudo -u intelmq intelmqctl upgrade-config -f -u v300_pipeline_file_removal</span>
<span id="LC12" class="line" lang="plaintext">sudo -u intelmq intelmqctl upgrade-config -f -u v300_defaults_file_removal</span>
<span id="LC13" class="line" lang="plaintext">sudo -u intelmq intelmqctl upgrade-config -f -u v301_deprecations</span>
<span id="LC14" class="line" lang="plaintext">The last three steps are important to merge the defaults and pipeline configuration into the new combined configuration file</span>
<span id="LC15" class="line" lang="plaintext"></span>
<span id="LC16" class="line" lang="plaintext">Please do not hesitate to ask.</span>
<span id="LC17" class="line" lang="plaintext"></span>
<span id="LC18" class="line" lang="plaintext">The deb-packages are also already available for the newly released Debian 11 Bullseye.</span>
<span id="LC19" class="line" lang="plaintext"></span>
<span id="LC20" class="line" lang="plaintext">We are not planning a bugfix release until the 3.1.0 release, so that one will be the next version to be released.</span>
<span id="LC21" class="line" lang="plaintext"></span>
<span id="LC22" class="line" lang="plaintext">Here's a short summary of what happened during the summer:</span>
<span id="LC23" class="line" lang="plaintext">- various fixes related to the IEP001 implementation (IEP001 was the change configuration format and merge of files, rewrite oft the internal parameter-handling)</span>
<span id="LC24" class="line" lang="plaintext">- removal of the malwaredomains feed and parser, because it does not exist anymore</span>
<span id="LC25" class="line" lang="plaintext">- Various fixes in the Shadowserver Parser and support for new reports: Vulnerable SMTP Server, Microsoft Sinkhole Events Report & Microsoft Sinkhole HTTP Events Report, Honeypot HTTP Scan</span>
<span id="LC26" class="line" lang="plaintext">- SMTP Output: Added Content-Disposition-header to the attachment, fixing the display in MS Outlook clients (as reported and dicussed on the Mailinglist).</span>
<span id="LC27" class="line" lang="plaintext">- Heavy refactoring of IntelMQ-Manager's JavaScript parts to fix errors and usability issues.</span>
<span id="LC28" class="line" lang="plaintext"></span>
<span id="LC29" class="line" lang="plaintext">If you are interested in developing on IntelMQ and you don't know where to start, have a look at the dev guide an the issues labeled "good first issue": <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22">https://github.com/certtools/intelmq/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22</a></span>
<span id="LC30" class="line" lang="plaintext">We are especially welcoming contributions to the documentation!</span>
<span id="LC31" class="line" lang="plaintext"></span>
<span id="LC32" class="line" lang="plaintext">You can read the full changelogs here:</span>
<span id="LC33" class="line" lang="plaintext">- <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq/releases/tag/3.0.1">https://github.com/certtools/intelmq/releases/tag/3.0.1</a></span>
<span id="LC34" class="line" lang="plaintext">- <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq-api/releases/tag/3.0.1">https://github.com/certtools/intelmq-api/releases/tag/3.0.1</a></span>
<span id="LC35" class="line" lang="plaintext">- <a class="moz-txt-link-freetext" href="https://github.com/certtools/intelmq-manager/releases/tag/3.0.1">https://github.com/certtools/intelmq-manager/releases/tag/3.0.1</a></span>
<span id="LC36" class="line" lang="plaintext"></span>
<span id="LC37" class="line" lang="plaintext"><a class="moz-txt-link-freetext" href="https://cert.at/en/blog/2021/9/intelmq-301-release">https://cert.at/en/blog/2021/9/intelmq-301-release</a></span>
<span id="LC38" class="line" lang="plaintext"><a class="moz-txt-link-freetext" href="https://twitter.com/CERT_at/status/1433475188381806594">https://twitter.com/CERT_at/status/1433475188381806594</a></span>
<span id="LC39" class="line" lang="plaintext"></span>
<span id="LC40" class="line" lang="plaintext">btw:</span>
<span id="LC41" class="line" lang="plaintext">There's new contact management portal called "tuency" for administrating abuse contacts available, which can be used in conjunction with IntelMQ.</span>
<span id="LC42" class="line" lang="plaintext">Read more about its features here:</span>
<span id="LC43" class="line" lang="plaintext"><a class="moz-txt-link-freetext" href="https://cert.at/en/blog/2021/9/tuency-constituency-portal-for-iocs-and-certs">https://cert.at/en/blog/2021/9/tuency-constituency-portal-for-iocs-and-certs</a></span>
<span id="LC44" class="line" lang="plaintext"><a class="moz-txt-link-freetext" href="https://gitlab.com/intevation/tuency/tuency">https://gitlab.com/intevation/tuency/tuency</a></span>
</pre>
<pre class="moz-signature" cols="72">--
// Sebastian Wagner <a class="moz-txt-link-rfc2396E" href="mailto:wagner@cert.at"><wagner@cert.at></a> - T: +43 676 898 298 7201
// CERT Austria - <a class="moz-txt-link-freetext" href="https://www.cert.at/">https://www.cert.at/</a>
// Eine Initiative der nic.at GmbH - <a class="moz-txt-link-freetext" href="https://www.nic.at/">https://www.nic.at/</a>
// Firmenbuchnummer 172568b, LG Salzburg</pre>
</body>
</html>