[Intelmq-dev] intelmq 1.0.5 released

Sebastian Wagner wagner at cert.at
Fri Jun 22 10:28:49 CEST 2018


Dear community,

I just released the next maintenance release 1.0.5 for the 1.0.x series
and it could be the last one. I will also release a RC for 1.1.0 very
soon. The pre-build deb and rpm packages will be available soon (in some
hours).

Installation instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/INSTALL.md
Upgrade instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/UPGRADING.md

This is the changelog:

# Core
- `lib/message`: `Report()` can now create a Report instance from Event
instances (#1225).
- `lib/bot`:
  * The first word in the log line `Processed ... messages since last
logging.` is now adaptible and set to `Forwarded` in the existing
filtering bots (#1237).
  * Kills oneself again after proper shutdown if the bot is XMPP
collector or output (#970). Previously these two bots needed two stop
commands to get actually stopped.
- `lib/utils`: log: set the name of the `py.warnings` logger to the bot
name (#1184).

# Bots
## Collectors
- `bots.collectors.mail.collector_mail_url`: handle empty downloaded
reports (#988).
- `bots.collectos.file.collector_file`: handle empty files (#1244).

## Parsers
- Shadowserver parser:
  * SSL FREAK: Remove optional column `device_serial` and add several
new ones.
  * Fixed HTTP URL parsing for multiple feeds (#1243).
- Spamhaus CERT parser:
  * add support for `smtpauth`, `l_spamlink`, `pop`, `imap`, `rdp`,
`smb`, `iotscan`, `proxyget`, `iotmicrosoftds`, `automatedtest`,
`ioturl`, `iotmirai`, `iotcmd`, `iotlogin` and `iotuser` (#1254).
  * fix `extra.destination.local_port` -> `extra.source.local_port`.

## Experts
- `bots.experts.filter`: Pre-compile regex at bot initialization.

# Tests
- Ensure that the bots did process all messages (#291).

# Tools
- `intelmqctl`:
  * `intelmqctl run` has a new parameter `-l` `--loglevel` to overwrite
the log level for the run (#1075).
  * `intelmqctl run [bot-id] mesage send` can now send report messages
(#1077).
- `intelmqdump`:
  * has now command completion for bot names, actions and queue names in
interacive console.
  * automatically converts messages from events to reports if the queue
the message is being restored to is the source queue of a parser (#1225).
  * is now capable to read messages in dumps that are dictionaries as
opposed to serialized dicts as strings and does not convert them in the
show command (#1256).
  * truncated messages are no longer used/saved to the file after being
shown (#1255).
  * now again denies recovery of dumps if the corresponding bot is
running. The check was broken (#1258).
  * now sorts the dump by the time of the dump. Previously, the list was
in random order (#1020).

# Known issues
no known issues

Sebastian

-- 
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20180622/5298d675/attachment.sig>


More information about the Intelmq-dev mailing list