[Intelmq-dev] intelmq 1.0.5 released
Sebastian Wagner
wagner at cert.at
Fri Jun 22 10:28:49 CEST 2018
Dear community,
I just released the next maintenance release 1.0.5 for the 1.0.x series
and it could be the last one. I will also release a RC for 1.1.0 very
soon. The pre-build deb and rpm packages will be available soon (in some
hours).
Installation instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/INSTALL.md
Upgrade instructions:
https://github.com/certtools/intelmq/blob/1.0.5/docs/UPGRADING.md
This is the changelog:
# Core
- `lib/message`: `Report()` can now create a Report instance from Event
instances (#1225).
- `lib/bot`:
* The first word in the log line `Processed ... messages since last
logging.` is now adaptible and set to `Forwarded` in the existing
filtering bots (#1237).
* Kills oneself again after proper shutdown if the bot is XMPP
collector or output (#970). Previously these two bots needed two stop
commands to get actually stopped.
- `lib/utils`: log: set the name of the `py.warnings` logger to the bot
name (#1184).
# Bots
## Collectors
- `bots.collectors.mail.collector_mail_url`: handle empty downloaded
reports (#988).
- `bots.collectos.file.collector_file`: handle empty files (#1244).
## Parsers
- Shadowserver parser:
* SSL FREAK: Remove optional column `device_serial` and add several
new ones.
* Fixed HTTP URL parsing for multiple feeds (#1243).
- Spamhaus CERT parser:
* add support for `smtpauth`, `l_spamlink`, `pop`, `imap`, `rdp`,
`smb`, `iotscan`, `proxyget`, `iotmicrosoftds`, `automatedtest`,
`ioturl`, `iotmirai`, `iotcmd`, `iotlogin` and `iotuser` (#1254).
* fix `extra.destination.local_port` -> `extra.source.local_port`.
## Experts
- `bots.experts.filter`: Pre-compile regex at bot initialization.
# Tests
- Ensure that the bots did process all messages (#291).
# Tools
- `intelmqctl`:
* `intelmqctl run` has a new parameter `-l` `--loglevel` to overwrite
the log level for the run (#1075).
* `intelmqctl run [bot-id] mesage send` can now send report messages
(#1077).
- `intelmqdump`:
* has now command completion for bot names, actions and queue names in
interacive console.
* automatically converts messages from events to reports if the queue
the message is being restored to is the source queue of a parser (#1225).
* is now capable to read messages in dumps that are dictionaries as
opposed to serialized dicts as strings and does not convert them in the
show command (#1256).
* truncated messages are no longer used/saved to the file after being
shown (#1255).
* now again denies recovery of dumps if the corresponding bot is
running. The check was broken (#1258).
* now sorts the dump by the time of the dump. Previously, the list was
in random order (#1020).
# Known issues
no known issues
Sebastian
--
// Sebastian Wagner <wagner at cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20180622/5298d675/attachment.sig>
More information about the Intelmq-dev
mailing list