[IntelMQ-dev] IntelMQ 3.3.1 bugfix release

Sebix sebix at sebix.at
Tue Sep 3 17:25:59 CEST 2024


Dear IntelMQ community, users, developers, and Incident Response teams!

We are excited to announce the release of IntelMQ version 3.3.1, which 
includes important bug fixes.
The updated version is available on PyPI, in the git repository, and the 
deb/rpm repositories.

Please see the list of all changes below.

Documentation: https://doc.intelmq.org/
Source code: https://github.com/certtools/intelmq

Thanks to all contributors to this release, in alphabetical order:

  * DigitalTrustCenter
  * Edvard Rejthar (CSIRT.CZ)
  * elsif2 (Shadowserver Foundation)
  * Kamil Mankowski (CERT.at)
  * Mikk Margus Möll (CERT.ee)
  * Sebastian Wagner (Institute for Common Good Technology, Intevation &
    BSI)

The full list of changes:

Core
====
- `intelmq.lib.utils.drop_privileges`: When IntelMQ is called as `root` 
and dropping the privileges to user `intelmq`, also set the non-primary 
groups associated with the `intelmq` user. Makes the behaviour of 
running intelmqctl as `root` closer to the behaviour of `sudo -u intelmq 
...` (PR#2507 by Mikk Margus Möll).
- `intelmq.lib.utils.unzip`: Ignore directories themselves when 
extracting data to prevent the extraction of empty data for a directory 
entries (PR#2512 by Kamil Mankowski).

Bots
====

Collectors
----------

- `intelmq.bots.collectors.shadowserver.collector_reports_api.py`:
   - Added support for the types parameter to be either a string or a 
list (PR#2495 by elsif2).
   - Refactored to utilize the type field returned by the API to match 
the requested types instead of a sub-string match on the filename.
   - Fixed timezone issue for collecting reports (PR#2506 by elsif2).
   - Fixed behaviour if parameter `reports` value is empty string, 
behave the same way as not set, not like no report (PR#2523 by Sebastian 
Wagner).
- `intelmq.bots.collectors.shodan.collector_stream` (PR#2492 by Mikk 
Margus Möll):
   - Add `alert` parameter to Shodan stream collector to allow fetching 
streams by configured alert ID
- `intelmq.bots.collectors.mail._lib`: Remove deprecated parameter 
`attach_unzip` from default parameters (PR#2511 by Sebastian Wagner).

Parsers
-------

- `intelmq.bots.parsers.shadowserver._config`:
   - Fetch schema before first run (PR#2482 by elsif2, fixes #2480).
- `intelmq.bots.parsers.dataplane.parser`: Use `  |  ` as field 
delimiter, fix parsing of AS names including `|` (PR#2488 by 
DigitalTrustCenter).
- all parsers: add `copy_collector_provided_fields` parameter allowing 
copying additional fields from the report, e.g. `extra.file_name`. 
(PR#2513 by Kamil Mankowski).

Experts
-------

- `intelmq.bots.experts.sieve.expert`:
   - For `:contains`, `=~` and `!~`, convert the value to string before 
matching avoiding an exception. If the value is a dict, convert the 
value to JSON (PR#2500 by Sebastian Wagner).
   - Add support for variables in Sieve scripts (PR#2514 by Mikk Margus 
Möll, fixes #2486).
- `intelmq.bots.experts.filter.expert`:
   - Treat value `false` for parameter `filter_regex` as false (PR#2499 
by Sebastian Wagner).

Outputs
-------

- `intelmq.bots.outputs.misp.output_feed`: Handle failures if saved 
current event wasn't saved or is incorrect (PR by Kamil Mankowski).
- `intelmq.bots.outputs.smtp_batch.output`: Documentation on multiple 
recipients added (PR#2501 by Edvard Rejthar).

Documentation
=============

- Bots: Clarify some section of Mail collectors and the Generic CSV 
Parser (PR#2510 by Sebastian Wagner).

-- 
Institute for Common Good Technology
gemeinnütziger Kulturverein - nonprofit cultural society
https://commongoodtechnology.org/
ZVR 1510673578
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20240903/bb2a7553/attachment.htm>


More information about the IntelMQ-dev mailing list