Skip to content

3.0.1 Bugfix Release

Compare
Choose a tag to compare
released this 02 Sep 08:36
· 826 commits to develop since this release

Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html

Core

  • intelmq.lib.bot_debugger: Fix accessing the bot's destination queues (PR#2027 by Mikk Margus Möll).
  • intelmq.lib.pipeline: Fix handling of load_balance parameter (PR#2027 by Mikk Margus Möll).
  • intelmq.lib.bot: Fix handling of parameter destination_queues if value is an empty dictionary (PR#2051 by Sebastian Wagner, fixes #2034).

Bots

Collectors

  • intelmq.bots.collectors.shodan.collector_stream: Fix access to parameters, the bot wrongly used self.parameters (PR#2020 by Mikk Margus Möll).
  • intelmq.bots.collectors.mail.collector_mail_attach: Add attachment file name as extra.file_name also if the attachment is not compressed (PR#2021 by Alex Kaplan).
  • intelmq.bots.collectors.http.collector_http_stream: Fix access to parameters, the bot wrongly used self.parameters (by Sebastian Wagner).

Parsers

  • intelmq.bots.parsers.microsoft.parser_ctip: Map Payload.domain to destination.fqdn instead of extra.payload.domain as it matches to destination.ip from DestinationIp (PR#2023 by Sebastian Wagner).
  • Removed intelmq.bots.parsers.malwaredomains because the upstream data source (malwaredomains.com) does not exist anymore (PR#2026 by Birger Schacht, fixes #2024).
  • intelmq.bots.parsers.shadowserver.config:
    • Add support for feed "Vulnerable SMTP Server" (PR#2037 by Mikk Margus Möll).
    • Fix differentiation between feeds "Accessible HTTP" and "Vulnerable HTTP" (PR#2037 by Mikk Margus Möll, fixes #1984).
    • Add support for the new feeds Microsoft Sinkhole Events Report, Microsoft Sinkhole HTTP Events Report (PR#2036 by Birger Schacht).
    • Complement feed mappings and documentation for feeds with IPv4 and IPv6 variants (PR#2046 by Mikk Margus Möll and Sebastian Wagner).
    • Feed names with and without the optional IPv4/IPv6 postfix can be used now consistently.
    • Add support for feed "Honeypot HTTP Scan" (PR#2047 by Mikk Margus Möll).
    • Update filename mapping for changed filename of feed "Accessible-MSRDPUDP" (PR#2060 by abr4xc).

Experts

  • intelmq.bots.experts.gethostbyname.expert: Handle numeric values for the gaierrors_to_ignore parameter (PR#2073 by Sebastian Wagner, fixes #2072).
  • intelmq.bots.experts.filter.expert: Fix handling of empty-string parameters not_after and not_before (PR#2075 by Sebastian Wagner, fixes #2074).

Outputs

  • intelmq.bots.outputs.mcafee.output_esm_ip: Fix access to parameters, the bot wrongly used self.parameters (by Sebastian Wagner).
  • intelmq.bots.outputs.misp.output_api: Fix access to parameters, the bot wrongly used self.parameters (by Sebastian Wagner).
  • intelmq.bots.outputs.smtp.output: Add Content-Disposition-header to the attachment, fixing the display in Mail Clients as actual attachment (PR#2052 by Sebastian Wagner, fixes #2018).

Documentation

  • Various formatting fixes (by Sebastian Wagner).
  • Removed the malwaredomains feed from the feeds list because the upstream data source (malwaredomains.com) does not exist anymore (PR#2026 by Birger Schacht, fixes #2024).
  • Update Docker installation instructions (PR#2035 by Sebastian Waldbauer).

Packaging

  • intelmq-update-database crontab: Add missing recordedfuture_iprisk update call (by Sebastian Wagner).

Tests

  • Replace calls to deprecated/undocumented logging.warn with logging.warning (by Sebastian Wagner, fixes #2013).
  • intelmq.tests.bots.experts.rdap.test_expert: Declare cache use, fixes build failures (by Sebastian Wagner, fixes #2014).
  • intelmq.tests.bots.collectors.mail.test_collector_attach: Test text attachment (by Sebastian Wagner).

Tools

  • intelmqctl:
    • Also honour parameters from environment variables (PR#2068 by Sebastian Wagner, fixes #2063).
    • Fix management actions (start/stop/status/reload/restart) for groups (PR#2086 by Sebastian Wagner, fixes #2085).
    • Do not use hardcoded logging path in /opt/intelmq, use the internal default instead (PR#2092 by Sebastian Wagner, fixes #2091).

Known issues

See open bug reports for a more detailed list.

  • ParserBot: erroneous raw line recovery in error handling (#1850).