3.0.1 Bugfix Release
Installation documentation:
https://intelmq.readthedocs.io/en/maintenance/user/installation.html
Upgrade documentation:
https://intelmq.readthedocs.io/en/maintenance/user/upgrade.html
Core
intelmq.lib.bot_debugger
: Fix accessing the bot's destination queues (PR#2027 by Mikk Margus Möll).intelmq.lib.pipeline
: Fix handling ofload_balance
parameter (PR#2027 by Mikk Margus Möll).intelmq.lib.bot
: Fix handling of parameterdestination_queues
if value is an empty dictionary (PR#2051 by Sebastian Wagner, fixes #2034).
Bots
Collectors
intelmq.bots.collectors.shodan.collector_stream
: Fix access to parameters, the bot wrongly usedself.parameters
(PR#2020 by Mikk Margus Möll).intelmq.bots.collectors.mail.collector_mail_attach
: Add attachment file name asextra.file_name
also if the attachment is not compressed (PR#2021 by Alex Kaplan).intelmq.bots.collectors.http.collector_http_stream
: Fix access to parameters, the bot wrongly usedself.parameters
(by Sebastian Wagner).
Parsers
intelmq.bots.parsers.microsoft.parser_ctip
: MapPayload.domain
todestination.fqdn
instead ofextra.payload.domain
as it matches todestination.ip
fromDestinationIp
(PR#2023 by Sebastian Wagner).- Removed
intelmq.bots.parsers.malwaredomains
because the upstream data source (malwaredomains.com) does not exist anymore (PR#2026 by Birger Schacht, fixes #2024). intelmq.bots.parsers.shadowserver.config
:- Add support for feed "Vulnerable SMTP Server" (PR#2037 by Mikk Margus Möll).
- Fix differentiation between feeds "Accessible HTTP" and "Vulnerable HTTP" (PR#2037 by Mikk Margus Möll, fixes #1984).
- Add support for the new feeds Microsoft Sinkhole Events Report, Microsoft Sinkhole HTTP Events Report (PR#2036 by Birger Schacht).
- Complement feed mappings and documentation for feeds with IPv4 and IPv6 variants (PR#2046 by Mikk Margus Möll and Sebastian Wagner).
- Feed names with and without the optional IPv4/IPv6 postfix can be used now consistently.
- Add support for feed "Honeypot HTTP Scan" (PR#2047 by Mikk Margus Möll).
- Update filename mapping for changed filename of feed "Accessible-MSRDPUDP" (PR#2060 by abr4xc).
Experts
intelmq.bots.experts.gethostbyname.expert
: Handle numeric values for thegaierrors_to_ignore
parameter (PR#2073 by Sebastian Wagner, fixes #2072).intelmq.bots.experts.filter.expert
: Fix handling of empty-string parametersnot_after
andnot_before
(PR#2075 by Sebastian Wagner, fixes #2074).
Outputs
intelmq.bots.outputs.mcafee.output_esm_ip
: Fix access to parameters, the bot wrongly usedself.parameters
(by Sebastian Wagner).intelmq.bots.outputs.misp.output_api
: Fix access to parameters, the bot wrongly usedself.parameters
(by Sebastian Wagner).intelmq.bots.outputs.smtp.output
: AddContent-Disposition
-header to the attachment, fixing the display in Mail Clients as actual attachment (PR#2052 by Sebastian Wagner, fixes #2018).
Documentation
- Various formatting fixes (by Sebastian Wagner).
- Removed the malwaredomains feed from the feeds list because the upstream data source (malwaredomains.com) does not exist anymore (PR#2026 by Birger Schacht, fixes #2024).
- Update Docker installation instructions (PR#2035 by Sebastian Waldbauer).
Packaging
- intelmq-update-database crontab: Add missing
recordedfuture_iprisk
update call (by Sebastian Wagner).
Tests
- Replace calls to deprecated/undocumented
logging.warn
withlogging.warning
(by Sebastian Wagner, fixes #2013). intelmq.tests.bots.experts.rdap.test_expert
: Declare cache use, fixes build failures (by Sebastian Wagner, fixes #2014).intelmq.tests.bots.collectors.mail.test_collector_attach
: Test text attachment (by Sebastian Wagner).
Tools
intelmqctl
:- Also honour parameters from environment variables (PR#2068 by Sebastian Wagner, fixes #2063).
- Fix management actions (start/stop/status/reload/restart) for groups (PR#2086 by Sebastian Wagner, fixes #2085).
- Do not use hardcoded logging path in
/opt/intelmq
, use the internal default instead (PR#2092 by Sebastian Wagner, fixes #2091).
Known issues
See open bug reports for a more detailed list.
- ParserBot: erroneous raw line recovery in error handling (#1850).