Last month (that should be… April… we are kinda losing track of time during the confinement), we made silently 2 patch releases for TheHive 3.4, our current stable version even if we have our hands full of soap and bleach as we are working on the eagerly awaited TheHive 4.0.0 final release: 3.4.1, shortly followed by 3.4.2. Your lovely bees are truly committed at keeping TheHive 3 branch buzzing well after 4.0.0 is out.
As usual, we’d like to start by thank the community for bringing the issues they discover to our attention. This is definitely one of the best contributions that we can get from you!
Released on April 25, 2020, 3.4.1 mainly fixed some docker-related issues as well as problems with OAuth2 and MISP integration, in addition to a few bugs, as described in the changelog.
- Docker: TheHive fails to connect to Elasticsearch (NoNodeAvailableException) #854
- Improved support for OpenID connect and OAuth2 #1110
- TheHive’s Docker entrypoint logs the Play secret key at startup (… looking elsewhere hoping not to attract too much attention on this one) #1177
- Configure TheHive’s first run using Docker Compose #1199
- TheHive’s docker containers should be orchestration-ready #1204
- MISP synchronisation: any attribute having the
to_idsflag will be imported as
iocby TheHive. In the same way, when you export a case to MISP, observables which have the
iocflag on will become MISP attributes for which
to_idsis true #1273
- Include Dockerfile in root of project #1222
- Docker user daemon with id 1 causes permission issues with local #1227
- Fix MISP sync issues related to Docker #866
- Owner is case-sensitive on API calls and should be lowercased #928
- Bug: Observable without data breaks display of observables #1080
- Docker-Compose Elasticsearch incompatibility #1140
- Analyzers that take more than 10 minutes run into timeout #1156
- TheHive 3.4.0 migration log errors ([error] m.Migration – Failed to create dashboard) #1202
- Computed metrics are not compatible with the painless scripting language #1210
- OAuth2 Bearer header should be of the format “Authorization Bearer” ? #1228
- Health API endpoint returns warning when everything is OK #1233
- Job submission sometimes fails when there are multiple Cortex servers #1272
3.4.1 introduced a regression which was spotted few hours after it has been made public. 3.4.2 fixes t the problem.
It also adds a quick improvement allowing users to have access to error messages returned by Cortex Responder calls.
- Providing output details for Responders #962
- File observables in alert are not created in case #1292
- Analyzer’s artifacts tags and message are not kept when importing observables #1285
Running Into Trouble?
Shall you encounter any difficulty, please join our user forum, contact us on Gitter, or send us an email at firstname.lastname@example.org. We will be more than happy to help as usual!