v1.9.0

New features

• Replacement for mail to MISP script
• Support valkey and new kvrocks
• WiP support for configurable status for reports (needs to be added in the config file)

Improvements

• Reduce download frequency for Yara rules
• Bump deps, maintenance, bug fixes
• Improve rendering on results page

What's Changed

• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in #498
• Add missing "version" word in README.md by @pombredanne in #514
• Update Dockerfile: limit intermediate images to 1 by @ftoppi in #532
• Update docker-compose.yml: add healthchecks by @ftoppi in #533
• Docker: use kvrocks standard port 6666 by @ftoppi in #534
• Ftoppi patch 5 by @ftoppi in #541
• Add a worker to query a MISP instance by @ftoppi in #542
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #586
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #588
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.2 by @dependabot in #600
• build(deps): bump ossf/scorecard-action from 2.3.2 to 2.3.3 by @dependabot in #601
• build(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #624
• build(deps): bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #625

New Contributors

• @pombredanne made their first contribution in #514
• @ftoppi made their first contribution in #532

Full Changelog: v1.8.0...v1.9.0

v1.8.0

What's Changed

• Run QRcode worker on previews, aggressively try to deocde everything that might be a QR Code with OpenCV (resize if needed)
• Fix seed generation in IMAP module
• Use new typing annotations, many bugfixes and use the strict flag for mypy.
• Improve preview text rendering
• Improve integration with Lookyloo for web enabled documents
• New Yara HQ module

Full Changelog: v1.7.0...v1.8.0

Christmas release!

What's Changed

• Use new unoserver for generating previews
• New extractor for DAA files
• Set proper current directory to run scripts from anywhere
• Fix docker image, update logging and documentation accordingly
• Make sure the user sees a warning when one of the file in the extractor is suspicious
• Speedup warning lists lookup
• Avoid processing empty files
• New CLI to delete old files (use only when you know what you're doing)
• New background processing script to submit suspicious files to a MISP instance
• Bump dependencies and Yara Rues

Full Changelog: v1.6.0...v1.7.0

Hack.lu 2023

New features

• Module to decode QR codes

Changes

• Improve support of recent Libreoffice
• Support latest redis and kvrocks releases
• Bump dependencies, yara signatures

Bugfixes

• Maintenance and cleanups, mainly related to dependencies updates.

Note that this release isn't compatible with python 3.12. The next one will be.

Pass The Salt 2023

This is mostly a maintenance release with a whole bunch of bugfixes.

Changes

• Many improvements in the logging
• Improve sessions handling
• Improve SMTP login settings

Bugfixes

• Calling dfvfs was globally changing the timezone in the python environment
• Use the right version of kvrocks
• Better handling of timeouts
• Cleanup in observables extraction

March Release

New features

• Progress bar when uploading a file
• Add SMTP auth for email notification (thanks to @sebdraven)

Changes

• Many UI Improvements
• Much improved logging all around
• Improvements in blocklist module
• Improvements in workers initialization.
• Bump dependencies (Python, JS), make the project compatible with Python 3.11
• Remove IRMA module (project deprecated)
• Code cleanup and maintenance

Bugfixes

• Fix Dockerfile and docker compose
• Better support for MSG files

Post-HoHoHolidays release - Aka the hangover release

Security patch

This releases fixes CVE-2023-22898 where a nested archive (aka ZIP Bomb) could trigger a DOS to the platform, especially to the extractor module. Thank you @kurgans0 for reporting it.

New features

• Limit the amount of archives to recursively extract from a file, and the maximal depth (Fixes CVE-2023-22898)
• Display link to VT report instead of text in the report

Changes

• Many improvements in the dfVFS extractor, support files with multiple filesystems
• Improve mime types synonyms
• Improve notification email (set reply-to if possible, insert full link in email body.
• Bump all dependencies

Bug fixes

• Fix exception on edge cases when using the dfVFS extractor
• Only allow submitting one file at the time - the UI was allowing multiple files by mistake, it wasn't supposed to be supported and causes UI issues. Supporting multiple upload will be implemented later.

HoHoHoliday season release - Open more boxes

Breaking change

Poetry v1.3.0 or more recent is now required, please upgrade to the latest version.

New Features

• Support for CAB files (with hachoir)
• Support for VHD files (with dfvfs)
• Pre-load the analysis results instead of loading it in javascript after the page is loaded
• Much better handling of ODF files
• Improve extraction of URLs from office documents
• Improve logging, use a config file
• Improve processes handling and avoid deadlocks on stop
• [API only] Get stats by worker and mimetype

Bugfixes

• Improve handling of 7z files
• Add timeout on observables worker (avoid exceptions is a sample has way too many observables)
• Improve mimetype synonyms to match the types better between python core mimetypes and the python-magic library
• Improve handling of html bodies in emails, support for signed emails
• Improve handling of password protected OLE files
• Avoid getting the IMAP handler stuck (timeout)

Changes

• Major improvements in rendering the stats page
• Major improvements in exceptions handling
• Autokill libreoffice every hours to avoid memory leak
• Allow to mark issues with extractor module as error instead of alert when we reach the limits (size or number of files in archives)
• Improve UI and docs, move to bootstrap 5.2
• Updates all dependencies

October release - Make the code less spooky

This is a pretty major maintenance release aiming to make the code easier to maintain. There are no big new features but a lot of the back end code was heavily modified.

Changes

• Remove all asserts, replace them with proper exceptions
• UI improvements on the submission and analysis pages
• Detailed view (WiP) to reduce the visual load on the user
• Add bandit, pylint, codespell, flake8 and semgrep in the github actions (many thanks to @juju4 for the heavy lifting)

Fixes

• Better handling of date times on non-UTC machines
• Support for new exiftool

Back to school, and summer cleanup.

Breaking change

This release requires poetry v1.2.0 or more recent. Run the following command to upgrade it: poetry self update

New feature

• HTML documents can be submitted to Lookyloo (requires v1.15.0 or more recent)

Changes

• Improvements in the modules (archives, ISO, EML)
• Improvements on the stats page
• Configure the links on the index
• Bump dependencies

Fixes

• Support ingesting a file downloaded from a Pandora instance
• Automatically restart unoserver when it crashes (makes previews with libreoffice more reliable)

Notes

• Many have reported issues with the reviews generated by LibreOffice. A seemingly universal fix seems to be installing the full package from the PPA.