Skip to content

v5.0.0-rc2

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 09 Jan 19:43
· 142 commits to main since this release
v5.0.0-rc2
4b6fdd3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Installation Instructions | 5.x Upgrade instructions | Copyright Notices | FAQ | CHANGELOG | JA4+ Install

A db.pl upgrade is required when upgrading from 4.x

✨ What's new ✨

BREAKING

  • #2297 s3Compression/simpleCompression now defaults to zstd
  • #2297 s3WriteGzip removed, use s3Compression=gzip for gzip instead of new zstd default
  • #2297 s3GapPacketPos defaults to TRUE
  • #2297 enablePacketDedup defaults to TRUE
  • #2299 #2308 authMode defaults to digest now
  • #2312 removed old v1 viewer APIs
  • #2349 parliament password removed, must configure common auth via the UI before upgrading or manually in the config file see parliament and how do I upgrade to 5
  • #2402 WISE/tagger must now use http.request.FIELD/http.response.FIELD when referencing header defined with headers-http-request/headers-http-response
  • #2450 Centos 7 build no longers includes pfring support
  • #2453 Increase simpleCompressionBlockSize default to 64000

Release

  • #2448 zstd 1.5.5, nghttp2 1.57.0, maxmind 1.7.1, yara 4.2.3
  • #2443 Centos 7, Ubuntu 18, Alpine use unofficial builds of node
  • #2543 node v18.19.0
  • #2447 support building on alpine
  • #2549 use configure prefix more places (thanks @vpiserchia)

All

  • #2316 programs support same config file formats (ini/json/yaml) and retrieval (file, elasticsearch)
  • #2419 json/yaml config file formats now allow arrays instead of comma/semi separated
  • #2299 #2308 authMode setting added
  • #2299 #2408 #2463 added authMode: basic, form, basic+form, basic+oidc, headerOnly, header+digest (same as header), header+basic
  • #2387 notifiers for parliament and arkime merged conflicts mitigated by appending "Parliament" to parliament notifiers
  • #2396 drop privileges is now AFTER http(s) list
  • #2509 add optional login message for form auth
  • #2511 new authOIDCScope setting
  • #2482 new logoutUrl setting
  • #2571 new scheme pcap reading

Capture

  • #2295 moloch converted to arkime
  • #2312 override ips can now set any field
  • #2312 overrideIpsFiles setting
  • #2314 packetDropIpsFiles setting
  • #2390 can have negative cert.validDays/cert.remainingDays (thanks @mcgillowen)
  • #2390 added cert.remainingSeconds/cert.remainingSeconds (thanks @mcgillowen)
  • #2390 cert.remainingDays is now based on the firstPacket of session instead of current time (thanks @mcgillowen)
  • #2409 JA4 support
  • #2409 JA3/JA4 support for smtp STARTTLS
  • #2297 always build zstd (except arch)
  • #2517 new custom-fields-remap feature
  • #2186 count the number of http methods per session
  • #2528 new oui.txt location, some names have changes, fixes #2347
  • #2539 new tls:has_esni tag if the client hello has esni
  • #2553 fix rules range matching not working always
  • #2554 support fieldSet tcpflag rules
  • #2576 support different dlt for pcap-over-ip

Cont3xt

  • #2121 new bulk UI and support for bulk queries
  • #2271 lots of keyboard shortcut improvements
  • #2383 new array syntax for links substitution
  • #2382 new OpenSearch/Elasticsearch integration (config file only)
  • #2441 new csv/json file/url/redis integration (config file only)
  • #2385 new viewRoles in config file per integration to control access
  • #2407 transfer ownership of resources
  • #2437 new csv/json data source supports
  • #2441 new redis data source support
  • #2507 demoMode added
  • #2527 skipChildren added
  • #2532 new wise integration

ESProxy

Viewer

  • #2296 removed x-moloch-auth
  • #2392 files/history/stats now have cluster dropdown for multiviewer
  • #2402 http.request.FIELD and http.response.FIELD supported
  • #2404 add editor for resources
  • #2407 transfer ownership of resources
  • #2482 added uploadRoles to control who can upload
  • #2501 add defaultTimeRange setting
  • #2521 add footerTemplate setting
  • #2525 add config setting to set spiview category order
  • #2523 resize session detail field label/values
  • #2552 added %URIEncodedText% for URI encoded substitution (thanks @vpiserchia)

Parliament

  • #2377 dashboard-only mode removed, if you want users to just see the dashboard don't assign them the parliamentUser role
  • #2395 configuration is now stored in opensearch/elasticsearch
  • #2530 add Users page

WISE

  • #2537 new urlScrapePrefix/urlScrapeSuffix used with urlScrapeRedirect
  • #2537 new jsonl format supported

Download Info

We offer downloads for many different OS versions because of library differences. For example, use the el7 download for Centos 7 or RHEL 7. If you have a libssl version error, it is most likely that the wrong download was used for your OS. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2024

Contributors

vpiserchia and mcgillowen
Assets 14