What's Changed
Security 🚨
- fix: add authentication to audit router (GHSA-34r4-95hx-gxqr) by @sebdraven in #1276
- fix: prevent AQL injection via sorting and filter_aliases parameters by @sebdraven in #1277
- fix: prevent path traversal in ExportTask file name (GHSA-4q3w-w2g5-8wqq) by @sebdraven in #1280
- Fix path traversal in DFIQ UUID (GHSA-6xf2-8436-rgvf) by @sebdraven in #1279
Bug fixes 🐛
- fix: use correct Pydantic discriminator field name in observable endpoints by @sebdraven in #1278
Other Changes
- feat(logging): Add structured JSON logging support for console by @tomchop in #1265
- deps: bump timesketch-api-client to >=20260312 by @jkppr in #1266
- Add agentic functionalities to yeti by @tomchop in #1267
- feat(sessions): Add endpoint to retrieve a session by user and session ID by @tomchop in #1269
- Fix GitHub Actions security warnings reported by zizmor by @tomchop in #1270
- test: verify dfiq_test_data.zip cross-references stay consistent by @sebdraven in #1281
- fix: correct template_dir config key, add example export templates by @sebdraven in #1282
New Contributors
Full Changelog: 2.5.0...2.5.1