4.0.1

Implemented enhancements:

• [Enhancement] Remove gremlin-scala library #1501
• [Feature request] Improve case similarity details in alert preview pane #1579
• [Enhancement] Check tag autocompletion #1611
• [Feature] Add Cortex related notifiers in notification system #1619
• [Feature] Add properties related to share #1621
• [Feature Request] Update user settings view to give access to API key #1623
• [Feature Request] Permit to disable similarity (case and alert) for some observable #1625
• [Enhancement] Add link to report template archive #1627
• [Enahancement] Display TheHive version in the login page #1629
• [Feature Request] Display custom fields in alert and case list #1637
• [Feature Request] Revamp the statistics section in lists #1641
• [Enhancement] Improve the filter observables panel #1642
• [Enhancement] Refine the migration of users with admin role #1645

Closed issues:

• [Bug] default MISP connector import line has a typo #1595

Fixed bugs:

• [Bug] Mobile-responsive Hamburger not visible #1290
• [Bug] Unable to start TheHive after migration #1450
• [Bug] Expired session should show a dialog or login page on pageload #1456
• [Bug] TheHive 4 - Application.conf file #1461
• [Bug] Improve migration #1469
• [Bug] Merge Alert in similar Case button does not work #1470
• [Bug] Missing Case number in Alert Preview / Similar Cases tab #1471
• [Bug] Dashboard shared/private #1474
• [Bug]Migration tool date/number/duration params don't work #1478
• [Bug] AuditSrv: undefined on non-case page(s), thehive4-4.0.0-1, Ubuntu #1479
• [Bug] MISP->THEHIVE4 'ExportOnly' and 'Exceptions' ignored in application.conf file #1482
• [Bug] Unable to enumerate tasks via API #1483
• [Bug] Case close notification displays "#undefined" instead of case number #1488
• [Bug] Task under "Waiting tasks" and "My tasks" do not display the case number #1489
• [Bug] Live Stream log in main page is not limited to 10 entries #1490
• [Bug] Several API Endpoints could never get called due to the routing structure #1492
• [Bug] Missing link to linked cases from observable details view #1494
• [Bug] TheHive V4 API Errors "Operation Not Permitted" and "Date format" #1496
• [Bug] V4 Merge observable tags with existing observables during importing alerts into case #1499
• [Bug] Multiline dashboard doesn't work #1503
• [Bug] Tags of observables in Alerts are not created when promoted #1510
• [Bug] Alert creation fails if alert contains similar observables #1514
• [Bug] "Undefined" in notification message when a case is closed #1515
• [Bug] The creation of multiline observable is not possible #1517
• [Bug] Entrypoint: Waiting for cassandra with --no-config #1519
• [Bug] Suppress Reduntant AuthenticationFailed Error+Warn #1523
• [Bug] API v0: "startDate" sort criteria not implemented #1540
• [Bug] Fix case search in case merge dialog #1541
• [Bug] Soft-Deleted cases show up as "(Closed at as )" in the case list. #1543
• [Bug] Related cases show only one observable #1544
• [Bug] An user can create a task even if it doesn't the permission #1545
• [Bug] Wrong stats url on user and audit #1546
• [Bug] Add DATETIME information to each task log #1547
• [Bug] Custom configuration is not correctly read in docker image #1548
• [Bug] Typo in MFA onboarding #1549
• [Bug] New custom fields doesn't appear in search criteria #1550
• [Bug] Custom Field Order ignored #1552
• [Bug] Additional Fields are discarded during merge #1553
• [Bug] Unable to list alerts in case's related alerts section #1554
• [Bug] Deleting the first case breaks the the audit flow until the next restart #1556
• [Bug] Issues surrounding Alerts merging #1557
• [Bug] Uncaught exception with duplicate mail type observables when added to case #1561
• [Bug] Case Tasks get deleted if not started #1565
• [Bug] Can't export Case tags to MISP event #1566
• [Bug]The link to similar observable in observable details page doesn't work #1567
• [Bug] TheHive4 'follow/unfollow' API doesn't return alert objects like TheHive3 does #1571
• [Bug] Alert Custom Field with integer value #1588
• [Bug] Tag filter is broken #1590
• [Bug] Admin user does not have the right to list users of other organisations #1592
• [Bug] Add missing query operations #1599
• [Bug] Fix configuration sample #1600
• [Bug] Analyzer tags are removes if Cortex job fails #1610
• [Bug] deleted Tasks displayed in MyTasks #1612
• [Bug] the "_in" query operator doesn't work #1617
• [Bug] Sort filter field dropdowns #1630
• [Bug] Alert imported multiple times #1631
• [Bug] Import observables from analyzer report is broken #1633
• [Bug] Import observable from a zip archive doesn't work #1634
• [Bug] Case handling duration attributes are not working in time based dashboard widgets #1635
• [Bug] Fix custom field in filter forms #1636
• [Bug] It is possible to add an identical file observable several times in a case #1643
• [Bug] Hash observables are not correctly export to MISP #1644

3.5.0

Implemented enhancements:

• Not possible to import new alerts to cases when drilling down from dashboard #1218
• Bug: Responder-list is unordered #1564

Closed issues:

• [Bug] Click on short report resolves outdated long report #1350

Fixed bugs:

• [Bug] Can't tag observable as IOC in Alert #1335
• [Bug] Concurrent access fails #1570
• [Bug] Pivoting from dashboard to search page is loosing the date filter #1581
• [Bug] Report template admin page #1591
• [Security] Update Playframework #1603

3.4.4

Fixed bugs:

• [Security] Update Playframework #1604

3.4.3

Fixed bugs:

• [Bug] TheHive is stalled while importing Alerts with a large number of observables #1416

3.5.1-RC1 Release

3.5.0-RC1 (2020-08-12)

Implemented enhancements:

• Support of ElasticSearch 7 #1377
• [Enhancement] MISP sync #1398

Closed issues:

• OAuth2 not working : Authentication failure #946

Fixed bugs:

• [Bug] OAuth2/OpenIDC Authentication failure #1291
• [Feature Request] OAuth support for Basic authentication to authorization server's tokenUrl #1294
• [Bug] Can't auth with SSO/OAuth with FusionAuth #1342
• [Bug] TheHive is stalled while importing Alerts with a large number of observables #1416

4.0.0 Release

4.0.0 (2020-07-24)

Implemented enhancements:

• No longer possible to force usage of a case template (ui setting is missing) #1239
• Make user management list paginable and sortable with default sort of username #1332
• Cursor is set wrong on new-Case -> severity #1373
• [Enhancement] Prevent link with "admin" organisation #1395
• [Enhancement] An user should not be able to lock himself #1396
• Performance - Don't load stats if not displayed #1401
• [RBAC] Add routes guard configuration to secure routes #1403
• [Enhancement] Add checks for database integrity #1404
• Use Query APIs in list pages #1410
• Improve autocomplete queries for tags #1411
• [Enhancement] Add ability to add tasks in case creation API #1414
• Improve user details caching #1418
• Add bulk edit in cases list #1423
• Use a responder selector window instead of dynamic dropdown menues #1431
• Show sharing summary in task and observable lists #1437
• Add some quick filters in tasks list #1438
• Use assignable users API to populate assignee options #1444
• Migrate the stats widgets on listing pages #1446

Closed issues:

• Default Dashboards are missing #1240

Fixed bugs:

• [Bug] Migration issues from ES to Cassandra #1340
• [Bug] Deleting and observable doesn't refresh the list #1355
• [Bug] Limiting admin rights breaks front end #1368
• [Bug] Imported Dashboards from TH3 doesn't work #1371
• [Bug] Top 5 tags in Case -> Stats aren't correctly ordered #1372
• [Bug] Migration of usernames from ES to Cassandra #1374
• [Bug] Switching User Organisation failes using header variable authentication #1375
• [Bug] Tags gets wrong renamed #1376
• [Bug] MISP integration alert link generated incorrectly #1378
• [Bug] CustomFields does not appear sorted in the case template #1383
• [Bug] Users in Admin-Org are not allowed to switch to any other org #1385
• [Bug] Custom Observable Types can be created multiple-times with the same name #1387
• [Bug] Issues during Migration - Some Observables are missing #1388
• [Bug] Proxy configuration is not correctly parsed #1392
• [Bug] Handle 401 on route failure #1402
• [Bug] Delete case api fails #1405
• Fix the filter preview deletion button #1412
• Fix OAuth redirect handling from Javascript #1420
• [Bug] Error when exporting a case with severity Critical in MISP #1424
• [Bug] Cases owned by non-linked organisations visible to all organisations, potential data leakage #1427
• [Bug] TheHive doesn't start correctly #1429
• [Bug] Permission is not correctly checked for MISP export #1432
• Observable type deletion doesn't wait for the confirmation #1433
• Fix rendering of jobs in search section #1434
• Remove obsolete options in Search page #1436
• [Bug] Click on dashboards to access filtered data #1445
• [Bug] Pivoting from dashboard to search page is loosing the date filter #1448
• [Bug] Series' filters in dashboard widgets are taken into account #1449

4.0.0-RC3

4.0.0-RC3 (2020-05-27)

Implemented enhancements:

• [Feature] Show case sharing information on main case overview page #1277
• [Feature] Allow users to be part of multiple organisations #1316
• [Enhancement] Hide multifactor option in user-dialog if Enable Multi-Factor Authentication is disabled. #1317
• [Feature] Authentication API should return user information #1346
• [Enhancement] Enrich queries #1353

Fixed bugs:

• [Bug] Unable to add new datatypes #1288
• [Bug] Unable to bulk delete an alert #1310
• [Bug] importing alert as template not working #1311
• [Bug] Tasks not displayed when importing alert into case with case template #1312
• [Bug] WebHook creation does not work #1318
• [Bug] Opening Analyzer Templates without Cortex brings error message #1319
• [Bug] Case Statistics does not correctly display top 5 tags #1320
• [Bug] Importing of some user failes #1323
• [Bug] invisible dashborards #1324
• [Bug] Assignee List in Case and Tasks is no longer sorted Alphabetical #1327
• [Bug] Sorting in Observables of a case does not work #1328
• [Bug] Read-only has options to edit task-logs #1334
• [Bug] Adding a custom-field on an open case requires a reload, otherwise field is not visible #1336
• [Bug] severity change when create new case don't work #1338
• [Bug] Migration issues from ES to Cassandra #1340
• [Bug] The filter operator "_child" is missing #1344
• [Bug] Webhook compatibility issues on custom-fields #1345
• [Bug] Object sent to responder doesn't contain parent #1348
• [Bug] Show Sharing link to all users #1351
• [Bug] Unable to create case or alert using integer custom field #1356
• [Bug] Get observables of a case using API not working #1357
• [Bug] OAuth2 authentication doesn't redirect to home page on success #1360
• [Bug] Confusion on same alert on different organisations #1361
• [Bug] Search link to observable does not work #1365
• [Bug] Unable to vienw analysis report from observable list #1366
• [Bug] MISP export succeeds but show an error message #1367

4.0.0-RC2

4.0.0-RC2 (2020-05-07)

Implemented enhancements:

• Custom severity levels for alerts and cases #363
• A (received) Shared Case is displayed as sender/owner #1245
• FR: Alignment of case custom-fields (metrics) #1246
• Add information about the age of a Case #1257
• Providing output details for Responders #1293
• Add support to multi-factor authentication #1303
• Add support to webhooks #1306

Closed issues:

• [Bug] Attachment stored in thehive but not in configured file-storage #1244

Fixed bugs:

• [Bug] TH doesn't find cases related to an alert's artifacts #1236
• [Bug] Creation of multiple user with same login within same org #1237
• Date is now a required attribute for generating an Alert #1238
• [Bug] Case Template default values can't be set during template creation #1241
• SearchSrv.NotFoundError #1242
• Assignee is not changeable #1243
• [Bug] In TheHive, a user is a member of one or more organisations. One user has a profile for each organisation and can have different profiles for different organisations. #1247
• [Bug] RPM package does not create secret.conf file #1248
• [Bug] Unable to save new or imported dashboards in 4.0-RC1 #1250
• [Bug] Header Variable authentication does not work #1251
• Filtering by custom fields returns no results #1252
• Cannot Deleted user - Error "OrgUserCtrl: org.thp.thehive.models.User not found" #1253
• [Bug] Error while importing Alert in TH4 #1255
• [Bug] Cortex errors #1270
• [Bug] error when closing a reopened case #1271
• [Bug] Unable to rename/update case template Name field #1275
• [Bug] Wrong dataType sent to Cortex (responders) #1279
• [Bug] Changing task name removes other tasks #1281
• [Bug] Disable deleting a share with owner = true #1283
• [Bug] Responder actions not displayed in Case, Task and Observable pages #1300
• [Bug] Custom field should be readonly #1307
• [Bug] Unable to display long analyzer report from observables list #1309

3.4.2 Release

3.4.2 (2020-04-25)

Implemented enhancements:

• [Feature Request] Providing output details for Responders #962

Fixed bugs:

• [Bug] File observables in alert are not created in case #1292
• Analyzer's artifacts tags and message are not kept when importing observables #1285

3.4.1 Release

3.4.1 (2020-04-17)

Implemented enhancements:

• docker: TheHive fails to connect to elasticsearch (NoNodeAvailableException) #854
• Improved support for OpenID connect and OAuth2 #1110
• TheHive's Docker entrypoint logs the Play secret key at startup #1177
• [Q] Configure TheHive's first run using Docker Compose #1199
• TheHive's docker containers should be orchestration-ready #1204
• MISP synchronisation: map to_ids to ioc #1273

Closed issues:

• Include Dockerfile in root of project #1222
• Docker user daemon with id 1 causes permission issues with local #1227

Fixed bugs:

• MISP & TheHive out of sync? #866
• Owner is case-sensitive on api calls #928
• Bug: Observable without data breaks display of observables #1080
• Docker-Compose ElasticSearch incompatibility #1140
• [Bug] Analyzers that take more than 10 Minutes run into timeout #1156
• TheHive 3.4.0 migration logs errors ([error] m.Migration - Failed to create dashboard) #1202
• Computed metrics is not compatible with painless scripting language #1210
• OAuth2 Bearer header should be of the format "Authorization Bearer" ? #1228
• Health API endpoint returns warning when everything is OK #1233
• [Bug] Job submission sometimes fails when multiple Cortex servers #1272