Prelude OSS 1.2.6 ================= 2015-07-31, libprelude-1.2.6 ---------------------------- Author: Yoann Vandoorselaere - Interface changes - Low-level bindings are now deprecated - Massive high-level bindings renaming - High-level perl bindings renamed to "Prelude" - High-level python bindings renamed to "prelude" - High-level ruby bindings renamed to "Prelude" - High-level lua bindings renamed to "prelude" - Various improvements - Provide more version number information (major, minor, micro, level, serial) - Fix valgrind memory leak warnings - Allow creation of IDMEFPath relative to a root Example: idmef_path_new_from_root_fast(&path, IDMEF_CLASS_ID_ANALYZER, "name"); will create an IDMEFPath that references the 'name' attribute of an idmef_analyzer_t object. - Introduce the idmef_object_t datatype IDMEF datatype now contain their own ID, so that it is possible for API using them anonymously to know which object they are currently being dealing with. - Implement idmef_class_print() function It is now possible to generically convert any IDMEF object to string. - IDMEFPath support for key as index Example: idmef.Set("alert.additional_data('My Key').data", "data"); will create a new AdditionalData object whose key is 'My Key', and data is 'data' (the object "meaning" field will thus contain the key). - Support for IDMEF object in Set() - Introduce support for the IDMEFClass class - Corrections - Various AdditionalData fixes - IDMEFCriteria time comparison fixes - Make sure we listen on all interfaces (IPv4+IPv6 dual stack fixes) - Correctly throw PreludeError exception in Python - Newly added timer did not expire when expected - Add missing IDMEF equal operator - prelude-linked-object members ordering fixes, so that the members are synchronized with listed idmef_object_t. - Fix asynchronous stack / high level bindings callback deadlock - Reset all object data when calling idmef_time_set_from_string() on an already initialized time - Proper implementation of Prelude::IDMEF __(get|set)state__ - [#390] Correct library ordering for prelude-admin - Handle NULL on IDMEFValue() for IDMEF object constructor - Compilation fixes - SWIG update to 3.0.6 - SWIG Python now use builtin mode (massive performance improvements) - Fix lua/perl code generation - [#522, #503] Prevent instance attribute to be reset on __init__() - Fix GCC5 libprelude-error compilation failure - Include high-level bindings generated code in the repository - From now on, SWIG interface files are now installed This will be useful in order to generate libpreludedb bindings. - Use Prelude namespace explicitely, prevent error when included from other project - Enable Python 2.x Unicode coercion (include a SWIG patch from Brian Cole) - Fix compilation with recent Flex version, update C code. - Enable SWIG support for keywords arguments - [#410] gnutls priority error on system with SRP support Author: Thomas Andrejak - Force definition of LUA_VERSION 2015-07-31, libpreludedb-1.2.6 ------------------------------ Author: Yoann Vandoorselaere - Interface changes - Remove deprecated API Remove deprecated old *_get_next_* functions. Remove deprecated low-level bindings. - PreludeDB high level C++ and Python bindings Implemented high level Python2 and 3 bindings for libpreludedb. The main API, DB and SQL are supported. - UPDATE API support Introduce 3 new public functions in the API to support UPDATE commands, using the provided list of paths and their respective values. The _update_from_list and _update_from_result_idents functions apply the update to messages identified by the provided idents, and the _update function to any event matching the provided criteria / order / limit / offset. - Performance improvements - SWIG Python now uses builtin mode (massive performance improvements) - Optimisation work: reduce the number of allocations when fetching rows - Cache preludedb_sql_table_get_(row|column)_count() - New value fetch mode: use of preludedb_result_values_get_field_direct() by bindings optimizes translation from C to target language value - Fix memory leaks / (over) allocation for SQL fields - Various improvements - AdditionalData fixes - Add API safety checks - Support for retrieving database type and server version - Provide more version number information (major, minor, micro, level, serial) - PreludeDB ResultValues / ResultIdents API update - Make it possible to retrieve a specific row/field located at a given index - Update the preludedb_path_selection API, so that it use an array to store element - Refcounting support - SQL API / Plugin rework - Corrections - [#650, #ext608] Fix warnings with PostgreSQL string insertion - MySQL: fix invalid field length - Fix possible NULL pointer dereference - Make sure the results are not empty when calling db backend function - Support time extraction on selected fields - Correctly throw PreludeDB exception in Python - When there are multiple fields, apply order/group_by to each field - Fix issues with fields internally expanded to multiples fields - Error checking fixes, use ENOSYS in place of ENOTSUP - Prevent version check failure in case of localisation change - Unlock Python GIL before calling libpreludedb function - Compilation fixes - SWIG update to 3.0.6 - Update GnuLib code to include memrchr 2015-07-31, prelude-correlator-1.2.6 ------------------------------------ Author: Yoann Vandoorselaere - Various improvements - Reset IDMEF CreateTime when sending an alert - Rework exception flow - Verify plugin enable/disable attribute before entrypoint loading Allow the user to disable a plugin before the entrypoint is called (useful if the plugin entrypoint triggers, for example, an exception). - Namespace support - Python3 compatibility work - Introduce a new DownloadCache, used by Dshield and Spamhaus plugin - Corrections - Update for latest libprelude bindings API changes - Fix possible exception in case of download failure - Corrected permissions checking - Fix problem with --root installation, and --prefix=/ - Syslog logging fallback to UDP localhost if no socket is found - Various timer fixes - Prevent traceback on profile error Author: Antoine Luong - Disable SpamhausDrop rule by default - Add the -D shortcut for debug mode, to be consistent with other Prelude modules - Update dshield.dat and spamhaus_drop.dat 2015-07-31, prelude-lml-1.2.6 ----------------------------- Author: Yoann Vandoorselaere - Update Gnulib code, remove obsolete - Update libev code - Fix crash with recent libprelude version 2015-07-31, prelude-lml-rules-1.2.6 ----------------------------------- Author: Antoine Luong - Syntax fixes 2015-07-31, prelude-manager-1.2.6 --------------------------------- Author: Yoann Vandoorselaere - Make sure we listen on all interfaces (IPv4+IPv6 dual stack fixes) - Correct AdditionalData output - Use PKCS3 format rather than binary form for writing Diffie-Hellman parameters. - Use system defined SOMAXCONN, increase replacement value - Use --lgpl=2 when invoking GnuLib, remove obsolete GnuLib files - Update libev code 2015-07-31, prewikka-1.2.6 -------------------------- Author: Yoann Vandoorselaere - Core evolutions - Plugin infrastructure New API for session, auth, and view module, as well as generic plugin. - Hookmanager implementation The plugin hookmanager allows different parts of the system to communicate transparently. - Tabs are now AJAX loaded - Prewikka pages are now accessible through URL path instead of parameters - Avoid updating session on every request (improve Prewikka response time) - Redirects are now supported and used when required - Initial support for prewikka widget - [#521,#561] Automatic SQL installation and update for plugins - Keep track of each installed plugin schema version - for Prewikka main schema: automatic installation at initialisation time - for plugins: disabled until interactive installation - Ability for the user to enable / disable a plugin. - [#679] Use Python scripts instead of SQL scripts for more flexibility - install : responsible for initial schema installation - update : responsible for updating an already installed schema - branch : responsible for migrating from one branch to another - Improvements - Factorize code for control menu Time handling within the menu is now done with the help of dateutil. - Standardized date and time formatting Use babel for date/time formatting, character set detection bug fixes - [#610,#ext597] Add more fields to classification filtering - [#rel697] Pluggable configuration file - Bugfixes - [#477] Fix sensor-localtime - AlertListing bug fixes - Fix various WSGI issues - Translation multithreading fixes - [#598] Fix ViewManagement exception on dynamic view access Author: Antoine Luong - Improvements - Factorize help dialog/button, and make it available to each view - [#505] UserSettings template cleanup Define a common plugin_htdocs attribute for plugins, views and renderers. - [#697] Support multiple domains for translation Each plugin can now define its own localization domain, via the plugin_locale attribute. - [#559] Simplify AlertListing view - Global translation update - Sort files passed as arguments to xgettext command - Bugfixes - [#453] Groupby selection problem in alert listing - [#445] Sensor node name/location ignored in agent listing - Fix wrong display of analyzer heartbeats - [#463,#ext572] Fix error displaying summary of Snort alerts - [#589] Fix various JavaScript possible injections - Fix numerous problems with IE9 Author: Camille Gardet - [#538] Put view parameters inside the control menu - Fix bad closure in eventstream Author: Thomas Andrejak - Fix sending configuration to auth and session plugins - IE fixes