Release Notes of 5.1 series#

Danger

The 5.1 release comes with some changes on the database schema that can't be reversed. Please make sure to make a backup of your database before upgrading.

This release also comes with some breaking changes, please review them below

Info

An upgrade guide is available to help you migrate from TheHive 5.0

5.1.12 - 9th April 2024#

Fix a regression following a security fix that made the MFA authentication impossible.

5.1.11 - 4th April 2024#

Fix security vulnerability. An advisory will be published in the coming weeks.

5.1.10 - 21st December 2023#

Fixes#

Security:

Fix security vulnerabilities. Please read the detailed advisories.

5.1.9 - 29th June 2023#

Fixes#

UI:

Fix display of task attachments in attachment listing
Improve error message when merging cases

Backend:

Fix error "Tag not Found" which could occur when creating alerts and cases
Fix link duplication when importing several times a TTP catalog

Improvements#

UI:

Improve form for SAML authentication

Backend:

Add MISP event UUID to alert description in imported alerts
Add validation for SAML configuration

5.1.8 - 20th June 2023#

Fixes#

UI:

Fix the order of Cortex job reports in observable page
Add events related to case templates in live feed
Change rules of user quota
Display the callback URL in SAML configuration
Fix icon in timeline
Fix format of some old generated dashboard widgets

Backend:

Change format of the date custom field values Ids
Fix between filter on custom fields
Ldap sync: add support of several mapping for the same group
Ldap sync: fix conflict when several configurations exist with the same suffix
Cortex job endDate is not set if the job is not finished
Fix filter value when it contains only wilcards
Make readonly profile not editable
Add properties for alert KPIs

5.1.7 - 1st June 2023#

Fixes#

UI:

Fixes on long names

Backend:

Link correctly task and assignee when updating a task
Limit the size of cortex response
Cortex: Fix sync issue when multiple jobs are submitted at the same time
Fix full text filter for custom fields

Improvements#

UI:

Allow search for task assignee input

Backend:

Optimize resource usage when reading cortex jobs
Replace default "Job" dashboard with a better TTP dashboard
Cortex:
- Add timeout for jobs (3 hours by default)
Deduplicate custom field values on case merge
Increase observable data length in api v1 to 4096 chars

Migration tool:

Improve mapping of TheHive 3 Alert status

Security#

Update libraries

5.1.6 - 15th May 2023#

Fixes#

UI:

Fix edition of property "includeInTimeline" for task activities
Fix case template search when creating a new case
Admin: show username and organisation name as required in forms
other small fixes

Improvements#

API:

Improve performances in some areas
Replace org default dashboard "jobs" with TTP
Improve performance when running notifiers
It's now possible to upload two attachments with the same name in a case (the second attachment will be renamed automatically)

Security#

Update libraries and remove unused dependencies

5.1.5 - 27th April 2023#

Fixes#

UI:

Case template: fix issue where prefix was deleted when editing a template
Sharing: Fix display of share options on small display
Responder reports should now appear in the observable preview when triggered

Backend:

Fix Case dates when creating a case with status "Closed"
Fix issue that created phamtom tags on alerts or case
Fix issue that removed field _id from audits sent via notifiers (like webhook)
Fix empty response when using the extraData similarAlerts on case queries

Improvements#

UI:

Better user selector
Tasks: redirect to task list after deleting a task
Change wording in search bar
Alert list: add capability to filter by assignee when clicking on an assignee
Filters: assignee field will filter the dropdown list when typing
Functions: several improvments
Comments: use "Enter" to save a comment
Responders: Sort responder reports by startDate

API:

Better error codes when making queries or when sending an http entity too large
Allow attachment download using its id or _id
Fix some errors in the documentation

Backend:

Improve tag creation performances

5.1.4 - 13th April 2023#

Fixes#

UI:

Fix crash when live feed is opened and a case is deleted
Pages: several images with the same name can now be added (also fixes an issue with pasted images)
Hide locked users in task assignee
Custom fields of type boolean now display a set of options
You can now press Enter to save a comment
Fix report template download link

Backend:

Fix potential memory leak that could lead to a crash (from 5.1, issue not present in 5.0)
Return error 413 when http input payload is too large
Report error when email sending fails during password reset
Fix api documentation for operator _between in queries
Add field _updatedBy in comments
Don't ignore cortex jobs when the report contains an unknown operation
Deprecate page slugs (in api docs only)

Warning

In our next major release 5.2, the field slug for object Page will be removed. We are starting to deprecate it starting from this release

5.1.3 - 29th March 2023#

Fixes#

UI:

Fix filtering of case templates when creating a case
When importing a case template that already exists, ask for a new name
In dashboard list, be able to filter on group name
Fix task list not refreshed when applying a case template on a case
Fix url of popup livefeed when the application uses an http context
Avoid tags deletion when editing a case template

Backend:

Improve error message when merging case
Fix sharing not applied after merging cases

Docker:

Fixes --storage-directory option
Don't show cassandra password
Correctly escape Elasticsearch password

5.1.2 - 14th March 2023#

Fixes#

Backend:

Fix SSO user autocreate
Improve the application behavior when Janusgraph configuration gets updated while another connection exists
Fix permission checks for case template creation
Fix permission checks on pages
Improve the observable type length check

Cortex connector:

Send the submit message to Cortex job actor when the transaction is committed
Improve Cortex pending jobs recovery
Fix: Recover only 100 jobs at startup. When the queue is empty, recover 100 more jobs.
Updates of job with status “Deleted” are retried
Improve logs

MISP connector:

MISP synchronisation misses some events in case of timeouts during synchronization

UI:

Refresh the task list when after bulk editing of assignee
Fix tooltip overlap in some dashboard widgets
Dashboard labels for cases/alerts are mixed
Remove owner field from dashboard import drawer
Fix the UI refresh when launching an analyzer job
Fix incorrect search when click on donut due to persisting keyword "domain"
Fix Customfield selector in case template editor
Improve notifier name and suffix with using an existing endpoint

5.1.1 - 3rd March 2023#

Fixes#

API:

Fix a change in the observable creation API (regression from 5.0)

UI:

Date fields can be set using keyboard input

5.1.0 - 1st March 2023#

Breaking changes#

Remove support for Hadoop for filestorage

From this new release, Hadoop can no longer be used a file storage (it was removed from 5.0 documentation but could still be used)
Drop support for java 8

Java 8 version is no longer supported by TheHive. Please update to java 11 at least Our setup guide can help you on how to install a jvm
Drop support for Lucene as index backend

Former versions of TheHive supported lucene and elasticsearch as indexing engines for the data. We then encountered limitations while using the Lucene index (especially when making queries based on Custom Fields). With TheHive 5.0, we pushed users to install and migrate to Elasticsearch. Finally with TheHive 5.1, the support of Lucene index is removed: the application will start but queries involving Custom Fields will return wrong results. To migrate your index to Elasticsearch, follow this guide.

Main features#

Apply case template on existing case: enrich a case with tasks, custom fields, tags from other case templates

This will allow your organisation to create more reusable case templates and apply them during the lifecycle of a case
KPIs

Get more indicators about your organisation response: Time to Respond, Time to Acknowledge ...
Global search

You can now search on all elements of the database instead of choosing a scope
Custom Field db model update

Database model was updated to be able to better support dashboard and queries based on custom fields. Now dashboard using filters or aggregation on custom fields should be way faster
New permissions

Split some permissions to make them more granular. For instance manageAlert was split into 4 permissions: manageAlert/create, manageAlert/delete, manageAlert/update, manageAlert/import. Case permissions were also split
History list for object

Added a new tab in the UI to list the changes made on an Alert or Case.
Mandatory Tasks

Some tasks can be defined as mandatory. To close a case, those tasks need to be closed and contain at least one activity.
SAML Support

You can now use SAML as an SSO source for your users (requires platinum license)
Functions (Beta)

See dedicated page for more information (requires platinum license)

Other features#

New type of custom fields: url
Change case ownership
Similarity between observable now works with observable of kind attachment
Improve Cortex connector resources usage
Dashboards on org creation: default dashboards are now provided to new orgs
Add cache for dashboard
Auto import observables from Cortex: when an analyzer extract observables into its report, it can flag some observable to be automatically imported into the case/alert
Experimental support for Elasticsearch 8
Rework UX to add TTP
Move interface date format to user settings (and localstorage) instead of org settings

Fixes#

Notifications improvement: notifications are now triggered for each observable when creating an alert with multiple observables
Several other fixes in the application and UI