3.3.0 RC1

Implemented enhancements:

• [BUG] Session cookie received with API token #864
• Add support to Java versions, higher than 8 #861
• MISP - Add an Event Tag instead of/additionnally to Attribute Tag #836
• sorting in alerts #824
• Improve case template selection for case creation #769
• Bulk Merge Alerts into Case #271
• Merge alerts directly to a case #826
• Tag normalization #657 (Viltaria)

Fixed bugs:

• Alert updates and tracking (follow) #856
• Assigned Tasks do not show up in 'My Tasks' before they are started #845
• Delete user from Thehive: DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed #844

3.2.1

Full Changelog

Fixed bugs:

• Bug UI "Tooltip" / Hint is cropped by window borders #832
• Can't unset case template when alert is imported #825
• Potential Regression: Case templates cannot be exported in 3.2.0 #823
• Tag order is reversed if a case is created from an alert #810

Merged pull requests:

• Make improvements to configuration file #828 (adl1995)

3.2.0

Full Changelog

Implemented enhancements:

• Add configuration for drone continuous integration #803

Fixed bugs:

• Error when uploading password protected zips as observables #805
• Lowercase user ID coming from HTTP header #808

3.2.0-RC1

Full Changelog

Implemented enhancements:

• Add ability to add a log in responder operation #795
• Add responder actions in dashboard #794
• Show observable description on mouseover observables #793
• Update Play #791
• Show tags of observables in Alert preview #778
• Observable Value gets cleared when changing its type (importing it from an analyser result) #763
• Add confirmation dialogs when running a responder #762
• Whitelist of tags for MISP alerts #481

Fixed bugs:

• MISP synchronization fails if event contains attachment with invalid name #801
• Observable creation doesn't allow multiline observables #790
• A user with "write" permission can delete a case using API #773
• Basic authentication method should be disabled by default #772
• Case search from dashboard clic "invalid filters error" #761
• Intermittently losing Cortex #739

Merged pull requests:

• Added Integration with FireEye iSIGHT #755 (garanews)

3.1.2

Full Changelog

Fixed bugs:

• Cortex polling settings break startup #754

3.1.1

Full Changelog

Implemented enhancements:

• Allow TheHive to use a custom root context #752
• Change Debian dependencies #751
• Publish stable versions in beta package channels #733
• url category to MISP: poll for default #732

Fixed bugs:

• Console output should not be logged in syslog #749
• Update breaks RHEL #743
• Observable Result Icons Not Displaying #738
• UPN attribute is not correctly lowercased #736

Closed issues:

• Artifact tags are overwritten by alert sourceRef during import to case #734

3.1.0

Full Changelog

Implemented enhancements:

• Add MarkAlertAsRead action to responders #729
• AddCustomField responder operation #724
• 3.1.0RC3: Browsing to negative case ids is possible #713

Fixed bugs:

• TheHive Hyperlinking #723
• Multiple responder actions does not seem to be handled #722
• API allows alert creation with duplicate artifacts #720
• 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased #714
• Fix PAP labels #711
• Observables not being displayed #655

Closed issues:

• TheHive:Alerts don't send observables to Responders #725
• Cortex Connector #721
• Markdown syntex not rendered correctly #718
• 3.1.0RC3: Search produces errors on screen #712

Merged pull requests:

• CloseTask responder operation #728 (srilumpa)
• Add AddTagToArtifact action to responders #717 (srilumpa)

3.1.0-RC3

Full Changelog

Implemented enhancements:

• Display task description via a collapsible row #709
• Allow task group auto complete in case template admin section #707
• Display task group in global task lists #705
• Make task group input optional #696
• Related Cases: See (x) more links #690
• Search section: Search for a string over all types of objects #689
• Filter on computedHandlingDuration in SearchDialog fails #688
• Extend Case Description Field #81
• Change layout of observable creation form #706 (srilumpa)

Fixed bugs:

• .sbt build of current git version fails with x-pack-transport error #710
• PKI authentication fails if user name in certificate has the wrong case #700
• Error handling deletion and re creation of file observables #699
• Start waiting tasks when adding task logs #695
• Adding new observables to an alert retrospectively is impossible #511

3.1.0-RC2

Full Changelog

Implemented enhancements:

• Add a search box to quickly search for case by caseId #685
• MISP Exports in livestream miss hyperlink to caseid #684
• Remember task list configuration (grouped/list) #681
• x509 certificate authentication option 'wantClientAuth' #667
• TheHive 3.1RC1: Slow reaction if Cortex is (unclear) unreachable #664
• TheHive 3.1RC1: Add status to cases and tasks in new search page #663
• TheHive 3.1RC1: Add Username that executes an active response to json data field of responder #662
• Application.conf needs clarifications #606
• Ability to set custom fields as mandatory #652
• Observable type boxes doesn't line break on alert preview pane #593
• On branch betterDescriptions #660 (secdecompiled)

Fixed bugs:

• 3.1.0-RC1- Tasks list is limited to 10 items. #679
• WebUI inaccessible after upgrading to 3.1.0-0-RC1 (elastic4play and Play exceptions) #674
• play.crypto.secret is depecrated #671
• The hive docker image has no latest tag #670
• 'Tagged as' displayed in Related Cases even if cases are untagged #594
• Horizontal Scrolling and Word-Wrap options for Logs #573
• case metrics unordered in cases #419

Closed issues:

• ES Mapping bug #680
• ignore - delete me #675
• HTTPS not working with Keystore #669

Merged pull requests:

• Move input group addons from right to left for better usage #672 (srilumpa)
• Update Cortex reference.conf #668 (ErnHem)
• Fix some minor typos #658 (srilumpa)

3.1.0-RC1

Full Changelog

Implemented enhancements:

• Display drop-down for custom fields sorted alphabetically #653
• Custom fields in Alerts? #635
• Check Cortex authentication in status page #625
• Revamp the search section capabilities #620
• New TheHive-Project repository #618
• Add PAP to case to indicate which kind of action is allowed #616
• Ability to execute active response on any element of TheHive #609
• Consider providing checksums for the release files #590
• Start Task - Button #540
• Handling malware as zip protected file #538
• Auto-refresh for Dashboards #476
• Assign Tasks to users from the Tasks tab #426
• Make The Hive MISP integration sharing vs pull configurable #374
• MISP Sharing Improvements #366
• Output of analyzer as new observable #246
• Ability to have nested tasks #148
• Single-Sign On support #354

Fixed bugs:

• Default value of custom fields are not saved #649
• Attachments with character "#" in the filename are wrongly proceesed #645
• Session does not expire correctly #640
• Dashboards contain analyzer IDs instead of correct names #608
• Error with Single Sign-On on TheHive with X.509 Certificates #600
• Entity case XXXXXXXXXX not found - After deleting case #534
• Artifacts reports are not merged when merging cases #446
• If cortex modules fails in some way, it is permanently repolled by TheHive #324
• Previewing alerts fails with "too many substreams open" due to case similarity process #280
• File upload when /tmp is full #321
• StreamSrv: Unexpected message : StreamNotFound #414

Merged pull requests:

• fix bug in AlertListCtrl #642 (billmurrin)
• flag for Windows env #641 (billmurrin)
• 426 - assign tasks to users from tasks tab #628 (billmurrin)
• Fix installation links #603 (Viltaria)