Malcolm v23.08.0
Malcolm v23.08.0 is a minor release with a few improvements, bug fixes and component updates.
EDIT: I've discovered a regression in the Hedgehog Linux startup script that formats drives to make them available for artifact capture. I'm investigating now. If this affects you, you might want to avoid this release until I put out a patch.
-
Features and enhancements
- Rewrote the Network Traffic Artifact Upload interface and backend, replacing the defunct jQuery-File-Upload with FilePond. This was mainly due to jQuery-File-Upload no longer receiving security fixes and having some known vulnerabilities. see idaholab#235
- Use netbox-initializers plugin, adding the ability to drop YAML files for various NetBox obects to be preloaded at startup. see idaholab#228
- handle changes to ICSNPP parsers with source_ip/destination_ip fields (idaholab#233 and idaholab#226)
-
Bug fixes
- Fixed extracting Malcolm version during ISO build
- Workaround for wireshark no longer publishing raw manuf (OUI) list (idaholab#230)
- Remove news feed from default NetBox dashboard (as it would try to reach out to the web for RSS updates)
-
Component version updates
- Rebased Docker and ISO images to Debian 12 (bookworm)
- live-build tool for building ISO images to debian/1%20230131
- Arkime to v4.4.0
- supercronic to v0.2.26
- FileBeat to v8.9.0
- LogStash to v8.9.0 (idaholab#234)
- NetBox to v3.5.7
- PostgreSQL (used by NetBox) to v15
- opensearch-py to v2.3.0
- PHP (as used by Upload interface) to v8.2
- Fluent Bit to v2.1.8
- certifi to v2023.7.22 (idaholab#229)
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/.