Malcolm v5.2.11

Malcolm v5.2.11 is a minor release with a few user experience improvements and component version updates (some of which resolve potential security issues).

v5.2.10...v5.2.11

• Addressing security vulnerabilities

  • bump Zeek to v4.2.1 addressing a potential Zeek buffer overflow vulnerability
  • Deserilization of Untrusted YML data - #207

• Version bumps

  • Spicy to v1.4.1
  • OpenSearch to v1.3.1
  • Yara to v4.2.1

• Improvements

  • Resolve performance degredation when we went to OpenSearch 1.3 by using the G1GC garbage collector - idaholab#91
  • improve workflow for configuring Malcolm to run behind another reverse proxy (Caddy, Traefik, etc.) - idaholab#92
  • assign and display both event.provider and event.dataset in Arkime - idaholab#89
  • only show the controls for PCAP download from session details if there is actually a PCAP backing the session document #90 - idaholab#90
  • increase timeouts related to filebeat (see https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html) to be a little more forgiving for log files that take a long time to process - mmguero-dev/Malcolm@04b6084
  • strip build status badges from deployed copy of README.md
  • The install.py script will make use of the pythondialog module for user interaction (on Linux) if it is available
  • added link to Dashboards in the footer of Arkime's interface

Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.