Version 6.9.0

Dear community, we're excited to announce the launch of OpenCTI 6.9.0! 🥳

This release focuses on solving key pain points and unlocking new use cases:

• Make Priority Intelligence Requirements actionable
• CTI-driven assessment by integrating OpenCTI & OpenAEV
• Draft Authorize members, to protect from unwanted modification or approval
• Avoid some IOC to decay by introducing Decay Exclusion Rules
• Framework to import data in the platform via Form Intake
• UI & UX improvements
• Many other improvements (new capa for playbooks, pattern matching for IOC…)
• New Integrations/Connectors

🌟 Make Priority Intelligence Requirements actionable (EE)

• A new Threat Map widget in PIRs provides instant visual insight into your highest-priority threats, enabling faster threat assessment and prioritization.
• Priority Intelligence Requirements are now actionable within playbooks through intelligent filtering based on identified threats and scores. This enhancement transforms PIRs from passive threat awareness into actionable automation.
  • Trigger enrichment and processing workflows upon threat detection
  • Automatically initiate actions based on PIR threat scores
  • Selective processing of entities (indicators, vulnerabilities, etc.) linked to specific PIR threats

This allows teams to move beyond static threat lists and automatically respond to prioritized threats. Playbooks now execute targeted actions on the threats that matter most to your organization, reducing noise and accelerating response times to high-priority threats.

🤖 CTI driven assessment by integrating OpenCTI & OpenAEV (CE)

Security assessments can now be initiated from threat intelligence in OpenCTI, executed as simulations in OpenAEV, and results automatically imported back into OpenCTI as actionable gap analyses, within a new entity type Security coverage. Additionally, the creation and generation of security coverages can now be fully automated through our playbook engine. This capability, combined with the ability to trigger playbooks based on PIR events, enables you to automatically test your defense posture against threats identified as relevant for your organization.

This first implementation lays the foundation for transforming security assessments from manual processes into automated, threat-driven continuous validation

See details in our documentation.

💡 Draft Authorize members, to protect from unwanted modification or approval & Service Account bypass (CE)

To get an approval workflow for draft, the first step has been for us to enable Authorize Members on Drafts.

This way, when creating a draft manually or via file upload, you will be able to define authorized members at draft creation. This will ensure no user will be able to validate your draft on your behalf or even modify it without your consent.

This change required us to introduce another related change: Service Account now bypasses Authorize Members. The rationale behind this behavior is that Service Accounts should be able to enrich observables within a Draft, even if the draft has some Authorize Members enabled. To be clear: even if Service Accounts are not added as Authorized Members, they will get the Edit permission on the entity (draft, containers). This bypass is a default behavior that cannot be changed.

👤 Avoid some IOC to decay by introducing Decay Exclusion Rules (CE)

Some IOCs should never expire: for instance, Yara rules (or any detection rules) should never be revoked, to avoid having any tools like your SIEM, XDR, EDR… failing to detect a malicious IOC.

This is the purpose of Decay Exclusion Rules: you can filter on some IOC attributes to avoid having the matching IOCs fall under a decay rule. Ultimately, it prevents your IOCs from being automatically revoked.

Please be careful with the decay exclusion rules:

• Decay exclusion rules are always first against a decay rule: if an IOC matches both a Decay rule & a Decay Exclusion rule, the decay exclusion will apply.
• An IOC that is currently matching a decay rule, will fall under a decay exclusion rule at upsert if the upsert matches the filters applied the decay exclusion rule.
• It will not be possible for an IOC under a decay exclusion rule to be changed so that a decay rule is applied.

This feature should also help you if you use sources that also manage the lifecycle of your IOCs to avoid having 2 automated lifecycle management applied to your IOCs.

See details in our documentation.

🛡️ Framework to import data in the platform via Form Intake (CE)

Creating data in the platform can be a complex task, especially because:

• Not all users are STIX experts.
• Administrators need a way to enforce data collection consistently.

As a result, we’re proud to introduce the Form Intake, to streamline the collection of threat intelligence data from external sources and stakeholders through structured forms.

Form intakes allow Administrators to define a form to specify which entities should be created and their needed mandatory fields. Also, Administrators can decide to automatically create relationships between entities created via the form and to create them as a draft or not. Additionally, the administrator can also label the entity or a specific field with a non-STIX label: this helps users not familiar with the platform and/or STIX to easily enter information in the platform.

This feature has proven (since available from 6.8.X) to be useful in the FIMI context, sharing communities such as ISACs or even Incident reporting.

Please provide as much feedback as possible on this feature, which should help you consolidate your database with consistent data.

🎨 UI & UX improvements (CE)

We keep working on the UI & UX part to provide a better experience to users.

• Improvement of the bulk search module to make it more useful and actionable, by allowing differentiated management of found entities (knowns) and not found entities (unknowns). Known entities now support bulk operations, and all unknown entities can be created simultaneously.
• The create Relationship floating action button has been replaced on all entity tabs across the platform. You can now create relationships from any tab using the button located next to the Update button.
• Custom themes are now available. Organizations can now align the platform’s visual design with their corporate branding guidelines.
• The Composer catalog now adapts seamlessly to your screen size, providing a better experience on any device.
• Open files in another tab in draft: when opening a file in a draft, it will open another tab, which should simplify usage of the app.
• Clarify the Add behavior on Authorized Members: the “+” to add authorized members was confusing. Therefore, a proper button ADD has been introduced instead to clarify the behavior.

💡 Many other improvements (new capa for playbooks, pattern matching for IOC…)

• New observable to model SSH keys (CE): a new observable type, SSH key, has been introduced to help the modelization of SSH keys.

• Email notifier improvements (CE): In the current implementation of our platform's mailer notifier, the content is generated in HTML format. However, the description field of an entity is formatted in Markdown by default. We introduce a solution for converting Markdown-formatted content to HTML to ensure consistency and proper rendering in the mail notifications.

• Pattern matching filter (CE/EE): now also available for indicators in playbook, Live streams, CSV Feeds, and TAXII Collection.

• Composer configuration (EE): for configuring a global HTTP/HTTPS proxy for connector network connectivity.

• Change the capability linked to playbooks (EE): Playbook capability has been split into two capabilities:

  • Manage playbooks: to allow users to create and manage playbooks
  • Use playbooks: to allow users to trigger playbooks manually and automatically.

  This should help administrators in managing the RBAC with a fine-grained approach. See details in our documentation.

• Change of capability for Delete & Merge knowledge (CE): After some feedback from the community, we have decided to change the capability to merge & delete, to ensure that that now merge and delete are now two specific capabilities.

• Add original value in the logs (CE): Understanding the changes on an entity in detail is key in Cybersecurity. Therefore, we have improved data traceability by allowing users to view the detailed changes about an entity. Now, each line of the history of an entity is clickable, to give you more details about the initial value and the new one.

• Send to template in playbook (EE): a new box “Send email from template has been introduced”, allowing you to send email using the templates defined in parameters/security. The end goal is to send an email to users, leveraging the HTML capabilities of the Email template Editor. This template only supports user-related variables and not entity-related variables. Additionally, this capability supports some dynamic variables, such as selecting “dynamic objects from the object in bundle” (organization), to extract directly the users from the organization triggering the playbook. More info on our documentation page.

• Introduction of an onboarding email template (EE): for new platforms, an email template for user onboarding will be prepopulated, to help administrators save time in setting...

Version 6.8.17

Enhancements:

• #13625 Add ability to specify a provider in API client user agent and specify one in worker
• #13623 Implement duration, type affinity and platforms affinity in security coverage to drive scenario generation
• #13136 Create Security Coverage through playbooks

Pull Requests:

• [deps] Update vitest monorepo to v4 (major) by @renovate[bot] in #12940
• [deps] Update dependency black to v25.11.0 by @renovate[bot] in #13153
• [deps] Update dependency pytest-cov to v7 by @renovate[bot] in #13197
• [deps] Update dependency pre-commit to ~=4.5.0 by @renovate[bot] in #13188
• [worker/client] add ability to specify a provider in API client user agent by @JeremyCloarec in #13444
• [ci] Release - Wait for connector manifest on the tag before OpenCTI build by @efaure in #13536
• [backend/frontend] Add fields to security coverage and introduce playbook component (#13136, #13623) by @SamuelHassine in #13619

Full Changelog: 6.8.16...6.8.17

Version 6.8.16

Enhancements:

• #13585 Introduce new field x_opencti_modified_at to trigger update events
• #13575 [backend/frontend] Introduce LTS validation in LTS platform

Bug Fixes:

• #13584 Upsert on modified field is generating too many events
• #13499 A user with Manage Credentials and Platform org only see in Organization the org that is being admin of
• #13485 Rule deactivation pop-up typo
• #13461 Useless entity type filter values in Relationship tab
• #13428 Error in export - export all instead of the selected items
• #13320 Import Form does not prevent submitting badly formatted values
• #13307 Filters margin in Activity trigger creation form
• #13062 [6.8.10] Custom Dashboard / Knowledge Graph / Break down by shows ID instead of Name in Legend
• #12908 Reset a connector queue: the number on message is wrong
• #11719 Edit Severity in playbooks on applies on Severity of Cases
• #11336 Entity type filters in relationships view is containing entities types (should only contain relationships types)
• #10830 Issues parsing RSS feed when tags contain no <Title> element

Pull Requests:

• [backend] Improve templating by @Archidoit in #13345
• [frontend] prevent duplicated option security coverage on add (#13118) by @esrevi in #13424
• BUG: [backend/frontend] Fix trailing / on .gitignore for .DS_Store by @ParamConstructor in #13420
• [backend] feat: reset XTM Hub registration when platform is not found (#13336) by @Kroustille in #13337
• [frontend] filter icon button style updated (#13307) by @ValentinBouzinFiligran in #13439
• [ci] Run CI on PR commit on simulation of merge (#13369) by @efaure in #13379
• [deps] Update dependency ipaddr.js to v2.3.0 by @renovate[bot] in #13466
• [deps] Update graphql-tools monorepo by @renovate[bot] in #13464
• [frontend] resend code input disabled (#13380) by @esrevi in #13442
• [deps] Update dependency fastapi to >=0.123.0,<0.124.0 by @renovate[bot] in #13465
• [frontend] Keep context filters when exporting entities lists (#13428) by @Archidoit in #13433
• [backend] Import Form does not prevent submitting badly formatted values (#13320) by @SarahBocognano in #13421
• [backend] fix playbook queue creation on playbook duplication (#13469) by @JeremyCloarec in #13472
• [frontend] entity type filter possible values should be scr in Data>Relationships (#13461) by @Archidoit in #13474
• [deps] Update dependency rate-limiter-flexible to v9 by @renovate[bot] in #13467
• [backend] improve stream ingestion logs by @aHenryJard in #13429
• [ci] Upgrade steps for prerelease-ce and remove prerelease staging by @victorhery-filigran in #13477
• [backend/frontend] Edit Severity in playbooks on applies on Severity of Cases (#11719) by @SarahBocognano in #13462
• [deps] Update dependency react-syntax-highlighter to v16 by @renovate[bot] in #13006
• [deps] Update dependency express to v5.2.1 by @renovate[bot] in #13503
• Temporary remove the rolling restart for prerelease-ce, as currently our security rules prevents deployment from circleci by @victorhery-filigran in #13504
• [ci] GitHub Action: Use client-python version from the branch instead of released one by @efaure in #13414
• [backend] fix searchEngineVersion in case engine_selector is set to elk by @JeremyCloarec in #13497
• [frontend] Simplify OpenVocabField component by @lndrtrbn in #13496
• [frontend] do not include authorized_authorities filter in SettingsOrganizations if user has SETACCESSES (#13499) by @JeremyCloarec in #13535
• [backend] fix: check if hub backend is reachable before registration (#13532) by @Kroustille in #13533
• [backend] Fix RSS parsing crash when items lack title elements (#10830) by @maelv-filigran in #13487
• [backend/frontend] Fix connector reset dialog showing stale message count (#12908) by @maelv-filigran in #13494
• [deps] Update dependency lru-cache to v11.2.4 by @renovate[bot] in #13502
• [deps] Update elasticsearch Docker tag to v8.19.8 by @renovate[bot] in #13552
• [deps] Update kibana Docker tag to v8.19.8 by @renovate[bot] in #13553
• [deps] Update react monorepo to v19.2.1 by @renovate[bot] in #13557
• [deps] Update alpine Docker tag to v3.23 by @renovate[bot] in #13558
• [deps] Update otel/opentelemetry-collector-contrib Docker tag to v0.141.0 by @renovate[bot] in #13554
• [deps] Update dependency @types/relay-runtime to v20 by @renovate[bot] in #13555
• [deps] Update aws-sdk-js-v3 monorepo to v3.943.0 by @renovate[bot] in #13559
• [deps] Update dependency node-forge to v1.3.3 by @renovate[bot] in #13551
• [deps] Update devDependencies (non-major) by @renovate[bot] in #13284
• [deps] Lock file maintenance by @renovate[bot] in #13199
• [CI] Moved linter pycti from circleci to github action by @MTorbay-Filigran in #13548
• [backend/frontend] Adapt to introduce LTS validation in LTS platform by @richard-julien in #13250
• [Frontend] Corrected naming in multi horizontal bar widget legend (#13062) by @MTorbay-Filigran in #13486
• [frontend] fix Disable button typo in rule deactivation pop-up (#13485) by @Archidoit in #13567
• [backend] redirect after sso login (#13386) by @esrevi in #13545
• [frontend/backend] 'view all users' new settings option (#13347) by @Archidoit in #13565
• [client] move log level to debug in list methods (#13522) by @JeremyCloarec in #13550
• [worker/client] add ability to customize API requests timeout in OpenCTIApiClient init and in worker config by @JeremyCloarec in #13446
• [client] deprecate methods no longer working following removal of cache_index (#13521) by @JeremyCloarec in #13547
• [backend/frontend] Introduce x_opencti_modified_at and stop upserting modified field (#13584, #13585) by @SamuelHassine in #13586
• [frontend] Order groups by name in Update User by @delemaf in #13492

New Contributors:

• @victorhery-filigran made their first contribution in #13477

Full Changelog: 6.8.15...6.8.16

Version 6.8.15

Enhancements:

• #13214 [backend] Introduce option to restrict the capacity to change the platform sender email
• #12446 Migration client-python source code inside OpenCTI repository

Bug Fixes:

• #13371 Failed to load pdf fintel template preview file
• #13359 Data segregation: issue when AM set on an entity and Author is an Individual that does not belong to the Org of the individual
• #13338 User segregation: entities not accessible since user is "null" in knowledge history
• #13332 [rule engine] containerWithRefsBuilder rules bug can lead to creating unrelated inferred relations
• #13304 Issues in Targeting Propagation Rules
• #13276 Hidden Entities in Group Settings Does Not Display Unhidden Entities
• #13226 CSV import in Draft: import of label is inconsitent
• #11580 No updates in last attributions of Diamond Model

Pull Requests:

• [backend] Introduce option to restrict the capacity to change the platform sender email (#13214) by @richard-julien in #13225
• [FRONTEND] Corrected diamond display of attributed campains in threats (#11580) by @MTorbay-Filigran in #13251
• [ci] Feature branche creation - fix docker build and improve github workflow by @efaure in #13325
• [Backend] Moved a unit test to integration by @MTorbay-Filigran in #13358
• [backend] Fix targeting propagation rules descriptions (#13304) by @Archidoit in #13357
• [backend] Refactor upsert by @SouadHadjiat in #13331
• [client] fix usage of mapping_cache in draft (#13226) by @JeremyCloarec in #13237
• [backend] fix organizations resolve on individual if individual is not visible to requesting user (#13359) by @JeremyCloarec in #13367
• [backend] engine.ts by @JeremyCloarec in #13164
• [oob] Fix eslint config file name & add @stylistic/eslint-plugin by @delemaf in #13381
• [backend] Add test coverage on CVSS 3.0 scores by @aHenryJard in #13322
• [frontend] Failed to load pdf fintel template preview file (#13371) by @SarahBocognano in #13388
• [deps] Update dependency nodemailer to v7.0.11 by @renovate[bot] in #13392
• [deps] Update aws-sdk-js-v3 monorepo to v3.940.0 by @renovate[bot] in #13393
• [deps] Update dependency filigran-icon to v0.20.0 by @renovate[bot] in #13382
• [deps] Update dependency rate-limiter-flexible to v8.3.0 by @renovate[bot] in #13352
• [deps] Update actions/upload-artifact action to v5 by @renovate[bot] in #13329
• [deps] Update dependency fastapi to >=0.122.0,<0.123.0 by @renovate[bot] in #13186
• [deps] Update dependency @jsonforms/core to v3.7.0 by @renovate[bot] in #13394
• [deps] Update dependency @jsonforms/react to v3.7.0 by @renovate[bot] in #13396
• [deps] Update dependency @jsonforms/material-renderers to v3.7.0 by @renovate[bot] in #13395
• [deps] Update dependency body-parser to v2.2.1 [SECURITY] by @renovate[bot] in #13324
• [deps] Update dependency node-forge to v1.3.2 [SECURITY] by @renovate[bot] in #13354
• [deps] Update dependency cookie to v1.1.1 by @renovate[bot] in #13390
• [deps] Update Yarn to v4.12.0 by @renovate[bot] in #13353
• [deps] Update dependency chokidar to v5 by @renovate[bot] in #13391
• [backend] prevent fullRelationsList from being called without any fromId filter in containerWithRefsBuilder (#13332) by @JeremyCloarec in #13333
• [backend] fix filterMembersWithUsersOrgs (#13338) by @JeremyCloarec in #13346
• [backend/ci] Split unit tests to have them run without infra required (#13317) by @aHenryJard in #13387

Full Changelog: 6.8.14...6.8.15

Version 6.8.14

Enhancements:

• #13296 Upsert modified field
• #13215 Support for CVSS V3.0 Vector String
• #13101 Add telemetry to understand SSO type deployed per platform
• #13074 Add data to errors to aid debugging

Bug Fixes:

• #13334 Incorrect default "connectors" role capabilities
• #13271 Form Intake: additionnal entity in multiple mode even with 0 entity needed forces the user to have at least 1 entity
• #13249 Reduce PIR threat map date range from 30 to 7 days
• #13234 Form Intake: if a field is marked as mandatory while entity is optionnal, it fails the validation
• #13231 Entity name validation error — “Must be at least 2 characters”
• #13107 External Ref displayed in the report history
• #13064 Timeline Widget for Knowledge Events Does Not Display Functional Date
• #13028 Widget export leaves out the Relationship Type in the In regards of filter.
• #13027 OpenCTI 6.8.10 is still inconsistent on Public Dashboard
• #12668 Taxii push feed not reponding with HTTP Error when content type is incorrect
• #8946 OpenCTI Taxii server return HTTP 200 OK for bad credentials instead of HTTP 403

Pull Requests:

• [deps] Update rabbitmq Docker tag to v4.2.0 by @renovate[bot] in #13159
• Improve docker build by @efaure in #12924
• [deps] Update dependency react-pdf to v10.2.0 by @renovate[bot] in #12747
• [deps] Update dependency html-react-parser to v5.2.10 by @renovate[bot] in #13242
• [backend] add telemetry on SSO usages (#13101) by @aHenryJard in #13129
• [backend] Fix taxii server error management (#12668)(#8946) by @aHenryJard in #12690
• [backend] Fix widget export with regardingOf filter (#13028) by @Archidoit in #13031
• [backend] Fix publicStixRelationshipsMultiTimeSeries with dynamic filters (#13027) by @SouadHadjiat in #13135
• [frontend] display selected date attribute in timeline widget (#13064) by @Archidoit in #13244
• [frontend/backend] Allow 1-character-length name for Organizations (#13231) by @Archidoit in #13245
• [frontend]missing vocabularies translations(#12799) by @CelineSebe in #12984
• [deps] Update aws-sdk-js-v3 monorepo to v3.936.0 by @renovate[bot] in #13285
• [deps] Update dependency webpack to v5.103.0 by @renovate[bot] in #13277
• [deps] Update redis Docker tag to v8.4.0 by @renovate[bot] in #13288
• [deps] Update dependency axios-cookiejar-support to v6.0.5 by @renovate[bot] in #13282
• [deps] Update dependency file-type to v21.1.1 by @renovate[bot] in #13283
• [deps] Update rabbitmq Docker tag to v4.2.1 by @renovate[bot] in #13291
• [deps] Update dependency mime-types to v3.0.2 by @renovate[bot] in #13289
• [deps] Update dependency @pyroscope/nodejs to v0.4.8 by @renovate[bot] in #13278
• [deps] Update dependency marked to v17.0.1 by @renovate[bot] in #13294
• [deps] Update dependency filigran-icon to v0.19.0 by @renovate[bot] in #13292
• [deps] Update otel/opentelemetry-collector-contrib Docker tag to v0.140.1 by @renovate[bot] in #13286
• [deps] Update dependency content-disposition to v1 by @renovate[bot] in #13243
• [frontend] PIR threat map: change x axis to one week (#13249) by @lndrtrbn in #13252
• issue/13234 fix form intake multiple optional additional entities by @OctaveLaventure in #13274
• [frontend/backend] (freetrials) display banners on demo and trial env #13217 by @carinelebas in #13218
• [CI] Migrate CI from drone to GitHub action by @efaure in #13174
• [backend] Add user agent to graphql telemetry(#13306) by @aHenryJard in #13309
• [backend] Support upsert on modified (#13296) by @SamuelHassine in #13298
• [deps] Update actions/checkout action to v6 by @renovate[bot] in #13297
• [deps] Update dependency filigran-icon to v0.19.1 by @renovate[bot] in #13310
• [deps] Update rabbitmq Docker tag to v4.2 by @renovate[bot] in #13311
• [deps] Update redis Docker tag to v8.4.0 by @renovate[bot] in #13314
• [frontend] Hidden Entities in Group Settings Does Not Display Unhidden Entities (#13276) by @SarahBocognano in #13302
• [backend] Support CVSS 3.0 (#13215) by @SamuelHassine in #13299
• [backend] Try to remove flake on telemetryManager-test (#13316) by @aHenryJard in #13315
• [deps] Update dependency eslint to v9 by @renovate[bot] in #8108
• [deps] Update dependency @apollo/server to v5.2.0 by @renovate[bot] in #13313
• [backend] Introduce new default capabilties in connector role (#13334) by @richard-julien in #13335

New Contributors:

• @carinelebas made their first contribution in #13218

Full Changelog: 6.8.13...6.8.14

Version 6.8.13

Bug Fixes:

• #13216 Notifer issue with special character
• #13207 Most active labels widget in home is empty
• #13161 [playbooks] manage access restriction form doesn't save value anymore
• #13125 Regression in the history layout
• #12822 Cannot update a live trigger for a group
• #12499 [composer] disable the deploy form once deployment in progress
• #12072 Adding a Sighting to an Indicator/Report is not updating the Modified Date
• #11154 Users outside main org can’t see external reference files in global search
• #11073 Duplicate reliability in organization
• #10538 CSV export leads to database pagination error
• #9023 Can't access all the users in Creators trigger filter of a Connector

Pull Requests:

• [deps] Update dependency @graphql-codegen/typescript-resolvers to v5.1.2 by @renovate[bot] in #13203
• [deps] Update graphql-tools monorepo by @renovate[bot] in #13044
• [deps] Update dependency react-router-dom to v6.30.2 by @renovate[bot] in #13157
• [deps] Update dependency rate-limiter-flexible to v8.2.1 by @renovate[bot] in #13213
• [frontend] Remove remaining CRA artifacts by @xfournet in #13179
• [backend] Remove graphql patch by @xfournet in #13180
• [ci] Remove double Circle CI build (#12446) by @efaure in #13212
• [frontend] Remove fs-extra dependency by @xfournet in #13178
• [frontend] handle bypass enforced ref on add alias (#11084) by @frapuks in #13023
• [frontend] add object-label in RELATIONSHIP_WIDGETS_TYPES (#13207) by @JeremyCloarec in #13211
• [backend] fix entityType for external ref indexing (#11154) by @CelineSebe in #12811
• [frontend] Disable deploy form during connector deployment (#12499) by @maelv-filigran in #13111
• [backend/frontend] Integration Manager warning banner not reappearing when inactive (#12895) by @maelv-filigran in #13109
• [backend] STIX 2.0 converter: adapt toStix API (#8832) by @marieflorescontact in #11831
• [frontend] add trigger update (#12822) by @CelineSebe in #13134
• [frontend] fix style for history (#13125) by @lndrtrbn in #13221
• [backend] Improve ids query to avoid too many nested clauses error (#10538) by @SouadHadjiat in #12864
• [backend] split file storage concerns into two seperate files by @JeremyCloarec in #12925
• [backend] managed connectors proxy support (#12177) by @maelv-filigran in #13127
• [deps] Update dependency marked to v17 by @renovate[bot] in #13176
• [frontend] Remove Reliability in Organization details (#11073) by @Archidoit in #13228
• [backend] fix connector configuration format by @JeremyCloarec in #13233
• [backend] Fix notifier issue with special characters (#13216) by @maelv-filigran in #13224
• [deps] Update dependency html-to-pdfmake to v2.5.32 by @renovate[bot] in #12055

Full Changelog: 6.8.12...6.8.13

Version 6.8.12

Enhancements:

• #13119 Add telemetry points on security coverage
• #13114 [deprecation] pythonjsonlogger.jsonlogger has been moved to pythonjsonlogger.json
• #13088 Auto Register OpenCTI from xtm hub provided trials
• #13055 Confusing authorized member "add" button

Bug Fixes:

• #13103 relationship list widget does not list sighting
• #13097 Credential Observable bug in IR case
• #12923 LiveStream stuck with ""code":"UNKNOWN_ERROR","message":"Maximum call stack size exceeded"
• #12715 Dashboard: when one widget has error it should not crash the whole dashboard
• #12659 6.8.3 - yarn build fails with error TS2740, missing properties
• #12474 [composer] when a connector instance is stopped, do not wait ping timeout to be able to delete it
• #12246 Can't create support package while in draft mode
• #12213 In air-gapped environments (no Internet connection), check connectivity through manager
• #11984 Update metadata info for Element preparation too many values error
• #11978 Publisher manager raising "No recipients defined"
• #10206 The history height is not aligned with the max height of external references

Pull Requests:

• [frontend] Allow immediate deletion of managed connectors after stop request (#12474) by @maelv-filigran in #13090
• Update dependency remark-flexible-markers to v1.3.2 by @renovate[bot] in #13043
• Update dependency @pyroscope/nodejs to v0.4.7 by @renovate[bot] in #13042
• Update dependency axios to v1.13.2 by @renovate[bot] in #13048
• Update dependency convert to v5.13.1 by @renovate[bot] in #13049
• Update dependency express-rate-limit to v8.2.1 by @renovate[bot] in #13050
• [backend] Prevent Office file extraction when MIME type is misdetected (#10380) by @maelv-filigran in #13105
• [backend] xtm-hub: add configuration to disable connectivity email notifications (#12988) by @jbanety in #12990
• [backend] update credentials and trackingNumbers capabilities by @OctaveLaventure in #13108
• [frontend] Types in relationships widgets (#13103) by @Archidoit in #13106
• [CI] update script after client-python migration (#12446) by @aHenryJard in #13112
• [client] move pythonjsonlogger.jsonlogger to pythonjsonlogger.json (#13114) by @mariot in #13113
• [frontend] add margin between each input in connector config (#13085) by @esrevi in #13110
• Update Node.js to v22.21.1 by @renovate[bot] in #13045
• Update dependency bcryptjs to v3.0.3 by @renovate[bot] in #13140
• Update dependency formik to v2.4.9 by @renovate[bot] in #13141
• [backend] too many value add fallback for id (#11984) by @aHenryJard in #13092
• [backend] adding one missing use case in sanitizeReferer (#13011) by @aHenryJard in #13026
• [frontend] Can't create support package while in draft mode (#12246) by @SarahBocognano in #12997
• [backend] add emailPayload validation before trying to send email (#11978) by @JeremyCloarec in #13130
• Update opensearchproject/opensearch Docker tag to v3.3.2 by @renovate[bot] in #13046
• Update quay.io/keycloak/keycloak Docker tag to v26.4.5 by @renovate[bot] in #13146
• Update redis Docker tag to v8.2.3 by @renovate[bot] in #13147
• Update dependency file-type to v21.1.0 by @renovate[bot] in #13154
• Update dependency graphql to v16.12.0 by @renovate[bot] in #13155
• Update dependency rate-limiter-flexible to v8.2.0 by @renovate[bot] in #13156
• Update dependency marked to v16.4.2 by @renovate[bot] in #13143
• Update dependency validator to v13.15.23 by @renovate[bot] in #13144
• Update docker.elastic.co/kibana/kibana Docker tag to v8.19.7 by @renovate[bot] in #13145
• [frontend] prevent adding coverage already selected (#13118) by @esrevi in #13138
• Update Yarn to v4.11.0 by @renovate[bot] in #13151
• [client-python] Remove files that became useless after merge in opencti repository by @xfournet in #13166
• [frontend] translate security coverage in plural (#13117) by @esrevi in #13137
• [ci] migration of client-python repository (#12446) by @aHenryJard in #13170
• [frontend] Use theme text color when rendering the letter security coverage (#13116) by @esrevi in #13131
• [ci] syntax issue on git.git repo (#12446) by @aHenryJard in #13173
• Update dependency html-react-parser to v5.2.8 by @renovate[bot] in #13142
• Update dependency @datadog/pprof to v5.12.0 by @renovate[bot] in #13047
• Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.19.7 by @renovate[bot] in #13149
• Update otel/opentelemetry-collector-contrib Docker tag to v0.139.0 by @renovate[bot] in #13150
• Update graphqlcodegenerator monorepo (major) by @renovate[bot] in #12786
• Update Apollo GraphQL packages (major) by @renovate[bot] in #10757
• Update dependency express to v5 by @renovate[bot] in #10543
• Migrate Renovate config by @renovate[bot] in #13181
• [deps] Update devDependencies (non-major) by @renovate[bot] in #13183
• Update dependency openid-client to v5.7.1 by @renovate[bot] in #8502
• [worker] implement thread pool selector for push handlers in worker by @JeremyCloarec in #12956
• [Backend] Corrected confusion between to and from in the engine function elIndexElements (#12072) by @MTorbay-Filigran in #13100
• [deps] Update aws-sdk-js-v3 monorepo to v3.930.0 by @renovate[bot] in #13184
• [ci] client-python build - fix init .pypirc step (#12446) by @efaure in #13210

New Contributors:

• @mariot made their first contribution in #13113

Full Changelog: 6.8.11...6.8.12

Version 6.8.11

Bug Fixes:

• #13096 When creating a PIR, the dialog does not have the default behavior
• #13039 [Form intakes] When a field is mandatory and is linked to open vocab, it automatically maps on "text field" and cannot be modified
• #13016 Can't add / remove labels of a workbench
• #13011 SSO absolute redirection prevent login
• #13007 Missing “+” button to create object on the fly when adding a relationship
• #12962 [form intakes] Certain Event Names Result in Unknown in Lookup
• #12926 Users can see others of others orgs when assigning/participating/authorize members
• #12840 JSON Feeds page HTML title is not correct
• #12818 Creator filter shows no values for users outside the main organization when organization segregation is enabled
• #12398 Customizing 'Timeline' widget columns
• #12392 Number of results not respected in 'List' type 'Knowledge Graph' dashboard widget
• #11700 [frontend] Three dots button moving after selection in a CSV feed line
• #11005 Incorrect type icon in Audit distribution list
• #10374 In manage access restriction dialog, the + button is not the correct color

Pull Requests:

• [backend] change SSO absolute redirection (#13011) by @aHenryJard in #13012
• [backend] fix access for users outside platform org (#12926) by @JeremyCloarec in #12894
• [backend] fix elPaginate hasNextPage compute when elements are post filtered (#11885) by @JeremyCloarec in #12991
• [CI] Fix octi_config extra var in awx call by @efaure in #13018
• [frontend] fix suspence loader in ingestion popover (#11700) by @delemaf in #13000
• [frontend] JSON Feeds page HTML title is not correct (#12840) by @delemaf in #13001
• [backend] Update GraphQL telemetry log regarding unnamed queries by @xfournet in #13038
• [frontend] Add xtmhub route to open connector config (#12540) by @esrevi in #12918
• [frontend] entity type added on audit distribution query (#11005) by @ValentinBouzinFiligran in #13068
• [frontend/backend] Fix labels types & workbench labels (#13016) by @Archidoit in #13017
• [frontend] number of results in Knowledge List widgets (#12392) by @Archidoit in #12943
• [frontend] remove Column customization for Timeline widget (#12398) by @Archidoit in #12942
• [frontend] temporary fix for hidden controlled dial button by @OctaveLaventure in #13076
• [backend] - (FreeTrials) Auto Register OpenCTI (#13088) by @hervyt in #13037
• [backend/frontend] feat: hide register when hub backed is unreachable (#12213) by @Kroustille in #13029
• [frontend] notes header alignment (#12922) by @esrevi in #13032
• [frontend] Fix closing PIR creation form (13096) by @Archidoit in #13102
• [frontend] better alignment on overview (#10206) by @ValentinBouzinFiligran in #13099
• [backend] entities and relations counters contants in backend tests by @Archidoit in #13094
• Update dependency @types/archiver to v7 by @renovate[bot] in #13051

Full Changelog: 6.8.10...6.8.11

Version 6.8.10

Enhancements:

• #10905 Add SSH key SCO

Bug Fixes:

• #13013 Connector composer fetching the wrong manifest
• #13008 Manual enrichment fails with error 'No bundle resolver for type X"
• #12994 Unable to access "opinion" details
• #12987 Date is missing in timeline widget
• #12410 Bg color issue in attribut mapping configuration
• #12142 List widget in Public Dashboard crashes (6.7.12)
• #12090 In graph view / overview of entity, when having only 2 markings, the blue point is displayed
• #12051 Activity log message doesn't display that there are more changes occuring
• #12032 Marking definitions not fully displayed in last containers + last relationships

Pull Requests:

• [backend] improve update message (#12051) by @marieflorescontact in #12978
• [backend/frontend] Add new SCO - SSH Key(#10905) by @CelineSebe in #12805
• [frontend] fix dot on marking when limit is setted (#12090) by @delemaf in #12982
• [frontend] dialog background color issue (#12410) by @delemaf in #12993
• [frontend] fix cropped Marking in relationship list (#12032) by @delemaf in #12980
• Update dependency markdown-to-jsx to v7.7.17 by @renovate[bot] in #12959
• [frontend] prevent crashing when DeleteComponent undefined in ContainerHeader (#12994) by @JeremyCloarec in #12995
• Update Apollo GraphQL packages by @renovate[bot] in #8040
• Update dependency validator to v13.15.20 [SECURITY] by @renovate[bot] in #12952
• [frontend] Date is missing in timeline widget (#12987) by @Archidoit in #12992
• Update dependency markdown-to-jsx to v8 by @renovate[bot] in #13005
• Update dependency @types/turndown to v5.0.6 by @renovate[bot] in #13003
• [backend] fix undefined user on public query (#12142) by @esrevi in #12999
• [CI] Fix connector manifest version by @efaure in #13009
• [backend] fix manual & auto enrichment (#13008) by @JeremyCloarec in #13010

Full Changelog: 6.8.9...6.8.10

Version 6.8.9

Enhancements:

• #12916 Telemetry: count user that are service account in a separate gauge
• #12830 "Delete / Merge Knowledge" capability should be split into two separate permissions
• #12810 Remove pagination in elFindByIds
• #12807 Add telemetry on Login
• #12627 [backend] Introduce doYield utility to prevent event loop blocking
• #12490 Option to dedicate workers to specific queues
• #11707 [backend/frontend] Introduce security coverage and integration with OpenAEV
• #8004 Playbook: Change the capa linked to playbooks

Bug Fixes:

• #12983 TAXII Collections Spec Violations introduced by 818c906
• #12969 Public dashboard are broken
• #12965 [worker] RuntimeError: dictionary changed size during iteration
• #12904 PIR manager saves too many audit logs
• #12901 Python bridge error when platform start and telemetry tracing is enabled
• #12888 Right side icons overlaying in Knowledge Graph view
• #12887 Additional issues with Public Dashboard and v6.8.7
• #12833 [PIR] Some filters non functioning
• #12824 Playbook update drawer title is wrongly named "Update a decay rule"
• #12723 Unwanted relations displayed in Perspective Knowledge list widgets
• #12696 The “CREATOR” column in Advanced Search should be “CREATORS”
• #12482 Garbage collector fails to delete one element and show error for ever
• #12249 Child lock memory issue with callbacks
• #11986 Indicator decay history filling with back and forth revoke and score update
• #11889 [worker] Improve worker performance
• #11838 Small visual remainder in the trash page
• #11081 Nested view in Victimology not working
• #10349 Can't order by entity type in Correlation containers details

Pull Requests:

• Update aws-sdk-js-v3 monorepo to v3.913.0 by @renovate[bot] in #10907
• Update dependency ae-cvss-calculator to v1.0.9 by @renovate[bot] in #12754
• Update dependency graphql-scalars to v1.25.0 by @renovate[bot] in #12883
• Update dependency lru-cache to v11.2.2 by @renovate[bot] in #12759
• Update dependency rate-limiter-flexible to v7.4.0 by @renovate[bot] in #12746
• Update dependency winston to v3.18.3 by @renovate[bot] in #12749
• Update dependency @escape.tech/graphql-armor to v3.1.7 by @renovate[bot] in #10748
• Update dependency axios-cookiejar-support to v6.0.4 by @renovate[bot] in #10722
• Update dependency axios to v1.12.2 by @renovate[bot] in #12755
• Update dependency luxon to v3.7.2 by @renovate[bot] in #12760
• Update dependency semver to v7.7.3 by @renovate[bot] in #12767
• Update dependency zod to v3.25.76 by @renovate[bot] in #12260
• Update dependency express-rate-limit to v8 by @renovate[bot] in #11875
• Update dependency rate-limiter-flexible to v8 by @renovate[bot] in #12780
• Update dependency tough-cookie to v6 by @renovate[bot] in #12782
• Update dependency @datadog/pprof to v5.11.1 by @renovate[bot] in #10991
• Update dependency node-calls-python to v1.11.1 by @renovate[bot] in #8499
• Update alpine Docker tag to v3.22 by @renovate[bot] in #11690
• Update redis Docker tag to v8.2.1 by @renovate[bot] in #11902
• Update opensearchproject/opensearch Docker tag to v3.3.0 by @renovate[bot] in #11488
• Update docker.elastic.co/elasticsearch/elasticsearch Docker tag to v8.19.5 by @renovate[bot] in #12774
• Update docker.elastic.co/kibana/kibana Docker tag to v8.19.5 by @renovate[bot] in #12775
• Update opensearchproject/opensearch-dashboards Docker tag to v3 by @renovate[bot] in #11103
• Update actions/checkout action to v5 by @renovate[bot] in #11997
• Update github/codeql-action action to v4 by @renovate[bot] in #12785
• Update dependency slack to v6 by @renovate[bot] in #12781
• [frontend/backend] Split delete/merge knowledge capability in 2 capabilities (#12830) by @Archidoit in #12873
• [frontend] Missing CTA in Nested view in Victimology (#11081) by @Gwendoline-FAVRE-FELIX in #12874
• [backend] Fix child lock memory issue with callbacks (#12249) by @SouadHadjiat in #12823
• Update dependency vite to v7.1.11 [SECURITY] by @renovate[bot] in #12865
• [frontend] add SettingsMessageBanner in ContainerHeader (#12888) by @delemaf in #12897
• Update Renovate configuration to enable lock file maintenance and group dev dependencies updates (#12636) by @xfournet in #12637
• [backend] remove pagination in elFindByIds (#12810) by @JeremyCloarec in #12819
• [frontend] forgot password : disable button onSubmit (#11975) by @frapuks in #12828
• [CI] set up codecov coverage reporting on opencti-front by @OctaveLaventure in #12742
• Update dependency markdown-to-jsx to v7.7.16 by @renovate[bot] in #12761
• [frontend] New implicit filter for relationship widget (#12723) by @ValentinBouzinFiligran in #12856
• [backend] Update telemetry to accept non-async function by @xfournet in #12903
• [frontend] add provider for safe usage of computeLink by @OctaveLaventure in #12892
• [frontend] tests for buildFiltersAndOptionsForWidgets (#12723) by @Archidoit in #12910
• [backend] fix diffTargets compute complexity by @JeremyCloarec in #12876
• [backend] improve addedRefs and removedRefs compute time complexity by @JeremyCloarec in #12891
• [backend] buildDataRestrictions perf improve on markings condition by @JeremyCloarec in #12803
• [frontend] avoid unnecessary re-renders with computeLink by @OctaveLaventure in #12914
• [worker] Worker performance increase (#11889) by @gileri in #11849
• [CI] Feature branch deployment fix by @efaure in #12832
• [backend] add noThrow opts in elLoadById (#12482) by @JeremyCloarec in #12900
• [backend] Fix PIR manager saves too many audit logs (#12904) by @SouadHadjiat in #12905
• [frontend] Cannot sort on mixed name and observable_value column (#10349) by @delemaf in #12909
• [worker] add new thread pool dedicated to internal queues (#12490) by @JeremyCloarec in #12896
• [backend] add telemetry on human user login (#12807)(#12916) by @aHenryJard in #12813
• [frontend] Can't create support package while in draft mode (#12246) by @SarahBocognano in https://github.com/OpenCTI-Platform/openct...