CybercentreCanada/assemblyline v4.6.1.stable0

4.6.1.0

on GitHub

What’s Changed

This patch focuses on security hardening, UI/UX improvements, and codebase modernization, ensuring a more reliable and consistent user experience across the platform.

• Strengthened security by upgrading React and node-forge to versions that patch known vulnerabilities.
• Added clearer support pathways through new top-navigation actions for documentation and email assistance.
• Improved search usability with field descriptions and multiple Retrohunt interface fixes.
• Introduced the TextScroller component to better handle long text in constrained layouts.
• Refactored list-style inputs to unify state management and reduce inconsistent behavior.
• Reviewed and enhanced the Submit and Settings pages, adding new unit tests and improving code quality.
• Removed deprecated configuration and cleaned up outdated UI elements such as the 404 image.
• Improve email identification
• Guard chat bot conversation to stay on-topic about every malware analysis and Assemblyline
• Add configurations for extracting username & classification using SAML
• Fix quota consumption in the cases of an exception
• Login methods can be filtered by IP
• Support links now configurable in Assemblyline
  • This can involve adding a link to documentation (by default the CCCS docs) and/or setting up an email for contact following the mailto protocol

Added

• SearchBar Field Descriptions
  The SearchBar’s suggestion list now displays each field’s description, helping users better understand what each parameter represents.

• Support Buttons in the Top Navigation
  New Documentation and Email support actions have been added to the top navigation bar.
  These provide quick access to Assemblyline’s documentation as well as a prefilled support email link for users seeking assistance.

• TextScroller Component
  Added a horizontally scrolling UI component that ensures text exceeding its container width remains readable.
  The component dynamically measures content length and uses smooth, constant-speed animation to display long labels or metadata values.

• IP-filtering for login methods

  • Administrators can define what IPs are allowed to use certain login methods.
  • This can help for when you have multiple login methods configured but want users to use a particular method, based on their IP, rather than displaying all which can lead to confusion

Fixed

• Retrohunt Page Issues

  • Updated the icon used to view a user’s own Retrohunt job so it matches its counterpart on the Submissions page.
  • When creating a new Retrohunt job, the confirmation dialog now correctly closes the dialog box and displays a loading state after clicking Create.
  • Fixed a subtle leftward “jump” when opening the drawer by delaying the rendering of the SearchBar until data has finished loading.
  • Added a template rule and improved the "rule" autocomplete to provide a concrete example of how to write a YARA rule.

• Filenames Containing # Triggering Drawer
  Navigating to a file whose name included a # symbol unintentionally opened the drawer.
  This is now resolved by switching to encodeURIComponent(), which correctly escapes hash characters inside search parameters.

• Viewing archived files

  • Users that have the permission to view files from the archive should be able to fetch the file content from the API

• Extended lifetime for imported bundles (#407)

  • Bundles imported via the UI are extended based on the provided time-to-live

• Exceptions shouldn't consume quota

  • Exceptions returned by the API shouldn't result in a consumption of your API quota

• Chat bot is more domain-focused

  • The chatbot should ignore queries not relevant to malware analysis or Assemblyline
  • This helps avoid users using Assemblyline as a proxy to an LLM to ask for anything

• Email identification

  • The YARA rule to determine document/email should be stricter to help with triage to email-based analysis services

• Fixed Updater using service_defaults.mounts configuration in Docker deployments (#400)

Changed

• Submit & Settings Code Review Enhancements
  Completed a comprehensive review of the Submit and Settings pages to identify improvements, remove redundant logic, and add unit tests for all related utility functions.

• Services Detail Input Change
  Service Detail page now uses the new Input components, ensuring a consistent visual appearance and interaction pattern across all fields.

• Refactored ListInputs Architecture
  All list-style inputs now follow the same architectural pattern as other inputs by using a shared PropProvider.
  This standardizes state handling across components, reduces edge-case bugs, and simplifies customizing shared input behavior.

• User attribution from SAML (#368)

  • SAML configuration now supports custom attribute fields to assign user information

Removed

• Deprecated SHA256 External Source Configuration
  Removed the legacy configuration field for defining external sources by SHA256 hash. This configuration was deprecated and unused across the platform.

• 404 Not Found Page
  Removed the Dead Link image from the Not Found page, as it was out of place.

• Deprecated ILM command in AL CLI (Discord)

  • Since Assemblyline has it's own management of Elastic indexes that doesn't involve Elastic's ILM policies, we've removed the deprecated fix_ilm command from the AL CLI

Dependencies

• React → v19.2.1 (from v19.1.0)
  Upgraded the application to React v19.2.1, benefiting from the latest features introduced in October.
  This version also patches the React2Shell remote code execution vulnerability.
  Assemblyline was not affected (as it does not use React Server Components), but upgrading eliminates any potential exposure.

• node-forge → v1.3.2
  Updated node-forge to a patched version that resolves a vulnerability allowing unauthenticated attackers to crash servers or clients performing TLS operations or certificate parsing.