What’s Changed
NOTE: This release also contains a security-related fix to avoid credentials being leaked when using Git-based update sources. We advise rebuilding services under this release.
This release mainly contains a series of bugfixes pertaining to the API.
Compiled YARA Identication
- This can help avoid FPs that can arise due to misidentification
Imported Bundle Lifetime Extension
- Bundles imported through the UI should now live for as long as the
ttlis specified
GPT-5 support
- Assemblyline should be able to work with GPT-5 and -o models and expect to get a speedy response just like prior versions
- This will involve including
reasoning_effort: lowin your options configuration
- This will involve including
Classification Assurance
- If you cycle between profiles when submitting through the UI, the classification value should not change
Support for GHCR services
- Thanks to @mback2k, we now support fetching service images from GitHub's Container Registry (
ghcr.io)
Better Authentication Support
- If your deployment doesn't use OAuth, then the UI shouldn't crash when trying to login
- If a proxy is between your client and the system, the system should account for that properly when building the session.
Added
Changed
- Pull version information from the environment when present
- Submission classification shouldn't change when pivoting between profiles
Fixed
- Account for cases where X-Forwarded-For header includes proxy list (Discord)
- IP filtering can hide OAuth from users so the frontend should handle null values without crashing (Discord)
- Extract the dtl from the ui_params section of the payload to extend imported bundles (#407)