CybercentreCanada/assemblyline v4.7.3.stable0

4.7.3.0

on GitHub

What’s Changed

This release improves analyst workflow efficiency, reduces confusion in specialized submission paths, and strengthens overall frontend reliability and package hygiene.

• Improved Sandbox Result Section
  Sandbox Result Section is now easier to refine, with improved filtering behavior that supports more flexible investigation workflows.

• AI Code Analysis Coverage
  AI Code Analysis now applies to plaintext file, extending visibility into files that were previously outside the code type.

• Clearer URI Detail Experience
  Non-admin users no longer see the File Viewer link button for synthetic URI submissions, reducing confusion around views that do not expose meaningful file content.

• Improved Session Recovery
  Authentication edge cases caused by stale session state now recover more cleanly by returning users to login instead of leaving them on a locked screen.

• More Reliable Result Navigation
  Find related results action for safelisted tags now behaves correctly to avoid the likelihood of empty search results.

• Security and Maintenance Improvements
  Package intake controls have been strengthened to reduce supply chain risk, and several frontend dependencies have been updated as part of routine maintenance.

Added

• Add plaintext support to AI Code Analysis
  Extended the AI Code Analysis pane in the File Viewer to support text/plain content in addition to code/*.

Changed

• Enhance Sandbox filtering
  Updated Sandbox Result filtering controls to support bidirectional filtering and multi-value selection.

• Enforce minimum package release age during npm installs
  Added npm config set minimum-release-age 3 to the package.json to introduce a quarantine period for newly published packages and reduce exposure to short-lived supply chain attacks.

• Suppress URI file viewer action for non-admin users
  Removed the File Viewer link button for non-admin users on synthetic URI file entries, since those entries do not expose meaningful file content.

• Sync MalwareConfig ontology with MACO model

• Request Full Submission Tree (without de-duplication) (Python, API, Python Client)
  This allows clients to request the full file tree in its response (using get_full_file_tree=True) and will preserve duplicate files found during analysis relative to the submission

Fixed

• Handle stale XSRF state during authentication failures
  Fixed a session-handling issue where stale XSRF state could incorrectly route users to the locked page. The UI now clears sessionStorage and redirects to the login flow when this condition is detected.

• Use safelisted_tags for viewing related results on safelisted tags
  Corrected ActionMenu query generation so "Find related results" uses safelisted_tags instead of tags for safelisted values, preventing empty result sets.

• Apply coreServiceAccountName to serviceAccount pod spec for persistent Redis

• Allow userinfo to be empty in URI tags

• Automated alert triage via Workflow should operate based on the oldest alert

• Lock down version of Werkzeug
  Fixes an issue seen with dependency containers that use Flask as the backend framework

• Improve experience with Git-based Update Sources
  This fixes an internal issue where a shared variable controls the caching and status updates of multiple sources

• Fixed SAML Authentication process
  Fixing an issue with the authentication process where the SAML authentication was being stuck on the loading page because it wasn't part of the renderedApp state detection.

Dependencies

• dompurify → v3.3.2 (from v3.2.5)

• lodash → v4.18.1 (from v4.17.23)

• node-forge → v1.4.0 (from v1.3.3)

• vite → v6.4.2 (from v6.4.1)