github arkime/arkime v5.0.0-rc1
Version 5.0.0-rc1

latest releases: last-commit, v5.5.0, last-commit6...
pre-release12 months ago

Installation Instructions | 5.x Upgrade instructions | Copyright Notices | FAQ

A db.pl upgrade is required when upgrading.

✨ What's new ✨

BREAKING

  • #2297 s3Compression/simpleCompression now default to zstd
  • #2297 s3WriteGzip removed, use s3Compression=gzip
  • #2297 s3GapPacketPos defaults to TRUE
  • #2297 enablePacketDedup defaults to TRUE
  • #2299 authMode defaults to digest now
  • #2312 removed old v1 APIs
  • #2349 parliament password removed, must configure common auth via the UI before upgrading or manually in the config file see parliament and how do I upgrade to 5
  • #2402 WISE/tagger must now use http.request.FIELD/http.response.FIELD when referencing header defined with headers-http-request/headers-http-response
  • #2450 Centos 7 build no longers supports pfring
  • #2453 Increase simpleCompressionBlockSize default to 64000
  • #2299 #2308 Remove anonymous auth as the default

Release

  • #2448 zstd 1.5.5, nghttp2 1.57.0, maxmind 1.7.1, yara 4.2.3
  • #2448 node v18.18.2 - Centos 7, Ubuntu 18, Alpine use unofficial builds
  • #2447 support building on alpine

All

  • #2316 programs support same config file formats (ini/json/yaml) and retrieval (file, elasticsearch)
  • #2419 json/yaml config file formats now allow arrays instead of comma/semi separated
  • #2299 #2308 authMode setting added
  • #2299 #2408 #2463 added authMode: basic, form, basic+form, basic+oidc, headerOnly, header+digest (same as header), header+basic
  • #2387 notifiers for parliament and arkime merged conflicts mitigated by appending "Parliament" to parliament notifiers
  • #2396 drop privileges is now AFTER http(s) list

Capture

  • #2295 moloch converted to arkime
  • #2312 override ips can now set any field
  • #2312 overrideIpsFiles setting
  • #2314 packetDropIpsFiles setting
  • #2390 can have negative cert.validDays/cert.remainingDays (thanks @mcgillowen)
  • #2390 added cert.remainingSeconds/cert.remainingSeconds (thanks @mcgillowen)
  • #2390 cert.remainingDays is now based on the firstPacket of session instead of current time (thanks @mcgillowen)
  • #2409 JA4 support
  • #2409 JA3/JA4 support for smtp STARTTLS
  • #2297 always build zstd (except arch)

Cont3xt

  • #2121 new bulk UI and support for bulk queries
  • #2271 lots of keyboard shortcut improvements
  • #2383 new array syntax for links substitution
  • #2382 new OpenSearch/Elasticsearch integration (config file only)
  • #2441 new csv/json file/url/redis integration (config file only)
  • #2385 new viewRoles in config file per integration to control access
  • #2407 transfer ownership of resources
  • #2437 new csv/json data source supports
  • #2441 new redis data source support

ESProxy

Viewer

  • #2296 removed x-moloch-auth
  • #2392 files/history/stats now have cluster dropdown for multiviewer
  • #2402 http.request.FIELD and http.response.FIELD supported
  • #2404 add editor for resources
  • #2407 transfer ownership of resources
  • #2482 added uploadRoles to control who can upload

Parliament

  • #2377 dashboard-only mode removed, if you want users to just see the dashboard don't assign them the parliamentUser role
  • #2395 configuration is now stored in opensearch/elasticsearch

ℹ️ Download Info

We offer downloads for many different OS versions because of library differences. For example, use the el7 download for Centos 7 or RHEL 7. If you have a libssl version error, it is most likely that the wrong download was used for your OS. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2024

Don't miss a new arkime release

NewReleases is sending notifications on new releases.