Malcolm v5.0.3 is a patch release with a few minor bug fixes and improvements to Zeek detection of CVE-2021-44228 ("Log4Shell" Log4J vulnerability).
- build with latest zeek/spicy-ldap release (dpd-based detection rather than just port-based)
- build with latest corelight/cve-2021-44228 release
- fix idaholab#69 (zeek resists shutdown on sensor during halt/reboot)
- bump OpenSearch to v1.2.2 which has log4j 2.16
- added convenience script for working with GitHub workflow-built images
Malcolm and Hedgehog Linux may be obtained by pulling or building the Docker images and/or building the ISO installer images as described in the documentation. Unofficial ISO installer images for Malcolm and Hedgehog Linux are not hosted on GitHub, but may be downloaded from https://malcolm.fyi/download/.