Breaking changes
- TheHive alerter refactoring - #142 - @ferozsalam
- See the updated documentation for changes required to alert formatting
- Dockerfile refactor for performance and size improvements - #102 - @jgregmac
- Dockerfile base image changed from
python/alpinetopython/slim-busterto take advantage of pre-build python wheels, accelerate build times, and reduce image size. If you have customized an image, based on jertel/elastalert2, you may need to make adjustments. - Default base path changed to
/opt/elastalertin the Dockerfile and in Helm charts. Update your volume binds accordingly. - Dockerfile now runs as a non-root user "elastalert". Ensure your volumes are accessible by this non-root user.
- System packages removed from the Dockerfile: All dev packages, cargo, libmagic. Image size reduced to 250Mb.
tmpfiles and dev packages removed from the final container image.
- Dockerfile base image changed from
New features
- Support for multiple rules directories and fix
..dataKubernetes/Openshift recursive directories in FileRulesLoader #157 - @mrfroggg - Support environment variable substition in yaml files - #149 - @archfz
- Update schema.yaml and enhance documentation for Email alerter - #144 - @nsano-rururu
- Default Email alerter to use port 25, and require http_post_url for HTTP Post alerter - #143 - @nsano-rururu
- Support extra message features for Slack and Mattermost - #140 - @nsano-rururu
- Support a footer in alert text - #133 - @nsano-rururu
- Added support for alerting via Amazon Simple Email System (SES) - #105 - @nsano-rururu
Other changes
- Begin alerter refactoring to split large source code files into smaller files - #161 - @ferozsalam
- Update contribution guidelines with additional instructions for local testing - #147, #148 - @ferozsalam
- Add more unit test coverage - #108 - @nsano-rururu
- Update documentation: describe limit_execution, correct alerters list - #107 - @fberrez
- Fix issue with testing alerts that contain Jinja templates - #101 - @jertel
- Updated all references of Elastalert to use the mixed case ElastAlert, as that is the most prevalent formatting found in the documentation.