Merge pull request #1002 from gravwell/dev

Dev->master
gravwell · May 24, 2024 · 67e9671 · 67e9671
2 parents 26fccbf + 1574a51
commit 67e9671
Show file tree

Hide file tree

Showing 11 changed files with 152 additions and 36 deletions.
diff --git a/_static/versions.json b/_static/versions.json
@@ -1,10 +1,14 @@
 [
   {
-    "name": "v5.4.8 (latest)",
-    "version": "v5.4.8",
+    "name": "v5.4.9 (latest)",
+    "version": "v5.4.9",
     "url": "https://docs.gravwell.io/",
     "preferred": true
   },
+  {
+    "version": "v5.4.8",
+    "url": "https://docs.gravwell.io/v5.4.8/"
+  },
   {
     "version": "v5.4.7",
     "url": "https://docs.gravwell.io/v5.4.7/"

diff --git a/changelog/5.4.9.md b/changelog/5.4.9.md
@@ -0,0 +1,14 @@
+# Changelog for version 5.4.9
+
+## Released 24 May 2024
+
+## Gravwell
+
+### Bug Fixes
+
+* Fixed an issue where scratch directories would not be cleaned up during initialization.
+* Fixed an issue where the webserver would crash if a module with optimized collapsing was invoked manually. 
+* Fixed an issue where a large number of scheduled searches would cause the browser to hang.
+* Fixed an issue with TLS certificate validation that occurred when a port number was appended in the dial string.
+* Fixed an issue with cached assets that could cause failure to load resources such as font icons immediately after an upgrade. 
+* Fixed an issue with a text input that failed to display the full text during kit deployment.
diff --git a/changelog/list.md b/changelog/list.md
@@ -7,7 +7,7 @@
 maxdepth: 1
 caption: Current Release
 ---
-5.4.8 <5.4.8>
+5.4.9 <5.4.9>
 ```
 
 ## Previous Versions
@@ -18,6 +18,7 @@ maxdepth: 1
 caption: Previous Releases
 ---
 
+5.4.8 <5.4.8>
 5.4.7 <5.4.7>
 5.4.6 <5.4.6>
 5.4.5 <5.4.5>

diff --git a/conf.py b/conf.py
@@ -21,7 +21,7 @@
 project = "Gravwell"
 copyright = f"Gravwell, Inc. {date.today().year}"
 author = "Gravwell, Inc."
-release = "v5.4.8"
+release = "v5.4.9"
 
 # -- General configuration ---------------------------------------------------
 # https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration

diff --git a/configuration/sso-hash-algo.png b/configuration/sso-hash-algo.png
diff --git a/configuration/sso.md b/configuration/sso.md
@@ -91,6 +91,14 @@ If, however, Gravwell is using self-signed certificates, you must manually downl
 
 On the next page of the wizard, you will be prompted to set a display name. "Gravwell" or something similar would be fine. In the further pages of the wizard, you should be able to leave the defaults.
 
+#### Change Hash Algorithm
+
+At this time, Gravwell's SAML implementation requires SHA-1 signatures, but Windows AD FS defaults to SHA-256. Open the properties dialog for the newly-created relying party, select the Advanced tab, and change the hash algorithm to SHA-1:
+
+![](sso-hash-algo.png)
+
+If you forget to make this change, upon attempting to log in you will see a "Forbidden" page. The Gravwell webserver stderr file at `/dev/shm/gravwell_webserver.service` will contain an error message from the SAML library with the status `urn:oasis:names:tc:SAML:2.0:status:Responder` indicating that the responder (AD FS) experienced a problem. If you see these symptoms, double-check the hash algorithm in AD FS.
+
 ### Edit Claims Issuance Policy for Relying Party
 
 You must now add a few claims issuance transform rules to the relying policy. Select "Edit Claim Issuance Policy" for the newly-created relying party:

diff --git a/ingesters/win_file_follow.md b/ingesters/win_file_follow.md
@@ -14,7 +14,7 @@ Download the Gravwell Windows File Follower installer:
 
 | Ingester Name | Installer    | More Info |
 | :------------ | :----------- | :-------- |
-| Windows File Follower | <a data-bs-custom-class="hash-popover" href="https://update.gravwell.io/archive/5.4.8/installers/gravwell_file_follow_5.4.8.4.msi">Download <i class="fa-solid fa-download"></i></a>&nbsp;&nbsp;&nbsp;<a data-bs-custom-class="hash-popover" href="javascript:void(0);" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-html="true" data-bs-content='<code class="docutils literal notranslate"><span class="pre">3a8ea163d5b1fb0a5458668cf0d05d85e8703972cd860b63673bddb5735350ab</span></code>'>(SHA256)</a> | [Documentation](/ingesters/win_file_follow) |
+| Windows File Follower | <a data-bs-custom-class="hash-popover" href="https://update.gravwell.io/archive/5.4.9/installers/gravwell_file_follow_5.4.9.2.msi">Download <i class="fa-solid fa-download"></i></a>&nbsp;&nbsp;&nbsp;<a data-bs-custom-class="hash-popover" href="javascript:void(0);" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-html="true" data-bs-content='<code class="docutils literal notranslate"><span class="pre">da18e25e8f232cf2466f32e1f88636f65ca493d81df0b14e26025ce7bcb1c504</span></code>'>(SHA256)</a> | [Documentation](/ingesters/win_file_follow) |
 
 The Gravwell Windows file follower is installed using a signed MSI package.  Gravwell signs both the Windows executable and MSI installer with our private key pairs, but depending on download volumes, you may see a warning about the MSI being untrusted.  This is due to the way Microsoft "weighs" files.   Basically, as they see more people download and install a given package, it becomes more trustworthy.  Don't worry though, we have a well audited build pipeline and we sign every package.
 

diff --git a/ingesters/winevent.md b/ingesters/winevent.md
@@ -49,7 +49,7 @@ Download the Gravwell Windows Events installer:
 
 | Ingester Name | Installer    | More Info |
 | :------------ | :----------- | :-------- |
-| Windows Events | <a data-bs-custom-class="hash-popover" href="https://update.gravwell.io/archive/5.4.8/installers/gravwell_win_events_5.4.8.4.msi">Download <i class="fa-solid fa-download"></i></a>&nbsp;&nbsp;&nbsp;<a data-bs-custom-class="hash-popover" href="javascript:void(0);" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-html="true" data-bs-content='<code class="docutils literal notranslate"><span class="pre">b69061305cbe2e0fa349cdcd2c61c228d2527d9c549cf1afa487cfcca1ea9b2c</span></code>'>(SHA256)</a> | [Documentation](/ingesters/winevent) |
+| Windows Events | <a data-bs-custom-class="hash-popover" href="https://update.gravwell.io/archive/5.4.9/installers/gravwell_win_events_5.4.9.2.msi">Download <i class="fa-solid fa-download"></i></a>&nbsp;&nbsp;&nbsp;<a data-bs-custom-class="hash-popover" href="javascript:void(0);" data-bs-toggle="popover" data-bs-placement="bottom" data-bs-html="true" data-bs-content='<code class="docutils literal notranslate"><span class="pre">4d83f25992c9daee940b7c3853f1dd55ad8f7db9af6da8038ed1c21a4b422e16</span></code>'>(SHA256)</a> | [Documentation](/ingesters/winevent) |
 
 Run the .msi installation wizard to install the Gravwell events service.  On first installation the installation wizard will prompt to configure the indexer endpoint and ingest secret.  Subsequent installations and/or upgrades will identify a resident configuration file and will not prompt.