Release Notes
| You must upgrade to version 13.1 or later by April 30, 2023. After this date, earlier versions will completely lose graph functionality. |
13.0.1
Bug fixes
-
Fixed a regression that caused long numbers to not render properly even when the support for long numbers is enabled in Advanced Settings through the
siren:support-large-numbersproperty. -
Fixed an issue that prevented users from adding child searches to Dashboard 360 graph builder.
-
Fixed a bug in sirenapi where a chart’s click handler would set the incorrect value to indicate which part of the chart was clicked.
-
Fixed a bug in sentinl that caused the to and from fields for email actions to not save correctly.
-
Fixed a bug that caused duplicate network requests to be sent when navigating to dashboards.
-
Fixed a bug that prevented the nested search selector panel being resized and repositioned by dragging.
-
Fixed an issue that prevented the global search panel reopening after dragging and dropping a record on a dashboard.
-
Fixed an issue on 360 dashboards that caused filters to be excluded from count queries in certain scenarios and the incorrect count to show.
-
Fixed an issue that caused the input control visualization to exclude the Include hours/minutes option in created filter labels.
-
Fixed a bug that did not save the dashboard selection when the graph browser configuration is edited.
-
Fixed an issue that made the death screen appear when opening graph browser with the expansion tab active.
-
Fixed a bug where nodes created by the node-to-edge lens were not being removed when disabling the lens.
-
Fixed an issue where a positive filter was being created when selecting the 'missing' bucket in the Tag Cloud visualization.
-
Fixed an issue with CSV exports that caused fields with a comma to export as two fields.
-
Fixed a bug that showed an empty table in the selection table when no fields are selected in the data model.
Improvements
-
Improved an error message when the max number of buckets limit gets hit by possibly misconfigured aggregation.
-
Added the capability to add a custom name for the aggregation layer in Enhanced coordinate map visualization.
-
Moved dataspace ACL permission settings to a dedicated section.
-
Updated jquery package dependency from v3.6.0 to v3.6.3
13.0.0
Breaking Changes
Elasticsearch compatibility
| Compatibility with versions of Elasticsearch 7.6.2 and earlier is removed. Before you upgrade Siren Investigate, upgrade Elasticsearch to version 7.10.2 or later and upgrade Siren Federate to a compatible release. |
This version of Siren Investigate introduces support for Elasticsearch 8.x releases with Elastic Stack Security for which a compatible version of Siren Federate exists.
In Elasticsearch 8, documents returned from search requests do not contain the _type field anymore. References to _type cause the field to be undefined. Remove _type references in the following:
-
Investigate scripts
-
Angular templates
-
Web service plugins
-
Custom plugins
-
Graph Browser lens scripts
Graph Browser lenses
In custom lens scripts:
-
The helper function
executeEsSearchignores thetypeargument. -
If you use the helper function
executeEsMget, remove_typereferences in the request payload.
Since Investigate still provides support for Elasticsearch 7.x , it considers a source field named _type in an Elasticsearch 8 document as a meta field.
Security fixes
-
The TLSv1 and TLSv1.1 protocols are no longer supported by Investigate.
-
The following weak ciphers are now blocked: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA
-
Upgraded Node.js to version 16.18.1 to address CVE-2022-43548. For the full list of fixes, see the 16.18.1 changelog.
-
Fixed CVE-2022-47543. Modification of non-dataspaced objects is now restricted to admins only.
-
Fixed CVE-2022-47544. Script editing is now restricted to admins only.
New features
-
Added the ability to manually create and configure aggregated relations in the Graph Browser instead of automatically finding all possible combinations.
-
Replaced the Graph Browser Sidebar selection table with a react EUI table.
-
Added a context menu to columns in the Graph Browser selection table.
Bug fixes
-
Cloning a dashboard that uses a sub-search no longer causes some of the filters of the sub-search to appear.
-
Fixed a bug where the button to switch filter modes was not changing to the UI view if the query was complex. Added a modal with an explanation for the user.
-
Fixed a bug that caused the range slider position to not update after a new upper or lower bound was entered in the text box.
-
The year selector in the datepicker is now scrollable.
-
Fixed a visual bug that caused a line in the line chart to appear very thick.
-
The Advanced Settings input fields now accept 0 as a valid value.
-
Fixed a bug that caused multiple confirm messages when the user logs out.
-
Fixed a bug that caused the success message to be shown when the user cancelled a save operation.
-
Fixed a bug where some graph browser nodes that could not expand caused a failed request to Elasticsearch.
-
Fixed a bug where scroll search was called without index parameter, which in certain situations could cause migrations to fail.
-
Fixed an issue about missing dependency that didn’t allow the i18n extract scripts to run successfully.