Headline
CVE-2023-35857: Release Notes :: SIREN DOCS
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
Breaking change
The deprecated route ${API_ROOT}/v1/acl/object-permissions/objects is now removed.
Siren Federate was bumped in the bundles to version 7.17.9-30.1. This version and later versions will no longer work with Java versions earlier than 17. If you have this Federate version, then you can either use the bundled JDK or download JDK for Java 17 and set a new environment variable called ES_JAVA_HOME.
This version will migrate all saved graph objects to a uuid based _id. If you have used the saved script _id property in your scripts, which was non-uuid based, you must adjust to the new migrated values. The new values will be logged during upgrade procedure.
Bug fixes
Fixed an issue where local filters on a visualization were getting applied to other visualizations in dashboard 360.
Fixed an issue with the entity table name header where it appeared differently to other headers.
Fixed a bug where cancelling the creation of a duplicate entity table caused the buttons to spin endlessly.
Fixed an issue with a dropdown where it was impossible to select the cluster name when trying to create remote Elasticsearch cluster.
Fixed a bug with the pie chart vizualisation where the tooltips were getting truncated when field names were very long.
Fixed an issue where the icon pack zip files were not getting uploaded when client side compression was enabled.
Fixed an issue where an error was thrown when cancelling and recreating an entity table.
Fixed a bug where restoring a backup of Elasticsearch on 12.x would throw an error when starting Siren Investigate.
Fixed a bug where the entity selector in the analytic table visualization wouldn’t show up when selecting the ip field.
Fixed an issue where the field format of parent searches were not inherited by the child searches.
Fixed an issue where the Siren API dashboard.getDashboardDataModelRootSearch threw an error when called from a dashboard with no associated search.
Fixed an issue where the sentinl alarms and reports were not getting deleted.
Graph browser bug fixes
Fixed an issue where entity tables without a configured time field could not be filtered with the timebar even if a time lens was setting a temporal field.
Fixed an issue where dragging a node would not respect the pointer position.
Fixed an issue where a nested group could cause the parent group size to increase too much.
Fixed an issue where multiple CTRL/CMD + click on a node was not toggling the selection.
Fixed a performance issue where the graph browser would take several seconds to load up with a large number of relations.
Fixed an issue where the select all checkbox was not triggering the automatic counts for simple relations.
Fixed an issue where the highlight of nodes could break when interacting with the graph during an expansion operation.
Fixed an issue where long labels on edges were not truncated.
Fixed a bug where saved graphs were not being cloned when cloning a dataspace.
Fixed an issue where removing a node during an animation could crash the application.
Fixed an issue where clicking a bar on a histogram card would not select the correct nodes.
Fixed a bug where the graph would not fit correctly when the nodes were expanded.
Fixed an issue where empty groups were not removed from the graph.
Improvements
The new flex layout is released in this version. For more information, please see the Flex layout dashboards section of the documentation.
The ES client of Siren API can now perform write actions to Elasticsearch.
Undo and redo operations can now be done on layouts and expansions.