Release notes 2.2.1

Highlights

EclecticIQ Platform 2.2.1 is a maintenance release containing a mix of maintenance bug fixes and features which were released with a patch release (2.2.0.1) including:

• Access control for observable in search and graph

This release requires a data migration to upgrade the platform to this maintenance release, take care of the following:

• Back up postgresql, neo4j, elasticsearch.

• Upgrade the platform.

• Restore the backed up databases.

Relevant documentation:

• https://docs.eclecticiq.com/display/LAT/Apply+a+maintenance+upgrade+CentOS#upgrade-third-party-dependencies

• https://docs.eclecticiq.com/display/LAT/Apply+a+maintenance+upgrade+RHEL#upgrade-third-party-dependencies

• https://docs.eclecticiq.com/display/LAT/Apply+a+maintenance+upgrade+Ubuntu#upgrade-third-party-dependencies

About versioning and platform upgrades

Platform versioning

EclecticIQ Platform versioning uses up to 4 digits separated by a dot (.)
Each digit holds semantic meaning based on its position in the version number reference format:

Example

While the first 3 digits are mandatory, the 4th digit may or may not be included in a release reference.
If a version does not include the 4th digit, it is the same as if the missing digit were zero (0).

Example

Referring to a hypothetical release 2.1.3 is the same as referring to release 2.1.3.0.

Upgrade paths

Starting from release 2.0.0, to upgrade EclecticIQ Platform x.x.x(.x) to the latest maintenance and patch releases, the platform instance to upgrade needs to be:

• Either on the same major and minor version;

• Or on the same major version and max one minor version behind.

Example

Upgrade path from release 2.0.x(.x) to 2.2.1:

Upgrade path from release 2.1.x(.x) to 2.2.1:

Further on in this section you can read a short recap of the main new features shipping with EclecticIQ Platform 2.2.1.

• For more details about enhancements and improvements, see What's changed below.

• For more details about bugs we fixed, see Important bug fixes below.

What’s changed

Keylines update

• KeyLines is the third party product that EclecticIQ Platform uses for the visualization of our graph functionality. Since there is a built in time lock for licenses expiring in 2018, an upgrade to the DRM license key was needed. In order to make this easier, we included the new DRM license key into the existing version 3.3.5. This is new DRM license key is valid until 2021. This change applies to platform release 2.0.0 and later.

Enhancements

In addition to the enhancements contained in the patch release, 2.2.1 release comes with the following:

• The SAML configuration section in the /etc/eclecticiq/platform_settings.py platform configuration file has the following new parameters:

  • SAML_REQUEST_USE_POST_BINDING: Boolean switch to enable/disable HTTP binding for POST requests.
    To enable HTTP binding for POST requests, set SAML_REQUEST_USE_POST_BINDING = True.

  • SAML_CONFIGURE_MODE: Boolean switch to show/hide the guided SAML configuration page.

To access a page with guidelines and debugging tools to help you configure SAML:

1. To enable SAML authentication, set the SAML_AUTH_ENABLED parameter to True:

   # Enables SAML authentication

   SAML_AUTH_ENABLED = True

2. To enter SAML configuration mode, add the SAML_CONFIGURE_MODE parameter to the SAML configuration section, and set it to True:

   # Enables SAML config mode

   SAML_CONFIGURE_MODE = True

   SAML_CONFIGURE_MODE = True enables the SAML configuration mode.
   SAML authentication is not available in the platform while the configuration mode is enabled.
   To exit the configuration mode and to make SAML authentication available, remove SAML_CONFIGURE_MODE from /etc/eclecticiq/platform_settings.py, or set it to False.

3. Go to https://${your-platform-instance-base-url}/private/saml/configure to display the guided SAML configuration page.
   It includes step-by-step instructions to guide you through all SAML-related parameters and variables.
   It generates the necessary platform metadata, and it enables live configuration updates.
   It also features a login test that prints data returned by the IDP (Identity Provider) to the terminal.

   • If SAML_AUTH_ENABLED is set to True, the Sign in with SAML button on the main sign-in page in the platform GUI is available.
     If SAML is set up and enabled for the platform, users can sign in with it.

   • If SAML_CONFIGURE_MODE is set to True, the Sign in with SAML button on the main sign-in page in the platform GUI is not available.
     If the SAML configuration mode is enabled, SAML is not available to users for sign-in.

   • After successfully setting up the SAML authentication mechanism, remove SAML_CONFIGURE_MODE from /etc/eclecticiq/platform_settings.py, or set it to False.

Guided SAML configuration page example
saml_live_configuration.html.j2 (sourced from EIQ platform-backend)

Important bug fixes

The following section gives an overview of the most important bug fixes to provide context and scope.

• Delivery of feed packages works as expected with basic authentication. ( 20978)

• The Ingested packages tab on the incoming feed detail pane does not hang and freeze if the feed has a very large number (millions) of packages in the ingested queue and running in the background.

• Pagination works as expected in the Incoming Feeds details page.

Known issues

• A user can create rules to access data sources that would normally be disallowed for that user. (16142)

• If a user manually adds a sighting to an entity as a characteristic – in the entity editor, under Characteristics, select Characteristic > Sighting – the manually added sighting is not counted in the Exposure view.

• If a user changes the title of an entity on the entity detail pane, title field, using the quick edit option , the title change is not reflected on the entity result view table under Browse, Production, Discovery, or Exposure.
  This is due to the Elasticsearch index requiring a few seconds to update, apply the change, and make it available to the UI.

• If a user changes or resets their password, they do not receive an email message to confirm the action.

• If a user creates an outgoing feed, runs it at least once to publish content, and then changes the feed transport type from one that pushes content – for example, Send email – to one that polls content – for example, TAXII poll – or vice versa, they receive an error message:
  Feed configuration error error in transport or content type
  It is still possible to edit the feed configuration, but it is not possible to run it successfully any longer.

• When an entity is loaded on the graph, the graph does not update entity data to reflect any changes applied to the entity while it is loaded on the graph.

• On the left side navigation bar, the UI button to allow user access to the graph is not available to users without the read-graph permission.

• In the UI, work-in-progress state and view state may sometimes not remember correctly user input or user actions.
  Therefore, when a user leaves a view and then goes back to it, they may lose any input data or any changes to applied to, for example, filters, sorting, or pagination.

• A user is not able to delete feeds containing large number (eg. 1 million) of entities.

• Workspace correlation in Entity Rules is very slow and gets killed with soft timeout limit.

• In Entity rules, filters only displays from the current screen.

• The summary of digest is not displayed properly as the text is truncated automatically.

• Wrong e rror Is displayed when wrong certificate is set in live configuration for the SAML tool .

• SAML login is displayed in the login screen if values are modified in live configuration.
  

• Test login throws an error if SAML_AUTH_ENABLED is not enabled.
  

Contact

For any questions, and to share your feedback about the documentation, contact us at [email protected] .

^ back to top