Release notes 2.9.1


EclecticIQ Platform

Release version


Release date

27 Jan 2021


Patch release

Upgrade impact


Time to upgrade

~20 minutes to upgrade

  • From the previous release

  • Using the installation script

  • For an instance running on one machine.

Time to migrate

  • PostgreSQL database: ~1 minute per million entities

  • Elasticsearch database: ~1 minute per million entities

  • Neo4j database: ~1 minute per million entities.

EclecticIQ Platform 2.9.1 is a patch release. It contains bug fixes.

  • For more information about new features, improvements, enhancements, deprecated features and components, and bug fixes we made available with release 2.9.0, see Release notes 2.9.0.

  • For more information about upgrading Elasticsearch to version 7.9.1, see Upgrade below.

  • For more information about enhancements and improvements, see What's changed below.

  • For more information about bugs we fixed, see Important bug fixes below.

  • For more information about security issues we addressed, see Security issues and mitigation actions below.


Follow the links below to download installable packages for EclecticIQ Platform 2.9.1 and its dependencies.
For more information about setting up repositories, refer to the installation documentation for your target operating system.

EclecticIQ Platform and dependencies
for CentOS and RHEL

EclecticIQ Platform extensions

In this release, the repository storing the platform dependency packages has been renamed from platform-dependencies-centos to platform-dependencies-centos-2.9.
Check the platform_deps_path variable and update its value accordingly, if necessary.

For more information, see Set up the repositories for CentOS and Set up the repositories for RHEL.


If you upgrade to EclecticIQ Platform 2.9.1 from an earlier platform release, you must first run a pre-upgrade script in your current, not upgraded platform instance to prepare it to upgrade Elasticsearch to version 7.9.1, and to work correctly with Elasticsearch 7.x indices.
After successfully completing this preliminary procedure, you can start upgrading the platform to release 2.9.1.

If you skip this preliminary step, Elasticsearch 7.9.1 will not work as expected.

Upgrade paths from release 2.0.x(.x) to 2.9.1:

EclecticIQ Platform upgrade paths to release 2.9.1

From release 2.5.0, the upgrades paths are tested using the EclecticIQ Platform install script compiled by Rundoc.

The script does not yet support upgrading the platform in a distributed environment.
As of now, it can only upgrade a platform instance that:

  • Runs on a single machine.

  • Was installed using the platform install script.

What's changed


Elasticsearch 6.8 end of life is November 20th 2020.
To have access to Elasticsearch product updates and security patches after this date, EclecticIQ Platform 2.9.0 and 2.9.1 include an upgrade to Elasticsearch 7.9.1.
As a result, Elasticsearch versions earlier than 6.8.0 and Elasticsearch index versions earlier than 6.0.0 are no longer supported.

For more information about the Elasticsearch upgrade to version 7.9.1, see Prepare upgrading to Elasticsearch 7 for CentOS and Prepare upgrading to Elasticsearch 7 for RHEL.

Deprecated operating systems

As of release 2.9.0, support for the following operating systems is deprecated:

  • CentOS 7.8 (2003)

  • CentOS 7.7 (1908)

  • CentOS 7.6 (1810)

  • Red Hat Enterprise Linux 7.8

  • Red Hat Enterprise Linux 7.7

  • Red Hat Enterprise Linux 7.6

  • Ubuntu Server 16.04 Xenial Xerus

CentOS 7.6 (1810), 7.7 (1908), and 7.8 (2003), and Red Hat Enterprise Linux 7.6, 7.7, and 7.8 are compatible with release 2.9.x.
However, they are not supported.

Ubuntu Server is no longer supported.

The following operating systems are supported:

Important bug fixes

This section is not an exhaustive list of all the important bug fixes we shipped with this release.

  • We addressed a bug affecting entities exported as STIX 1.2.
    When exporting an entity as STIX 1.2:

    • If the exported entity includes relations with another entity;

    • And if the related entity had multiple versions;

    • The exported STIX 1.2 entity would include additional redundant external references to unresolved idrefs pointing to each version of the related entity.
      This would produce a noisy exported entity with multiple relations to multiple unresolved entities.

    Now the export of such an entity produces a STIX 1.2. entity that includes a relationship to the latest version only of the related entity.

  • We fixed an issue that affected data exchange between two platform instances.
    Sending entities in the thousands from a source platform to a receiving platform using TAXII 1.1 poll as a transport type, and EclecticIQ JSON as a content type would not complete successfully, and it would return a server error.
    Now it is possible to successfully exchange data between two platform instances using TAXII 1.1 poll as a transport type, and EclecticIQ JSON as a content type, without producing server errors.

  • In release 2.9.0 only, triggering one or more enrichers while one or more ingestion tasks are running would cause both the enricher and the ingestion tasks to fail.
    We addressed this issue by assigning ingestion triggering and enrichment triggering to dedicated tasks. Now enrichment can run only after the ingested entity data is committed to the database and the transaction is completed.
    This avoids race conditions at database level, which is the reason why the tasks would fail.

  • The guided SAML configuration section for system administrators would crash and return a server error upon reloading it.
    Now it is possible to edit SAML configuration options and reload the guided SAML configuration view to make the changes effective, without server errors.

  • It would not be possible to configure eclecticiq-statsite to support basic authentication.
    From this release, we include basic authentication in the eclecticiq-statsite configuration options.

  • When users sign in to the platform, the platform issues a session token to uniquely identify signed-in users.
    The /auth and /new_auth_token API authorization endpoints would issue JWT session tokens with an incorrect expires_at timestamp.
    Since JWT session token expiration depends on a different field in the backend, this does not affect the actual expiration time of an issued token.
    Now the platform correctly assigns the expires_at field the timestamp from the actual field that the backend uses to calculate token expiration.

Known issues

  • When you configure the platform databases during a platform installation or upgrade procedure, you must specify passwords for the databases.
    Choose passwords containing only alphanumeric characters (A-Z, a-z, 0-9).
    Do not include any non-alphanumeric or special characters in the password value.

  • Systemd splits log lines exceeding 2048 characters into 2 or more lines.
    As a result, log lines exceeding 2048 characters become invalid JSON.
    Therefore, Logstash is unable to correctly parse them.

  • When more than 1000 entities are loaded on the graph, it is not possible to load related entities and observables by right-clicking an entity on the graph, and then by selecting Load entities Load observables, or Load entities by observable

  • When creating groups in the graph, it is not possible to merge multiple groups to one.

  • In case of an ingestion process crash while ingestion is still ongoing, data may not always sync to Elasticsearch.

  • Users can leverage rules to access groups that act as data sources, even if those users are not members of the groups they access through rules.

  • Between consecutive outgoing feed tasks, the platform may increase resource usage.
    This may produce very high memory consumption over time.

Security issues and mitigation actions

The following table lists known security issues, their severity, and the corresponding mitigation actions.
The state of an issue indicates whether a bug is still open, or if it was fixed in this release.

For more information, see All security issues and mitigation actions for a complete and up-to-date overview of open and fixed security issues.


For any questions, and to share your feedback about the documentation, contact us at [email protected] .

^ back to top