6 July 2021
Time to upgrade
~15 minutes to upgrade an instance with 1 million entities.
Additional ~2 minutes to run pre-upgrade scripts for upgrading from 2.8.x and earlier.
Time to migrate
Table of contents
Update keylines.js package
The platform depends on a KeyLines license that expires on 30 July 2021.
This release extends that license and upgrades the KeyLines package from 5.7.0 to 5.10.3.
Users who do not upgrade their platform instances to the following versions will have parts of the platform stop working 6 weeks after 30 July 2021:
Important bug fixes
Cannot set up IMAP Email Fetcher feeds
Fixed issue where feeds using the IMAP Email Fetcher transport type could not be saved, displaying an “Unknown field” error in the UI.
When you configure the platform databases during a platform installation or upgrade, you must specify passwords for the databases.
Systemd splits log lines exceeding 2048 characters into 2 or more lines.
As a result, log lines exceeding 2048 characters become invalid JSON, causing Logstash to be unable to parse them correctly.
When more than 1000 entities are loaded on the graph, you cannot load related entities and observables by selecting Load entities, Load observables, or Load entities by observable from the context menu.
When creating groups in the graph, it is not possible to merge multiple groups into one.
If an ingestion process crashes while ingestion is still ongoing, data may not always sync to Elasticsearch.
Users can leverage rules to access groups that act as data sources, even if those users are not members of the groups they access through rules.
Running multiple outgoing feed tasks may cause the platform to consume a large amount of memory over time, because certain outgoing feeds such as HTTP download must load the data into memory in order to make it available to feed consumers.
Security issues and mitigations
To see a detailed list of security issues and their mitigations, go to All security issues and mitigations.
For more information about setting up repositories, refer to the installation documentation for your target operating system.
EclecticIQ Platform and dependencies for CentOS and RHEL
The platform dependencies URL for versions 2.9 and later is https://downloads.eclecticiq.com/platform-dependencies-centos-2.9/. It contains packages that are incompatible with versions 2.8 and earlier.
EclecticIQ Platform extensions
The following diagram describes the upgrade path you should take depending on the platform version you are upgrading from.
You can upgrade from version 2.9.1 of the platform to 2.9.3 directly,
To upgrade from 2.4.0 to 2.9.3, you must first upgrade to 2.5.0, then upgrade from 2.5.0 to 2.9.3.
When upgrading from 2.8.x and earlier to 2.9.x and later:
You must run the pre-upgrade script to allow it to work with Elasticsearch 7.9.1.
You must run the pre-upgrade script on the platform version you are upgrading from.
For example, when upgrading from 2.8.0 to 2.9.3, you must run the pre-upgrade script on the platform while it is running version 2.8.0.
From 2.5.0, the upgrades paths have been tested using the EclecticIQ Platform install script compiled by Rundoc.
The script only supports:
Single machine installs.
Instances installed using the platform install script.
and does not support platform instances installed in distributed environments.