2024.03.05 Release Note

March early release comes with a major new access control feature: Access Filters, together with various UX improvements and bug fixes.

Upgrade risk

info

• No compatibility issue 👍
• No breaking changes 👍

Key changes

• Restrict data access with Access Filters feature
• UX improvement: Breadcrumb now remembers active tab
• ⚠️ Security fix: prevent privilege escalation on Whisperer access

How to upgrade

1. Pull new Helm chart 2.13 from repository
2. Adjust global.version field value to 2024.03.05 in your values.yaml
3. Deploy

tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

Component	Version	Docker tag
Helm chart	2.13	-
Analysis UI	10.4	2024.03.05
Controllers	1.2	2024.03.05
Whisperers	6.1	2024.03.05
Back office	-	2024.03.05
Login UI	-	2024.03.05
Monitoring UI	-	2024.03.05

Dependencies

These components are set up in the correct versions by the Helm chart:

Dependency	Version	Docker tag
Elastic stack	7.17.4	7.17.4
Redis	7	7-alpine
Traefik	2.11	2.11

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party software	Version
Helm	3.14
Kube	1.24 - 1.28

List of changes

Helm chart

✨ New features
⚙️ Improvements	Improve developer experience for local development when mounting source folders Reduce filebeat & metricbeat daemonsets resources requests and limits, as well as init containers ones
🐞 Bug fixes

Analysis UI

✨ New features	Access filters - Allow limited scope accounts restricting the subset of data accessible by a user
⚙️ Improvements	User Profile - Controllers access tab - Add the '*' option in the namespace selection Breadcrumb - When selecting an history in the breadcrumb, it now opens the resource AND the tab that was opened then Whisperer selection pop-over - New tooltip on checkboxes to indicate how to select many Whisperers at once Menu - Rework UI of filters folds for better understanding
🐞 Bug fixes	User profile - Teams, Controllers and Whisperers tabs - Weird behavior when selecting access over a long list User profile - Clear password input when selecting LDAP access

Controllers

✨ New features
⚙️ Improvements
🐞 Bug fixes

Whisperers

✨ New features
⚙️ Improvements
🐞 Bug fixes

Back office

✨ New features	Access filters - Manage and understand access filters to restrict access by injecting queries or adding permissions
⚙️ Improvements	Teams - When removing a Whisperer, it is removed from users and access filters list Teams - When removing a User, it is removed from access filters list Teams - Check schema on PATCH
🐞 Bug fixes	⚠️ Security fix - Users and Team members had the possibility to add any Whisperer in the Whisperers access list. It could not be exploited on UI, but could give access to another one data through REST API calls.

Login UI

✨ New features
⚙️ Improvements	Fixed bottom links URLs targets
🐞 Bug fixes

Monitoring UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Online documentation

• Updated with latest features 👍

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

• Team PATCH /{id} API description updated
• Team schema updated with access filters

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they may leave unattended indices that you have to remove manually.

Index	Description	Migration