2024.10.20 Release Note
· 5 min read
October release comes with 1 major feature and various bug fixes:
- Spider now captures TLS secrets live and deciphers TLS encrypted communications: HTTPS, MQTTS, secured DB connections...
Upgrade risk
info
- No compatibility issue 👍
warning
- Breaking change - This version requires that you add a
gocipher
block in yourvalues.yaml
Key changes
How to upgrade
- Use Helm chart
4.1.0
from repository - Adjust
global.version
field value to2024.10.20
in your values.yaml - Add a
gocipher
block at the root of yourvalues.yaml
- It requires a KeyPair for authentication of local-gocipher. Instructions: Generating a key pair with OpenSSL
gocipher:
createLocalGocipher: true #switch to 'false' after installation when using ArgoCD
privateKey: '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQ ... MjqWemsmi6d/ZxUpFM\n-----END RSA PRIVATE KEY-----'
publicKey: '-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFA ... +c7k4snx\noQIDAQAB\n-----END PUBLIC KEY-----'
- Deploy
tip
See Reference documentation for details.
Versions
Spider
New versions of Spider components:
Component | Version | Docker tag |
---|---|---|
Helm chart | 4.1.0 | - |
Analysis UI | 11.0 | 2024.10.20 |
Controllers | 1.5 | 2024.10.20 |
Gossipers | 7.1 | 2024.10.20 |
Gociphers | 1.0 | 2024.10.20 |
Back office | - | 2024.10.20 |
Login UI | - | 2024.10.20 |
Monitoring UI | - | 2024.10.20 |
Dependencies
These components are set up in the correct versions by the Helm chart:
Dependency | Version | Docker tag |
---|---|---|
Elastic stack | 7.17.4 | 7.17.4 |
Redis | 7 | 7-alpine |
Traefik | 2.11 | 2.11 |
Compatibility
Spider has been successfully tested under these versions of dependencies:
3rd party software | Version |
---|---|
Helm | 3.14 |
Kube | 1.24 - 1.28 |
List of changes
Helm chart
✨ New features |
|
---|---|
⚙️ Improvements |
|
🐞 Bug fixes |
Analysis UI
✨ New features |
|
---|---|
⚙️ Improvements |
|
🐞 Bug fixes |
|
Controllers
✨ New features |
|
---|---|
⚙️ Improvements | |
🐞 Bug fixes |
Gossipers (Whisperers)
✨ New features |
|
---|---|
⚙️ Improvements | |
🐞 Bug fixes |
Gociphers
✨ New features |
|
---|---|
⚙️ Improvements | |
🐞 Bug fixes |
Back office
✨ New features |
|
---|---|
⚙️ Improvements | |
🐞 Bug fixes |
|
Login UI
✨ New features | |
---|---|
⚙️ Improvements | |
🐞 Bug fixes |
Monitoring UI
✨ New features |
|
---|---|
⚙️ Improvements |
|
🐞 Bug fixes |
|
Online documentation
Updated parts:
- Helmchart reference
- Installing Gociphers
- Features list
- PcapNG export in TCP tabs
- TLS captured data
- Microservices default configurations
- TLS tab in Whisperer details
- Gociphers tab in User profiles
- Deprecate Whisperers agent
- Remove second parsing step
- Monitoring screens: Gociphers, Parsing, Summary
- OpenAPI of new services and updated service
API impacts
note
This section informs about any impact on Spider API, so you may adjust your scripts.
Only new APIs or new fields.
Data impacts
note
The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they may leave unattended indices that you have to remove manually.
Index | Description | Migration |
---|---|---|
Ciphers | New index | N/A |
Ciphers status | New index | N/A |
HttpComs | New field indexed: stats.withTLS | N/A |