Skip to main content

2024.11.23 Release Note

· 4 min read

November release comes with enhancements on TLS Deciphering, such as TLS 1.2 deciphering, various and bug fixes.

Upgrade risk

info
  • No compatibility issue 👍
  • No breaking changes 👍

Key changes

How to upgrade

  1. Use Helm chart 4.2.0 from repository
  2. Adjust global.version field value to 2024.11.23 in your values.yaml
  3. Deploy
tip

See Reference documentation for details.

Versions

Spider

New versions of Spider components:

ComponentVersionDocker tag
Helm chart4.2.0-
Analysis UI11.2.02024.11.23
Controllers1.5.22024.11.23
Gossipers7.1.42024.11.23
Gociphers1.3.22024.11.23
Back office-2024.11.23
Login UI-2024.11.23
Monitoring UI-2024.11.23

Dependencies

These components are set up in the correct versions by the Helm chart:

DependencyVersionDocker tag
Elastic stack7.17.47.17.4
Redis77-alpine
Traefik2.112.11

Compatibility

Spider has been successfully tested under these versions of dependencies:

3rd party softwareVersion
Helm3.14
Kube1.24 - 1.29

List of changes

Helm chart

✨ New features
  • Purge Cipher statuses older than 7d
⚙️ Improvements
🐞 Bug fixes

Analysis UI

✨ New features
  • Tcp content - Deciphering of TLS 1.2
  • Tcp global tab - Display TLS version and key information
⚙️ Improvements
  • Http global tab - Timeline adjusts when request and response overlap, as during TLS handshake
  • Http headers tab - Add JWT header in decoded token JSON view
  • Http Diff tab - Add JWT header in decoded token
  • Better report of TLS target discovery in targets lists
  • Parsing of TLS 1.2 handshakes extensions, more safeguards in extensions parsing errors
🐞 Bug fixes
  • Fixed deciphering of TLS1.3 enciphered with Chacha20

Controllers

✨ New features
⚙️ Improvements
🐞 Bug fixes
  • Fix - Reset state done every 5 minutes was not resetting the DNS and Whisperers lists, leading to Ghosts containers in Gociphers.
  • Fix - HostAliases name resolution is kept when DNS is reset
  • Fix - On POD creation, the ADDED event does not contain HostIp and Containers. They were only retrieved on state refresh. These critical information for Gociphers are now also fetched from Kube MODIFIED events.

Gossipers (Whisperers)

✨ New features
⚙️ Improvements
  • Manage v3 of AF_PACKET metrics to report counts of captured and dropped packets
🐞 Bug fixes
  • Do not check for attachments when configuration (and token) is not loaded from server.

Gociphers

✨ New features
  • Manage TLS 1.2 recommended ciphers
  • Extract Encrypt-Then-Mac flags from TLS sessions in TLS 1.2
⚙️ Improvements
  • More information is sent back to the backend regarding the observability phase
🐞 Bug fixes

Back office

✨ New features
  • Decode TLS 1.2 for Mozilla recommended cipher suite list
⚙️ Improvements
  • Improved aggregation of Gociphers statuses
🐞 Bug fixes
  • Fixed deciphering of TLS 1.3 with Chacha20 Cipher

Login UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Monitoring UI

✨ New features
⚙️ Improvements
🐞 Bug fixes

Online documentation

Updated parts:

API impacts

note

This section informs about any impact on Spider API, so you may adjust your scripts.

Data impacts

note

The table below tells if there are data mapping changes in Elasticsearch indices, associated or not with migrations (Yes ✅ / No ❌).
Migration are automated at upgrade time, but they may leave unattended indices that you have to remove manually.

IndexDescriptionMigration