Hi All, I’m happy to announce the release of Metron 0.6.0! There's a been a lot of great work everywhere on the project, and thanks to both everyone who contributed and our users.
Details: The official release source code tarballs may be obtained at any of the mirrors listed in http://www.apache.org/dyn/closer.cgi/metron/0.6.0 As usual, the secure signatures and confirming hashes may be obtained at https://dist.apache.org/repos/dist/release/metron/0.6.0 The release branches in github is https://github.com/apache/metron/tree/Metron_0.6.0 (tag apache-metron-0.6.0-release) The release doc book is at http://metron.apache.org/current-book/index.html The Apache Metron web site at http://metron.apache.org/ has been updated; please refresh your web browser cache if the new links do not immediately appear. Change lists and Release Notes may be obtained at the same locations as the tarballs. For your reading pleasure, the change list is appended to this message. Metron CHANGES (in reverse chronological order): METRON-1764 Update version to 0.6.0 (justinleet) closes apache/metron#1183 METRON-1751 Storm Profiler dies when consuming null message (nickwallen) closes apache/metron#1176 METRON-1757 Storm Profiler Serialization Exception (nickwallen) closes apache/metron#1178 METRON-1743 CEF testPaloAltoCEF test using a confusing variable name (JonZeolla via justinleet) closes apache/metron#1173 METRON-1752 Prevent package.lock from changing during build (sardell via merrimanr) closes apache/metron#1177 METRON-1724 Date/time validation missing in PCAP query (tiborm via nickwallen) closes apache/metron#1172 METRON-1739 UDP packets are not handled (merrimanr) closes apache/metron#1168 METRON-1727: Alerts are not populated on the alerts UI after enabling X-pack for Elastic search (MohanDV via mmiklavc) closes apache/metron#1141 METRON-1738: Pcap directories should have correct permissions (merrimanr via mmiklavc) closes apache/metron#1166 METRON-1737: Document Job cleanup (merrimanr via mmiklavc) closes apache/metron#1164 METRON-1732: Fix job status liveness bug and parallelize finalizer file writing (mmiklavc via mmiklavc) closes apache/metron#1157 METRON-1735 Empty print status option causes NPE (merrimanr) closes apache/metron#1160 METRON-1733 PCAP UI - PCAP queries don't work on Safari (sardell via merrimanr) closes apache/metron#1158 METRON-1734 Src and Dst port filters are incorrect after changing to empty (merrimanr) closes apache/metron#1159 METRON-1725 Add ability to specify YARN queue for pcap jobs (merrimanr) closes apache/metron#1153 METRON-1731: PCAP - Escape colons in output dir names (mmiklavc via mmiklavc) closes apache/metron#1155 METRON-1702 Reload a running job in the UI (merrimanr) closes apache/metron#1156 METRON-1722 PcapCLI should print progress to stdout (merrimanr) closes apache/metron#1138 METRON-1728: Handle null values in config in Pcap backend more gracefully (mmiklavc via mmiklavc) closes apache/metron#1151 METRON-1730: Update steps to run pycapa on Centos 6 (mmiklavc via mmiklavc) closes apache/metron#1152 METRON-1713 PCAP UI - Add a way to kill a pcap job (tiborm via merrimanr) closes apache/metron#1143 METRON-1723 PCAP UI - Unable to select/copy from packets details in PCAP query panel (sardell via merrimanr) closes apache/metron#1139 METRON-1712 PCAP UI - Input validation (tiborm via merrimanr) closes apache/metron#1142 METRON-1720 Better error messages when there are no results or wireshark is not installed (merrimanr) closes apache/metron#1154 METRON-1726: Refactor PcapTopologyIntegrationTest (mmiklavc via mmiklavc) closes apache/metron#1140 METRON-1683 PCAP UI - Fix the download progress bar (sardell via merrimanr) closes apache/metron#1122 METRON-1675 PCAP UI - Introduce the paging capability (sardell via merrimanr) closes apache/metron#1121 METRON-1721 New default input path is wrong in pcap CLI (merrimanr) closes apache/metron#1137 METRON-1676 PCAP UI - Add data range selector to the filter bar (tiborm via merrimanr) closes apache/metron#1119 METRON-1662 PCAP UI - Downloading PCAP page files (tiborm via merrimanr) closes apache/metron#1118 METRON-1700 Create REST endpoint to get job configuration (merrimanr) closes apache/metron#1135 METRON-1671 Create PCAP UI (tiborm via merrimanr) closes apache/metron#1103 METRON-1701 Update General notes on the installation of Pycapa on Kerberized cluster (MohanDV via nickwallen) closes apache/metron#1136 METRON-1650 Packaging docker containers are too large (jameslamb via merrimanr) closes apache/metron#1091 METRON-1604 : Add RHEL 7 power pc to OS family for the HCP management pack repo info closes apache/incubator-metron#1052 METRON-1687: Upgrade the rat plugin to 0.13-SNAPSHOT closes apache/incubator-metron#1126 METRON-1694: Clean up Metron REST docs closes apache/incubator-metron#1131 METRON-1691: REST should limit the number of Pcap jobs a user can submit (merrimanr via mmiklavc) closes apache/metron#1129 METRON-1693: Fix Pcap CLI local FS finalizer (mmiklavc via mmiklavc) closes apache/metron#1130 METRON-1690: Add more context to PcapJob JobStatus (mmiklavc via mmiklavc) closes apache/metron#1128 METRON-1661 Create Pcap Query Filter endpoint (merrimanr) closes apache/metron#1125 METRON-1560 Update MPack to support Pcap panel (merrimanr) closes apache/metron#1124 METRON-1606 Add a 'wrap' to incoming messages in the metron json parser (ottobackwards) closes apache/metron#1054 METRON-1562 Enable Kerberos in REST for YARN and MR jobs (merrimanr) closes apache/metron#1094 METRON-1685 Retrieve Pcap results in raw binary format (merrimanr) closes apache/metron#1123 METRON-1638 Retrieve Pcap results in pdml format (merrimanr) closes apache/metron#1120 METRON-1686 Create stop job endpoint for Pcap queries (mmiklavc via merrimanr) closes apache/metron#1115 METRON-1674 Create REST endpoint for job status abstraction (merrimanr) closes apache/metron#1109 METRON-1672 Add metron-alerts's UI unit tests to travis build process (justinleet) closes apache/metron#1106 METRON-1614: Create job status abstraction (mmiklavc via mmiklavc) closes apache/metron#1108 METRON-1684 Fix Markdown problems in 3rdPartyParser.md (justinleet) closes apache/metron#1110 METRON-1657 Parser aggregation in storm (justinleet) closes apache/metron#1099 METRON-1651 Fixing failing protractor e2e test (tiborm via merrimanr) closes apache/metron#1095 METRON-1673 Fix Javadoc errors (justinleet) closes apache/metron#1107 METRON-1620: Fixes for forensic clustering use case example (mmiklavc via mmiklavc) closes apache/metron#1065 METRON-1659: The platform-info.sh should check for the vagrant hostmanager plugin closes apache/incubator-metron#1100 METRON-1658: Upgrade bro to 2.5.4 closes apache/incubator-metron#1101 METRON-1236 Add start/stop/restart commands that execute successfully, when ambari agents run as non-root user closes apache/incubator-metron#1105 METRON-1670: Stellar WEEK_OF_YEAR test is locale sensitive closes apache/incubator-metron#1104 METRON-1660 On Solr, sorting by threat score fails (justinleet) closes apache/metron#1102 METRON-1656 Create KAKFA_SEEK function (nickwallen) closes apache/metron#1097 METRON-1641: Enable Pcap jobs to be submitted asynchronously (mmiklavc via mmiklavc) closes apache/metron#1081 METRON-1644: Support parser chaining closes apache/incubator-metron#1084 METRON-1655 Make REGEXP_MATCH take multiple regexs in the 2nd arg (ottobackwards) closes apache/metron#1098 METRON-1643: Create a REGEX_ROUTING field transformation closes apache/incubator-metron#1083 METRON-1652 Document X-Pack Common Problem (nickwallen) closes apache/metron#1092 METRON-1649 Intermittent Test Failure ProfileBuilderBoltTest#testFlushExpiredProfiles (nickwallen) closes apache/metron#1090 METRON-1635 Alerts UI status update doesn't immediately show up (merrimanr) closes apache/metron#1080 METRON-1642: KafkaWriter should be able choose the topic from a field in addition to topology construction time closes apache/incubator-metron#1082 METRON-1636: Fix broken unit test setup in metron-alerts closes apache/incubator-metron#1085 METRON-1631 Alerts UI: Dash score does not show if only filtering by one group (sardell via merrimanr) closes apache/metron#1079 METRON-1647 Fix logging level score closes apache/incubator-metron#1089 METRON-1621: Sorting alerts table by score closes apache/incubator-metron#1088 METRON-1619: Stellar empty collections should be considered false in boolean expressions closes apache/incubator-metron#1064 METRON-1646 Sensor Stubs should work when kerberized (nickwallen) closes apache/metron#1087 METRON-1645: Check wether the Solr management pack is installed before configuring the solr principal name. closes apache/incubator-metron#1086 METRON-1634 Alerts UI add comment doesn't immediately show up. (merrimanr) closes apache/metron#1077 METRON-1555 Update REST to run YARN and MR jobs (merrimanr) closes apache/metron#1019 METRON-1489 Retrofit UI tests to run reliably during nightly QE runs (sardell via nickwallen) closes apache/metron#1004 METRON-1637 Wrong path to escalate alert REST endpoint (merrimanr) closes apache/metron#1078 METRON-1624 Set Profiler and Enrichment batch parameters in Ambari (nickwallen) closes apache/metron#1069 METRON-1629 Update Solr documentation (merrimanr via justinleet) closes apache/metron#1072 METRON-1633 Incorrect instructions when merging PR into feature branch (nickwallen) closes apache/metron#1074 METRON-1630 Add threat.triage.score.field to READMEs (merrimanr) closes apache/metron#1073 METRON-1609 Elasticsearch settings in Ambari should not be required if Solr is the indexer (nickwallen) closes apache/metron#1056 METRON-1627 Alerts UI: Metaalert details missing in details panel when trying to add alert to existing metaalert (sardell via justinleet) closes apache/metron#1070 METRON-1625 Merge master into Solr feature branch (merrimanr) closes apache/metron#1067 METRON-1626 Alerts UI: An empty result is returned when searching for a single alert contained in a metaalert (sardell via nickwallen) closes apache/metron#1068 METRON-1611 Increment master version number to 0.5.1 for on-going development (justinleet) closes apache/metron#1057 METRON-1622 Allow user to define global property 'threat.triage.score.field' in Ambari (nickwallen) closes apache/metron#1066 METRON-1599 Allow user to define global property 'source.type.field' in Ambari (nickwallen) closes apache/metron#1047 METRON-1616 Changing alert status fails if no metaalerts have been created yet (merrimanr) closes apache/metron#1061 METRON-1573 Enhance KAFKA_* functions to return partition and offset details (nickwallen) closes apache/metron#1030 METRON-1617: Make threat triage score function with dots as well as colons closes apache/incubator-metron#1062 METRON-1613 Metaalerts status update broken in Alerts UI (merrimanr) closes apache/metron#1059 METRON-1588 Migrate storm-kafka-client to 1.2.1 closes apache/incubator-metron#1039 METRON-1587 Make collection utility work for HDP search (merrimanr) closes apache/metron#1043 METRON-1612 Fix website download links (justinleet) closes apache/metron#1058 METRON-1608 Add configuration for threat.triage.field name (merrimanr) closes apache/metron#1055 METRON-1585 SolrRetrieveLatestDao does not use the collection lookup (justinleet via merrimanr) closes apache/metron#1050 METRON-1533 Create KAFKA_FIND Stellar Function (nickwallen) closes apache/metron#1025 METRON-1601: Rename metaalert alert nested field to metron_alert to avoid collision closes apache/incubator-metron#1049 METRON-1572 Enhance KAFKA_PUT function (nickwallen) closes apache/metron#1024 METRON-1607 update public web site to point at 0.5.0 new release (justinleet) closes apache/metron#1053 METRON-1568: Stellar should have a _ special variable which returns the message in map form closes apache/incubator-metron#1021 METRON-1594: KafkaWriter is asynchronous and may lose data on node failure (mmiklavc via mmiklavc) closes apache/metron#1045 METRON-1603: Fix multivalue field errors in Bro Solr schema (mmiklavc via mmiklavc) closes apache/metron#1051 METRON-1584 Indexing Topology Crashes with Invalid Message (nickwallen) closes apache/metron#1036 METRON-1547 Solr Comment Fields (justinleet) closes apache/metron#1037 METRON-1553 Validate JIRA Script Error (nickwallen) closes apache/metron#1013 METRON-1592 Unable to use third party parser with Storm versions >= 1.1.0 (nickwallen) closes apache/metron#1042 METRON-1598 NoClassDefFoundError when running with Elasticsearch X-Pack (nickwallen) closes apache/metron#1048 METRON-1589 '/api/v1/search/search' fails when 'Solr Zookeeper Urls' has comma separated multiple zookeeper urls (justinleet) closes apache/metron#1040 METRON-1593 Setting Metron rest additional classpath removes HBase and Hadoop configs from classpath (merrimanr) closes apache/metron#1044 METRON-1571 Correct KAFKA_TAIL Seek to End Logic (nickwallen) closes apache/metron#1023 METRON-1579: Stellar should return the expression that failed in the exception closes apache/incubator-metron#1033 METRON-1586 Defaulting for the source type field in alerts UI does not work (merrimanr via justinleet) closes apache/metron#1038 METRON-1569: Allow user to change field name conversion when indexing to Elasticsearch (nickwallen via mmiklavc) closes apache/metron#1022 METRON-1544 Flaky test: org.apache.metron.stellar.common.CachingStellarProcessorTest#testCaching (nickwallen) closes apache/metron#1015 METRON-1580 Release candidate check script requires Bro Plugin (nickwallen via ottobackwards) closes apache/metron#1034 METRON-1532 Getting started documentation improvements (sardell via nickwallen) closes apache/metron#1001 METRON-1577 Solr searches don't include the index of the result (merrimanr) closes apache/metron#1031 METRON-1421 Create a SolrMetaAlertDao (justinleet) closes apache/metron#970 METRON-1567 Large error message can't be written in Solr (justinleet) closes apache/metron#1020 METRON-1540 Solr Integration tests should use actual schemas (justinleet) closes apache/metron#1005 METRON-1526 Location field types cause DocValuesField appear more than once error (merrimanr via justinleet) closes apache/metron#995 METRON-1503 Alerts are not getting populated in alerts UI when search engine is Solr (merrimanr) closes apache/metron#975 METRON-1424 Kerberos: Solr (merrimanr) closes apache/metron#960 METRON-1482 Update REST to work with Solr (merrimanr) closes apache/metron#957 METRON-1464 Convert schemas to be compatible with Solr 5.5.2 (merrimanr) closes apache/metron#945 METRON-1423 Ambari work to handle Solr configuration (merrimanr) closes apache/metron#934 METRON-1448: Update SolrWriter to conform to new collection strategy this closes apache/incubator-metron#929 METRON-1441: Create complementary Solr schemas for the main sensors this closes apache/metron#922 METRON-1436: Manually Install Solr Cloud in Full Dev (mmiklavc via mmiklavc) closes apache/metron#918 METRON-1419: Create a SolrDao this closes apache/incubator-metron#911 Bro Plugin CHANGES.bro-plugin (in reverse chronological order): METRON-1469 Kafka Plugin for Bro - Configurable JSON Timestamps (dcode via nickwallen) closes apache/metron-bro-plugin-kafka#6 METRON-1407 Metron-Bro-Kafka plugin unable to find correct libkafka library. (zr via JonZeolla) closes apache/metron-bro-plugin-kafka#5 METRON-1324 Increment metron-bro-plugin-kafka version (JonZeolla) closes apache/metron-bro-plugin-kafka#7