Version 8.3.1
Detection Improvements
- TRES-438: Improved static detection of obfuscated Microsoft Office documents
- TRES-301: Improved detection of evasive Microsoft Office documents which use country-specific checks to bypass analysis systems.
Bug Fixes and Improvements
- LLAM-4626: Fixed an issue where the llurl-framework service was running but the python process was not running for the service.
- ENG-3005: Ensure resuming appliance upgrade correctly tags all docker images for use.
- CC-2519: Fixed an issue when running lastline-distribution-upgrade for appliances that were installed on Precise where enum34 fails to upgrade properly.
- ATAT-177: We have decreased the space required in /boot to run lasteline_distribution_upgrade to 140MB.
- ATAT-175: Fixed the issue with an incorrect GCC version incompatible with new kernels. The issue caused the KVM module to fail reloading after update.
Deprecation of API methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On-Premises and Lastline Detonator On-Premises:
- Lastline Analyst version 1053
and for Lastline Detonator On-Premises:
- Lastline Manager version 1053
- Lastline Engine version 1053
Released sandbox images versions
The sandbox images version remains at 2018-12-31-01.
Distribution Upgrade
Version 8.3.1 will be the final version that supports Ubuntu Trusty as our operating system distribution. In all future releases, Ubuntu Xenial will be required. To support this distribution upgrade, version 8.3.1 will support both Ubuntu Trusty and Ubuntu Xenial. Before upgrading to any versions post-8.3.1, appliances on Ubuntu Trusty must be upgraded to Ubuntu Xenial while running version 8.3.1. Be prepared for this upgrade to take at least an hour. Additionally, this upgrade will require a reboot.
You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "xenial". If it is "trusty", the appliance distribution should be upgraded.
For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.