Version 6.4.1

Bug Fixes:

• #9099 Cannot download files in Content tab
• #9074 OBAS results placeholder has wrong styling
• #9073 Entity type filter values are not restricted in Relationship creation form list
• #9063 Observable Persona global search and entity filter of Persona not working
• #9022 In an investigation, you need to refresh the page after creating a new relationship to see it.
• #8984 Uncorrect members ordering in Group Edition form
• #8962 [Workbench] Validation is allowed even without the capability "Create / Update knowledge"
• #8597 [Dashboard] Entities perspective displays the “relationship” message
• #7828 When deleting a connector in ingestion => connectors, interface is redirected to the connector and then to the list
• #7539 Default filters cannot be changed in some cases

Pull Requests:

• [frontend] Members ordering in Group edition form (#8984) by @Archidoit in #9061
• [frontend] Number of entities tooltip message in widgets (#8597) by @Archidoit in #9062
• [frontend] Show validate workbench button according to capabilities (… by @labo-flg in #9047
• [frontend] fix display of obas results placeholder (#9074) by @labo-flg in #9075
• [backend] Fix for persona_name global search and entity filter/link registration by @ParamConstructor in #9064
• [frontend] Restrict entity type filter values in Relationship creation list (#9073) by @Archidoit in #9085
• [frontend] Entity type filter value selection in 'Add entities' panel (#7539) by @Archidoit in #9084
• [frontend] In Investigation, fix the display of a relationship after it has been created (#9022) by @Gwendoline-FAVRE-FELIX in #9077
• [frontend] fix download files + some css issues (#9099) by @lndrtrbn in #9100
• [frontend] When deleting a connector in ingestion => connectors, interface is redirected to the connector and then to the list (#7828) by @SarahBocognano in #9024

Full Changelog: 6.4.0...6.4.1

Version 6.4.0

Dear community, we're excited to announce the launch of OpenCTI 6.4! 🥳

This release has been mainly focused on solving the following pain points & unlocking the below use cases:

• Protect platforms from unwanted configurations changes, by implementing a danger zone
• Improve Mean Time To Response by facilitating actions on cases
• Facilitate Graph manipulation, by enabling a set of new actions
• Facilitate ingestion process, by making CSV mapper more flexible & improve errors on connectors
• Vulnerability management, by developing additional integrations

If our platform is flexible, sometimes this flexibility can be harmful when it some new users to the platforms perform some actions which can have a negative on their experience, such as remove the Enterprise Edition, changing the platform organisation, updating some built-in roles & groups.

This is the reason why we introduced the concept of Danger Zone 🚸.

**From the moment you will upgrade, certain area of the platform will be protected. This means you will not be able to edit them without having a new specific role capability. For more information regarding this feature, please go to the dedicated documentation

Quick and efficient incident response is essential for many organizations, yet managing participant assignments and case updates can often be time-consuming, slowing down response times.

To streamline incident management, we’ve introduced direct in-UI options for assigning participants and assignees, removing the need to open the modification panel. Additionally, we now support bulk operations for updating fields like creator, assignee, priority, severity, and type🖊️ directly from the list view.

These enhancements enable faster, more flexible incident management, giving teams the ability to quickly assign resources and update cases at scale.

To complement on this topic, one great feature added this release is also the ability to enroll a specific entity within the playbook 🤖: starting from 6.4, you can create a playbook with the first step being “Available for manual enrollment / trigger”. By creating this step without any filter & the rest of your workflow, you can now, when navigating to a container, “enroll this entity in a playbook” to have an automation running on this specific entity. This will unlock lots of use cases, for instance to apply specific measures to a particular entity that you need to follow.

Users frequently need to work with knowledge graphs to manipulate information within containers. However, adding entities to an established knowledge graph has been a challenge, as forces were automatically reapplied, disrupting the graph's layout and usability. So as creating a large number of relationships with a single entity led to problems of timeout.

In this release, we’ve refined the knowledge graph experience to support smoother interactions. Now, if you disable forces on your graph, it will maintain its layout when new entities are added 📈, preserving your custom configurations.

Additionally, with valuable input from the community, we’ve enhanced relationship management within reports. Users can now select all relationships linked to a node or choose to isolate either parent or child relationships 💡—simplifying bulk actions, such as removing relationships from a container.

Investigation graphs have also been reworked to improved the representation of file objects (observable).

Knowledge ingestion through CSV files offers flexibility, but handling custom formats can be challenging. Users need efficient ways to create mappers and manage conditional data.

To enhance CSV ingestion, we’ve introduced two key improvements to CSV mappers.

Firstly, we’ve added a duplication feature for CSV mappers (and feeds) 📁across both ingestion and data sharing, simplifying the mapper creation process.

Secondly, the new Conditional Mapping 🧪functionality allows users to map columns based on specific conditions—particularly useful when a single column contains multiple entity types. For instance, users can configure the mapper to recognize whether a row is an IP address or URL based on values in a separate column, streamlining entity classification.

Ingestion have also been improved with the ability to map a confidence level information on our score notion (x_opencti_score) when ingesting Indicators/Observables from a TAXII Feed.

Few releases back we have started our work towards unlocking some vulnerability management capabilities within the app.

This is why we have now introduced the Tenable Vulnerability Management connector. Thanks to this connector, you can now monitor your assets using our system entity within OpenCTI & get some corresponding vulnerabilities.

Additionally, systems now have a knowledge view 🪟 to see their related vulnerabilities & a new relationship type “system has vulnerability” 🔗 has been introduced too. Thanks to the work already done to add EPSS, KEV & connectors already built, in addition to these fields being supported in the playbooks, vulnerability management within OpenCTI becomes doable to a certain extent within the platform 🔥

Connectors are essential for data ingestion, yet diagnosing errors within connectors can be challenging and time-consuming. Clear error insights are crucial for efficient troubleshooting and to maintain data flow continuity.

To simplify error resolution, we’ve enhanced the error logging for connectors 💬. Now, within the error tab, users can view errors categorized under Critical, Warning, and All, allowing for immediate prioritization. Each error entry includes an improved, human-readable explanation along with a unique error code. This code links directly to documentation that provides specific troubleshooting steps, helping users quickly identify and address issues.

When it comes to troubleshooting, you also need to understand which are the users who have taken a given action, in order to be able to trace back & understand what did happen. Our logging have been improve thanks to the introduction of a filter on the “system” user. 👥

Outside of these use cases, we have tackled some additional various issues.

• We have ensured that in a container (or in the observable view), if you filter on one single observable type (in a report, using the right handside component), you can select-all and enrich all at once 🌎. This is will save you some time!
• When using AI within a report, the generation will offer the user to select the language of generation. By default, we will use user’s language to generate the report through AI ✨, so that it won’t change anything to your current flow.
• Within entities that contains a knowledge view about Attack Patterns, we have now introduce a flat list view of attack patterns 💡, in order to manipulate the attack pattern as entities & use the mass operations.
• We have also introduced the ability, when defining an email notification in the notifier, to add a suffix to the email notification URL 📨, so that you can redirect to the precise entity when receiving a notification.
• We’ve expanded dashboarding capabilities with a new widget —Cloud of Words📊—to give you more flexibility in dashboard creation.
• Opinions across all entities are now clickable 🕵️, allowing you to see who shared feedback and their specific comments. Additionally, a new opinion filter let you configure widgets 📊to display the distribution of entities based on the average of their associated opinions.
• New capability “Can use web interface export functions (PDF, PNG, etc.)” 🔒: it aims to control who can download images from a dashboard or a knowledge view & List groups & roles in alphabetical order 💡.
• You can now Disable the trash 📴 if you do not need it.
• Overall, we have also worked on security fixes & performance issues (for ingestion & deletion). Among security improvement, we have also added the ability to revoke & recreate a new token 🔒 for a user which would have seen its token leaked. Tokens & password are now hidden by default in UI🕵️.

In addition to Tenable connectors addition, two new enrichment connectors have also been added:

• RiskIQ Passive Total enrichment
• GreyNoise Vulnerability enrichment

We have also made a number of improvements to the Microsoft Sentinel, Tanium and Harfanglab connectors. The export of indicators and the import of incidents are now separated into two different connectors (stream & external-import).

On a finish note, we would like to thank you for your contributions 🙏 to our product, that helps making our product better: guillaumededrie, stefan1anuby, Bonsai8863, animedbz16, daimoyo007, cert-orangecyberdefense, polakovicp, DNRRomero, stefanbulof, annoyingapt, uTomasAnderson, bradchiapetta, brett-fitz, akhanafeer, mmolenda, initstring, Darkheir, WolfBytnner, Mathieu4141, DinkoReversingLabs, basvanschaik, curiouspython1.

Of course, a huge thank you to all for your contributions 🥇

We hope this release will please you! Feel free to drop us a note about anything. We’re always happy to get feedback about our product usage, whether it’s to hear that everything works perfectly or to get some improvement ideas to.

Enhancements:

• #9054 Implement decryptionPvk in SAML 2
• #8897 Add a static parameter to fully disable the trash on the whole platform
• #8842 Show opinion comments in the report overview
• #8680 Add an option in TAXII f...

Version 6.3.13

Bug Fixes:

• #9042 Organization mapping is not working with Microsoft when "." is present in path
• #9026 PDF viewer is broken everywhere

Full Changelog: 6.3.12...6.3.13

Version 6.3.12

Enhancements:

• #8966 Improve auto fixing platform at start for missing queues in rabbitmq
• #8923 Improve error message notification in the UI
• #8870 Improve errors in httpPlatform to not always propagate to the last middleware
• #8793 Add integration tests to playbooks

Bug Fixes:

• #9015 File markings are not present in the stream
• #8996 Create a public dashboard: when accessing the dashboard an error message in widget shown "you must be logged to do this"
• #8976 PDF export of HTML content is broken
• #8973 Empty SHA256/SHA1 field when modifying File Observable
• #8899 [RBAC - Dashboard] Need "Manage credentials" capability for "Activity & History" perspective
• #8838 Prevent deletion of the organization that is used as plateforme organization or attibuted to a user
• #8761 TAXII collection not accessible which is created by user on the demo website.
• #8721 [Playbooks] unable to filter on "Platform Creation Date" on "Query knowledge on regular basis"
• #8688 Container: in Source mode, you need to click twice on Source mode to quit the source mode
• #8611 Indicator pattern and standard id are not updated through stream sync
• #8425 Massive relationships creation screen is not respecting default radius of 4 (left entity + match)
• #8413 [AI] "Summaries file"on all files does not always work
• #8324 Fail to ingest CSV feed
• #8279 Threat actor top bar right loading is not properly aligned

Pull Requests:

• [frontend] Improve error message notification in the UI (#8923) by @richard-julien in #8924
• [backend] secure organization deletion (#8838) by @SouadHadjiat in #8903
• [backend] add playbook test (#8793) by @frapuks in #8795
• [frontend] align isGrantedToSettings in AuditsDistributionList widget (#8899) by @JeremyCloarec in #8948
• [frontend] use inline for header loader variant (#8279) by @frapuks in #8936
• Update dependency ckeditor5 to v43.3.1 by @renovate in #8850
• Update dependency react-pdf to v9.1.1 by @renovate in #8864
• [frontend]Massive relationships creation screen is not respecting default radius (#8425) by @ValentinBouzinFiligran in #8896
• [frontend] fix content export pdf (#8976) by @marieflorescontact in #8979
• [frontend] CK Editor Scrollbar in Source mode (#8687) by @Archidoit in #8970
• [backend] Improve errors in httpPlatform to not always propagate to the last middleware (#8870) by @richard-julien in #8871
• [frontend] Empty SHA256/SHA1 field when modifying File Observable (#8973) by @ValentinBouzinFiligran in #8991
• [backend] add external ref files into AI summarize (#8413) by @frapuks in #8926
• [backend] check playbook filters & add playbook nodes tests (#8721) by @Archidoit in #8955
• [frontend] fix user context error (#8996) by @marieflorescontact in #9004
• [frontend] Integrate react-timeline-range-slider (#8816) by @richard-julien in #9012
• [backend] Add file marking definitions to the stream (#9015) by @SamuelHassine in #9017

Full Changelog: 6.3.11...6.3.12

Version 6.3.11

Bug Fixes:

• #8942 Possible performance drop at ingestion due to heavy regular expression
• #8911 [Request for takedown case] Related entities weird behavior
• #8910 The design of the ‘create’ button for an observable must be aligned with the other create buttons
• #8908 Investigation: cannot expand observables of type File
• #8884 Header in creation drawer is not correct on observable
• #8831 Investigation: Unable to expand any indicators linked to a file obervable
• #8818 [Workbench] Relationships not created
• #8809 [entities merging] incorrect kept file when files names conflicts
• #8646 Long title on dashboards can mess with UI
• #8571 Regression in massive operations on data tables

Pull Requests:

• [frontend] Fix data tables interactions between selected elements and filters (#8571) by @lndrtrbn in #8796
• [frontend] Header in creation drawer is not correct on observable (#8884) by @SarahBocognano in #8919
• [backend] keep base entity file if files names conflicts at entities merging (#8809) by @Archidoit in #8810
• [frontend] fix unable to expand indicators based on file (#8831) by @marieflorescontact in #8933
• [backend] Domain observable with hyphen/dash is incorrectly rejected (#8927) by @SarahBocognano in #8929
• [frontend] Long title on dashboards can mess with UI (#8646) by @SarahBocognano in #8830
• [frontend] Add types filtering for related entities in cases (#8911) by @Kedae in #8922

Full Changelog: 6.3.10...6.3.11

Version 6.3.10

Enhancements:

• #8869 [backend] Improve performance by better targeting indices for query

Bug Fixes:

• #8901 Public dashboard erros on some widgets when not configuring any time range
• #8867 Permissions from External Auth Server Not Mapped to OpenCTI Platform Groups When Logging in via loginFromProvider
• #8675 [OPENCTI-MODULE] INGESTION - Error with taxii handler CISA-GOV - Atribute Must be a string
• #8560 Title not taken into account in Text widget
• #8330 Hamburger buttons to update or delete an attack pattern within an incident doesn't work and redirect to the attack pattern page.
• #8178 Entities validated in a report's analyst workbench are not included in the report
• #7965 ImportFileStix2 - Importing STIX file from within a Grouping does not add the imported objects to the Grouping
• #7620 Domain observable with underscore is incorrectly rejected
• #6361 Creating a lot of relationships at once causes a timeout error

Pull Requests:

• Permissions from External Auth Server Not Mapped to OpenCTI Platform Groups When Logging in via loginFromProvider by @savannah030 in #8868
• [backend] Improve performance by better targeting indices for query by @richard-julien in #8615
• Update dependency react-syntax-highlighter to v15.6.1 by @renovate in #8866
• Update dependency react-grid-layout to v1.5.0 by @renovate in #8862
• [frontend] Display the title in widgetText by @CelineSebe in #8841
• [frontend] Remove "update" or "delete" button on attack pattern within an incident kill chain view(#8330) by @CelineSebe in #8836
• [backend] fix taxii cursor number error (#8675) by @aHenryJard in #8840
• [backend] Fix logging for tests / Enforce report creation and adapt test by @richard-julien in #8900
• [frontend] fix startDate and endDate default values in public dashboard widgets (#8901) by @JeremyCloarec in #8902
• [backend] Domain observable checker is incorrect (#7620) by @SarahBocognano in #8768
• [frontend] fix enrichment buttons (#8825) by @labo-flg in #8907

New Contributors:

• @savannah030 made their first contribution in #8868

Full Changelog: 6.3.9...6.3.10

Version 6.3.9

Bug Fixes:

• #8837 Bug may lead to deletion of all entities in OpenCTI
• #8800 Finding report duplicates does not work properly
• #8767 Having a large number of Organizations slows down the playbooks
• #8642 Extremely high CPU usage in workers
• #8575 Report export to STIX2 brings start_time == stop_time for relations
• #8282 Useless vertical scrollbar in custom dashboard + hidden by the header

Pull Requests:

• [frontend] UI fix scrollbar useless in custom dashboard (#8282) by @CelineSebe in #8823
• [frontend] Fix global search toolbar (#8837) by @SouadHadjiat in #8845
• [backend/frontend] Fix playbook organization sharing schema (#8767) by @SouadHadjiat in #8811

Full Changelog: 6.3.8...6.3.9

Version 6.3.8

Bug Fixes:

• #8825 Enrichment panel do not open for SCOs
• #8720 Improve info log level for task manager to help troubleshoot issues
• #8682 Reset of the "display as" settings
• #8656 [CI] multi-repository PR should default as PR target branch and not master
• #7720 Extension is not always set to ".json" in dashboard export, which lead to not be able to re-import without renaming the file
• #7697 [filters] 'lower than / equals' operator for date filters doesn't take 'equals' into account

Pull Requests:

• [frontend] Fix enrichment button (#8825) by @Kedae in #8828
• [frontend] Add defaultStartTime and stopTime for StixCoreRelationship creation (#8575) by @marieflorescontact in #8782
• [frontend] filters: lte and gt operators with dates (#7697) by @Archidoit in #7942

Full Changelog: 6.3.7...6.3.8

Version 6.3.7

Enhancements:

• #8636 Avoid breaking UI when too many labels are associated to an entity
• #8151 Upgrade CKeditor to latest version
• #6643 Leaked Tokens are not revokable

Bug Fixes:

• #8742 Retro-compatibility mappings mode for reindexing broke the SSO login
• #8740 Data is not deduplicated when an entity under restriction (marking) is updated
• #8726 [Dashboard] Two "name" filter
• #8712 Missing author column in the home dashboard reports list
• #8683 No error when updating an indicator with incorrectly formatted pattern
• #8681 Not possible to view the list of reports authored by an organization
• #8649 cannot create a public dashboard from the dashboard list
• #8630 [Dashboard] Counter in knowledge perspective no longer takes into account time filter
• #8599 Observables distribution graph is not respecting the height of the box
• #8557 Creation Date display error after node edit in Investigation graph
• #8506 open a new tab from listing
• #8501 Not possible to CTRL+click directly on the left menu (first level)
• #8483 Sightings tabs in observables are broken
• #8442 English grammar errors in the titles of the default dashboard widgets
• #8333 Missing entites in shared report
• #8291 OpenCTI failed to validate YARA rules containing "\r" escape sequence in text strings.
• #8288 The 'entities overview' loader is not the one used in the rest of the application
• #8225 Bad icon used in connector overview
• #8180 Inconsistency in potential duplicate warning messages
• #8175 Layout issue when loading cases
• #8101 Organisation Admins: multiple issues
• #8058 Multiple issues in opinions
• #7992 CSV import is buggy
• #7797 [Workbench] Sightings default value displayed as Unknown
• #7796 Error at relationships export in json
• #7719 N subscribers is not correctly vertically centered within the button
• #6361 Creating a lot of relationships at once causes a timeout error

Pull Requests:

• [frontend] Bad icons replaced in connector overview(#8225) by @CelineSebe in #8669
• [frontend] Fix the height of the Observables distribution graph(#8599) by @CelineSebe in #8670
• [frontend] Fix time filters in relationships counters (#8630) by @Archidoit in #8668
• [frontend] In Investigation graph fix date display after node modification (#8557) by @Gwendoline-FAVRE-FELIX in #8678
• [frontend] use new loader in report overview (#8288) by @frapuks in #8385
• Initial Changes to support dynamic configurable required fields via settings --> customization by @ParamConstructor in #6972
• [backend] Fix missing entites in shared report (#8333) by @marieflorescontact in #8587
• [backend/frontend] fix multiple issues for Organisation Admins (#8101) by @marieflorescontact in #8459
• [frontend] Containers list in Analysis tab of Organization display as Author (#8681) by @Archidoit in #8690
• [frontend] redirect link updated for observables (#8483) by @ValentinBouzinFiligran in #8695
• [backend/frontend] Allow security admin to renew users token (#6643) by @aHenryJard in #8667
• [frontend] Missing author column in the home dashboard reports list (#8712) by @ValentinBouzinFiligran in #8719
• [frontend] Danger zone: rule engine, EE deactivation, marking lists and file indexing (#8284) by @marieflorescontact in #8699
• Popover Removal - Locations by @daimyo007 in #8199
• [backend] check indicator pattern syntax when update (#8683) by @marieflorescontact in #8717
• [backend] replace plyara with yara-python for yara indicator check (#8291) by @JeremyCloarec in #8731
• Bump http-proxy-middleware from 3.0.2 to 3.0.3 in /opencti-platform/opencti-front by @dependabot in #8744
• [backend] update cookie from 0.6.0 to 0.7.0 by @labo-flg in #8775
• Update dependency @xmldom/xmldom to v0.9.4 by @renovate in #8773
• Update dependency @playwright/test to v1.48.1 by @renovate in #8772
• [frontend] Migrate CK Editor to 9.3 (#8151) by @labo-flg in #8787
• Update dependency convert to v5.5.1 by @renovate in #8774
• Update dependency filigran-ui to v0.20.3 by @renovate in #8780
• [backend] Revert "Update dependency @xmldom/xmldom to v0.9.4" by @Kedae in #8791
• Popover Removal - Cases by @daimyo007 in #8121
• Update dependency i18n-auto-translation to v1.8.2 by @renovate in #8781
• [backend] deduplication check is now done with SYSTEM user (#8740) by @JeremyCloarec in #8786
• Update aws-sdk-js-v3 monorepo to v3.679.0 by @renovate in #8770
• Update Node.js to v20.18.0 by @renovate in #8769
• Update dependency file-type to v19.6.0 by @renovate in #8779
• Update dependency eslint-plugin-react to v7.37.2 by @renovate in #8778
• Update dependency @escape.tech/graphql-armor to v3.1.1 by @renovate in #8771
• Update dependency eslint-plugin-import to v2.31.0 by @renovate in #8776
• [front] Fix potential duplicate warning messages (#8180) by @CelineSebe in #8765
• Popover Removal - Analyses (Updated) by @daimyo007 in #8106
• [backend] Adding info logs to task manager (#8720) by @aHenryJard in #8725
• [CI] Update scripts to use PR target branch instead of hardcoded master (#8656) by @aHenryJard in #8732
• [frontend] filter utils tests by @Archidoit in #8718
• [backend] Attributes can't have same label and different names in schema (#8726) by @Archidoit in #8738
• [frontend] Extension is not always set to .json (#7720) by @ValentinBouzinFiligran in #8746
• [frontend] Fix delete button behaviour by @marieflorescontact in #8802

New Contributors:

• @daimyo007 made their first contribution in #8199

Full Changelog: 6.3.6...6.3.7

Version 6.3.6

Enhancements:

• #8498 Add "Vulnerabilities" view in the knowledge tab of a System entity
• #8453 Support of "has" relationship between a System and a Vulnerability

Bug Fixes:

• #8665 Ingestion performance issue on related-to from obserable to entities
• #8650 objects (labels, kill chain phases) are clickable resulting in an empty page
• #8647 Editing some objects titles from the view list is broken - edition drawer is not responsive
• #8642 Extremely high CPU usage in workers
• #8641 [Kill chain phase ordering] We can't modify the order
• #8635 [Regression] IP location flag no longer appears
• #8626 Results of OpenBAS scenarios are not displayed anymore in OpenCTI
• #8624 Bulk search is not working properly anymore
• #8579 Knowledge graph is not displaying all entities
• #8576 Relationship " authored by " not properly displayed in Knowledge tab
• #8547 Internal document identifier are case sensitive
• #8545 [live stream] external references are not synced
• #8533 Narrative list wrong icon + alignment issue
• #8495 In some old instances, we have objectOrganization indexed, which causes an issue when deleting entity
• #8310 Playbook "log data in standard output" warning option should use "warn" level instead of "warning"
• #8223 External reference overview panels not aligned
• #7962 The derived-from relationship is not supported for all STIX domain objects and cyber observables
• #6657 When having a trigger covering URLs or an Indicator genreated from an URL Observable, URL is clickable in the notification or the description

Pull Requests:

• [frontend] Narrative list wrong icon + alignment issue (#8533) by @SarahBocognano in #8594
• Update dependency react-router-dom to v6.26.2 by @renovate in #8565
• Update dependency react-force-graph-3d to v1.24.4 by @renovate in #8564
• Update dependency qrcode to v1.5.4 by @renovate in #8562
• [backend] change file upload to be case insensitive (#8547) by @JeremyCloarec in #8554
• [Backend] External reference fail creation as checked attribute is not the good one (#8545) by @richard-julien in #8548
• [Backend] Get all objects pagination can stop for invalid global count (#8579) by @richard-julien in #8592
• [frontend] Fix english grammar errors in the titles of the default dashboard widgets (#8442) by @CelineSebe in #8605
• [backend/frontend] Use ID instead of label when resolving expectation from OpenBAS by @RomuDeuxfois in #8589
• Update dependency react-force-graph-2d to v1.25.6 by @renovate in #8563
• [backend] use component name in traces and fix warn issue.(#8352)(#8310) by @aHenryJard in #8625
• Update dependency apexcharts to v3.54.0 by @renovate in #8618
• Update dependency filigran-ui to v0.19.4 by @renovate in #8622
• Update dependency file-type to v19.5.0 by @renovate in #8620
• [frontend] Remove links from Notifications (#6657) by @Kedae in #8591
• [frontend] External reference overview panels not aligned (#8223) by @SarahBocognano in #8628
• [frontend] Display fixes (#8284) by @Kedae in #8632
• [backend] Add feed queue control. Only add jobs if current queue is empty by @richard-julien in #8617
• [frontend] Fix flag display for observables (#8635) by @Kedae in #8637
• [frontend] Fix bulk search by @Kedae in #8633
• Update dependency esbuild to v0.24.0 by @renovate in #8619
• Update dependency filigran-icon to v0.9.0 by @renovate in #8621
• Update quay.io/keycloak/keycloak Docker tag to v25.0.6 by @renovate in #8544
• [frontend] fix ui after apexcharts update 3.54.0 by @labo-flg in #8645
• Update dependency helmet to v7.2.0 by @renovate in #8623
• [backend/frontend] Add derived-from relationship in SDO & SCO of same type (#7962) by @SarahBocognano in #8220
• Update dependency vite-plugin-static-copy to v1.0.6 by @renovate in #8541
• Update dependency @types/nconf to v0.10.7 by @renovate in #8530
• Update dependency openai to v4.67.3 by @renovate in #8500
• [frontend + backend] added vulnerabilitties tab and 'has' relationship by @stefan1anuby in #8458
• Additional Threat Actor Relationship Types by @Bonsai8863 in #8341
• [backend] Do not impact entities targeted by related to relations from observables (#8665) by @SamuelHassine in #8666
• [frontend] Rollback on unclear code and fix navigation (#8647) by @Kedae in #8662
• [backend] Ensure that all connectors queues are initialized at platform start (#8642) by @richard-julien in #8664
• [frontend] Update relationship creation and display (#8576) by @Kedae in #8634
• [backend] ignore objectOrganization in reindexing (#8495) by @JeremyCloarec in #8496

Full Changelog: 6.3.5...6.3.6