Version 4.0

The elevator and stepper are compliant with STIX 2.1 CS02

Python 3.5 is no longer supported.
All compatibility code to support Python 2.7 has been removed (e.g., the six package)

Major Changes

• Support Extension feature described in section 7.3 of the specification
• Support Incident as a specification SDO
• Use handle_missing_properties method to encapsulate most extension/custom functionality
• Handle related objects with no know STIX 2.1 relationship

Other Changes

• Handle ArchiveFile different for 2.0 vs 2.1
• email_message:message_id is only in 2.1
• Infer network-traffic protocol from extension type
• Handle registry key in example where there is no hive property
• Better handling of Sightings
• Add object data marking to Relationships when appropriate based on the source and target references
• Handle name and title properties of malware better

Testing changes

• Added testing for python 3.9
• Test for the ignore missing policy for STIX 2.1

Version 3.0.1

Patch release for updated dependencies

• Update dependencies
  - python-stix2 (2.1.0)
  - stix2validator (2.0.2)
  - stixmarx (1.0.8)

• Other changes:
  - Implement semantics of patterns more correctly
  - Impose predicable order for terms in pattern expression involving pdf files
  - Clear location object cache

Version 3.0.0

The elevator and stepper are compliant with STIX 2.1 CS01

Python 2.7 and 3.4 are no longer supported

• Other changes:
  - Handle STIX 1.x (CybOX 2.1) custom cyber objects
  - Handle SCOs: x509-certificate, autonomous-system, software
  - Handle File extensions: raster-image-ext, pdf-ext
  - Correct deterministic id generation algorithm
  - Handle observable characteristics in infrastructure
  - Handle parameter observables in COA
  - *_types property is now optional in 2.1
  - Handle some STIX 1.x object references
  - Improved handling of STIX 1.x RelatedObjects
  - Handle aliases for threat actors better
  - Threat_actor goal set correctly
  - Handle socket address
  - Handle more headers in email-message
  - Improved handling of composite observable conversion
  - Add general elevate() method, deprecate all other methods
  - Consolidate timestamp logic
  - Use uuid4s for custom SCOs in the stepper
  - Check stepper results with stix-validator
  - In external-references, the reference property must be in URI format

• Testing changes
  - Added testing for python 3.8
  - Add new file to test main methods to interact with the elevator, use new method in test_idioms.py

• Fixes for issues:
  #174 - In test case identifying-a-threat-actor-group, a uuid is reused inappropriately
  #182 - Message 905 about package timestamp is misleading
  #186 - generate_sco_id fails to generate deterministic ID for some objects that contain special characters
  #191 - Required attributes not added when upgrading from v2.0 -> v2.1
  #193 - 'MarkableText' object has no attribute 'reference'

Version 2.1.1

2.1.1 - 2019-12-20

* Handle archive files correctly
* Handle CIDRs
* Handle missing kill-chain definition

Version 2.1

Major Changes

• Handle SCOs
• Enable use of custom properties for properties missing from STIX 2.x
• Support all additional properties and property name changes for version 2.1
• Handle UUIDv5 for SCOs in version 2.1

Other Changes

• Fix patterns involving PE binary file header
• Handle characteristic observables in infrastructure
• Better mapping of STIX 1.x relationship types to STIX 2.x ones
• Update logic to create TLP markings as stated in the specification
• issue #148 - support ports CybOX object
• Handle “Contains” operator more correctly

Testing Changes

• Compare UUIDv5 for equality

Version 2.0.1

2.0.1 - 2019-01-16

* #145 - Pass version option given in the command line to the stix-validator

Version 2.0.0

2.0.0 - 2019-01-04

* Introduce the "stepper" to convert STIX 2.0 content to STIX 2.1 content
* Enable the elevator to convert from STIX 1.x content to STIX 2.0 or STIX 2.1 content

* Surround pattern with [], even if the term cannot be converted
* Use country code, if given
* Process party_name, even if name already given.
* Fix extension names in object paths
* Use stix2-validator 2.0.0, stixmarx 1.0.3, pycountry 1.17.8
* Add version argument for validator
* Issue #47: Use environment to pass options
* Issue #129: Handle report with no header.

Testing changes:
     * Add stepper test. Only test stepper once per Python version
     * Include all tests in coverage report, test both versions of STIX in all versions of Python.
     * Travis runs tox testing both STIX 2.0 and 2.1
     * Update all idiom files to work with STIX 2.1 elevator and stepper tests
     * Add python37 testing.

Version 1.2.0

• Close #41, #85, #87, #91, #114, #116, #117, #120, #121

• Handle delimited list in patterns

• Fix timestamps

• Added modified time to registry keys

• Handle Process object more robustly

• Handle Vulnerability more robustly

• Correctly handle renumbering of objects in ObservedData

• Correctly handle multi-part emails

• Added _hex to machine and characteristics property names for windows binary file in convert_pattern.py

• Handle HTTPSession(HTTPClientRequest), NetworkPacket(ICMP), NetworkSocket

• Handle non-String properties in convert_http_network_connection_extension

• Added tests for new objects

• Fix campaign alias

• Remove dns_query from stix conversion. Warn message instead.

• Register markings by object and id. Don't try to create markings from idref cases

• If markings have id re-use them instead of creating new id

• Added some messages to signal skipped markings.

• Make adjustments to handle UTF-8 content.

• Ignore case for STIX 1.x conditions

• Gracefully handle unexpected formatting in STIX 1.x IDs

• Make find_dir more efficient

Version 1.1.3

v1.1.3

Version 1.1.3

Version 1.1.2

v1.1.2

Version 1.1.2