Changes to the project will be tracked in this file via the date of change.

• Updated readme to reflect the changes from docker v1 to v2 upgrade
• Updated all dependent packages, including certifi, requests, zipp, and setuptools dependencies which had open issues created by dependabot
• Added in "package-mode = false" reference in pyproject.toml file in order to address inconsistency in nightly build.

• Update nightly build to reflect changed from docker v1 to v2

• Remove WeasyPrint package dependency from Strelka

• Adding mimetype check for XML files for ScanXml

• Refactor of ScanXml

• Adding ScanJnlp scanner.
• Refactored ScanXml scanner to include more extraction potential / IoCs.
• Refacted ScanEmail scanner to include safer collection of fields.
• Bumping several dependencies.

• Updating ScanYara with additional grouping / metadata functionality.

• Adding ScanOcr functionality to allow for full string output. (@skalupa)

• Fix for logic pertaining to the ScanPe.flags field.

• Adding YARA for ScanJnlp
• Adding image preview for ScanEmail
• Adding IOC support for ScanJavascript
• ScanZip improvements (@ryanohoro)

• Fix for Invalid Stripping for Email Message ID Parsing

• Error Handling + Readibility Updates for ScanPdf, ScanPe, and more.
• Added optional redundancy logging to remote S3 location functinonality (@skalupa)

• Updated golang versions for relevant Dockerfiles (@skalupa)
• Error handling / readability update for ScanPdf

• Added Kafka logging integration with command-line toggle between Kafka and local logging (@skalupa)
• Implemented duplicate removal in IOC list processing across scanners
• Implemented thumbnail generation and formatting options for ScanOcr

• Updated several dependencies
• Added ScanYara warning upon YARA compilation failures

• Removed ScanCapa and ScanFloss from scanners, dependencies, and tests

• Added ScanIqy to target and extract network addressed from IQY (Internet Query) files
• Added tests for ScanIqy
• Fix for a poetry build issue
• Fix for ScanPcap tests

• Changes to ScanExiftool scanner and tests
• Update google.golang.org/grpc dependency

• Improvements and tests for ScanQR scanner (@ryanohoro)

• Adding the ability to use precompiled YARA rules: Speed up YARA initialization on Strelka boot by using precompiled rules
• Configuration file updates: Adding compiled YARA location
• Updates to multiple scanners: To accommodate new package versions
• Updates to multiple scanner tests: To accommodate updated scanners
• Minor XL4MA scanner updates: Removing references to author / comments
• Dockerfile improvements and fixes: Removing references to venv as poetry is used. Other various additions to ensure package installs work.
• Small error handling fixes

• Updated Ubuntu base image from 22.10 to 23.04. Updated documentation and references.

• Bug fix for IOC collection
• Adding ScanOnenote extraction counter
• Bug fix for ScanTranscode test

• Updating pygments dependency

• Adds feature to ScanOCR that will perform OCR on PDF documents (If enabled). (@alexk307)
• Bumps grpcio dependencies for python and go

• Bug fix for Frontend Request ID (@nighttardis)

• Updating requests dependency.

• Added compilation script for project Go binaries to be used for local compilation, testing, and releases.

• Added support for Docker Hub Tag submission

• Changes for ScanUdf / New Tests for ScanHtml (@ryanohoro)

• Updating YARA dependency
• Add support / tests for UDF image files using ScanVhd (@ryanohoro)

• Adding ScanSave scanner (@keiche)
• Updating go.mod files (@cameron-dunn-sublime)
• Updating docker container names (@malvidin)

• Bumping Redis Dependency

• Slimming Backend Dockerfile, several scanner fixes (@Derekt2)
• Updating Github workflows to accomodate above fixes
• Removing mmbot references

• Updating docs / removing broken test / adding no build support

• Bug fix / updating ScanManifest (@Derekt2)

• Bug fix to account for default mime DB (@jertel)

• Ading ScanVsto to extract VSTO file metadata.

• Adding ScanPDF XREF collection with limiters, tests, and updated docstrings.

• Adding rich fields to ScanPE

• Changing ScanIso pattern configuration in backend.yml (@ryanohoro)

• Go client updates to address vulnerability.

• Updating capa and associated tests.

• Adding default password file reference to EncryptedZip and EncryptedDoc scanners.
• Bug fixes for multiple scanners.
• Moving strelka-ui in docker-compose.yaml to a prebuilt image to reduce error potential and decrease build time.

• Bug fix for YARA scanner (@ryanohoro)
• Removing redundant Python setup/requirements (@ryanohoro)

• Adding Strelka UI to default docker-compose.yaml. (@ryanohoro)
• Adding Scanner checker on worker start to display scanner load errors. (@ryanohoro)

• Adding ScanTranscode which converts new or uncommon image formats. (@ryanohoro)

• Adding Jaeger support service for tracing. (@ryanohoro)

• Telemetry tracing support added. (@ryanohoro)

• Updating cryptography dependency across project.
• Added 'ScanOnenote' and associated tests.
• Removed ScanBITS and associated references.
• Added style / formatting Github action automations

• Added tests and option limiters to ScanHtml and ScanJavascript
• Bug fix + tests for ScanXl4ma

• Documentation update (@jertel)
• Updating backend flavors
• Bug fixes and tests

• Added ScanTlsh scanner and tests (@ryanborre)

• Bug fixes for various tastes / tests (@ryanohoro)
• Updating scanners with common function for file submission to reduce code reuse / potential errors (@ryanohoro)
• Added additional functionality (e.g., ScanOcr can not concatenate output into single line) (@ryanohoro)

• Additional tests (@ryanohoro)
• Refactoring backend (@ryanohoro)

• Bug fix for strelka backend (cached scanners) (@ryanohoro)

• Test updates (@ryanohoro)

• Adds local execution functionality (@ryanohoro)

• ARM fix for container build
• Updated documentation for tests (@ryanohoro)

• Adds ScanSevenZip and associated tests. (@ryanohoro)

• Adds tests for ScanPgp, ScanPlist, ScanNf, Updates for ScanOle (@ryanohoro)
• Bug fix in ScanQR (@ryanohoro)
• Adds support for WEBP to multiple scanners (@ryanohoro)
• Increase collection potential for PGP (@ryanohoro)
• Backend Dockerfile modification (@ryanohoro)

• Adds tracebacks to events that have unhandled exceptions. (@ryanohoro)
• Updates to ScanCapa, tests, and associated build files. (@ryanohoro)

• Adds a test for scanner timeout behavior test_scan_delay (@ryanohoro)

• Adds an encodings option to ScanHeader/ScanFooter for additional data encodings (@ryanohoro)

• Adds a new test that throws an exception in a scanner and verifies an event with an uncaught_exception flag is created. (@ryanohoro)

• Added dozens of tests over the last few weeks.

• Updated with bugfixes or updates: ScanBase64, ScanEncryptedZip, ScanIni, ScanJPEG, ScanLibarchive, ScanMacho, ScanPDF, ScanPNGEoF, ScanQR, ScanRar,ScanTAR, ScanUPX, ScanVHD, ScanZip (@ryanohoro)

• Setup package pinning for Backend Dockerfile (@ryanohoro)
• Updated default YARA tastes to include CCN support (@ryanohoro)
• Updated backend.yaml to include CCN support (@ryanohoro)

• Updated Fileshot go client to include additional functionality
• Updated Fileshot Dockerfile dependencies

• Added ScanDmg Scanner (@ryanohoro)

• Added CMake to Backend dockerfile for LIEF (M1 Fix) (@aaronherman)

• Added support for Winzip AES (Updated Backend Dockerfile)

• Small update to fix test warning for ScanPDF
• Small update to fix test warning for ScanQR

• Updated workflows. (@ryanohoro)
• Updated multiple dependencies. (@ryanohoro)

• Added ScanDocx Scanner test. (@ryanohoro)
• Added ScanLNK Scanner test.
• Added ScanDocx Scanner test. (@ryanohoro)
• Added ScanPe Scanner test. (@ryanohoro)
• Added ScanJpeg Scanner test. (@ryanohoro)
• Added ScanHtml Scanner test. (@ryanohoro)
• Added ScanPdf Scanner test. (@ryanohoro)
• Added ScanExiftool Scanner test. (@ryanohoro)
• Added ScanRar Scanner test. (@ryanohoro)
• Added ScanZip Scanner test. (@ryanohoro)
• Added ScanEncryptedZip Scanner test. (@ryanohoro)

• Updated ScanLNK YAARA taste.
• Updated ScanPngEof to fix some bugs (@ryanohoro)
• Updated multiple dependencies.

• Added ScanVHD Scanner. (@ryanohoro)
• Added ScanVHD Scanner test. (@ryanohoro)

• Added ScanISO Scanner test. (@ryanohoro)

• Added ScanMsi Scanner.
• Added ScanMsi Scanner test.

• Added PyTest scanner testing functionality (@cawalch)
• Added several scanner tests (ScanFooter, ScanGif, ScanURL) (@cawalch)
• Added documentation for test execution.

• Updated ScanPDF to include phone number collection (@Derekt2)

• Updated ScanISO to include additional metadata (e.g., Creation Date)
• Updated ScanISO to include bucketing of of hidden directories.
• Updated ScanZip to include known password extraction.
• Updated ScanZip to display file names, sizes, and compression metrics. (@ryanohoro)

• Updated ScanPE to fix issues with security certificate parsing.
• Updated verisons / dependencies

• Updated verisons / dependencies

• Added ScanBITS Windows BITS file scanner.
• Added ScanXL4MA Excel 4 macro scanner. (Ryan Borre)
• Added AddIOC IOC parsing to allow for IOC storage in root files. (Ryan Borre)

• Updated ScanPDF with small fix. (Ryan Borre)

• Added ScanISO for ISO metadata collection and file extraction.
• Updated ScanLibarchive in backend.yml to remove iso_file

• Updated ScanLibarchive in backend.yml to remove iso_file.
• Disabled ScanELF in backend.yml after observing excessive data extraction issues.

• Updated README.

• Updated base docker image for backend and mmrpc.
• Updated various dependencies.

• Added TLSH hashing to ScanHash

• Updated lxml dependency.

• Updated lxml dependency.

• Updated Filesetream to decrease privilege access. (@cawalch)
• Updated ScanEmail with new logic and collection fields.
• Updated numpy dependency.

• Updated numpy dependency.

• Updated Readme.

• Updated Readme.

• Bug fix for signal timeout functionality.

• Updated backend timeout functionality, replacing interruptingcow with signal (@cawalch)

• Added ScanBMPEoF steganalysis scanner. (University of Minnesota)
• Added ScanLSB steganalysis scanner. (University of Minnesota)
• Added ScanNF steganalysis scanner. (University of Minnesota)
• Added ScanPNGEoF steganalysis scanner. (University of Minnesota)

• Adding embedded_files and needs_pass fields to ScanPDF

• Updated ScanLNK with additional fields and new scanner structure. (Ryan Borre / @Derekt2 / @swackhamer)
• Added Github CodeQL vulnerability identification Action

• Fixed / updated ScanPdf with new functionality. May require current implementations to change parsing. (Ryan Borre)
• Removed [DEBUG] warnings from ScanQR.
• Updated ScanELF with bug fix.
• Removed error logging from ScanELF

• Updating build to include exiftool dependency. (@cameron-dunn-sublime)

• Pinned and updated all go build dockerfiles to 1.17.6
• Updated all go mod files to match go requirements.
• Updated numpy dependency.
• Updated readme with new client application build instructions.

• Fix bug with scan_javascript pertaining to regular expression identification. (@cawalch)

• Updating lxml from version 4.6.3 to 4.6.5.
• Updating CAPA from version 3.0.1 to 3.0.3.
• Updating exiftool from version 12.36 to 12.38.

• Modified mmrpc Dockerfile to fix compilation build issues on ARM architecture.

• Modified exiftool repository reference to increase stability
• Updating backend dependencies
• Updating go dependencies

• Fix K8S backend configmap yaml (@cameron-dunn-sublime)

• Updated exiftool from version 12.28 to 12.30 (@cameron-dunn-sublime)

• Updated exiftool from version 12.25 to 12.28

• Default YARA volume mount and placeholder test YARA rule to verify ScanYARA functionality. (@Derekt2)

• scan_pe refactor / additions (@swackhamer)

• scan_qr QR code scanner (@aaronherman)

• Updated YARA from 3.11.0 to 4.0.5

• Updated various python dependencies

• Bug fix for scan_footer

• scan_footer file footer scanner

• Updated pygments dependency

• Refactored go Dockerfiles
• Hardcoded container names
• Changed ScanPDF scanner from pdfminer.six to PyMuPDF
• Accepted dependabot pull request, updating dependency lxml from 4.6.2 to 4.6.3

• README updated with formatting and images

• Python-Client Strelka standalone python file submission client (@scottpas)
• Strelka Oneshot Dockerfile
• GitHub Actions additional workflows for client builds

• Updated filestream sample config

• Filestream Processed Directory Added ability to move files from a staging directory to a processed directory on completion. (@weslambert)

• GitHub Actions Strelka builder and badge to test main branch on push and each day

• Updated go Dockerfiles with module fixes

• Pinned python versions for module cryptography

• ubuntu versions for strelka-backend and strelka-mmrpc updated to 20.04
• Accepted dependabot pull request, updating dependency lxml from 4.5.0 to 4.6.2

• kubernetes deployment example added. (@scottpas)

• Added option to disable Strelka Backend shutdown (@weslambert)

• scan_manifest scanner (@Derekt2)

• Pinned redis module to version 8 due to bug causing frontend and manager to fail compilation (#142) (phutelmyer)

• scan_capa FireEye scanner (@phutelmyer)
• scan_floss FireEye scanner (@phutelmyer)

• Fixed bug caused by update to go-redis, requiring Context objects to be added to redis commands

• Fixed bug causing path issue when building container.

• strelka-oneshot cli app to allow for submission of a file for testing without the need for a config file. (@rhaist)
• swig as build/wheel dependency for M2Crypto (@rhaist)

• Updating dependencies for various packages (@rhaist)
• Formatting all go source files to match official guidelines (@rhaist)

• Added additional error handling for scan_lnk scanner (@Derekt2)
• Typo fixed in README.md (@weslambert)

• Added tree.root metadata to tree object
• Added scan_base64_pe scanner which decodes base64-encoded files
• Added scan_lnk scanner which provides metadata for LNK files
• Added yara.tags to yara scanner which collects Tags from YARA matches

• Changed scanner imports in scan_vba. Changed olevba3 package to olevba due to deprecation.

• Added additional error handling for corrupt documents in ScanDocx

• Updated YARA version from 3.10 to 3.11

• Removed logging reference in ScanEncryptedDoc

• Modified error handling for ScanPlist

• Added ScanAntiword into backend scanner configuration file (commented out)

• Added ScanEncryptedDoc which allows users to decrypt documents.
• Added additional error handling for ScanDocx

• Modified ScanPE to include additional error handling.

• Added ScanDoc support for additional metadata extraction.

• Added support for ScanRar RAR extraction with passwords.

• Added olecf flavor to ScanIni default

• Fixed bug in ScanTnef where key is not present, an exception is thrown.

• Fixed bug in ScanPe when header field is nonexistent (jshlbrd)

• Improved speed of ScanZip decryption (jshlbrd)

• ScanMmbot fields are now internally consistent with other event dictionaries (jshlbrd)
• Fixed bug in ScanMacho dynamic symbols (jshlbrd)
• Renamed 'decompressed_size' to 'size' across all decompression scanners (jshlbrd)

• Two new fields in ScanIni (comments and sections) (jshlbrd)
• New scanner ScanZlib can decompress Zlib files (jshlbrd)

• Fixed unintended CRC exception when decrypting ZIP files (jshlbrd)

• New scanner ScanIni can parse INI files (jshlbrd)

• Renamed strelka-redis to strelka-manager (jshlbrd)
• Updated ScanPe to better sync with ScanElf and ScanMacho (jshlbrd)

• Fixed frontend crashing issues when empty files are sent to cluster (jshlbrd)

• Added Gatekeeper (temporary event cache), a new required component (jshlbrd)

• Transitioned ScanMacho from macholibre to LIEF (jshlbrd)
• Fixed multiple issues in ScanElf JSON dictionary (jshlbrd)

• Transitioned ScanElf from pyelftools to LIEF (jshlbrd)
• Fixed ScanPdf f-string flags (jshlbrd)

• scan_* dictionaries are now nested under scan: {} (jshlbrd)
• 'time' field is now 'request.time' (jshlbrd)
• 'file.scanners_list' is now 'file.scanners' (jshlbrd)

• Updated YAML files to use 2 spaces instead of 4 spaces (jshlbrd)
• Conflicting variable names were refactored (jshlbrd)
• Added .env file for cleaner execution of docker-compose (jshlbrd)

• go-redis Z commands changed to non-literal (jshlbrd)

• 'throughput' section added to fileshot and filestream configuration files (jshlbrd)
• Added default docker-compose DNS hosts to misc/envoy/* configuration templates (jshlbrd)
• Added Docker volume mapping to frontend in default docker-compose (jshlbrd)

• Forked pyopenssl replaced with M2Crypto (jshlbrd)
• 'tree' event dictionary is now nested under 'file' event dictionary (jshlbrd)
• Scanner event dictionaries now start with 'scan_' (jshlbrd)
• Timestamps are now unix/epoch (jshlbrd)
• ScanExiftool now outputs 'human readable' data (jshlbrd)
• Looping Redis commands sleep at a consistent interval of 250ms (jshlbrd)

• 'cache' is no longer used -- 'coordinator' takes over all Redis tasks (jshlbrd)

• Switched pyopenssl to forked package (jshlbrd)
• Archived 0MQ branch (jshlbrd)
• Migrated gRPC to master (jshlbrd)

• Dockerfile now supports UTC and local time (ufomorme)

• Scan event start and finish timestamps now support UTC and local time (ufomorme)

• Improved YARA tasting signature for email files (DavidJBianco)
• Fixed install path for taste directory (jshlbrd)

• "beautified" field (bool) to ScanJavascript (jshlbrd)

• strelka_dirstream.py now supports recursive directory scanning (zachsis)

• ScanZip now supports decryption via password bruteforcing (ksdahl)

• Unit tests for ScanPe added (infosec-intern)

• strelka_dirstream.py now supports moving files after upload (zachsis)

• Added version info to ScanPe (infosec-intern)

• Expanded identification of email files (DavidJBianco)

• pip packages now installed via requirements.txt file(s) (infosec-intern)

• EOF error flag to ScanBzip2 (jshlbrd)

• taste_yara now loads files from directories, not a static file (ksdahl)

• Options for manually setting ZeroMQ TCP reconnections on the task socket (between broker and workers) (jshlbrd)

• "request_port" option renamed to "request_socket_port" (jshlbrd)
• "task_port" option renamed to "task_socket_port" (jshlbrd)

• strelka_dirstream.py switched from using inotify to directory polling (jshlbrd)
• strelka_dirstream.py supports monitoring multiple directories (jshlbrd)
• extract-strelka.bro will temporarily disable file extraction when the extraction directory reaches a maximum threshold (jshlbrd)

• New scanner ScanFalconSandbox can send files to CrowdStrike's Falcon Sandbox (ksdahl)

• New scanner ScanPhp can collect tokenized metadata from PHP files (jshlbrd)

• New scanner ScanStrings can collect strings from file data (similar to Unix "strings" utility) (jshlbrd)

• ScanPdf was unintentionally extracting duplicate streams, but now it is fixed to only extract unique streams (jshlbrd)

• ScanJavascript now supports deobfuscating JavaScript files before parsing metadata (jshlbrd)

• ScanUrl now supports user-defined regular expressions that can be called per-file (jshlbrd)

• Refactored taste.yara javascript_file rule for readability (jshlbrd)
• Removed JavaScript files from ScanUrl in the default strelka.yml (jshlbrd)

• Project went public!