Skip to content

Release Notes

Known Issues

For all other known issues, please see https://github.com/Security-Onion-Solutions/securityonion/issues.

Release History

3.1.0 Hotfix [20260528] Changes

  • FIX: Grids with multiple heavy nodes fail Elasticsearch upgrade verification for 3.1.0
  • FIX: Grids using custom logstash pipeline(s) may have stale pillar entries #15932

3.1.0 [20260521] Changes

  • FEATURE: Add Postgres support for future features
  • FEATURE: Add bonded NIC support for management interfaces #15548
  • FEATURE: Add ingest latency metric
  • FEATURE: Allow the setup of bond1 for management for ISO installs #15865
  • FEATURE: Elastic Fleet continuously validate output policy
  • FEATURE: RAID monitoring for hypervisor VMs #15809
  • FEATURE: Restore Suricata Overrides from backup #15881
  • FEATURE: Sigma mappings - M365 & Fortigate #15882
  • FEATURE: Simplified Onion AI setup for regions outside US #15773
  • FEATURE: Support Azure OpenAI endpoints #15841
  • FIX: 'Investigate' using inaccessible local model shows "insufficient credits"
  • FIX: Add options selection to annotations #15744
  • FIX: Appliance images in SOC grid misaligned #15713
  • FIX: Consider setting Elastic Agent output level to warning only #15431
  • FIX: Deterministically sort threshold.conf #15815
  • FIX: Improve elastic agent install outcome to check that the installation is healthy
  • FIX: Improve lucene and elastic query param validation #15860
  • FIX: Improve reverse DNS lookups success rate #15760
  • FIX: Improve usability for visually impaired users
  • FIX: JA4+ license hyperlink #15717
  • FIX: Make SOC and Kratos enabled annoations readonly #15827
  • FIX: Modifying detection templates in config causes SOC to crash loop #15798
  • FIX: Need better user feedback when attaching assistant chat to a case #15689
  • FIX: Node descriptions containing both spaces and numbers prevent pillar creation #15540
  • FIX: Prevent excessive OnionAI query length
  • FIX: Reactor sominion_setup #15834
  • FIX: Refactor Detections backup #14992
  • FIX: Reinstall #15811
  • FIX: SOUP verify all Elasticsearch nodes are compatible with the next Elasticsearch version #15908
  • FIX: Suricata pcap-log max-files rounds to 0 when calculated value is between 0 and 1 #15740
  • FIX: UI should show the name of the current Dashboard #15703
  • FIX: Use hunt action link for case observable hunt pivots #15752
  • FIX: Use safeload for loading filecheck config #15859
  • FIX: Zeek ingest pipeline for JA4d.log #15886
  • UPGRADE: Axios to 1.15.0 in SOC #15774
  • UPGRADE: CyberChef to 11.0.0 #15890
  • UPGRADE: Elasticsearch to 9.3.3
  • UPGRADE: Kratos and Hydra 26.2.0+pgx #15796
  • UPGRADE: SOC Go dependencies #15795
  • UPGRADE: SOC frontend dependency libs #15848
  • UPGRADE: Suricata to 8.0.5 #15903
  • UPGRADE: Zeek to 8.0.8 #15794
  • UPGRADE: nginx to 1.30.1 #15891

3.0.0 [20260331] Changes

  • FEATURE: Configurable Elasticsearch vm.max_map_count setting
  • FEATURE: Dynamically load Zeek plugins on zeek startup #15546
  • FEATURE: Enable JA4+ License Acceptance #15560
  • FEATURE: Parsing for Zeek websockets logs #15657
  • FEATURE: Refresh login page with updated look
  • FEATURE: Refresh SOC UI with updated look
  • FEATURE: Support additional alt names in web cert
  • FEATURE: Support docker ulimit customization #15581
  • FEATURE: Suricata PCAP replacing Stenographer
  • FIX: API 401 errors will no longer redirect #15611
  • FIX: Cleanup file.absent and cron.absent
  • FIX: Detections - Intermittent "error closing scroll" #14216
  • FIX: Duplicated user roles when refreshing frontend at Administration > Users #15688
  • FIX: Enabled / Disabled Buttons for SOC Grid Configuration Options #15649
  • FIX: Fix rule validators in SOC #15533
  • FIX: Global override configs should not apply to certain indices #15601
  • FIX: Network Transport for suricata alerts should be lowercase #15668
  • FIX: Sensors are not checking in while processing long jobs #15650
  • FIX: so-suricata-testrule script #15396
  • FIX: STIG V1R3
  • FIX: Suricata address-groups vars allow negation #15664
  • FIX: Unable to create detections via Security Onion API #15673
  • UPGRADE: All frontend 3rd party deps
  • UPGRADE: ATTACK Navigator to 5.3.0 #15680
  • UPGRADE: CyberChef to 10.22.1 #15681
  • UPGRADE: ElastAlert2 to 2.28.0 #15685
  • UPGRADE: Golang 3rd party deps #15647
  • UPGRADE: Golang to 1.26.1 #15580
  • UPGRADE: Hydra to 25.4.0 #15678
  • UPGRADE: Kafka to 3.9.2 #15684
  • UPGRADE: Kratos to 25.4.0 #15677
  • UPGRADE: Nginx to 1.29.6 #15686
  • UPGRADE: OpenCanary to 0.9.7 #15679
  • UPGRADE: Redis to 7.2.13 #15682
  • UPGRADE: Suricata to 8.0.4 #15625
  • UPGRADE: Telegraf to 1.38.0 #15683
  • UPGRADE: Update Docker base images