IBM Support

IBM Security QRadar SOAR release changelog

How To


Summary

IBM Security QRadar SOAR* release changelog

Steps

*IBM Resilient SOAR was renamed to IBM Security SOAR on 18 February 2021, and as of 7 December 2021 is now renamed to IBM Security QRadar SOAR as part of our overall threat management portfolio rebranding.
NOTEAs of 1 January 2020, Python 2 officially reached end-of-life.  Beginning in Q2 2023, with our SaaS and On-Premise releases of IBM Security QRadar SOAR and IBM Cloud Pak for Security, the ability to create Python 2 scripts, including Python 2 email scripts, will be removed. Users are required to leverage the Python 3 Scripting Engine. Beyond our Q3 2023 releases, there will be no IBM support available for Python 2.  
  • Software downloads for each version are available on the Release Download Locations page.
  • See Upgrade notes under What's New for instructions and any version-specific notes regarding Upgrade. 
What's new in 50.2.65 HotFix 4 (14 June 2024)
  • SOAR-17494: Unable to run soarSystemBackup if soar config files located in different volume group.
  • SOAR-19179: 50.x cannot be installed on RedHat 8.9 and later.
What's new in 51.0.2.1.46 (14 June 2024)
What's new in 51.0.2.0.9764 (17 May 2024)
What's new in 51.0.1.2.16 (19 Apr 2024)
What's new in 51.0.1.1.36 (15 Mar 2024)
What's new in 51.0.1.0.9540 (21 February 2024)
What's new in 50.2.57 HotFix 3 (19 February 2024)
  • SOAR-16939: Upgrade Duo to SDK 4.0 for universal prompt.
  • SOAR-17413: Upgrade IBM JDK
What's new in 51.0.0.2.13 HotFix 1 (19 February 2024)
  • SOAR-16939: Upgrade Duo to SDK 4.0 for universal prompt.
  • SOAR-17413: Upgrade IBM JDK
What's new in 49.2.69 HotFix 2 (15 February 2024)
  • SOAR-16939: Upgrade Duo to SDK 4.0 for universal prompt.
  • SOAR-17413: Upgrade IBM JDK
What's new in 51.0.0.2.12 (22 January 2024)
What's new in 50.2 HotFix 2 (15 January 2024)
  • SOAR-17841: Provide Python 3.8.18 for RHEL7 to address security issues.
What's new in 51.0.0.1.27 (15 December 2023)
What's new in 51.0.0.0.9340 HotFix 1 (24 November 2023)
  • SOAR-17543: News feed api fails on concurrent deletes of datatables.
What's new in 51.0.0.0.9339 (22 November 2023)
What's new in 47.2.91 HotFix 9 (3 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 50.0.9116 HotFix 1 (3 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 50.1.61 HotFix 1 (3 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 48.0.8590 HotFix 3 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 48.1.103 HotFix 2 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 48.2.70 HotFix 5 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 49.0.8856 HotFix 2 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 49.1.81 HotFix 1 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 49.2.60 HotFix 1 (2 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 50.2.45 HotFix 1 (1 November 2023)
  • SOAR-17329: Apache ActiveMQ is vulnerable to Remote Code Execution.
What's new in 50.2.42 (23 October 2023)
What's new in 50.1.54 (18 September 2023)
What's new in 50.0.9097 (21 August 2023)
What's new in 49.2.34 (14 July 2023)
What's new in 48.2.45 HotFix 4 (11 July 2023)
  • SOAR-15470: Improved the error handling of the in-product scripting mechanism when it exceeds the assigned memory limit while communicating with the application.
What's new in 47.2.63 HotFix 8 (11 July 2023)
  • SOAR-15470: Improved the error handling of the in-product scripting mechanism when it exceeds the assigned memory limit while communicating with the application.
What's new in 46.2.38 HotFix 3 (11 July 2023)
  • SOAR-15470: Improved the error handling of the in-product scripting mechanism when it exceeds the assigned memory limit while communicating with the application.
What's new in 49.1.52 (20 June 2023)

What's new in 47.2.59 HotFix7 (19 June 2023)

  • SOAR-15838: During multi-incident closure, if values are changed for individual incidents then they are not saved.
  • SOAR-15116: During multi-incident closure, 2nd modal isn't persisting updated individual incident fields.

What's new in 47.2.58 HotFix6 (13 June 2023)

  • SOAR-15451: soarSystemBackup and soarSystemRestore may fail in a proxy environment.
  • SOAR-15703: Unable to enable DR if master appliance ran rollback before.
  • SOAR-15765: Cannot close multiple incident if extra custom incident field is required at close time

What's new in 49.0.8814 HotFix1 (9 June 2023)

  • SOAR-15637: Incident report is not generating - fontconfig issue.

What's new in 48.2.32 HotFix2 (23 May 2023)

  • SOAR-15167: Closing incidents popup loses field edits resulting in failure to close.

What's new in 47.2.49 HotFix5 (22 May 2023)

  • SOAR-15167: Closing incidents popup loses field edits resulting in failure to close.
What's new in 49.0.8803 (19 May 2023)
  • Data navigator for inputs to playbook functions and sub-playbooks
  • Playbook progress visualization
  • SOAR apps now support third-party credential managers
  • Analytics dashboard enhancements
  • Python 2 deprecation
  • App Host: V1.13.1.582 is intended to provide support for SOAR V49
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 47.2.45 HotFix4 (09 May 2023)

  • SOAR-15215: delays in accessing workflow and playbook properties while executing scripts.
  • SOAR-14987: Scripting needs better performing options in API to query incidents.
  • SOAR-9857: Allow user to patch incidents in the foreground.
  • SOAR-15226: Uninstalling an app throws PersistenceException as a lot of incidents are updated on lastModifiedDate field.

What's new in 47.2.37 HotFix3 (08 May 2023)

  • SOAR-14944:  Certain workflow executions are consistently failing at the function post-script stage.

What's new in 48.0.8541 HotFix1 (08 May 2023)

  • SOAR-14944:  Certain workflow executions are consistently failing at the function post-script stage.

What's new in 48.1.54 HotFix1 (08 May 2023)

  • SOAR-14944:  Certain workflow executions are consistently failing at the function post-script stage.

What's new in 48.2.23 HotFix1 (08 May 2023)

  • SOAR-14944:  Certain workflow executions are consistently failing at the function post-script stage.
What's new in 48.2.16 (13 April 2023)
What's new in 48.1.47 (20 March 2023)

What's new in 48.0.8533 HotFix1 (03 March 2023)

  • SOAR-14269:  Upgrade to 48.0 failed due to errors in running 580-drop-duplicateIndexs.sql
What's new in 48.0.8529 (17 February 2023)
  • Improved access and sharing for dashboards and report templates
  • Updated version of Red Hat Ansible Engine
  • New playbook revision field
  • Expanded OS support for integration servers
  • Report OS support for integration servers
  • App Host: V1.12.1.530 updates to K3s to 1.24.9 and is intended to provide support for SOAR V48
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 47.2.31 HotFix2 (14 February 2023)

  • SOAR-13491:  Failing to mark emails as read causes duplicated incidents.

What's new in 47.2.28 HotFix1 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 47.1.40 HotFix1 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 47.0.8308 HotFix1 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 46.2.22 HotFix2 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 46.1.52 HotFix3 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 46.0.8140 HotFix3 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 45.2.49 HotFix4 (01 February 2023)

  • SOAR-13532:  [Inbound email] Oauth connection grant access operation does not use uploaded certs if the proxy is turned off.
  • SOAR-13592: [Inbound email] [UI] The certificate upload widget is not shown when grant access encounters error.

What's new in 47.2.25 (17 Jan 2023)

What's new in 47.1.36 (13 Dec 2022)

  • Reduced time required to rollback to previous version
  • Ability to select multiple emails and perform actions in bulk
  • App Host: V1.11.1.480 includes updated application run file, security update package
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.
    What's new in 47.0.8304 (17 Nov 2022)
  • Clone Playbook
  • Automatically Cancel Playbook
  • Present email previews with attachments
  • App Host: V1.11.1.472 is intended to provide support SOAR V47
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 46.2.20 HotFix1 (02 Nov 2022)

  • SOAR-9871:  No error is displayed on the UI if there are failures when closing multiple incidents from the Incidents page.
  • SOAR-138: In Excell report, initialization exceptions on the fielddef collection in the org object.

What's new in 45.2.45 HotFix3 (02 Nov Oct 2022)

  • SOAR-9871:  No error is displayed on the UI if there are failures when closing multiple incidents from the Incidents page.
  • SOAR-138: In Excell report, initialization exceptions on the fielddef collection in the org object.

What's new in 44.2.43 HotFix4 (25 Oct 2022)

  • SOAR-9871:  No error is displayed on the UI if there are failures when closing multiple incidents from the Incidents page.
  • SOAR-138: In Excell report, initialization exceptions on the fielddef collection in the org object.

What's new in 46.2.19 (19 Oct 2022)

What's new in 46.1.49 HotFix2 (12 Oct 2022)

  • SOAR-2611: Intermittent issue updating incident last modified timestamp preventing workflow instances from committing properly due to OptimisticLockException 

What's new in 46.0.8135 HotFix2 (12 Oct 2022)

  • SOAR-2611: Intermittent issue updating incident last modified timestamp preventing workflow instances from committing properly due to OptimisticLockException 

What's new in 44.0.7597 HotFix4 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 44.1.58 HotFix3 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 44.2.40 HotFix3 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 45.0.7901 HotFix2 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 45.1.48 HotFix2 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 45.2.43 HotFix2 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 46.0.8134 HotFix2 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 46.1.48 HotFix2 (22 Sep 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 46.1.47 (16 Sep 2022)

  • Updated App Host security and optional update package (1.10.1.441), which works with previous versions of App Host. Main App Host application run file is unchanged since App Host 1.10.1.436
  • Addressed functional issues and vulnerabilities. See Corrected issues page for details. 
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 43.1 HotFix6 (12 Sep 2022)

  • RES-32787: Further changes to issue when always required custom fields have a value, they don't show up in the Close Case model

What's new in 43.1 HotFix5 (26 Aug 2022)

  • RES-32787: Issue when always required custom fields have a value, they don't show up in the Close Case model 

What's new in 44.0 HotFix3 (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 44.1 HotFix2 (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 44.2 HotFix2 (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 45 HotFix1 (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 45.1 HotFix1  (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 45.2 HotFix1 (19 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 46.0.8131 (17 Aug 2022)

  • Added a new configuration setting to app.config, called heartbeat_timeout_threshol.
  • App Host: added support for Red Hat Enterprise Linux 8.4 to 8.6.
  • Added support for newlines when a user enters values in addHit of an artifact script.
  • Added an improved backup and restore solution.
  • Updated the individual upgrade log files in /usr/share/co3/logs to include timestamps.
  • Added support for playbooks in MSSP configurations.
  • When exporting incidents to an Excel file, rather than wait for the export to complete, users can now choose to receive an email notification.
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 43.1 HotFix4 (12 Aug 2022)

  • RES-32719: Issue preventing customer to close multiple cases in Cases List page when user edits fields

What's new in 45.2.37 (14 July 2022)

What's new in 45.1.42 (17 June 2022)

What's new in 45.0.7899 (20 May 2022)

  • Designers can add playbooks, called sub-playbooks, to a playbook. Designers can create sub-playbooks to define repeatable activities to use within other playbooks.
  • Designers can cancel the running instances of a playbook.
  • Designers can configure a playbook to cancel automatically upon pre-defined conditions.
  • Designers can design an activation form for manually triggered playbooks where analysts can enter data when they activate the playbook.
  • Only scripts with object types that are compatible with the playbook's object type are shown in the library.
  • Playbooks are tagged, which provides a performance enhancement when users export playbooks or organizations.
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 44.2 HotFix1 (13 May 2022)

  • RES-29918: Invalid XML character (Unicode: 0x9d) is causing the email service to stop processing email messages

What's new in 44.1 HotFix1 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 44 HotFix2 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 43.1 HotFix3 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 43 HotFix4 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 42.2 HotFix4 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 42.1 HotFix2 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 42 HotFix3 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 41.2 HotFix3 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 41.1 HotFix1 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 41.0 HotFix1 (12 May 2022)

  • RES-31434: A malicious user could run OS commands on the SOAR system

What's new in 44.2.32 (15 April 2022)

What's new in 43.1 HotFix2 (31 March 2022)

  • RES-30879: “Export” button in the incidents tab does not take into account the filters
  • RES-31044: Configuration import containing playbook fails after upgrading to v43.1

What's new in AppHost 1.8.1 HotFix1 (28 March 2022)

The following issue is corrected in this update (apphost-1.8.1.379):

  • RES-31487: Upgrading AppHost to 1.8.1 succeeds but k3s restart fails when SELinux policy is set to Enforcing.

What's new in 44.1.47 (14 March 2022)

What's new in 44.0 HotFix1 (17 February 2022)

  • RES-31186: In-product Documentation links do not load.

What's new in 44.0.7584 (16 February 2022)

  • Artifacts - Users can add multiple values for an artifact hash type.
  • Disaster Recovery - Added a skip receiver backup parameter that reduces downtime by not backing up the receiver database, which is useful when you upgrade DR.
  • Fields - Fields with a name longer than 80 characters have an extra property, "Abbreviated label" which allows designers to enter a short name for use in design.
  • Incidents - Improved deletion of incidents.
  • Playbooks -
    • Users can enable or disable playbooks from the Playbooks main page.
    • Improved the performance of deleting playbooks.
    • Added a delay before the system cancels any existing instances after a playbook deletion to give users the opportunity to undo the deletion.
  • SDK - For app developers, the SDK includes a validate command that can test the content of the files that are associated with the app.
  • App Host - The V1.8.1 release allows users to enter a path component in the manageAppHost registry --registry command. For example, previously the command would allow mycontainer.com but not mycontainer.com/path
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new: 14 February 2022

Resolved the following issues :
  • RES-30884 - Postgres upgrade from 9 to 12 that fails when server locale is changed before the upgrade
  • RES-30940 - Unable to acquire pgbackrest lock during upgrade
in the following versions:
  • V43.1.52
  • V43.0.7667

What's new in 43.1.49 (18 January 2022)

  • Updated App Host security update package (1.7.1.342)
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new: 21 December 2021

Upgrade to Elasticsearch to v7.16.2 to completely mitigate  Apache Log4j  vulnerability  in the following versions:
  • V42.2.41
  • V43.0.7662

What's new: 16 December 2021

Corrected a security vulnerability associated with the Apache Log4j on the platform in the following versions:
  • V40.2.81
  • V41.2.41
  • V42.2.39
  • V43.0.7661

What's new in 43.0.7660 (10 December 2021)

  • Analytics Dashboard - A Custom HTML Block widget in the analytics dashboard allows users to add the company logo or other images and text
  • App Host - The Download Controller Logs option in the App Host menu has been updated to download the log files. Users can filter the log by start and end date.
  • Artifacts and scripts - Added helper methods to manage artifacts from a script. Methods include addHit, addTag, GetAllTags, containsTag, and removeTag.
  • Database - Updated the underlying PostgreSQL database management system and Tomcat web server environment.
  • Field value deletion - Users are prevented from deleting a value of a select or multi-select field if that value is used in a playbook, workflow, or rule
  • Import - Added the import file name to the import history table.
  • Integration server - Added support proxy server configuration environment variables.
  • Password reset - Administrators can reset another user's password from the Users tab.
  • Playbooks -
    • Playbooks can be manually activated, where the activated playbook shows as an action in an object's Action menu.
    • Individual playbooks can be exported and imported.
    • Nodes can be deleted directly from the canvas by right-clicking the node.
    • Tasks and scripts can be deleted directly from the library, which deletes the object from all playbooks and any rules and workflows.
    • Updated the header and toolbar for usability.
  • Roles - For usability, added the text, Workflows and playbooks: Cancel progress, to the Roles tab under Edit Incident .
  • System Settings - Added a Blocked IPs page to System Settings where administrators can view and unblock blocked IP addresses.
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 42.2.29 (15 October 2021)

  • Updated App Host security update package (1.6.1.297)
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 42.1.65 (16 September 2021)

  • The Destination tab, formerly Message Destination in Customization Settings, now includes Inbound destinations
  • Playbook Designer Enhancements including advanced condition points 
  • Updated App Host security update package (1.6.1.295)
  • Privacy Breach Response: see IBM Documentation for Privacy updates in this release.

What's new in 41.2 HotFix1  (31 August 2021)

  • RES-28986: JVM segmentation error on systems with 50+ GB of RAM.

What's new in 42.0.7058 (16 Aug 2021)

  • Condition Points In Playbook
  • Show hits in global artifacts
  • Online database backups during upgrade
  • App Host 1.6.1 (Proxy Exposure, Dependency Upgrades)
  • Cases Kanban as default view
Privacy updates:
  • Texas Regulator update for 2021 Amendment to the Texas Business and Commerce Code.

What's new in 41.2.35 (17 July 2021)

  • App configuration: The range for the num_workers setting in the app's app.config file increased to 500.
Privacy updates:
  • Selected items for the Regulators, Data Types and Affected Individuals display first in Edit mode above the rest in alphabetical order.
  • When creating an incident, the record count of Affected Individuals defaults to null instead of 0.
  • Regulator changes: see v41.2 What's New - Privacy updates for details.

What's new in 39.2 HotFix4 and 40.2 HotFix 1 (28 June 2021)

  • RES-28283: Slow incident note creation when incident contains a member group with a lot of users.

What's new in 41.1.49 (15 June 2021)

  • Rest API: Updated the Swagger Interface Description Language
  • Updated App Host security update and optional packages (1.5.220)
Privacy updates:
  • The Privacy UI has been streamlined to provide flexible layouts for Regulators and Affected Individuals.
  • Regulators and Affected individuals display selections more clearly and consistently in the Breach tab and new incident Wizard.
  • Improved access to the Edit button in Regulator, Data Type and Affected Individuals for usability.
  • Updated Regulators for Singapore, Arkansas, California, Maryland and Rhode Island.

What's new in 41.0.6783 (17 May 2021)

  • App Host 1.5: new V1.5.218 is available, which supports the MSSP environment. 
  • Artifacts: Added toggle switches to enable or disable threat scans and viewing of related incidents.
  • Organization setting: Allows administrators to require that all incidents must be in its final phase to be closed.
  • Ciphers: For on-premises customers only, the system is configured to use only most secure ciphers by default.
Privacy updates:
  • Usability improvements: The Privacy UI has been streamlined to provide flexible layouts for data types.
  • Updated Resource Library language and links to incorporate Utah’s 2021 Data Security Amendments.

What's new in 40.2.73 (19 April 2021)

  • Playbook designer:  New feature to graphically design and manage playbooks.
  • Color Theme:  Ability to select color themes from My Settings is removed.
  • Rules: Rules are updated to re-run the privacy engine.
  • Workflow: Changed  post-process script behavior.
  • Updated App Host security update and optional packages (1.4.189)
Privacy updates:

What's new: 9 April 2021

Corrected security vulnerability with the Python3 Scripting Engine on the platform, in the following versions:
  • V38.2.41
  • V39.0.6336
  • V39.1.46
  • V39.2.21
  • V40.0.6556
  • V40.1.51

What's new in 40.1.50 (15 March 2021)

  • Apps:  Added operations, such as upgrade, to the menu on each app icon in the Apps tab.
  • Temporary directory: On-premises users can change the location of the temporary directory used for upgrade, backup, and restore procedures.
Privacy updates:
  • Usability improvements: Updated the Edit Location button in Affected Individuals and the Breach tab under Customization Settings so that all the settings, including Affected Individuals, become the default settings in the Breach tab for incidents.
  • Updated regulators for Australia and Denmark.
What's new in 40.0.6554 (19 February 2021)
  • App Host 1.4:  New version V1.4.182 is available, which supports upgrading apps.
  • Artifacts: Added the ability to tag artifacts.
  • Auditing: Added API key expiration to the audit log.
  • Disaster Recovery: Added support for apps running on an App Host in the Disaster Recovery feature.
  • Notifications: Added API key to the types of notifications so that users can be alerted when an API key expires or is locked.
  • Updated the section in IBM Knowledge Center on differences between Python 2 and Python 3.
  • Added the ability to set the time zone to Coordinated Universal Time (UTC) for each Resilient organization.
  • Password policy: The password policy is updated.
Upgrade note: The expiration duration for both password and API key accounts begins once the system is upgraded; otherwise, the password policy does not affect existing passwords.
Privacy updates:
  • HIPAA/HITECH: Updated Resource Library language and provided link to the 2021 guidance on fees and penalties.
  • Added San Marino to the Privacy Solution.
What's new in 39.2.17 (14 January 2021)
  • App Host 1.3:  Security update V1.3.164.
Privacy updates:
  • Updated the Resource Library language and link to the Ohio Attorney General’s Data Breach Prevention and Response: A Guide for Businesses and Charities.
  • Singapore: Updated this regulator pursuant to an amendment effective on 1 February 2021.

What's new in 39.0 HotFix 1 and 39.1 HotFix 1 (24 December 2020)

  • RES-25780 - Potential "OutOfMemoryError" after upgrade.
What's new in 39.1 (11 December 2020)
  • App Host 1.3: Added jq and httpdtools to the App Host optional packages.
  • App: Added App Host version information on the Apps tab.
  • App: Prevented installation of apps with the secrets feature enabled on older App Hosts.
Privacy updates:
  • Updated incident response links and tooltip for: Belgium, Denmark, Estonia, Greece, Ireland, Poland, Portugal, and UK.
  • Updated the penalties chart in the Resource Library for HIPAA.
  • Added a note regarding the recent passage of the Personal Data Protection (Amendment) Regulation 2020 (PDPA) for Singapore.
  • Modified behavior of the US state exemptions for GLBA and HIPAA.
What's new in 39.0 (19 November 2020)
  • App Host 1.3: Added support for file secrets, CoreDNS configmap, controller version information, and multiple certificates.
  • App: Added the concurrent functions specification in app.config.
  • Artifacts: Introduced a global Artifacts view to show all artifacts in the organization on a single page.
  • Groups: Added support for assigning tasks to groups.
  • Passwords: Changed the password-hashing function from bcrypt to PBKDF2.
  • Privacy: Updated the About page to display a link to the IBM Privacy Policy.
  • Reports: Enhanced the usability of the Build a Report page. Added support for sharing report templates.
  • Sizing Guidelines: Updated the IBM Knowledge Center to provide system configuration guidelines.
Privacy updates:
  • Changed “record count” to “affected individuals”, added all the US State regulators to the main Regulator page, moved the “unknown” affected individuals box to the bottom of the affected individuals section, and removed the assessment at the bottom of the Breach tab.
  • Added three new tasks: "Allocate US Residency", "Confirm Applicability of Regulator", and “Investigate Residency”.
  • Created a distinction between zero and null.
  • Updated information for the following regulator: New Zealand.
  • Updated information for the following US regulator: US Special Jurisdictions – Texas person/entity/ state agency.
What's new in 38.2 (15 October 2020)
  • Scripting: Added support for writing scripts in Python 3
  • System: Added support for RHEL 7.9
  • Installer: Removed dependency on semver, pip, and setuptools
Privacy updates:
  • Updated information for the following regulators: China, Egypt, Ghana, Turkey, and Uruguay.
  • Updated information for the following US regulators: Oregon, Tennessee, Texas, and Utah
  • Revised the title of the task “Arrange to Provide Identity Theft Prevention and Mitigation Services” to “Credit Monitoring” in the following states: California, Connecticut, Delaware, District of Columbia and Massachusetts.
  • Disabled the following regulator: Connecticut (Insurance)
  • Modified GLBA preemptions for the following states: Arkansas, District of Columbia, Idaho, Kansas, Mississippi, Missouri, New Hampshire, New Mexico, New York, Oklahoma, and Pennsylvania.
  • Modified HIPAA/HITECH preemptions for the following states: Arkansas, Idaho, Kansas, Michigan, Missouri, New Hampshire, New Mexico, New York, Oklahoma, Pennsylvania, Utah, and West Virginia.

What's new in App Host 1.2 HotFix 1 (1 October 2020)

The following issue is corrected in this update (apphost-1.2.135.run):

  • RES-24006 — App does not load successfully if organization name contains Unicode characters.
 
What's new in 38.1 (16 September 2020)
  • Apps: Updated the Download Logs button for each app to filter by date. This feature requires App Host V1.2 or later.
  • App Host: Added the Download Controller Logs menu item to the App Host menu. Added security updates and optional packages for the App Host. 
  • Email: The Resilient email inbound connection supports the OAuth authentication mechanism for Office 365 accounts. The default max heap size for the email service is increased to 1024 MB.
  • Optional packages: Added the lsof (list open files) and tcpdump (packet analyzer) utilities to the optional packages for the Resilient virtual image installation (for on-premises customers only).
  • Task permission: Added a permission called Edit Task Header that controls which users can edit the task name, instructions, and phase (for system tasks only).
Privacy updates:
  • Added the following regulators: Egypt and Moldova.
  • Updated information for the following regulators: Brazil, China, Slovenia, South Korea (CSP).
  • Updated information for the following US regulators: Connecticut, Vermont (Data Brokers).
  • Disabled the following US regulators: New Hampshire (Insurance), Ohio (Insurance).

What's new in 37.2 HotFix 3 (16 September 2020)

The following issue is corrected in this update:

  • RES-23886 — Generating an incident report that contains a sizable Task History can cause poor system performance.

What's new in 37.2 HotFix 2 (7 September 2020)

The following issues are corrected in this update:

  • RES-20350 — Generating an incident report that contains a sizable Details History can cause poor system performance.
  • RES-18905 — The X-Forwarded-For Header in a request can inadvertently log an incorrect IP address when connecting to specific internal networks. The affects only on-premises customers within a restricted network.

What's new in 38.0 HotFix 1 (28 August 2020)

The following issue is corrected in this update:

  • RES-23471 — Search does not work after upgrading to Resilient V38
What's new in 38.0 (19 August 2020)
  • You can pair multiple App Hosts to a single Resilient organization.
  • Updated Resilient for MSSP as follows:
    • Added support for API key accounts. Added configuration push details. Reduced the time it takes for configuration pushes to complete after the initial push.
  • Extended the size of the /var/log partition.
Privacy updates:
  • New regulator Brazil added to incorporate Lei Geral de Proteção de Dados or The General Data Protection Law (“LGPD”).
  • Updated information for the following regulators: Colombia, Costa Rica, Mexico (Payment Card Networks), Peru, Philippines, Serbia, South Africa, South Korea, South Korea (CSP), Uruguay.
  • Updated information for the following US regulators: Vermont, Vermont (Data Brokers).
  • Added two new timeframes: As soon as reasonably possible, Reasonable time period.

What's new in 37.2 HotFix 1 (13 August 2020)

The following issues are corrected in this update:

  • RES-22878 — Improvement to Performance of Authentication Requests to /rest/session API.
  • RES-22889 — Improved Resiliency when ActiveMQ is running under high load by adding new configurable timeout parameters.
  • RES-23073 — Fixed upgrade failure due to duplicate database record.
  • RES-23026 — Fixes issue where apps database is missing after rolling back a failed server upgrade from v37.x to v36.2.
What's new in 37.2 (15 July 2020)
  • Resilient Apps, the next generation of the Resilient extension or integration, can be installed and deployed directly from the Resilient platform.
  • The vault.template file, used in the Resilient Disaster Recovery (DR) system, contains two new settings.
  • Playbook designers can now add the following items to the task details page: Artifacts view (incident level), Attachments view (task level), Notes view (task level), Header block, HTML block, and Section block.
Privacy Updates:
  • New regulator North Macedonia added to incorporate the Law on Personal Data Protection.
  • New regulator South Korea (Communications Service Provider) added to incorporate the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc. and the Personal Information Protection Act.
  • Updated information for the following regulators: China, China (Financial PBOC), Dubai, Gibraltar, Manitoba (Health), South Africa, South Korea.
  • Updated information for the following US regulator: Vermont.

What's new in 37.1 HotFix 1 (15 July 2020)

The following issues are corrected in this update:

  • RES-19644 - Disaster Recovery failed for a very large database
  • RES-22508 - Logging in as a new SAML user can cause a SAML SSO StackOverflowError.
What's new in 37.1 (19 June 2020)
  • In new orgs only, time tracking is enabled by default for the Owner, Severity, and Phase fields.
  • Added four widgets to the default Analytics Dashboard to display time-tracking data.
  • Charts can be viewed in full-screen mode.
  • Artifacts can be viewed in a full page instead of a modal window.
  • Related Incidents includes incidents that the user does not have permission to view.
  • Reduced duplication of artifacts.
  • Improved performance for configuration push for MSSP Customers.
  • System Health tab added to System Settings, to be used only under the guidance of IBM Resilient Support.
Privacy Updates:
  • Updated information for following US regulators: District of Columbia, New York, Vermont, Washington, Washington (State Agencies).
  • Updated information for following regulator: Turkey.

What's new in 35.2 HotFix 3 (18 June 2020)

The following issues are corrected in this update:

  • RES-17898 - Resilient runs out of database connections resulting in low throughput.
  • RES-18306 - ElasticSearch re-indexer is extremely slow.
  • RES-19506 - The inbound email connection fails when the email account password contains an “&” character.
  • RES-19521 - Multiple LDAP server error notification emails when a user is added to an LDAP group, logs in, is removed from the group then later added back to the group.
  • RES-19774 - LDAP error when a user has the same email address but different LDAP DN, which can happen when a person leaves then later rejoins a company.
What's new in 37.0 (26 May 2020)
  • Related Incidents column in the incident's Artifacts tab.
  • Audit messages for threat service enable and disable.
  • Performance improvements in generating reports and viewing analytics dashboards.
  • Procedures to monitor the Resilient platform using SNMP.
  • Virtual appliance default configuration changed to 4 CPUs and 16 GB memory.
  • Usability enhancements.
  • Dropped support for Internet Explorer browser.
Privacy Updates:
  • Updated the online forms, guidance links, tooltips, and contact information of the following European Union Member States: Croatia, Czech Republic, Estonia, Finland, Ireland, Italy, Lithuania, Malta, Norway, Poland, and Slovenia.
  • Updated information for following US regulators: District of Columbia, Washington, Washington (State Agencies), West Virginia.
  • Updated information for following regulators: Italy (Banking Sector), Qatar, Thailand.

Release Announcement

Release Notes

What's new in 36.2 (15 April 2020)
  • Audit messages are logged for incident creation and deletion.
  • Breach tabs in an incident, a task, and Customization Settings are updated.
  • Notifications tab displays the name, object type, and status of each notification.
  • Filters are saved when the Report template is saved.
  • New users default to the very dark mode theme.
Privacy Updates:
  • The Breach tab has a new simplified look
  • Updated language for notifying affected individuals on the following US States and territories: Alabama, Arkansas, Delaware, District of Columbia, Guam, Hawaii, Idaho, Indiana, Kansas, Louisiana, Maryland, Massachusetts, Michigan, Mississippi, Missouri, Nebraska, Nevada, New Mexico, Rhode Island, South Carolina, Tennessee, Utah, West Virginia, California Health, Puerto Rico, and New Hampshire Insurance.
  • Updated information for following regulators: Bermuda, Hungary, Japan, NCUA, Sweden, UK (Financial Sector), US: California (Health), US: California (Insurance), US: Oklahoma, US: Pennsylvania, US: South Dakota, and US: Virginia (Health)

Release Announcement

Release Notes
What's new in 36.1 (13 March 2020)
  • Incident date time picker fields for incidents and tasks showing exact time.
  • Incident sequence code field to sequentially number the incidents within a Resilient organization.
  • Improved error handling for LDAP
  • Additional checkboxes, Notes and Incident Fields, in Task Details section of a report.
  • Improved performance of REST endpoint OrgRest.getOrg().
  • Delete Table button in data tables.
Privacy Updates:
  • New regulator to incorporate the Abu Dhabi Global Market ("ADGM")
  • Updated information of the following European Union Member States regulators: France, Serbia, Germany, and Denmark.
  • Updated Resource Library for FINRA, Indonesia (Electronic Service Providers), PCI-DSS (Issuers), PCI-DSS (Merchants), Taiwan, and Turkey.
  • Updated information of the following US regulators: Arkansas, Arkansas (Mortgage Bankers and Loan Officers), Florida, and Missouri.
What's new in 36.0 (21 February 2020)
  • Audit messages are logged for script creation, script change, and script deletion.
  • Help/Contact pages linked to IBM Knowledge Center, including these Release Notes.
  • News Feed timeline shows the date and time.
  • Show Task Attachments checkbox is available when a user chooses to include attachments.
  • Streamlined user interface for MSSP Customers to ensure that users, groups and permissions are managed from the configuration organization only.
  • Hierarchical Wikis
Privacy Updates:
  • Updated information of the following European Union Member States regulators: Liechtenstein and Turkey.
  • Updated information of the following US regulators: Colorado, Federal Deposit Insurance Corporation (FDIC), Georgia, Gramm–Leach–Bliley Act (GLB Act), North Carolina, North Dakota, Texas, US Virgin Islands, Vermont, and Washington.

What's new in 35.2 (15 January 2020)

  • New Download emails permission
  • Removed support for TLS v1.0 and v1.1
  • Enhanced Condition Builder text box
  • Updated information of the following European Union Member States regulators: Ireland, Latvia and the United Kingdom
  • Updated information of the following US regulators: Vermont (Data Brokers), California, California (CCPA), Illinois, Michigan, Oregon, Texas, Texas-Person-Entity-State Agency.

What's new in 35.1 (16 December 2019)

  • UI Theme selection in My Settings (include dark mode options).
  • Customized email notifications by adding a customized email subject line.
  • Print hardcopy versions of playbooks.
  • Timer data is now included in incident exports.
  • rh-python36 is now available as an optional package.
  • Updated the California, Illinois, Michigan, Oregon, Texas and Texas-Person-Entity-State-Agency regulators to incorporate the new amendment changes effective 1 January 2020.
  • New regulator "California (CCPA)" added under the US Special Jurisdictions section to incorporate the new CCPA law effective 1 January 2020.
  • New regulator "Kenya" added to incorporate the new Kenyan Data Protection Act.
  • Updated information of the following European Union Member States regulators: Romania and Portugal.
  • Updated information of the following US regulators: Hawaii, Illinois State Agencies, Montana, Montana State Agencies.

What's new in 35.0 HotFix 3 (11 December 2019)

The following issue is corrected in this update:

  • RES-17091 - Rules page fails to display properly if it contains a Set Field action, which references a deactivated user

  

What's new in 35.0 HotFix 2 (10 December 2019)

The following issue is corrected in this update:

  • RES-17264 - Configuration push can fail under certain circumstances when rules reference the Organization field.

  

What's new in 35.0 HotFix 1 (26 November 2019)

The following issues are corrected in this update:

  • RES-17081 - The POST /rest/orgs/{org_id}/configurations/exports/zip endpoint is not doing the correct configuration management permissions checks.
  • RES-17092 - DataTable action menu is not fully visible if there are numerous choices.

What's new in 35.0 (18 November 2019)

  • EWS email support
  • New format for settings (import/export) files (.resz)
  • License Metrics
  • MSSP User Management - Activation, Roles
  • MSSP Analytics 
  • Time Tracker
  • Carbon 10 UI to support Dark Mode User Interface
  • Removed abuse.ch Threat Source
  • Privacy updates:
    • Online form for United Kingdom
    • Resource Libraries for Arizona, Arkansas, Maryland, Maryland (Insurance), New Jersey and New York
    • US State Notification Templates

Release Announcement

Release Notes

What's new in 34.2 (17 October 2019)
  • Support for SSL connections to Elasticsearch is removed.
  • Added a permission specifically for simulations.
  • New personal data type: ID Theft Protection PIN issued by US IRS.
  • Updated the online forms, guidance links, and contact information of the following European Union Member States: Slovakia, Spain, and Sweden.
  • Updated the following US Regulators - Connecticut, Montana (Insurance), New York, Washington (Insurance).

What's new in 34.1 HotFix 2 (4 October 2019)

The following issue is corrected in this update:

  • RES-16306 - Slow UI performance when using the New Incident Wizard.

What's new in 34.1 HotFix 1 (3 October 2019)

The following issue is corrected in this update:

  • RES-16288 - A problem in the New Incident Wizard was causing inconsistencies in the selection of regulators and data types when creating incidents involving data breaches ("Was personal information or personal data involved? = True"). Specifically, selection of regulators can cause unintentional selection of data types and vice versa.

What's new in 34.1 (17 September 2019)

  • Changing the API name of a custom incident field no longer breaks the conditions in rules, layouts and notifications. This change does not apply to workflows.
  • String artifacts can be scanned by a custom threat service. For details, see the Resilient Custom Threat Service Guide.
  • Column headings of the incidents table on the Incidents page remain visible when scrolling through the table.
  • New data type called Health insurance identification number to account for new regulation language and personal data type descriptions.
  • Created a new geographic region, Caribbean, for the Privacy Solution Resource Library
  • Added new Regulators for Cayman Islands, Hong Kong (Monetary Authority), Serbia, and Maryland (Insurance).
  • Updated regulatory information for Italy, HIPAA/HITECH, New Zealand, South Korea, Thailand, Connecticut (Insurance), Maine, Maryland, Nevada, Rhode Island (Insurance), Texas (Health), Texas (Person-Entity-State Agency), and Wisconsin (Insurance).

Release Announcement

Release Notes

What's new in 34.0 (30 August 2019)

  • MSSP Administrators can invite users to one or more organizations simultaneously, edit user settings, and reassign incidents.
  • Improved performance of the configuration push.
  • New Sort By feature that determines the order in which fields are presented when creating custom graphs.
  • Rules are included in audit log.
  • Tasks details displayed as a full page.
  • The REST endpoint GET /rest/orgs/org_id/users is deprecated.

Release Announcement

Release Notes

What's new in 33.0 HotFix 3 (12 August 2019)

The following issue is corrected in this update:

  • RES-15221 - During upgrade to version 33, any customizations made to built-in fields (ex: label, required) are reverted to their initial default values.

What's new in 33.0 HotFix 2 (5 August 2019)

The following issue is corrected in this update:

  • RES-15204 - Incident Notification is not sent when there is an "on create" rule

What's new in 33.0 HotFix 1 (23 July 2019)

The following issues are corrected in this update:

  • RES-13385 - Users are incorrectly getting an error stating that they are not using the minimum supported version of their browser.
  • RES-15120 - An incompatibility in our public API is causing a failure of the incident creation REST API call with the "pii" field is null.
  • RES-15183 - Sorting incidents by custom fields in the incident list causes the same incident to show up in the list multiple times.

What's new in 33.0 (28 June 2019)

  • Resilient MSSP add-on for Managed Security Service Providers
  • API Key support for access to the Resilient API
  • Improvements to the Analytics Dashboard
  • Improvements to the Audit log
  • Performance and user experience improvements
  • Privacy updates including
    • A new Date Determined date used in privacy rules
    • Updates to Alabama, Arkansas, Canadian Provinces, Europe, Illinois, Mauritius, New York, New York (Department of Financial Services), Rhode Island, Singapore, Uganda, Utah, and Virginia.

Release Announcement

Release Notes

What's new in 32.4 (20 May 2019)

  • A new version of rsync is included in the optional packages download.
  • Privacy updates including changes to Kentucky, Massachusetts, North Carolina, Oregon, Tennessee, Turkey, and European Union.

Release Announcement

Release Notes

What's new in 32.3 (16 April 2019)

  • This release includes updated License Information and Service Description documents that apply to the Resilient SOAR platform moving forward.
  • Privacy updates including changes to Massachusetts, Louisiana, New Mexico, Bahamas, and European Union.

Release Announcement

Release Notes

What's new in 32.2 (25 March 2019)

  • Image pasting is now supported in task instructions.
  • Direct links and references to in-product wiki pages can now be added to any rich text field, including task instructions
  • The Resilient platform includes a sample script that can parse inbound email messages.
  • Privacy updates including the addition of Israel and Qatar and changes to Massachusetts, Arkansas (Insurance), Wyoming, Wisconsin, New Hampshire, South Africa, and European Union.

Release Announcement

Release Notes

What's new in 32.1 HotFix 1 (14 February 2019)

  • Image pasting is now supported in rich text fields.
  • Menu item rules can use the email message object type.
  • A Last Modified field is added to incidents to track the last modified time of an incident.
  • Changes to default email notifications.
  • Changes to Phases and Task page in customization section.
  • Incident list changes
  • Changes to Export to Excel
  • Privacy updates including the addition of China (Financial PBOC) and Turkey, changes to Alabama, Guernsey, Iowa, Liechtenstein, Utah, Vermont (Data Brokers) and Washington, and the removal of Experian.

Release Announcement

Release Notes

What's new in 32.0 HotFix 1 (17 January 2019)

  • We have corrected an issue with the new email feature, which caused it not to use the same SSL and cipher settings as the core Resilient platform uses.

Release Announcement

Release Notes

What's new in 32.0 (January 2019)

  • Inbound email connections can now be configured from within the Resilient platform.
  • The user interface is redesigned with a flat design that uses the full width of the application.
  • Several enhancements made to the analytics dashboards.
  • New scripting methods added to read and write workflow property data, allowing for better code reuse and modularity.
  • Privacy updates including the addition of Vermont (Data Brokers) and updates to Gibraltar and Vermont regulations.

Release Announcements

Release Notes

-------------------------------------------

 Older versions change log

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSIP9Q","label":"IBM Security SOAR"},"ARM Category":[{"code":"a8m0z000000cwJWAAY","label":"Support"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
14 June 2024

UID

ibm11162216

Page Feedback