Skip to content

Release/v11.2.10#2239

Merged
Kbayero merged 52 commits into
v11from
release/v11.2.10
Jun 17, 2026
Merged

Release/v11.2.10#2239
Kbayero merged 52 commits into
v11from
release/v11.2.10

Conversation

@Kbayero

@Kbayero Kbayero commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

PLEASE READ BEFORE CONTINUING

To help us understand your contribution, please include the following in your pull request:

  • A detailed explanation of the changes you've made.
  • The reasoning behind these changes.
  • A reference to the issue that this pull request addresses.

Kbayero and others added 30 commits May 19, 2026 11:50
@Kbayero
update actions workflow
0301ad2
@Kbayero
fix(workflows): unblock PR checks on large diffs + private go modules
b11df8a
@Kbayero
fix(approver): use english in sticky PR comments
b0c5b52
@JocLRojas
Feature/cleanup rules and filters (#2091)
bd2c9d2 
* refactor(filters): update macOS filter configuration

* chore(rules): remove Office365 brute force detection rule

* chore(rules): remove PowerShell Empire detection rule

* chore(rules): remove RDP brute force attacks rule
@AlexSanchez-bit
fix[frontend](soar/create-rule): added fixed create/edit rule undefin… (
9682d0d 
#2087)

* fix[frontend](soar/create-rule): added fixed create/edit rule undefined id error

* chore[](): updated go packages

* fix[frontend](environment):environments on gitignore and removed the actual local dev environment

* chore[](): updated go packages
@AlexSanchez-bit
feat[backed](elasticSearchService): added batch processing of request… (
81165da 
#2090)

* feat[backed](elasticSearchService): added batch processing of requests and auto rebuild on IO errors

* chore[backend](): updated go dependencies

* fix[backend](elastic-service): sanitized csv before exportation and changed error messages
@AlexSanchez-bit
fix[frontend](socai): added default template for empty previous socai… (
6e169dd 
#2095)
@AlexSanchez-bit
fix[frontend](build): added environment.ts (#2099)
471839f
@AlexSanchez-bit @osmontero
fix[backend](visualizations): removed utm-geoip legacy index referenc…
8849f1b 
…es on region map visualizations (#2098)

Co-authored-by: Osmany Montero <osmontero@icloud.com>
@AlexSanchez-bit
Hotfix/socai custom header (#2101)
b9d2e20 
* fix[frontend](socai): added default template for empty previous socai config (#2092)

* fix[frontend](socai): added default template for empty previous socai configuration

* fix[frontend](socai): setted customHeaders as password key type

* fix[frontend](socai): dont let empty description on modules

* fix[backend](socai): generate the modulegroup with new keys if no other exists on db

* fix[backend](changeset): added customHeader entries as password type
@osmontero
fix(frontend): update nginx from 1.19.5 to 1.30.1
bea7ab7 
Remediate 22 known CVEs including CVE-2026-42945 (actively
exploited in the wild for RCE). nginx:1.19.5 (Oct 2020) was
affected by buffer overflows, memory disclosure, HTTP/2 injection,
SSL session reuse, and multiple other vulnerabilities patched in
the 1.30.1 stable release.
@AlexSanchez-bit
Backlog/fix/socai module disabled (#2102)
5d3910b 
* fix[backend](socai): changed socai default module keys

* fix[backend](modules): added default keys on module creation response

* fix[frontend](socai): handled empty (disabled) module configuration
@AlexSanchez-bit @osmontero
Backlog/fix/tag rules (#2106)
c2fc584 
* fix[frontend](rules): improved post event count validation

* fix[frontend](tag_rules): added events related fields on tag rule creation

---------

Co-authored-by: Osmany Montero <osmontero@icloud.com>
@AlexSanchez-bit
fix[frontend](alerts-view): added a loading indicator and improved fa…
007d88b 
…st filtering reinforcement (#2107)

* fix[frontend](alerts-view): added a loading indicator and improved fast filtering reinforcement

* chore[](): updated go packages
@osmontero
fix(deps): patch 5 Dependabot vulnerabilities (2 critical, 1 high, 2 …
a9d5d3e 
…medium) (#2103)

- google.golang.org/grpc: 1.78.0 -> 1.79.3 (GHSA-p77j-4mvh-x3m3, critical)
- github.com/jackc/pgx/v5: 5.8.0 -> 5.9.2 (GHSA-9jj7-4m8r-rfcm critical, GHSA-j88v-2chj-qfwx low)
- go.opentelemetry.io/otel: 1.39.0 -> 1.41.0 (GHSA-mh2q-q3fh-2475, high)
- com.itextpdf:itext7-core: 7.1.7 -> 7.2.0 (GHSA-hhh6-cm2m-3fhc, GHSA-8c9h-4q7g-fp7h, GHSA-c32g-2mgr-cfq7, medium x3)
- org.postgresql:postgresql: 42.7.2 -> 42.7.11 (GHSA-98qh-xjc8-98pq, high)

Signed-off-by: Osmany Montero <osmontero@icloud.com>
@osmontero
fix(deps): upgrade golang.org/x/sys from v0.44.0 to v0.45.0
aaaf34a
@AlexSanchez-bit
fix[frontend](alerts-view): add a duplication avoid on alert filter f…
a21ec9d 
…ields count (#2127)
@JocLRojas
refactor(rules): drop "now-" prefix from within field (#2176)
368721a
@AlexSanchez-bit
fix[backend](tags): removed false positive alerts from releaseToOpen …
9f3cb3a 
…schedule (#2178)
@AlexSanchez-bit
fix[installer](setup): added lock on installer final phase (#2180)
3d82da3
@AlexSanchez-bit
fix[frontend](alerts): properly handle update alerts errors (#2193)
3430ab8
@developutm
feat(rules/o365): add Inbox Forward Rule with Email Exfiltration dete…
6ed54fc 
…ction rule (#2221)
@developutm
feat(rules/o365): add Audit Log Purge detection rule (#2220)
a18b528
@developutm
feat(rules/o365): add Admin Role/Permission Granted detection rule (#…
2a7c8c8 
…2219)
@developutm
feat(rules/o365): add Admin Role Assignment detection rule (#2218)
7f1ee2a
@JocLRojas
refactor(rules/google): update GCP correlation rules (#2194)
d8e8255
@developutm
feature(rules/google): add rule GCS Sensitive Data Access (#2187)
6173802
@developutm
feature(rules/google): add rule GCS Bucket Deleted (#2186)
6fe13a1
@JocLRojas
Tune bruteforce correlation and drop unreliable PTH rule (#2192)
8bd0067 
* fix(rules/windows): tighten bruteforce_attack correlation scope

* fix(rules/windows): scope multi-failure-then-success rule by source

* chore(rules/windows): remove pass_the_hash_detection rule

* fix(rules/windows): fix of the redundant field 'origin.host' that appears twice in the deduplicateBy array.
@developutm
feature(rules/google): add rule Privileged Role Granted - Owner or Ed…
10a181d 
…itor (#2190)
developutm and others added 20 commits June 15, 2026 10:51
@developutm
feature(rules/google): add rule Cloud Logging Sink Modified (#2189)
fcf9820
@developutm
feature(rules/google): add rule Firewall Open Ingress (#2182)
e67fc13
@JocLRojas
Update filters: GCP, Sophos XG, Windows (#2175)
03681bb 
* feat(filters/gcp): add Cloud Audit Logs (protoPayload) support

* fix(filters/sophos-xg): guard renames and actionResult against missing fields

* chore(filters/windows): rename log.data.SubStatus field

* fix(filters/sophos-xg): correct operator precedence in actionResult guard
@developutm
feature(rules/google): add rule Audit Logging Configuration Changed (#…
118814c 
…2181)
@developutm
Add GCP rule: IAM Policy Changed - Privilege Escalation (#2188)
c160fc7 
* feature(rules/google): add rule IAM Policy Changed - Privilege Escalation

* fix(rule/google): changing 'exists(log.protoPayload.request.policy.auditConfigs)' to 'exists(log.protoPayload.request.policy.bindings) to improve detection logic
@developutm
feature(rules/google): add rule Firewall Rule Deleted (#2183)
3fc6a0a
@developutm
feature(rules/google): add rule GCS Bucket Created (#2185)
6468c5f
@JocLRojas
fix(rules/google): rebalance CIA impact scores for GCP rules (#2227)
55d1a6a
@Kbayero
feat[ci](pr-review): severity-based merge gate; exclude rules/filters…
b6cad63 
…/definitions from AI review
@Kbayero
Merge branch 'release/v11.2.9' of https://github.com/utmstack/UTMStack
26641de 
…into release/v11.2.9
@Kbayero
fix[ci](pr-review): don't gate routine go.mod/go.sum bumps as Tier 3
ba43613
@AlexSanchez-bit
fix[backend](alert_responses): reduces schedule time to executeRespon…
8b51f2d 
…se se from 5mins to 15 seconds (#2230)

* fix[backend](alert_responses): reduces schedule time to executeResponse from 5mins to 15 seconds

* fix[backend](go_deps): updated go dependencies
@AlexSanchez-bit
fix[backend](alert_responses): fixed powershell commands syntax errors (
80c844c 
#2228)

* fix[backend](alert_responses): fixed powershell commands syntax errors

* fix[backend](go_deps): updated go dependencies
@AlexSanchez-bit @Kbayero
fix[backend](incident_response_audit): enabled filters on agents-with…
8badb0d 
… command query (#2226)

* fix[backend](incident_response_audit): enabled filters on agents-with-command query

* fix[backend](go_deps): updated go dependencies

---------

Signed-off-by: Yorjander Hernandez Vergara <99102374+Kbayero@users.noreply.github.com>
Co-authored-by: Yorjander Hernandez Vergara <99102374+Kbayero@users.noreply.github.com>
@AlexSanchez-bit
fix[backend](compilance_reports): migrated compilance reports from ol… (
6678f62 
#2232)

* fix[backend](compilance_reports): migrated compilance reports from old table to new one

* fix[backend](compilance_reports): added rollback marker robustness and unconditional sentinel deletion
@Kbayero
chore: update golang dependencies
a71113a
@Kbayero
fix[installer]: add -a flag to docker system prune to remove unused i…
913e5e0 
…mages
@Kbayero
fix[ci]: fix changelog script failing when tag doesn't exist yet and …
9f58b4b 
…unblock installer on changelog failure
@Kbayero
Merge remote-tracking branch 'origin/v11' into release/v11.2.10
d290989 
# Conflicts:
#	.github/scripts/generate-changelog.sh
@Kbayero
ci: simplify v11 pipeline to trigger on release events instead of pus…
d959803 
…h to v11
@Kbayero Kbayero requested a review from a team June 17, 2026 18:05
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

🛑 architecture (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Major overhaul of CI/CD release pipeline; removes RC/Production separation and modifies core deployment logic.

  • high .github/workflows/v11-deployment-pipeline.yml:1 — Significant architectural change to the release pipeline. The removal of the RC/Production separation and the 'promote_to_community' job fundamentally changes how versions are validated and released to customers. This requires senior review to ensure the new 'release.published' flow maintains the same safety guarantees as the previous multi-stage RC process.
  • medium .github/workflows/installer-release.yml:15 — Removal of the 'prerelease' input and logic in the installer workflow. Ensure that this does not break existing automated installer distribution or versioning expectations for downstream consumers.

🛑 bugs (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Removed critical 'promote_to_community' logic and altered deployment pipeline flow, causing production releases to lose the ability to update community instances.

  • high .github/workflows/v11-deployment-pipeline.yml:616 — The 'promote_to_community' job was deleted. This job was responsible for broadcasting updates to community instances via the CM API. Without this, production releases will be built but never promoted to the community, breaking the release lifecycle.
  • medium .github/workflows/v11-deployment-pipeline.yml:526 — Typo in comment: 'Use AI changelog for rc / production' was changed to 'Use AI changelog for production releases'. While the logic changed, the comment implies 'rc' is no longer supported, which contradicts the remaining workflow structure.

🛑 security (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Refactoring of deployment pipeline removes critical release gating and validation logic, potentially allowing unauthorized or unverified versions to be deployed to production.

  • high .github/workflows/v11-deployment-pipeline.yml:63 — The removal of the complex version derivation and validation logic (which checked against CM PROD to prevent overwriting or hotfix collisions) significantly weakens the deployment security gate. The new logic blindly accepts the tag from the release event, which could lead to unauthorized version deployments or state corruption in the Customer Manager.
  • medium .github/workflows/v11-deployment-pipeline.yml:505 — The publish_new_version job condition was changed to run for all environments, including production. Previously, production releases were handled via a promotion flow. This change alters the security-critical path of how versions are registered in the Customer Manager.

utmstackprapprover[bot]
utmstackprapprover Bot suggested changes Jun 17, 2026
View reviewed changes

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@Kbayero Kbayero merged commit cd115d6 into v11 Jun 17, 2026
14 of 24 checks passed
@Kbayero Kbayero deleted the release/v11.2.10 branch June 17, 2026 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@utmstackprapprover utmstackprapprover[bot] utmstackprapprover[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Kbayero @JocLRojas @AlexSanchez-bit @osmontero @developutm