Minor Releases

Cortex XSOAR 6.9 minor releases, maintenance releases.
Cortex XSOAR Minor Release
Release Date
November 18, 2022

Cortex XSOAR 6.9.0 (B177754)

Cortex XSOAR 6.9.0 (B177754) is a maintenance release that delivers the following new features and bug fixes:
New Features
  • The release notes build number has changed, which now starts with B17x.
  • The SSO endpoint for Marketplace has been updated. You no longer need to add a server configuration to access Marketplace for paid content packs.
  • You can now turn quiet mode on or off for individual manual tasks.
  • (
    Multi-tenant
    ) When syncing to the tenant, you can now add or remove incident field propagation labels to determine whether incident fields are propagated.
Security Fixes
CVE-2022-0031 Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine was fixed.
Fixed Issues
  • When using a remote repository, it sometimes took a long time to load the local changes.
  • Fixed issue where a value that’s too large was added in the websocket buffer size, causing the server to crash.
  • When writing an automation that called a system automation, the container running the system automation would run the
    commonUserPython
    even though it was disabled by a configuration file.
  • If you paused a playbook when it was running a sub-playbook and it was not executing the last task in that sub-playbook, the playbook would not resume when you clicked
    Resume a playbook
    (play button).
  • When running a playbook, tasks were sometimes marked as completed by random users in the War Room. Adding the following system configuration resolves the issue:
    server.mail.listener.suppress.user.mail.check : false
  • In the integration
    Settings
    page, timeout errors occurred when migrating settings from development to production environments.
  • When a user completed a manual task and did not add a completion note, the user who completed the task was not logged in the task or in the War Room, and was not automatically added to the investigation. This also occurred with automated tasks that stopped on an error and were marked as completed by a user.
  • In some cases, customers with a TIM only license were not able to run Cortex XSOAR operations.
  • An empty chart was displayed in the Dashboard when using a custom widget with a custom time field in
    group by
    and decreasing the time increment from days to hours or less.
  • In some cases, when creating a widget for a single day and configuring the
    Group by
    to
    Date Occurred
    , the results were split over two days.
  • For queries on incidents in the dashboard, filtering by indicator verdict did not work properly.
  • In some cases, when a pre-processing rule attempted to link two incidents and close the duplicate incident, the duplicate incident was not closed.
  • When a pre-processing rule ran a script that searched for incidents, incidents in the temp index were not found.
  • Sometimes indicators extracted from field values were not marked in the War Room field entry, but displayed
    ^^^
    characters instead.
  • Selected indicators reappeared in other pages in the Threat Intel library after doing a select all for one page of results.
  • Indicators were not merged correctly, resulting in duplicate indicators and errors that the indicators did not exist, even though they did.
  • The indicator description field did not display data for indicator objects after changing the custom field type.
  • In some cases, jobs ran repeatedly at short intervals, instead of the job schedule.
  • When a job in the job table ran with an error, the table displayed the job status for the old incident in error, but redirected to the most recent incident created by the job.
  • Indicator Extraction was performed even when the task was set to
    Quiet Mode
    .
  • When opening very large playbooks, the UI became slow and unresponsive.
  • When Cortex XSOAR was upgraded to v6.6 or later, the
    playbook.willnotexecute.old.eval
    server configuration was set to
    true
    .
  • When running the playbook debugger, if you attempted to use the
    setPlaybook
    automation, the playbook did not continue to run. The
    setPlaybook
    automation is not supported within the playbook debugger. An error is now displayed with this information.
  • When a playbook was running in debugger mode, any artifacts that were created could not be downloaded.
  • In some cases, when a sub-playbook input was shared across multiple tasks in that sub-playbook, a concurrent map read-write error caused the Cortex XSOAR server to crash.
  • In some cases, when opening a sub-playbook after processing an incident, the sub-playbook tab would hang on loading.
  • In some cases, when running playbooks, they did not always complete and some tasks showed incorrect information, due to a cache issue.
  • When clicking
    Ask by
    in a data collection task, nothing happened.
  • When clicking on a link in an email from a data collection task in a playbook, sometimes data was missing from the data collection form.
  • In some cases, playbook error handling did not work as selected. When the
    Continue
    or
    Continue on error path(s)
    options was selected, a failed task was marked as successful and the next task continued along the main path and not on the error path.
  • If a key in context data had the same name as a playbook task, when the task ran, the value of the key was populated in the
    Work Plan
    instead of the task name.
  • After a service restart, the playbooks that were previously in a running state did not continue running when there were more than 50 incidents.
  • When the
    getUsersByUsername
    command returned multiple roles, all of the roles were returned under key
    Role.0
    , instead of as separate keys -
    Role.0
    ,
    Role.1
    ,
    Role.2
    , etc.
  • In rare cases, after re-indexing a database, the indexing configurations for fields were distorted, causing queries to return the wrong results for historical data.
  • When you purged large Work Plans through either the
    System Diagnostics
    page or the API, an error was returned, even though the Work Plan was purged.
  • The
    no_proxy
    server configuration in Cortex XSOAR was not passed to command/container runs in Docker/Podman.
  • (
    Hosted Service
    ) The System Diagnostics page displayed incorrect information for Hosted Service limits.
  • (
    High Availability
    ) In some cases, daily jobs were running multiple times a day, once on each App server.
  • (
    High Availability
    ) When trying to assign comments from the War Room to tasks, an error may be returned.
  • (
    Multi-tenant
    ) When using Elasticsearch, there was an issue when fetching lists using the
    {lists.XXX}
    resolver.
  • (
    Multi-tenant
    ) The host waited for all accounts to start before the host would start.
  • (
    Multi-tenant
    ) After configuring a DUO integration to authenticate login, DUO authentication failed when logging into Cortex XSOAR.
  • (
    Multi-tenant with High Availability
    ) When an account was created on one host, errors related to that account appeared on other hosts.
  • (
    Elasticsearch
    ) When configuring an incoming mapper, incident fields were not sorted alphabetically, after migrating from BoltDB to Elasticsearch.
  • (
    Elasticsearch
    ) When closing an investigation, the
    Incidents I own
    and
    Incidents I participated in
    sections in the sidebar were blank when the page refreshed.
  • (
    Elasticsearch
    ) A job that queried many playbooks could crash Elasticsearch.
  • (
    Elasticsearch
    ) Uppercase boolean fields were not indexed.
  • (
    Elasticsearch
    ) Many empty requests were sent to the Elasticsearch database causing slow performance.
  • (
    Elasticsearch
    ) If
    elasticsearch.maxContentLength
    was set by the user in the demisto.conf file, the value was not applied and the value of
    http.max_content_length
    from the Elasticsearch settings was used instead.
Installation file hash:
7cc3ebd7eb20c0d661a03ab1406b65f3f1dc93976ae0f0983af7b88d4c264e5c

Recommended For You