Splunk® Phantom (Legacy)

Release Notes

This documentation does not apply to the most recent version of Splunk® Phantom (Legacy). For documentation on the most recent version, go to the latest release.

Fixed issues in this release of Splunk Phantom

Splunk Phantom 4.9.39220

Splunk Phantom 4.9.39220 was released on October 28, 2020. Users are encouraged to upgrade to 4.9.39220.

This release includes fixes for the following issues.

Date resolved Issue number Description
2020-10-01 PPS-20757 Newlines are ignored when writing task descriptions for workbook templates
2020-10-20 PPS-23729 Unprivileged systems that started at version 4.6 or earlier cannot update apps after upgrading Phantom to version 4.8 or later
2020-10-19 PPS-24289 After upgrade to version 4.9, OpenID fails to connect with a JSON decode error
2020-09-20 PPS-24490 Unprivileged installs in paths that include "/opt/phantom" but aren't exactly "/opt/phantom" might fail to upgrade
2020-1001 PPS-24574 After upgrade to version 4.9, editing a playbook created in version 4.8 with ampersands in the playbook name converts the ampersand to html entity "&" in phantom.playbook() call.
2020-10-01 PPS-24577 Editing a playbook with playbook blocks can cause repo name to be inserted twice into the function name
2020-10-01 PPS-24579 Playbook editor requires a browser cache clear after upgrade to see the new Custom Function block option
2020-10-05 PPS-24630 Installation should abort immediately if cron cannot be accessed
2020-10-14 PPS-24673 Attempting to view notes created by deleted users causes a fatal UI error

Splunk Phantom 4.9.37880

Splunk Phantom 4.9.37880 was released on October 1, 2020. Users are encouraged to upgrade to 4.9.37880.


This release includes fixes for the following issues.

Date resolved Issue number Description
2020-09-21 PPS-24534 Script create_output.py does not produce new app JSON
2020-09-11 PPS-24358 Event view rendering fails if it is created with a custom field set to 'None'
2020-08-20 PPS-24140 Systems with EPEL packages can inadvertently upgrade pgbouncer to v1.13.0 during or post install
2020-09-04 PPS-24119 SAML: ui and wsgi.log indicate "Missing entity_id specification" when attempting SAML login after upgrading from 4.8 to 4.9
2020-08-31 PPS-21718 When a user was required to authenticate using SAML2 the user was always taken to the dashboard instead of the intended URI.
2020-09-21 PPS-21308 Phantom /rest/notification_summary requests generates extra warnings about datetime format.

Splunk Phantom 4.9.35731

Splunk Phantom 4.9.35731 was released on August 26, 2020. Users are encouraged to upgrade to 4.9.35731.

This release includes fixes for the following issues.

Date resolved Issue number Description
2020-07-20 PPS-23936 Splunk Phantom instances upgraded from an original 3.0 installation break during upgrade path to the 4.9 release.
2020-08-19 PPS-24171 Phantom Widget ROI Summary and Statistics Daily Result do not add up to weekly result

Note: The rest/widget/roi_summary API returns only whole numbers and ignores decimals. Use roi_stats if you need the decimal values.

2020-08-25 PPS-23543 Reindexing of Splunk search data ingests with current time instead of preserving timestamps
2020-08-25 PPS-23292 User Selection filter in investigations not working
2020-08-24 PPS-24025 Playbook API phantom.decision fails when multiple conditions reference the same action result and the logical operator is "and"

Splunk Phantom 4.9.34514

Splunk Phantom 4.9.34514 was released on July 28, 2020. Users are encouraged to upgrade to 4.9.34514. This release includes fixes for the following issues.

Date resolved Issue number Description
2020-07-08 PPS-23350 The Vault.create_attachment method attempts to encode bytearray file contents, even though they are already encoded
2020-07-13 PPS-23400 phantom/uwsgi logger should emit PID/TID
2020-07-08 PPS-23638 Cluster: Action "stuck" after restarting node
2020-07-20 PPS-23683 More menu dropdown for multiple selected artifacts is missing download JSON option
2020-07-21 PPS-23693 Actions fail intermittently on unprivileged systems when truncating log messages to 4096 bytes.
2020-07-09 PPS-23703 Restoring cluster backup multiple times on standalone does not work.
2020-07-21 PPS-23728 Custom functions are validated in python3, even though they run in python2
2020-07-21 PPS-23772 If deprecated checkpoint_segments are in /opt/phantom/data/db/postgresql.conf they prevent upgrade from 4.8 to 4.9
2020-07-21 PPS-23945 VPE playbook block is incorrectly named after upgrade to version 4.9
2020-07-21 PPS-23962 The function signature of VPE-disabled blocks do not automatically update to accept the custom_function keyword arguments
2020-07-21 PPS-23889 Workflow daemon crashes on event role assignments when roles have user who opts out of email notifications.

Splunk Phantom 4.9.33153

Splunk Phantom 4.9.33153 was released on June 25, 2020. This release addresses several security vulnerabilities and includes fixes for the following issues.

Date resolved Issue number Description
2020-06-08 PPS-23302 User-facing mentions of the term "whitelist" were changed to "authorized" in the Event Settings section of the Administration page, as well as in the URL for that section.
2020-01-30 PPS-21307 After upgrading Splunk Phantom, you may see 503 errors when visiting the server node, or connection refused errors when visiting Splunk Phantom nodes
2020-02-06 PPS-21206 The extdb_backup_bootstrap script fails to restart PostgreSQL after running the first time
2020-05-13 PPS-17171 VPE converts a string to an integer only if the integer is 10 or greater
2020-03-06 PPS-21687 Use nameid as default for username creation in SAML
2020-02-12 PPS-20724 Backup & Restore: Restoring on cluster instance shows warning message "No nodes were enabled" that may be irrelevant
2020-05-29 PPS-21540 Case not updating "Last Updated" field when adding notes or actions. For more information, see Understanding container update time.
2020-05-28 PPS-22148 Phantom container audit log download should return all audit logs for the container
2020-04-22 PPS-15941 Automation API: phantom.condition rounds literal floating point values when comparing against values extracted from artifact datapaths
2020-02-13 PPS-21432 App asset config: password type fields no longer become null when other fields are saved in the UI
2020-06-09 PPS-22747 Editing approvers for an asset whose previous owner(s) have been deleted fails with "requested item not found"
2020-06-04 PPS-18245 Can't use special characters in source control passwords
2020-06-16 PPS-23495 If an action result is missing a "summary" key, the automation API phantom.collect2 raises an exception
2020-06-16 PPS-23496 If an action result is missing a "name" key, the automation API phantom.collect2 raises an exception
2020-05-07 PPS-22684 Playbooks with non-ascii in the description cannot be reverted, error message: "Error: file content has non-utf8 characters"
2020-05-15 PPS-22624 Downloading a file with a comma in its name from the Investigation page fails in Chrome
2020-06-08 PPS-22066 Cannot import containers that were exported with tgz files in their vault
2020-03-04 PPS-21784 Playbook run history table allows for sorting status by "pending" instead of the actual status of "running"
2020-04-13 PPS-18927 Unicode characters in CEF key names will cause playbooks to fail
2020-02-07 PPS-17265 Workbook Task: user with assigned tasks won't get task email summary when the phase is current
2020-05-11 PPS-9767 Users with non-ascii characters in their username cannot push playbooks to repo - silent failure on playbook save
2020-04-29 PPS-22224 User profile situation_rooms column grows excessively large
2020-05-14 PPS-19479 Observer privileged user can edit app environment variables
2020-06-02 PPS-22689 Warm Standby: There are permission errors in rsync logs
2020-05-28 PPS-18353 Warm Standby: Unneeded SSH keys are being synced to the standby
2020-06-01 PPS-21945 Warm Standby: Temporary database gets overwritten on setup of the standby
Last modified on 28 October, 2020
Known issues in this release of Splunk Phantom   Get help for Splunk Phantom

This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters