This documentation does not apply to the most recent version of Splunk® Phantom (Legacy).
For documentation on the most recent version, go to the latest release.
Fixed issues in this release of Splunk Phantom
Splunk Phantom 4.9.39220
Splunk Phantom 4.9.39220 was released on October 28, 2020. Users are encouraged to upgrade to 4.9.39220.
This release includes fixes for the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-10-01 | PPS-20757 | Newlines are ignored when writing task descriptions for workbook templates |
| 2020-10-20 | PPS-23729 | Unprivileged systems that started at version 4.6 or earlier cannot update apps after upgrading Phantom to version 4.8 or later |
| 2020-10-19 | PPS-24289 | After upgrade to version 4.9, OpenID fails to connect with a JSON decode error |
| 2020-09-20 | PPS-24490 | Unprivileged installs in paths that include "/opt/phantom" but aren't exactly "/opt/phantom" might fail to upgrade |
| 2020-1001 | PPS-24574 | After upgrade to version 4.9, editing a playbook created in version 4.8 with ampersands in the playbook name converts the ampersand to html entity "&" in phantom.playbook() call. |
| 2020-10-01 | PPS-24577 | Editing a playbook with playbook blocks can cause repo name to be inserted twice into the function name |
| 2020-10-01 | PPS-24579 | Playbook editor requires a browser cache clear after upgrade to see the new Custom Function block option |
| 2020-10-05 | PPS-24630 | Installation should abort immediately if cron cannot be accessed |
| 2020-10-14 | PPS-24673 | Attempting to view notes created by deleted users causes a fatal UI error |
Splunk Phantom 4.9.37880
Splunk Phantom 4.9.37880 was released on October 1, 2020. Users are encouraged to upgrade to 4.9.37880.
This release includes fixes for the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-09-21 | PPS-24534 | Script create_output.py does not produce new app JSON |
| 2020-09-11 | PPS-24358 | Event view rendering fails if it is created with a custom field set to 'None' |
| 2020-08-20 | PPS-24140 | Systems with EPEL packages can inadvertently upgrade pgbouncer to v1.13.0 during or post install |
| 2020-09-04 | PPS-24119 | SAML: ui and wsgi.log indicate "Missing entity_id specification" when attempting SAML login after upgrading from 4.8 to 4.9 |
| 2020-08-31 | PPS-21718 | When a user was required to authenticate using SAML2 the user was always taken to the dashboard instead of the intended URI. |
| 2020-09-21 | PPS-21308 | Phantom /rest/notification_summary requests generates extra warnings about datetime format. |
Splunk Phantom 4.9.35731
Splunk Phantom 4.9.35731 was released on August 26, 2020. Users are encouraged to upgrade to 4.9.35731.
This release includes fixes for the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-07-20 | PPS-23936 | Splunk Phantom instances upgraded from an original 3.0 installation break during upgrade path to the 4.9 release. |
| 2020-08-19 | PPS-24171 | Phantom Widget ROI Summary and Statistics Daily Result do not add up to weekly result
Note: The |
| 2020-08-25 | PPS-23543 | Reindexing of Splunk search data ingests with current time instead of preserving timestamps |
| 2020-08-25 | PPS-23292 | User Selection filter in investigations not working |
| 2020-08-24 | PPS-24025 | Playbook API phantom.decision fails when multiple conditions reference the same action result and the logical operator is "and"
|
Splunk Phantom 4.9.34514
Splunk Phantom 4.9.34514 was released on July 28, 2020. Users are encouraged to upgrade to 4.9.34514. This release includes fixes for the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-07-08 | PPS-23350 | The Vault.create_attachment method attempts to encode bytearray file contents, even though they are already encoded |
| 2020-07-13 | PPS-23400 | phantom/uwsgi logger should emit PID/TID |
| 2020-07-08 | PPS-23638 | Cluster: Action "stuck" after restarting node |
| 2020-07-20 | PPS-23683 | More menu dropdown for multiple selected artifacts is missing download JSON option |
| 2020-07-21 | PPS-23693 | Actions fail intermittently on unprivileged systems when truncating log messages to 4096 bytes. |
| 2020-07-09 | PPS-23703 | Restoring cluster backup multiple times on standalone does not work. |
| 2020-07-21 | PPS-23728 | Custom functions are validated in python3, even though they run in python2 |
| 2020-07-21 | PPS-23772 | If deprecated checkpoint_segments are in /opt/phantom/data/db/postgresql.conf they prevent upgrade from 4.8 to 4.9 |
| 2020-07-21 | PPS-23945 | VPE playbook block is incorrectly named after upgrade to version 4.9 |
| 2020-07-21 | PPS-23962 | The function signature of VPE-disabled blocks do not automatically update to accept the custom_function keyword arguments |
| 2020-07-21 | PPS-23889 | Workflow daemon crashes on event role assignments when roles have user who opts out of email notifications. |
Splunk Phantom 4.9.33153
Splunk Phantom 4.9.33153 was released on June 25, 2020. This release addresses several security vulnerabilities and includes fixes for the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-06-08 | PPS-23302 | User-facing mentions of the term "whitelist" were changed to "authorized" in the Event Settings section of the Administration page, as well as in the URL for that section. |
| 2020-01-30 | PPS-21307 | After upgrading Splunk Phantom, you may see 503 errors when visiting the server node, or connection refused errors when visiting Splunk Phantom nodes |
| 2020-02-06 | PPS-21206 | The extdb_backup_bootstrap script fails to restart PostgreSQL after running the first time |
| 2020-05-13 | PPS-17171 | VPE converts a string to an integer only if the integer is 10 or greater |
| 2020-03-06 | PPS-21687 | Use nameid as default for username creation in SAML |
| 2020-02-12 | PPS-20724 | Backup & Restore: Restoring on cluster instance shows warning message "No nodes were enabled" that may be irrelevant |
| 2020-05-29 | PPS-21540 | Case not updating "Last Updated" field when adding notes or actions. For more information, see Understanding container update time. |
| 2020-05-28 | PPS-22148 | Phantom container audit log download should return all audit logs for the container |
| 2020-04-22 | PPS-15941 | Automation API: phantom.condition rounds literal floating point values when comparing against values extracted from artifact datapaths |
| 2020-02-13 | PPS-21432 | App asset config: password type fields no longer become null when other fields are saved in the UI |
| 2020-06-09 | PPS-22747 | Editing approvers for an asset whose previous owner(s) have been deleted fails with "requested item not found" |
| 2020-06-04 | PPS-18245 | Can't use special characters in source control passwords |
| 2020-06-16 | PPS-23495 | If an action result is missing a "summary" key, the automation API phantom.collect2 raises an exception |
| 2020-06-16 | PPS-23496 | If an action result is missing a "name" key, the automation API phantom.collect2 raises an exception |
| 2020-05-07 | PPS-22684 | Playbooks with non-ascii in the description cannot be reverted, error message: "Error: file content has non-utf8 characters" |
| 2020-05-15 | PPS-22624 | Downloading a file with a comma in its name from the Investigation page fails in Chrome |
| 2020-06-08 | PPS-22066 | Cannot import containers that were exported with tgz files in their vault |
| 2020-03-04 | PPS-21784 | Playbook run history table allows for sorting status by "pending" instead of the actual status of "running" |
| 2020-04-13 | PPS-18927 | Unicode characters in CEF key names will cause playbooks to fail |
| 2020-02-07 | PPS-17265 | Workbook Task: user with assigned tasks won't get task email summary when the phase is current |
| 2020-05-11 | PPS-9767 | Users with non-ascii characters in their username cannot push playbooks to repo - silent failure on playbook save |
| 2020-04-29 | PPS-22224 | User profile situation_rooms column grows excessively large |
| 2020-05-14 | PPS-19479 | Observer privileged user can edit app environment variables |
| 2020-06-02 | PPS-22689 | Warm Standby: There are permission errors in rsync logs |
| 2020-05-28 | PPS-18353 | Warm Standby: Unneeded SSH keys are being synced to the standby |
| 2020-06-01 | PPS-21945 | Warm Standby: Temporary database gets overwritten on setup of the standby |
Last modified on 28 October, 2020
| Known issues in this release of Splunk Phantom | Get help for Splunk Phantom |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.9
Download manual
Feedback submitted, thanks!