Current ThreatQ Version Filter
ThreatQ v6 Security Updates
The following table outlines security updates and the corresponding ThreatQ releases in which they were introduced.
| TQ Version |
Component |
Update |
Reference |
|---|---|---|---|
| 6.18.0 | RHEL 8 | rsync updated to 3.1.3-19.el8_7.1.x86_64 | N/A |
| 6.18.0 | RHEL 8 | zstd updated to 1.4.4-1.el.x86_64 | N/A |
| 6.18.0 | RHEL 8 | tmux updated to 2.7-3.el8.x86_64 | N/A |
| 6.18.0 | RHEL 8 | libsemanage updated to 2.9-9.el8_6.x86_64 | N/A |
| 6.18.0 | RHEL 8 | Python3-libsemanage updated to 2.9-9.el8_6.x86_64 | N/A |
| 6.18.0 | RHEL 8 | libzstd updated to 1.4.4-1.el8.x86_64 | N/A |
| 6.18.0 | RHEL 9 | rsync updated to 3.2.3-19.el9.x86_64 | N/A |
| 6.18.0 | RHEL 9 | libzstd updated to 1.5.1-2.el9.x86_64 | N/A |
| 6.18.0 | RHEL 9 | zstd updated to 1.5.1-2.el9.x86_64 | N/A |
| 6.18.0 | RHEL 9 | tmux updated to 3.2a-5.el9.x86_64 | N/A |
| 6.16.0 | Sophos Connector | For hosted customers, we replaced the Falco security deployment with a Sophos connector to improve runtime threat detection and alerting coverage. | N/A |
| 6.15.1 | Session token, client ID, and client secret generation | We revised the generation of session tokens, client IDs, and client secrets to increase entropy and provide additional security against brute forcing or guessing of keys. | N/A |
| 6.15.1 | Websocket Container | axios 1.12.2 | CVE-2025-58754 |
| 6.15.1 | Websocket Container | form-data 4.0.4 | CVE-2025-7783 |
| 6.15.1 | Redis Container | Redis 7.4.7 | CVE-2025-49844 |
| 6.13.0 | RabbitMQ | Updated RabbitMQ to version 4.1.4. | N/A |
| 6.13.0 | Tika | Updated Tika to version 3.2.3 (CWE-611). | N/A |
| 6.13.0 | Privilege Escalation Vulnerability | Resolved a privilege escalation vulnerability that allowed users with Primary Contributor access to read files outside the attachments directory, including Kubernetes tokens. | |
| 6.13.0 | TQ-OpenDX-Broker Container | urllib3 2.5.0 | CVE-2025-50181 CVE-2025-50182 |
| 6.13.0 | Pynoceros-Messenger Container | aiohttp 3.12.15 | CVE-2025-53643 |
| 6.13.0 | Pynoceros-Messenger Container | requests 2.32.5 | CVE-2024-47081 |
| 6.13.0 | Pynoceros-Messenger Container | urllib3 2.5.0 | CVE-2025-50181 CVE-2025-50182 |
| 6.12.0 | Tasks | Resolved completed_at field issue in bulk updates | REF-003 |
| 6.12.0 | Falco helm chart | For ThreatQ hosted customers, updated to Falco helm chart 6.2.2. | N/A |
| 6.12.0 | Tika | Updated Tika to version 3.2.1 | CVE-2025-2158 CVE-2025-3069 CVE-2025-3069 CVE-2025-21502 |
| 6.12.0 | Solr-backup-handler Container | brace-expansion 2.0.2 | CVE-2025-5889 |
| 6.12.0 | Solr-backup-handler Container | cross-spawn 7.0.6 | CVE-2024-21538 |
| 6.12.0 | Solr-backup-handler Container | path-to-regexp 0.1.12 | CVE-2024-52798 |
| 6.12.0 | Frontend Container | brace-expansion 1.1.12 | CVE-2025-5889 |
| 6.12.0 | Frontend Container | cross-spawn 7.0.6 | CVE-2024-21538 |
| 6.12.0 | Frontend Container | form-data 4.0.4 | CVE-2025-7783 |
| 6.12.0 | Threatqtaxii and Operations-manager containers | requests 2.32.4 | CVE-2024-47081 |
| 6.12.0 | Threatqtaxii and Operations-manager containers | urllib3 2.5.0 | CVE-2025-50181 CVE-2025-50182 |
| 6.12.0 | Pynoceros container | aiohttp 3.12.14 | CVE-2025-53643 |
| 6.12.0 | Pynoceros container | requests 2.32.4 | CVE-2024-47081 |
| 6.12.0 | Pynoceros container | urllib3 2.5.0 | CVE-2025-50181 CVE-2025-50182 |
| 6.11.2 | Falco | helm chart 4.21.3 | N/A |
| 6.9.1 | Fluentbit Upgrade | fluentbit 4.0.1 | CVE-2024-5535 CVE-2024-4741 CVE-2024-2511 CVE-2024-12133 CVE-2023-5678 CVE-2024-9143 CVE-2024-0727 |
| 6.8.0 | Python Dockerfile | setuptools 78.1.0 | CVE-2024-6345 |
| 6.7.4 | Ingress NGINX Controller | To address Ingress NGINX Controller for Kubernetes vulnerabilities, we upgraded the following components. We also took additional steps to reduce potential ingress-nginx attack surface. | N/A |
| 6.7.4 | Ingress NGINX Controller | ingress-nginx-controller v1.12.1 | CVE-2025-24514 CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 |
| 6.7.4 | Ingress NGINX Controller | helm_chart_version 4.12.1 | CVE-2025-24514 CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 |
| 6.7.4 | TAXIII Server Container | aiohttp 3.11.13 | CVE-2024-52303 CVE-2024-52304 |
| 6.7.4 | TAXIII Server Container | jinja2 3.1.6 | CVE-2024-52303 CVE-2024-52304 |
| 6.7.3 | Load Balancer (Hosted Systems) | Updated the load balancer configuration on hosted systems to start applying various security-related HTTP headers. | N/A |
| 6.7.3 | Apache Tika Update | Upgraded to Apache Tika 3.1.0 | CVE-2024-8184 |
| 6.7.3 | Websocket Server | axios 1.7.9 | CVE-2024-39338 |
| 6.7.3 | Websocket Server | cookie 1.0.2 | CVE-2024-47764 |
| 6.7.3 | Websocket Server | socket.io 4.8.1 | N/A |
| 6.7.3 | Frontend Server | axios 1.7.9 | CVE-2024-39338 |
| 6.7.3 | Frontend Server | express 4.21.2 | N/A |
| 6.6.0 | Cross-Site Scripting (XSS) | Added output sanitization measures to the ThreatQ frontend to prevent cross-site scripting (XSS) attacks. | N/A |
| 6.6.0 | Pynoceros Container | idna 3.10 | CVE-2024-3651 |
| 6.6.0 | Pynoceros Container | cryptography 43.0.3 | GHSA-h4gh-qq45-vh27 |
| 6.6.0 | Pynoceros Container | aiohttp 3.11.5 | CVE-2024-27306 CVE-2024-30251 |
| 6.6.0 | Pynoceros Container | requests 2.32.3 | CVE-2024-35195 |
| 6.6.0 | Pynoceros Container | zipp 3.2.10 | CVE-2024-5569 |
| 6.6.0 | Pynoceros Container | PyMySQL 1.1.1 | CVE-2024-36039 |
| 6.5.1 | Strict Transport Security | Added strict transport security including a max age setting to response headers. | N/A |
| 6.5.0 | Tika Container | OpenJDK 17.0.12 | CVE-2024-21131 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 |
| 6.5.0 | Solr-backup-handler | body-parser 1.20.3 | CVE-2024-45590 |
| 6.5.0 | Solr-backup-handler | express 4.21.1 | CVE-2024-43796 |
| 6.5.0 | Solr-backup-handler | send 0.19.0 | CVE-2024-43799 |
| 6.5.0 | Solr-backup-handler | serve-static 1.16.2 | CVE-2024-43800 |
| 6.4.0 | Alpine Update | Updated the API container image to Alpine 3.20. | N/A |
| 6.4.0 | AWS ALB Policy Update | Changed the policy selected for the AWS Application Load Balancer (ALB) to ELBSecurityPolicy-TLS13-1-2-Res-2021-06 to prevent the use of ciphers that provide weak encryption on hosted systems. | N/A |
| 6.4.0 | Falco | Helm Chart 4.8.3 | CVE-2022-48303 CVE-2024-6104 CVE-2022-48174 CVE-2022-28391 CVE-2023-46129 CVE-2023-39325 CVE-2023-42366 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-48795 CVE-2023-3978 GHSA-m5vv-6r4h-3vj9 GHSA-45x7-px36-x8w8 |
| 6.4.0 | NGINX Ingress | Controller 1.11.2 | CVE-2022-48174 CVE-2024-6197 CVE-2024-25062 CVE-2023-42366 CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2024-0853 CVE-2024-6874 CVE-2023-33460 CVE-2020-8561 CVE-2024-7264 |
| 6.4.0 | Frontend | Axios v1.7.7 | CVE-2024-39338 CVE-2023-45857 GHSA-8hc4-vh64-cxmj GHSA-wf5p-g6vw-rhxx |
| 6.4.0 | Frontend | body-parser v1.20.3 | GHSA-qwcr-r2fm-qrc7 |
| 6.4.0 | Frontend | express v4.21.0 | GHSA-rv95-896h-c2vc GHSA-qw6h-vgh9-j6wx |
| 6.4.0 | Frontend | follow-redirects v1.15.6/8 | CVE-2023-26159 GHSA-jchw-25xp-jwwc GHSA-cxjh-pqwp-8mfp |
| 6.4.0 | Frontend | path-to-regexp v0.1.10 | GHSA-9wv6-86v2-598j |
| 6.4.0 | Frontend | pug v3.0.3 | GHSA-3965-hpx2-q597 |
| 6.4.0 | Frontend | pug-code-gen v3.0.3 | GHSA-3965-hpx2-q597 |
| 6.4.0 | Frontend | send v0.19.0 | GHSA-m6fv-jmcg-4jfg |
| 6.4.0 | Frontend | serve-static v1.16.2 | GHSA-cm22-4g7w-348p |
| 6.3.0 | Illuminate Encryption Keys | Updated ThreatQ deployments to generate unique Illuminate encryption keys. | N/A |
| 6.3.0 | Alpine Linux Base Image | Moved the API container to an Alpine Linux base image that does not include ImageMagick. This addresses multiple security vulnerabilities associated with ImageMagick. | N/A |
| 6.3.0 | Apache Tika | Updated to Apache Tika 2.9.2.1. | N/A |
| 6.3.0 | Image Endpoint Update | Modified the user image upload endpoint to prevent remote code execution (RCE). | N/A |
| 6.3.0 | ws Package Update | Updated the ws package in the frontend and websocket-server repositories to 8.17.1. | N/A |
| 6.3.0 | Falco Rules Updates | Modified the Falco Rules update process to allow more frequent updates to security monitoring rules for hosted customers. | N/A |
| 6.3.0 | Web Application Firewall | Enabled the Web Application Firewall for hosted customers. | N/A |
| 6.3.0 | Installer | To support Security Technical Implementation Guide (STIG) installs of ThreatQ 6x, updated installer to add the executables embedded in the terraform provider directories to the trusted executables database for the file access policy daemon (fapolicyd). | N/A |