Malcolm v26.04.1 contains improvements, bug fixes, security updates, and component bumps.If you are upgrading from an existing Malcolm installation, run ./scripts/status for Malcolm to migrate some settings prior to running ./scripts/configure, ./scripts/start, or other Malcolm control scripts.v26.02.0...v26.04.1Note that v26.04.1 is the same as v26.04.0 released last week, apart from the fix for bug #943. If you're already running v26.04.0 and don't use the encrypted install option in the installer ISO, you probably don't need to worry about updating to v26.04.1. The full release notes from v26.04.0 are also included here. Features and enhancementsimplemented easier way to enable/disable Strelka scanners #935Handle nested file scanning (e.g., from ZIP files) with Strelka #922index selected Strelka result fields #919 Component version updatesZeek to v8.1.1Arkime to v6.1.1crytography to v46.0.6 (for CVE-2026-34073)evtx to v0.11.2Flask to v3.1.3 (for CVE-2026-27205)Fluent Bit to v5.0.2Logstash to v9.2.7Requests to v2.33.1 (for CVE-2026-25645)supercronic to v0.2.43yq to v4.52.5Updates for ICSNPP Hart IP parser #924 Bug fixesHedgehog Linux Breaking on Reboot after Encrypted Quick Install with Multiple Drives #943Fix YAML syntax error in kubernetes/15-redis.yml due to missing end quote #926Using remote elasticsearch data store uses deprecated ssl_certificate_verification setting [https://github.com/cisagov/Malcolm/issues/915]fix Malcolm API loopback webhook to handle RBAC and non-JSON formatted events #916fix issues in zeekdeploy.sh to handle long crypto handshakes and Zeek's state DB getting out of sync🧹 Code and project maintenanceswap redis out for valkey #882pin all third-party GitHub CI actions at known good SHA sums to mitigate things like the Trivy supply chain attack #933some minor tweaks to various Dockerfiles and ISO build scripts to address vulnerability scanner findingssome documentation updates Configuration changes for Malcolm (in environment variables in ./config/). The Malcolm control script (e.g., ./scripts/status, ./scripts/start) automatically handles creation and migration of variables according to ./config/env-var-actions.yml.Added ARKIME_PCAP_LIBPCAP to arkime.env should uses wish to revert to older libpcap mode for PCAP file processing rather than faster scheme processing (default false)FILEBEAT_SCANNER_FINGERPRINT_LENGTH's default in filescan.env has been changed from 1024 to 512redis.env has been renamed to valkey.env and its variables also have been renamed accordinglySTRELKA_SCANNERS has been added to pipeline.env for #935ZEEK_DISABLE_SPICY_ZIP has been added to zeek.env for #922 (default true)Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring ‍️.Malcolm operates as a cluster of containers , isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker , Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.Alternatively, dedicated official ISO installer images for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.As always, join us on the Malcolm discussions board to engage with the community, or pop some corn and watch a video .#Malcolm #HedgehogLinux #Zeek #Arkime #Strelka #NetBox #OpenSearch #Elasticsearch #Suricata #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL