Builds for Arkime 6, do NOT use in production yet, not kidding :)

Hi! After every commit to the main branch of Arkime we build and store the results here. The builds are based on Arkime 5, so if upgrading from Arkime 4, make sure you've followed the upgrading to 5 instructions. If you don't want to run the pre release version, check out our stable release.

We need your help! Please support Arkime by becoming a Github Sponsor!

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

Sanitize builds are used for detecting memory leaks and other issues, see Sanitizer Info

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

Support Arkime's ongoing development! Become a GitHub Sponsor!

✨ What's new ✨

Release

• #3287 Node 20.19.4

All

• #3352 Abort and useful error for bad userAuthIps setting

Capture/Viewer

• #3307 Added garland timestamp plugin

Capture

• #3294 Improved dhcpv6 parser and ja4d display
• #3297, #3321 Fix lua memory leaks
• #3298 Fix dns encoding issues with answers
• #3299 Handle more than 255 ciphers with ja4
• #3305, #3337 added basic ip AH protocol support
• #3314 fix SQS/S3 with MinIO (thanks @mcgillowen)

db.pl

• #3320 Fixed some Elasticsearch/Opensearch calls that still had types
• #3323, #3328 New db.pl repair implementation that can fix multiple issues

Viewer

• #3319 Fix export csv from SPI Graph
• #3344 Fix parsing quoted arrays in wildcards
• #3358 Fixed files created with s3 capture scheme not showing in viewer
  if not in top level directory

WISE

• #3339 Elasticsearch source can have paths value shortcuts
• #3359 Elasticsearch source can have integer and object values

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. A libssl version error means that most likely the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

Support Arkime's ongoing development! Become a GitHub Sponsor!

✨ What's new ✨

All

• #3259 Config stored in Elasticsearch/OpenSearch now respects --insecure
• #3279, #3274, #3273 NPM dependabot fixes

Capture/Viewer

• #3258 Add new ethertype field

Capture

• #3258 unkEthernet plugin now groups sessions by ethertype + macs
• #3276 fix wise lookups for some hashed string fields

Cont3xt

• #3253 IPQualityScore support (thanks @RamboV)

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. A libssl version error means that most likely the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

Support Arkime's ongoing development! Become a GitHub Sponsor!

✨ What's new ✨

BREAKING

• User defined roles with the user-role-mappings feature used to require
  role- prefix but didn't work, now they require role: prefix and do work

Release

• #3196 Fix Debian 13 dependency libyara issue
• #3205 arkime_config_interfaces.sh -n with dash fix
• #3211 Node 20.19.2
• #3231 No longer use screwdriver, only github actions, goodbye el7
• #3233 EL10 initial support
• #3244 Support make DESTDIR install

All

• #3237 Add missing settings to addUser.js/arkime_add_user.sh

Viewer

• #3199,#3200 Support searchable snapshots with partial- index prefix
• #3218 Elasticsearch 9 dstats fix
• #3224 Fix/Change user-role-mappings must start with role: instead of role-

Capture

• #3209 New espSavePackets setting
• #3229 Drop packets larger than 0xffff in size

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. A libssl version error means that most likely the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

✨ What's new ✨

Viewer

• #3188 Prevent more session prototype pollution with connections
• #3188 Improved receiveSession auth & index verification

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of provided library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. If you have a libssl version error, it is most likely that the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

✨ What's new ✨

Release

• #3173 Initial Debian 13 support

Capture

• #3175 Don't include dns.host.tokens in host query
• #3177 support autoGenerateId=consistent to reprocess into same sid

Multies

• #3176 Fix issues when clusters are down (thanks @DavidCHIA-Rub)

Viewer

• #3164 Support searchable snapshots with partial- index prefix
• #3167, #3169 Prevent more session prototype pollution
• #3170 Add error handling for unknown views

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of provided library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. If you have a libssl version error, it is most likely that the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

✨ What's new ✨

db.pl

• #3135 Support passwords > 55 characters (thanks @GhostNaix)
• #3143 new db.pl mv to move many files at once

Capture

• #3105 Support decrypted smtp
• #3136 Support ERSPAN Type III
• #3157 Log bulk FORBIDDEN errors

Viewer

• #3137 Prevent session prototype pollution
• #3142 Fix session detail long arrays not displaying correctly
• #3147 Fix erspan decode issues
• #3148 Fix issuerCN not displaying in session detail
• #3151 Fix cert.serial not displaying in session detail
• #3158 Fix s3http/s scheme not caching blocks correctly
• #3159 Fix packets not showing up when using writer-s3 without compression

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of provided library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. If you have a libssl version error, it is most likely that the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

✨ What's new ✨

BREAKING

• Cont3xt Twilio integration requires a new token

Release

• #3103 arkime_config_interfaces.sh supports interface envs
• #3121 Node 20.18.3
• #3115 build ja4 docker images
• #3127 docker.sh now sets ARKIME__usersElasticsearch (when not set) from ARKIME__elasticsearch (when set)

All

• #3093 if config file doesn't exist, don't exit with error. This is useful with containers + envs. Capture does require the file to exist if specified.
• #3107 ARKIME__ envs now use cont3xt,wiseService,... instead of default for section name for those respective applications
• #3110 can now use https://usersElasticsearch in url/config and Arkime will fill in from the env/config
• #3122 if no section used for override, use something sane

Capture

• #3100 fix SSLv2 constants and misidentify DTLS 0 (thanks @droe)

db.pl

• #3101 support ARKIME__prefix, ARKIME__elasticsearchBasicAuth, ARKIME__elasticsearchAPIKey envs
• #3124 new arkime_configs index for storing config files

Viewer

• #3095 Show Arkime capture version in the stats UI
• #3114 Fix http sessions missing http request not showing body (thanks @bryangwj)
• #3120 Fix value actions not showing for info column fields

WISE

• #3107, #3108 Support webBasePath
• #3110, #3111, #3127 if usersElasticsearch isn't set will use elasticsearch config

Cont3xt

• #3118 update Twilio integration to v2 API

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of provided library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. If you have a libssl version error, it is most likely that the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.

Installation Instructions | 4.x -> 5.x Upgrade Instructions | FAQ | CHANGELOG | JA4+ Install | Docker Install

A db.pl upgrade is required when upgrading from 5.1.2 or earlier

✨ What's new ✨

BREAKING

• Unknown config variables that start with tpacketv3 or simple will now cause an error

Release

• #3051 arkime_config_interfaces.sh doesn't try and set up "dummy" interface
• #3081 afterinstall.sh uses prefix correctly

All

• #3037 remove babel
• #3087 Env vars improvements and DASH, COLON, DOT, SLASH are now replaced

Capture

• #3046 added packet-stats command
• #3052 add ARKIME_default__ support for env vars
• #3062 only refresh Arkime indices on exit
• #3063 use suricata vlan when using sessionIdTracking
• #3070 new --command option instead of having to use command-socket
• #3072 add ident protocol classifier
• #3079 check tpacketv3* and simple* config settings
• #3083 new _flipSrcDst rule action
• #3083 new tcp.synSet rule field
• #3083 rules can now use values of "${configvar}"
• #3088 fix memory leak if "" is dns query

Viewer

• #3055 fix missing session.network section error
• #3059 fix losing custom theme setting
• #3068 display all kinds of data nodes on ES Nodes tab
• #3076 Fix incorrect Overload Drops/s statistic in Capture Stats page (thanks @mcgillowen)

⬇️ Download Info ⬇️

We offer downloads for different Linux distributions and versions because of provided library differences. For example, use the el8 download for Centos 8 or RHEL 8 not RHEL 9. If you have a libssl version error, it is most likely that the wrong download was used for your Linux distribution and version, please double check. The moloch builds have the old filesystem layouts, we will stop providing the moloch builds in 2025.