What's Changed

• Deprecate python 3.9 by @micheloosterhof in #2747
• Python 3.14 support by @micheloosterhof in #2760
• VirusTotal v3 support by @micheloosterhof in #2755
• Ftp async rewrite by @micheloosterhof in #2758
• Tftp async rewrite by @micheloosterhof in #2759
• add protocol in event log by @micheloosterhof in #2762
• UUID by @micheloosterhof in #2763

Full Changelog: v2.8.0...v2.8.1

What's Changed

• Pypi by @micheloosterhof in #2744
• better docker tags by @micheloosterhof in #2726
• partially functional chmod by @micheloosterhof in #2732
• packaging updates by @micheloosterhof in #2733
• Update requirements handling and documentation by @micheloosterhof in #2734
• Run without full directory structure (pip install) by @micheloosterhof in #2739

Full Changelog: v2.7.0...v2.8.0

Release Notes
#############

Release 2.7.0

BREAKING CHANGES - ACTION REQUIRED:

• Install Cowrie into your virtual environment with pip install -e .
• bin/ directory removed: Scripts asciinema, createfs, fsctl, and playlog are no longer called from the bin/ directory.
• Python 3.9 no longer supported: Minimum Python version is now 3.10.
• SQL schema update required: If using MySQL/SQLite databases, run the migration script docs/sql/update16.sql to extend IP address fields for IPv6 support (VARCHAR length increased to 61 characters).
• SSH-DSS key support removed: The deprecated ssh-dss algorithm is no longer supported for improved security. Remove ssh-dss configuration if you use it.

NEW FEATURES:

• New Output Plugins:
  • PostgreSQL output plugin with automatic reconnection support
  • Prometheus metrics output plugin for monitoring and alerting
• New Shell Commands:
  • find command with basic options for file searching
  • dig command for DNS lookups
  • git command for version control simulation
  • curl command now supports HEAD requests with -I option
• Enhanced Security:
  • Network blocking for outbound connections from wget/curl/nc to reserved IP ranges
  • Null byte password protection to prevent authentication bypasses
  • Updated SSH algorithms and key management for better security posture
• Proxy Mode Improvements:
  • SFTP file transfers now logged and captured in proxy mode
  • Better SSH factory handling for improved stability

CONFIGURATION CHANGES:

• New configuration options available for:
  • PostgreSQL output plugin settings
  • Prometheus metrics endpoint configuration
  • Network blocking controls for command simulation

INFRASTRUCTURE UPDATES:

• Docker:
  • Improved local build support

INFRASTRUCTURE UPDATES:

• Docker:
  • Improved local build support
  • Container signing with Cosign for supply chain security
  • Updated base images and metadata
• Build System:
  • Migrated to setuptools-scm for automatic version management
  • PyPI package publishing now automated as trial for future development
• Dependencies:
  • Twisted updated to 25.5.0
  • Elasticsearch client updated to 9.x
  • Various security updates across all dependencies

IMPROVED FEATURES:

• Enhanced MISP output plugin with overcuriosity protection and better threat intelligence integration
• Simplified Slack output formatting for better readability
• Better shell command substitution and subshell execution
• Improved error handling in wget with explicit timeouts
• ECS-compliant Logstash configuration template
• Enhanced history handling in shell sessions

DEVELOPMENT:

• Added Python 3.14 development version support
• Added PyPy 3.11 support
• Improved test coverage and CI/CD pipelines

What's Changed

• Devops by @micheloosterhof in #1811
• Versionstringfix by @micheloosterhof in #1817
• fix macs typo in cowrie.cfg.dist by @paseaf in #1820
• Support for additional commands by @Masood-M in #1830
• Correct description of the authentication_timeout setting in the conf… by @onlyvae in #1833
• [Snyk] Security upgrade requests from 2.28.1 to 2.31.0 by @micheloosterhof in #1838
• Reqs by @micheloosterhof in #1841
• docker update by @micheloosterhof in #1842
• platforms by @micheloosterhof in #1843
• Dock3 by @micheloosterhof in #1844
• updated by @micheloosterhof in #1845
• don't use build/push together by @micheloosterhof in #1846
• fix sftp ls by @micheloosterhof in #1853
• pur->dependabot by @micheloosterhof in #1854
• pyyaml->6.0.1 by @micheloosterhof in #1860
• Mypy aug by @micheloosterhof in #1872
• datadog: allow configuration of hostname by @galenguyer in #1866
• fix docs by @micheloosterhof in #1886
• rtd->py3.10 by @micheloosterhof in #1894
• 3.12 allowed failures by @micheloosterhof in #1879
• new format by @micheloosterhof in #1896
• 23.8 by @micheloosterhof in #1907
• Classvar new ruff version by @micheloosterhof in #1912
• don't give exception if file download has failed by @micheloosterhof in #1913
• scripts can now be run, and pip install -e works by @micheloosterhof in #1927
• docker: debian bullseye to bookworm by @micheloosterhof in #1940
• py 3.12 and pypy 3.10 by @micheloosterhof in #1952
• pyupgrade38plus by @micheloosterhof in #1953
• only run docker login in main repo by @micheloosterhof in #1955
• different syntax for run because there's no shell by @micheloosterhof in #1962
• 17oct by @micheloosterhof in #1968
• update hpfeeds version by @D1sD3s in #1979
• Oracle cloud custom logs plugin by @mamorett in #1997
• fix regex to do explit dot by @micheloosterhof in #2008
• remove duplicate code by @micheloosterhof in #2010
• Patched fsctl as noted in PR #2009 by @halcyondream in #2011
• Updated fsctl.py by @halcyondream in #2013
• docker image updates through dependabit by @micheloosterhof in #2040
• Removed DAEMONIZE steps. by @adam-qomodo in #1983
• load cowrie path by @micheloosterhof in #2061
• add suggestion from issue #1650 by @micheloosterhof in #2062
• update reqs. by @micheloosterhof in #2077
• [Snyk] Security upgrade cryptography from 42.0.1 to 42.0.2 by @micheloosterhof in #2082
• ruff 0.2.1 by @micheloosterhof in #2090
• Pyright by @micheloosterhof in #2091
• remove custom ssl context factories by @micheloosterhof in #2135
• new way to disable https checks by @micheloosterhof in #2136
• Fix formatting in README.rst by @progalgo in #2146
• Fix formatting in README.rst by @progalgo in #2150
• [Snyk] Security upgrade cryptography from 42.0.5 to 42.0.6 by @micheloosterhof in #2165
• formatting by @micheloosterhof in #2168
• remove python 3.8 by @micheloosterhof in #2170
• small shell fixes by @micheloosterhof in #2199
• [Snyk] Security upgrade cryptography from 42.0.6 to 42.0.8 by @micheloosterhof in #2206
• proxy fixes and improvements by @micheloosterhof in #2204
• #1756 / added-support-for-h-flag-in-ls-comand by @RitvikDayal in #2217
• display full path as specified for individual files by @micheloosterhof in #2218
• revert - #2217 by @RitvikDayal in #2219
• #1756 / added-support-for-h-flag-in-ls-comand by @RitvikDayal in #2220
• ruff -> ruff check by @micheloosterhof in #2227
• check if user is still connected. by @micheloosterhof in #2229
• fix #2257 by @micheloosterhof in #2280
• keep running commands on exec mode after first one fails. by @micheloosterhof in #2281
• remove threatjammer. domain is gone. by @micheloosterhof in #2282
• remove threatjammer from index by @micheloosterhof in #2283
• fix #2291 by @micheloosterhof in #2302
• proper Guest dataclass usage by @mjovanovic9999 in #2304
• Added support for remote syslog logging by @mjovanovic9999 in #2312
• update head to take -c. update quotes for remotesyslog by @micheloosterhof in #2318
• treq -> 24.9.0 by @micheloosterhof in #2320
• 3.13-dev by @micheloosterhof in #2321
• black formatting by @micheloosterhof in #2328
• Update locaksyslog.py by @cskinner74 in #2325
• add lspci by @micheloosterhof in #2329
• Debian package updates by @micheloosterhof in #2330
• Reduce dependencies by @micheloosterhof in #2335
• Deps3 by @micheloosterhof in #2336
• 21oct by @micheloosterhof in #2354
• User by @micheloosterhof in #2356
• Updated Graylog docs to also describe the pipeline feature by @gbyx3 in #2355
• Explicit deps by @micheloosterhof in #2358
• Twisted2410 by @micheloosterhof in #2360
• Disable oci python dependency by @micheloosterhof in #2367
• Urllib by @micheloosterhof in #2378
• Increq by @micheloosterhof in #2379
• Defaults by @micheloosterhof in #2192
• Devops by @micheloosterhof in #2380
• Datadir by @micheloosterhof in #2381
• file system fixes by @micheloosterhof in #2389
• add option to login with any public key by @micheloosterhof in #2391
• update issue templates by @micheloosterhof in #2392
• fix for crashing ping command by @micheloosterhof in #2393
• print which config files are used by @micheloosterhof in #2395
• rmq by @micheloosterhof in #2396
• pool reqs by @micheloosterhof in #1970
• 22nov by @micheloosterhof in #2398
• flags for ps to work on busybox. by @micheloosterhof in #2399
• remove blowfish by @micheloosterhof in #2406
• Ruff8 by @micheloosterhof in #2407
• fix crash with 0 arguments by @micheloosterhof in #2408

New Contributors

• @paseaf made their first contribution in #1820
• @Masood-M made their first contribution in #1830
• @onlyvae made their first contribution in #1833
• @galenguyer made their first contribution in #1866
• @D1sD3s made their first contribution in #1979
• @mamorett made their first contribution in #1997
• @halcyondream made their first contribution in #2011
• @adam-qomodo made their first contribution in #1983
• @Pro...

Release 2.5.0

• Datadog output module (Fred Baguelin [email protected])
• General improvements to shell expansion handling
• New version of Twisted supported
• Python 3.11 support
• Pypy 3.9 support
• Add session type to Telegram output

Release 2.4.0

• Deprecate Python 3.7
• Early support for Python 3.11
• ThreatJammer output plugin (@diegoparrilla)
• Telegram output plugin (@Louren)
• Discord output plugin (@CyberSparkNL)
• Updated mongodb output plugin
• Dependency upgrades
• Docker repo merged with this one
• wget and curl rewritten using treq.
• Migrate test framework from trial to unittest (@lazycrazyowl)

Release 2.3.0
Deprecate Python 3.6
Support Python 3.10
Dependency updates
MISP Output plugin extension
add new public keys ECDSAKeys and ed25519 (#1627)
fix userdb.example (#1619)
cache url submission to virustotal
MySQL connector (#1575) - needs new external dependency mysql-connector-python
Fix mysql string expansion (#1565)
Rewrite CSIRTG output plugin to use new library version
Fixed the Slack output to work with the versions 2.x of slackclient
fix MySQL error handling
fix tar command
limit connections to private address ranges
Update GreyNoise Output Script to Use Community API (#1524)
Implement getopt-style parsing for uname (#1516)
Allow SSLv3 connections for wget and curl
Support for 301 redirects in wget
Malshare update API (#1472)
Remove hpfeeds.py infavour of hpfeeds3.py

Release 2.2.0

• Deprecate Python 2.7 and 3.5
• Command substitution with backticks (PeterSufliarsky)
• Better chmod command line parsing (PeterSufliarsky)
• Add uniq command (PeterSufliarsky)
• Enhanced command substitution functionality.
• Fix nc hang
• Rename built-in user richard to phil, it's used as detection mechanism.
• Binary suppport for cat, grep and other commands
• Azure Sentinel output plugin

• Deprecate Python 2.7. Still works but removed from testing suite and fixing 2.7 problems will no longer have priority.
• Disable crashreporter
• Updated ELK documentation and output plugin
• tee command added. Updates to cat, dd and wc.
• Fixed SSH compression issue with AsyncSSH client
• AbuseIP output plugin.

Small bugfixes.