1.3.0

New assign_query API, minor query API improvements

• new way to create views via assign_query
• can now init a Query with a list instead of calling append
• Some SQL injection protection in query classes

1.2.2

Mostly small performance optimizations

• "inline" some functions
• replace re.sub in some places with simpler, faster string operations
• other small changes

Performance improvements of 2-6% depending on thread count when running with PostgreSQL.

1.2.1

Try to improve markroot transform (used in SqlStorage.cache()): For cases where, e.g., there are 3 IPs in a single observation, we have to pick one as the "primary" (or "root"). So we'll keep an ordered list of objects we see per type, in order of preference. Default is first-seen, but for some cases, like when a network-traffic object is present, we can use the object references to order our preferences: src_ref before dst_ref.

The main benefit of this scheme is when reconstructing the complete observation: if you LEFT OUTER JOIN by observation ID, you would get duplicates due to "fan out". Adding a WHERE clause for "x_root" IS NOT NULL will hopefully solve this.

1.2.0

Grouped views can now be modified (via assign() or reassign()). Doing so will cause the underlying SQL view to be converted into an actual table. As a result, a new API types() is introduced that returns the list of STIX object types in the session (formerly you could use tables() for this, but now the grouped "view" will be listed as well).

1.1.2

postgres: check for existence before creating functions and tables

1.1.1

Fix for #7: resolving a dependency issue with Python 3.9 on macOS

1.1.0

Concurrency fixes: you should now be able to create separate storage objects per thread and cache() bundles concurrently.

1.0.18

• Make sure rename_view can overwrite an existing view
• query: fix handling of comparing lists to null
• Add missing ujson dependency
• github actions shenanigans

1.0.17

• PostgreSQL: switch from BIGINT to NUMERIC to handle unsigned 64-bit ints. We need to eventually do something smarter since lots of numeric fields (like src_port and dst_port) don't require anything more than INTEGER.
• Add optional batchsize keyword param to cache() for performance tuning

1.0.16

Fixes #17: CardinalityViolation: ON CONFLICT DO UPDATE command cannot affect row a second time