Bump pycti from 5.12.33 to 6.9.0 in /docker/opencti-v4 by dependabot[bot] · Pull Request #5156 · armorblox/dockerfiles

dependabot · 2025-12-12T11:08:25Z

Bumps pycti from 5.12.33 to 6.9.0.

Release notes

Version 6.9.0

Dear community, we're excited to announce the launch of OpenCTI 6.9.0! 🥳

This release focuses on solving key pain points and unlocking new use cases:

Make Priority Intelligence Requirements actionable

CTI-driven assessment by integrating OpenCTI & OpenAEV

Draft Authorize members, to protect from unwanted modification or approval

Avoid some IOC to decay by introducing Decay Exclusion Rules

Framework to import data in the platform via Form Intake

UI & UX improvements

Many other improvements (new capa for playbooks, pattern matching for IOC…)

New Integrations/Connectors

🌟 Make Priority Intelligence Requirements actionable (EE)

A new Threat Map widget in PIRs provides instant visual insight into your highest-priority threats, enabling faster threat assessment and prioritization.

Priority Intelligence Requirements are now actionable within playbooks through intelligent filtering based on identified threats and scores. This enhancement transforms PIRs from passive threat awareness into actionable automation.

Trigger enrichment and processing workflows upon threat detection

Automatically initiate actions based on PIR threat scores

Selective processing of entities (indicators, vulnerabilities, etc.) linked to specific PIR threats

This allows teams to move beyond static threat lists and automatically respond to prioritized threats. Playbooks now execute targeted actions on the threats that matter most to your organization, reducing noise and accelerating response times to high-priority threats.

🤖 CTI driven assessment by integrating OpenCTI & OpenAEV (CE)

Security assessments can now be initiated from threat intelligence in OpenCTI, executed as simulations in OpenAEV, and results automatically imported back into OpenCTI as actionable gap analyses, within a new entity type Security coverage. Additionally, the creation and generation of security coverages can now be fully automated through our playbook engine. This capability, combined with the ability to trigger playbooks based on PIR events, enables you to automatically test your defense posture against threats identified as relevant for your organization.

This first implementation lays the foundation for transforming security assessments from manual processes into automated, threat-driven continuous validation

See details in our documentation.

💡 Draft Authorize members, to protect from unwanted modification or approval & Service Account bypass (CE)

To get an approval workflow for draft, the first step has been for us to enable Authorize Members on Drafts.

This way, when creating a draft manually or via file upload, you will be able to define authorized members at draft creation. This will ensure no user will be able to validate your draft on your behalf or even modify it without your consent.

This change required us to introduce another related change: Service Account now bypasses Authorize Members. The rationale behind this behavior is that Service Accounts should be able to enrich observables within a Draft, even if the draft has some Authorize Members enabled. To be clear: even if Service Accounts are not added as Authorized Members, they will get the Edit permission on the entity (draft, containers). This bypass is a default behavior that cannot be changed.

👤 Avoid some IOC to decay by introducing Decay Exclusion Rules (CE)

Some IOCs should never expire: for instance, Yara rules (or any detection rules) should never be revoked, to avoid having any tools like your SIEM, XDR, EDR… failing to detect a malicious IOC.

This is the purpose of Decay Exclusion Rules: you can filter on some IOC attributes to avoid having the matching IOCs fall under a decay rule. Ultimately, it prevents your IOCs from being automatically revoked.

Please be careful with the decay exclusion rules:

Decay exclusion rules are always first against a decay rule: if an IOC matches both a Decay rule & a Decay Exclusion rule, the decay exclusion will apply.

... (truncated)

Commits

301aff5 [backend/worker] Release 6.9.0
7cb740e [backend] Handle base_path setting in httpPlatform redirection (#13450) (#13493)
0ef6097 [ci] add lint and check-ts on backend, reduce unit test workers (#13614)
334e6e2 [backend] Support inferred subfilter in regardingOf filter (#13347)
1f86db1 [backend] manage OIDC audience (#13601)
9e067e1 Merge branch 'release/current' into master
ee67da3 [backend] fix releaseu/current migration timestamp to be above latest master ...
ff392e9 Merge branch 'master' into release/current
09d2ca0 [backend/worker] Release 6.8.17
8c1c59e [frontend] post merge fix
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pycti](https://github.com/OpenCTI-Platform/opencti) from 5.12.33 to 6.9.0. - [Release notes](https://github.com/OpenCTI-Platform/opencti/releases) - [Commits](OpenCTI-Platform/opencti@5.12.33...6.9.0) --- updated-dependencies: - dependency-name: pycti dependency-version: 6.9.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-12-17T11:08:30Z

Superseded by #5158.

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Dec 12, 2025

dependabot bot mentioned this pull request Dec 12, 2025

Bump pycti from 5.12.33 to 6.8.17 in /docker/opencti-v4 #5155

Closed

dependabot bot closed this Dec 17, 2025

dependabot bot deleted the dependabot/pip/docker/opencti-v4/pycti-6.9.0 branch December 17, 2025 11:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pycti from 5.12.33 to 6.9.0 in /docker/opencti-v4#5156

Bump pycti from 5.12.33 to 6.9.0 in /docker/opencti-v4#5156
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/docker/opencti-v4/pycti-6.9.0

dependabot bot commented on behalf of github Dec 12, 2025

Uh oh!

dependabot bot commented on behalf of github Dec 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Dec 12, 2025

Version 6.9.0

Uh oh!

dependabot bot commented on behalf of github Dec 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants