The application that I am working on is producing STIX documents an das of recently, the to_xml() call at the end of the script seems to fail.

I've managed to narrow it down to 726377d being the culprit, but can't figure out what exactly is causing it, have you guys made any changes in that commit that would require content producers to alter the generation process?

Here is a sample package (created using to_json()) that will work on the commit before the one in the title, but not after:

{"id": "Iglocska.eu:Package-d3482aee-7c9f-49a9-80a7-b390a4b5d12b", "version": "1.2", "stix_header": {"title": "Export from Iglocska.eu MISP", "package_intents": [{"xsi:type": "stixVocabs:PackageIntentVocab-1.0", "value": "Threat Report"}]}, "related_packages": {"related_packages": [{"package": {"timestamp": "1970-01-01T01:00:01", "version": "1.2", "incidents": [{"status": {"xsi:type": "stixVocabs:IncidentStatusVocab-1.0", "value": "New"}, "information_source": {"identity": {"name": "Iglocska"}}, "handling": [{"controlled_structure": "../../../descendant-or-self::node()", "marking_structures": [{"color": "AMBER", "xsi:type": "tlpMarking:TLPMarkingStructureType"}]}], "description": "info", "timestamp": "2015-06-06T18:47:03", "related_indicators": {"indicators": [{"indicator": {"observable": {"object": {"id": "Iglocska.eu:Address-552bdfe4-b700-4abb-b0ed-64d1c0a83866", "properties": {"category": "ipv4-addr", "is_source": false, "xsi:type": "AddressObjectType", "address_value": "1.1.1.1"}}, "id": "Iglocska.eu:observable-552bdfe4-b700-4abb-b0ed-64d1c0a83866"}, "confidence": {"timestamp": "2015-04-13T17:25:24", "description": "Derived from MISP's IDS flag. If an attribute is marked for IDS exports, the confidence will be high, otherwise none", "value": {"xsi:type": "stixVocabs:HighMediumLowVocab-1.0", "value": "High"}}, "handling": [{"controlled_structure": "../../../descendant-or-self::node()", "marking_structures": [{"color": "AMBER", "xsi:type": "tlpMarking:TLPMarkingStructureType"}]}], "title": "Network activity: 1.1.1.1 (MISP Attribute #18)", "timestamp": "2015-04-13T17:25:24", "id": "Iglocska.eu:indicator-552bdfe4-b700-4abb-b0ed-64d1c0a83866"}, "relationship": "Network activity"}]}, "time": {"incident_discovery": "2012-04-12T00:00:00", "incident_reported": "2015-06-06T18:47:03"}, "external_ids": [{"source": "MISP Event", "value": "28"}], "id": "Iglocska.eu:incident-552bdfe4-0700-4afd-a3b9-64d1c0a83866", "history": {"history_items": [{"journal_entry": {"time_precision": "second", "value": "Event Threat Level: Undefined"}}]}}], "stix_header": {"title": "info (MISP Event #28)", "package_intents": [{"xsi:type": "stixVocabs:PackageIntentVocab-1.0", "value": "Threat Report"}]}, "id": "Iglocska.eu:STIXPackage-552bdfe4-0700-4afd-a3b9-64d1c0a83866"}}]}}

Let me know if there's anything that needs to be changed on my end or if I can provide any additional information. Thanks in advance!

Hey @iglocska, the current master branch of python-cybox (2.1.0.12.dev0) is not compatible with any python-stix release (we are currently working towards a somewhat major refactor of the python-cybox, python-stix, and python-maec internals).

I would avoid using master on python-cybox with python-stix for the moment and just stick to using the latest official release: https://pypi.python.org/pypi/cybox/2.1.0.11.

OK, thanks for the heads-up, I'll do that!

Awesome! Thanks for reporting the issue--it's always good to get more eyes on the repositories :) I'm going to close this but we can reopen if the problem persists after the next release.

Sure, and thanks for the quick response!