MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,714 Commits
33 Branches
364 Tags
186 MiB
Commit Graph

287 Commits (2.4)

Author SHA1 Message Date
Sami Mokaddem 0273f04c4a
chg: [config:config.default] Disabled warning_for_all by default for new install 2023-09-20 10:01:46 +02:00
Anders Einar Hilden b2ad8fc687 new: [ApacheAuthenticate] Add STARTTLS support for LDAP connection 
Controlled by setting `ApacheSecureAuth.starttls`. Default (`ApacheSecureAuth.starttls undefined`) is `false`, since it is a new feature.

config.default.php is updated with `ApacheSecureAuth.starttls = true` as default and extra explanations.
 2023-03-10 10:34:26 +01:00
Jakub Onderka 4aabc2d097 new: [logging] Access log 2022-11-12 13:45:21 +01:00
Tom King de351faaac new: [internal] Add option to log last API request 2022-08-01 15:02:49 +01:00
Luciano Righetti 2bd4a5b30c fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 14:42:49 +01:00
Luciano Righetti fd43c07952 fix: add default supervisor user to default settings 2022-03-09 12:08:54 +01:00
iglocska f905eef8f0
Merge branch '8042' into develop 2021-12-21 16:42:50 +01:00
Hendrik Baecker 83c08362b9 [chg] Establish 'mixedauth' 
mixedauth=false: Only query LinOTP for OTP (or OTP-Pin+OTP Value)
mixedauth=true: Use MISP Userbase for Passwordchecking AND LinOTP for second factor

mixedauth=true will throw exceptions if OTP doesn't match to not fall back
to FormAuthenticate from MISP - which would get the 2FA useless.
 2021-12-15 12:48:44 +01:00
Hendrik Baecker efae024bc7 [chg] added LinOTP to configs 2021-12-14 17:47:07 +01:00
Sami Mokaddem 014ae34c53
new: [server:synchronisation] Type filtering during PULL synchronisation 
Warning: This feature can introduce unwanted behaviours and inconsistencies
 2021-12-09 12:29:03 +01:00
Jakub Onderka 741a74165e
Merge pull request #7974 from JakubOnderka/url-cache 
fix: [internal] Remove UrlCache
 2021-11-22 15:59:59 +01:00
Jakub Onderka 0a941bd7f3 fix: [internal] Remove UrlCache 2021-11-19 11:56:14 +01:00
Jakub Onderka e8c4378893 new: [internal] Faster caching 2021-11-18 18:48:34 +01:00
Jakub Onderka 0311182085
Merge pull request #7953 from JakubOnderka/cached_attachments_remove 
fix: [internal] Remove unused MISP.cached_attachments setting
 2021-11-11 16:23:03 +01:00
Jakub Onderka 5c617e3420 fix: [internal] Remove unused MISP.cached_attachments setting 2021-11-11 14:27:10 +01:00
Luciano Righetti 565fc26b13 chg: remove track_status setting 2021-11-10 18:24:04 +01:00
Luciano Righetti ba0399a6fb chg: remove MISP.use_simple_background_jobs setting in favor of SimpleBackgroundJobs.enabled 2021-11-10 16:44:02 +01:00
Luciano Righetti 2146cd49f7 chg: add background jobs settings to the ui editor 2021-11-09 14:19:07 +01:00
Luciano Righetti f2c9d12eae chg: merge develop, fix conflicts. 2021-11-08 11:35:20 +01:00
Luciano Righetti f80fcec2db chg: rename settings 2021-11-05 15:46:42 +01:00
Jakub Onderka 82ed12e4cb fix: [config] Remove not used Attributes_Values_Filter_In_Event 2021-11-05 09:19:56 +01:00
Luciano Righetti b6361c0f7c chg: rename conf name 2021-11-04 11:39:10 +01:00
Luciano Righetti e8274b63d2 chg: call supervisor xml-rpc api, add supervisor app required packages 2021-11-03 17:14:34 +01:00
Luciano Righetti 6695b66d78 new: add default config for new background jobs (disabled). 2021-11-03 11:39:38 +01:00
Sami Mokaddem ec4074f925
chg: [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS 
This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true.
 2021-10-06 09:09:06 +02:00
mokaddem 2153537e01
new: [event:notification] Added email notification ban system based on users triggering the notification 2021-08-31 09:39:05 +02:00
iglocska 4bb08fe151
fix: [config defaults] unset the default python bin path 2021-07-26 16:18:11 +02:00
iglocska 76af4b9d90
fix: [config defaults] changed default attachment storage 2021-07-26 16:16:23 +02:00
iglocska 1cb1cc546e
chg: [republish ban] enabled by default on new installs 2021-07-26 13:44:38 +02:00
mokaddem f841cfbc90
chg: [config] Added missing options 
Fix #7549
 2021-07-14 10:53:44 +02:00
mokaddem 6eceb3b8ce
fix: [config] Fixed indentation 2021-07-14 10:33:20 +02:00
Alexandre Dulaunoy ce93848dea
chg: [config] default config now uses RFC2606 example.com domain 2021-05-25 12:11:19 +02:00
Andras Iklody 0f78aef0c9
Merge pull request #7334 from Wachizungu/fix-allowedlists-route 
chg: [routes] fix allowedlists routes. Renamed from whitelists.
 2021-05-14 12:12:16 +02:00
Jakub Onderka ad1b373766 new: [log] Audit log 2021-05-03 13:44:44 +02:00
Steven fd9ca80f35 Change config.default.php to have everything needed for Azure AD authentication in there (as suggested in PR 6661) 2021-04-14 14:02:50 +02:00
Jeroen Pinoy 9ed2ae96ce
chg: [routes] fix allowedlists routes. Renamed from whitelists. 2021-04-13 14:17:32 -07:00
iglocska afbf95a478
fix: [security] Require password confirmations by default 
- the setting is optional, but the default should be that it's required unless disabled

- As reported by Patrix Kontura from ESET
 2021-01-19 14:01:36 +01:00
nighttardis 39abf9a420
Update core.default.php 
Fixing PHP syntax error that appears on PHP 7.4
 2020-10-14 10:17:51 -05:00
Jakub Onderka cf1483c906 chg: [cookie] Set session cookie SameSite to Lax to avoid browser warnings 2020-10-09 23:07:14 +02:00
Richard van den Berg bb8981353b chg: [Shell] Add MISP.osuser for updates. Fix #6368 2020-10-01 13:47:51 +02:00
Jakub Onderka 04a7398444 fix: [internal] Syntax error in bootstrap.default.php 2020-08-18 12:35:27 +02:00
Vito Piserchia a393d411e1 rebase continue 2020-08-17 17:13:58 +02:00
Léarch 8207be22ba Corrected redirections 
See the following for an explanation:
https://stackoverflow.com/questions/6836990/how-to-get-complete-current-url-for-cakephp#comment11184149_6875310
 2020-08-17 15:53:27 +02:00
Vito Piserchia b8c7485712 resolve merge 2020-08-16 13:31:31 +02:00
Jakub Onderka c347ffc6db new: [internal] 'GnuPG.obscure_subject' option to not send unencrypted subject 2020-08-12 19:33:15 +02:00
Jakub Onderka 8c2bdf6d56
fix: `DefaultRoleId` is not implemented for ApacheShibbAuth 2020-01-24 09:26:37 +01:00
Andras Iklody 69ec57dd39
Merge pull request #5375 from JakubOnderka/patch-71 
fix: Remove unusued config option
 2019-12-03 09:06:48 +01:00
Alexandre Dulaunoy 983a58afba
chg: [default] old default 'TLP Amber' is now 'tlp:amber' to be consistent and use MISP taxonomy naming 2019-11-04 12:41:52 +01:00
Jakub Onderka c22a63f309
fix: Remove unusued config option 2019-10-31 14:17:19 +01:00
RuneBergh abe0e440d4
Adding commenting for key to use with ldap 
Commenting in the PHP_AUTH_USER key which is set by basic auth if using ldap or AD authentication.
 2019-10-23 10:56:52 +02:00