MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
24,866 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

90 Commits (feature/publication-blocking-same-user)

Author SHA1 Message Date
Sami Mokaddem 0273f04c4a
chg: [config:config.default] Disabled warning_for_all by default for new install 2023-09-20 10:01:46 +02:00
Anders Einar Hilden b2ad8fc687 new: [ApacheAuthenticate] Add STARTTLS support for LDAP connection 
Controlled by setting `ApacheSecureAuth.starttls`. Default (`ApacheSecureAuth.starttls undefined`) is `false`, since it is a new feature.

config.default.php is updated with `ApacheSecureAuth.starttls = true` as default and extra explanations.
 2023-03-10 10:34:26 +01:00
Tom King de351faaac new: [internal] Add option to log last API request 2022-08-01 15:02:49 +01:00
Luciano Righetti 2bd4a5b30c fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre 2022-03-17 14:42:49 +01:00
Luciano Righetti fd43c07952 fix: add default supervisor user to default settings 2022-03-09 12:08:54 +01:00
iglocska f905eef8f0
Merge branch '8042' into develop 2021-12-21 16:42:50 +01:00
Hendrik Baecker 83c08362b9 [chg] Establish 'mixedauth' 
mixedauth=false: Only query LinOTP for OTP (or OTP-Pin+OTP Value)
mixedauth=true: Use MISP Userbase for Passwordchecking AND LinOTP for second factor

mixedauth=true will throw exceptions if OTP doesn't match to not fall back
to FormAuthenticate from MISP - which would get the 2FA useless.
 2021-12-15 12:48:44 +01:00
Hendrik Baecker efae024bc7 [chg] added LinOTP to configs 2021-12-14 17:47:07 +01:00
Sami Mokaddem 014ae34c53
new: [server:synchronisation] Type filtering during PULL synchronisation 
Warning: This feature can introduce unwanted behaviours and inconsistencies
 2021-12-09 12:29:03 +01:00
Jakub Onderka 0311182085
Merge pull request #7953 from JakubOnderka/cached_attachments_remove 
fix: [internal] Remove unused MISP.cached_attachments setting
 2021-11-11 16:23:03 +01:00
Jakub Onderka 5c617e3420 fix: [internal] Remove unused MISP.cached_attachments setting 2021-11-11 14:27:10 +01:00
Luciano Righetti 565fc26b13 chg: remove track_status setting 2021-11-10 18:24:04 +01:00
Luciano Righetti ba0399a6fb chg: remove MISP.use_simple_background_jobs setting in favor of SimpleBackgroundJobs.enabled 2021-11-10 16:44:02 +01:00
Luciano Righetti 2146cd49f7 chg: add background jobs settings to the ui editor 2021-11-09 14:19:07 +01:00
Luciano Righetti f2c9d12eae chg: merge develop, fix conflicts. 2021-11-08 11:35:20 +01:00
Luciano Righetti f80fcec2db chg: rename settings 2021-11-05 15:46:42 +01:00
Jakub Onderka 82ed12e4cb fix: [config] Remove not used Attributes_Values_Filter_In_Event 2021-11-05 09:19:56 +01:00
Luciano Righetti b6361c0f7c chg: rename conf name 2021-11-04 11:39:10 +01:00
Luciano Righetti e8274b63d2 chg: call supervisor xml-rpc api, add supervisor app required packages 2021-11-03 17:14:34 +01:00
Luciano Righetti 6695b66d78 new: add default config for new background jobs (disabled). 2021-11-03 11:39:38 +01:00
Sami Mokaddem ec4074f925
chg: [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS 
This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true.
 2021-10-06 09:09:06 +02:00
mokaddem 2153537e01
new: [event:notification] Added email notification ban system based on users triggering the notification 2021-08-31 09:39:05 +02:00
iglocska 4bb08fe151
fix: [config defaults] unset the default python bin path 2021-07-26 16:18:11 +02:00
iglocska 76af4b9d90
fix: [config defaults] changed default attachment storage 2021-07-26 16:16:23 +02:00
iglocska 1cb1cc546e
chg: [republish ban] enabled by default on new installs 2021-07-26 13:44:38 +02:00
mokaddem f841cfbc90
chg: [config] Added missing options 
Fix #7549
 2021-07-14 10:53:44 +02:00
mokaddem 6eceb3b8ce
fix: [config] Fixed indentation 2021-07-14 10:33:20 +02:00
Alexandre Dulaunoy ce93848dea
chg: [config] default config now uses RFC2606 example.com domain 2021-05-25 12:11:19 +02:00
Steven fd9ca80f35 Change config.default.php to have everything needed for Azure AD authentication in there (as suggested in PR 6661) 2021-04-14 14:02:50 +02:00
iglocska afbf95a478
fix: [security] Require password confirmations by default 
- the setting is optional, but the default should be that it's required unless disabled

- As reported by Patrix Kontura from ESET
 2021-01-19 14:01:36 +01:00
Richard van den Berg bb8981353b chg: [Shell] Add MISP.osuser for updates. Fix #6368 2020-10-01 13:47:51 +02:00
Jakub Onderka c347ffc6db new: [internal] 'GnuPG.obscure_subject' option to not send unencrypted subject 2020-08-12 19:33:15 +02:00
Jakub Onderka 8c2bdf6d56
fix: `DefaultRoleId` is not implemented for ApacheShibbAuth 2020-01-24 09:26:37 +01:00
Andras Iklody 69ec57dd39
Merge pull request #5375 from JakubOnderka/patch-71 
fix: Remove unusued config option
 2019-12-03 09:06:48 +01:00
Alexandre Dulaunoy 983a58afba
chg: [default] old default 'TLP Amber' is now 'tlp:amber' to be consistent and use MISP taxonomy naming 2019-11-04 12:41:52 +01:00
Jakub Onderka c22a63f309
fix: Remove unusued config option 2019-10-31 14:17:19 +01:00
RuneBergh abe0e440d4
Adding commenting for key to use with ldap 
Commenting in the PHP_AUTH_USER key which is set by basic auth if using ldap or AD authentication.
 2019-10-23 10:56:52 +02:00
garanews 85c28ce36e Fix some typo 
Fix some typo
 2019-10-04 13:02:59 +02:00
StefanKelm 1660e6a398
Replace http with https 2019-08-12 13:57:57 +02:00
chrisr3d 449474fac0
add: [Config] Added CWE url for the new attribute type 2019-08-01 16:44:15 +02:00
Andras Iklody 78d94870e4
Merge pull request #4421 from andir/2.4-linotp 
new: WIP LinOTP authentication
 2019-04-04 13:18:23 +02:00
couchuser12345 ea82a8ca5a
Add updateUser to default config 2019-03-27 16:27:40 -04:00
Andreas Rammhold 516cf0767b new: WIP LinOTP authentication 2019-03-13 14:15:06 +01:00
Steve Clement 0328b1b04a
Merge branch '2.4' into add-email-field-option-for-kerberos-authentication 2019-03-03 07:39:45 +05:30
Martin Kulhavy abd10e5f51 Add LDAP network timeout 2019-02-07 13:02:22 +02:00
Anthony Vaccaro 61e9851397 Add "manage workers" option. 
This is enabled by default, which replicates the current behaviour of having controls to start, stop and restart workers in the server settings page.
When set to disabled, these controls are hidden, which allows server administrators to manage the worker processes externally, e.g. via systemd.

A sample systemd unit file has also been included into the INSTALL directory.
 2018-10-08 12:28:22 +10:00
iwitz f7283cda65
new: added ldapEmailField example and exaplanation 2018-08-24 14:15:45 +02:00
Andras Iklody 173496c305
Merge pull request #1969 from devnull-/GPG_sign_option 
Add a option to sign GPG emails
 2018-01-24 11:11:03 +01:00
Tomi Juntunen 42cecee60a new: Update config.php template with the option whether to chase LDAP referrals. 2017-12-20 10:43:53 +02:00
Tristan METAYER 66a43f5511 Add an imput for search on all attributes in an event. 
field to search can be modify in administration page.
 2017-10-04 19:07:58 +02:00