iglocska
205ddb0b5a
fix: [event view] make having a valid PGP setup optional for viewing events
...
- don't throw an exception, rather set an empty key
2022-03-18 13:54:31 +01:00
Alexandre Dulaunoy
ab1305cc18
Merge pull request #8218 from righel/org-svg-logo-setting
...
new: add setting for allowing svg org logos
2022-03-18 11:01:14 +01:00
iglocska
dddcc1dcff
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-18 10:12:39 +01:00
iglocska
df1eb43b2c
Merge branch '2.4' into develop
2022-03-18 10:12:25 +01:00
iglocska
891572be9f
fix: [signing] fail gracefully if pgp not configured on event index
...
- return the index, but set fingerprint as null rather than throwing an exception
2022-03-18 10:11:29 +01:00
Sami Mokaddem
b0a4660a88
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-18 09:14:29 +01:00
Sami Mokaddem
ae0e335a05
chg: [events:restSearchExport] Format export based on the responseType
2022-03-18 09:14:10 +01:00
Jakub Onderka
2d23e0125b
Merge pull request #8215 from JakubOnderka/pgp-signature-optim
...
chg: [cryptograhicKey] Simplified code for event pushing
2022-03-17 17:03:40 +01:00
iglocska
615ef1a6e7
Merge branch 'develop' into 2.4
2022-03-17 16:15:11 +01:00
iglocska
68d1e16fb2
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 16:12:42 +01:00
iglocska
ff9cd40221
chg: [queryversion] bumped
2022-03-17 16:12:13 +01:00
Luciano Righetti
8dcf414340
fix: [security] restrict setting to cli only. enabling this setting could allow potential ssrf attacks, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 15:55:21 +01:00
iglocska
07b091778a
Merge branch '2.4' into develop
2022-03-17 15:51:06 +01:00
Alexandre Dulaunoy
bb82bd710c
Merge pull request #8216 from 3c7/patch-1
...
Update OidcAuth readme
2022-03-17 15:49:19 +01:00
Alexandre Dulaunoy
78d6f8b93f
Merge pull request #8217 from DCSO/linotp_errormessages
...
[chg] LinOTP error exceptions up to the ui
2022-03-17 15:48:35 +01:00
Andras Iklody
440d692bfa
Merge pull request #8219 from DCSO/linotp_on_off_config
...
[chg] LinOTP now with enable/disable as config feature
2022-03-17 15:47:20 +01:00
iglocska
83f1397f96
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 15:37:43 +01:00
iglocska
965b382faa
fix: [cryptographic key view] fixed
...
- was just grabbing the first key
2022-03-17 15:37:22 +01:00
Luciano Righetti
8cc93687dc
fix: [security] lfi via custom terms file setting, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 15:36:35 +01:00
iglocska
1b5edc99cf
fix: [event index] minimal mode fixed for signed events
2022-03-17 15:22:02 +01:00
Hendrik Baecker
eb7a1301bb
[chg] LinOTP now with enable/disable as config feature
2022-03-17 15:19:58 +01:00
iglocska
c4cb313f61
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:51:34 +01:00
iglocska
90d232bde2
fix: [signing] removed colour coding of protected/unprotected events
...
- gave the idea that one is "right" and one is "wrong", whilst they're just for different use-cases
2022-03-17 14:50:14 +01:00
Luciano Righetti
c2456c8ce3
Merge branch 'org-svg-logo-setting' of github.com:righel/MISP into org-svg-logo-setting
2022-03-17 14:49:59 +01:00
Sami Mokaddem
4af6a4d1aa
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:43:27 +01:00
Sami Mokaddem
d65ef9c966
chg: [cryptographicKeys] Indexed more column and bumped db_schema
2022-03-17 14:43:01 +01:00
Luciano Righetti
2bd4a5b30c
fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:42:49 +01:00
iglocska
f16d83c60c
fix: [event view] distribution field fixed
...
- didn't display the sharing groups
2022-03-17 14:38:06 +01:00
Luciano Righetti
08a07a38ae
new: add setting for allowing svg org logos
2022-03-17 14:36:07 +01:00
iglocska
63bc2ff77b
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:29:39 +01:00
iglocska
0ada3e9bb5
fix: [signing] add try/catch around the gpg initialisation
...
- otherwise instances without gpg set up will fail when viewing events
2022-03-17 14:28:56 +01:00
Sami Mokaddem
6862f1a9d8
Merge branch 'develop' of github.com:MISP/MISP into develop
2022-03-17 14:25:51 +01:00
Sami Mokaddem
2d14113de9
chg: [events:view] Removed duplicated lockpad icon
2022-03-17 14:25:40 +01:00
Hendrik Baecker
c42d34faac
[chg] LinOTP error exceptions up to the ui
2022-03-17 14:23:24 +01:00
Nils Kuhnert
48752ba624
Update OidcAuth readme
...
Replaced required dependency.
2022-03-17 14:12:32 +01:00
iglocska
61d4d36705
fix: [security] stored XSS in the user add/edit forms
...
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user
- as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:10:09 +01:00
Jakub Onderka
f208c656ea
chg: [cryptograhicKey] Simplified code for event pushing
2022-03-17 13:58:25 +01:00
Alexandre Dulaunoy
ca036781ca
chg: [taxonomies] updated to the latest version
2022-03-17 13:43:29 +01:00
Alexandre Dulaunoy
b365be8e36
chg: [misp-galaxy] updated
2022-03-17 13:42:40 +01:00
iglocska
dc63cb772c
Merge branch '2.4' into develop
2022-03-17 13:25:05 +01:00
Sami Mokaddem
9307a07760
fix: [events:edit] Correctly collects saved cryptographic keys when pushing an edit
2022-03-17 12:38:19 +01:00
Sami Mokaddem
b92d8ddb8f
chg: [events:index] Check for not empty instead
2022-03-17 11:50:49 +01:00
Sami Mokaddem
188153ffe9
chg: [events] Typo in protected description
2022-03-17 11:50:06 +01:00
Alexandre Dulaunoy
bcf8e49654
chg: [misp-objects] updated to the latest version
2022-03-17 10:27:36 +01:00
Jakub Onderka
72b8daa7a5
Merge pull request #8213 from JakubOnderka/oidc_undefined_index
...
fix: [oidc] Undefined index
2022-03-17 09:57:09 +01:00
Jakub Onderka
ff39069bbc
fix: [oidc] Undefined index
2022-03-17 09:29:02 +01:00
Alexandre Dulaunoy
a0e6be2cdd
chg: [PyMISP] updated
2022-03-17 09:25:27 +01:00
iglocska
26ea06f2d9
fix: [gpg key] handle the lack of an instance key more gracefully
2022-03-17 02:31:45 +01:00
iglocska
47a997363c
chg: [CI] make the tests happy
...
- trailing comma after the last parameter in a function is not allowed in some PHP versions
2022-03-17 02:09:22 +01:00
iglocska
a63a628a1a
fix: [cryptograhicKey] instance key fingreprint caching fixed
2022-03-17 01:44:58 +01:00