- added a new entry to the admin tools (Administartion -> Administrative tools)
- converts title and change columns in the logs table to text from varchar(255)
- comma separated values now correctly parsed
- Ports in IP/url/link/domain/hostname now added as a comment
- virustotal now automatically recognised as external analysis / link
- user will get an explanation of the csrf error and that going back and refreshing the form will fix it
- also, there is a link that will take the user to the baseurl (which will redirect to the login page if the csrf issue occured on the login page)
- Reworking the way e-mails are sent - all of it goes through a centralised e-mail method
- just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest
- encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place
- easy to maintain and expand with future changes (such as the S/MIME pull request on github)
- Users being logged on would not be able to use the actions that are also used for automation
- Those actions trigger a check of the authorization header, which in certain use cases can be set with values that is outside of the scope of MISP
- MISP will now try to only detect MISP auth keys in the headers and if it detects something else it ignores it
- site admins can now create proposals to an event / attribute as long as the event does not belong to their organisation
- new icon for proposals to differentiate them from edits
- The log search incorrectly set the search terms for empty fields, meaning that any log entries that had unfilled columns, such as it is the case with admin_email would never return results
- Performance improvements for the event search exports
- JSON view code moved to Lib
- Fixed an issue that didn't restrict the dates correctly with the from / to parameters
- Caused by a 1k variable / form limit imposed by php since 5.3.9
- Form data now collected by JS and passed as a single JSON in the POST request
- Allows massive IOC lists to be imported
- improved performance
Iglocska