Luciano Righetti
2bd4a5b30c
fix: [security] a malicious site administrator could store an XSS payload in a svg org logo which would be executed if someone opens the direct link to the image, as reported by Ianis BERNARD - NATO Cyber Security Centre
2022-03-17 14:42:49 +01:00
Luciano Righetti
fd43c07952
fix: add default supervisor user to default settings
2022-03-09 12:08:54 +01:00
iglocska
f905eef8f0
Merge branch '8042' into develop
2021-12-21 16:42:50 +01:00
Hendrik Baecker
83c08362b9
[chg] Establish 'mixedauth'
...
mixedauth=false: Only query LinOTP for OTP (or OTP-Pin+OTP Value)
mixedauth=true: Use MISP Userbase for Passwordchecking AND LinOTP for second factor
mixedauth=true will throw exceptions if OTP doesn't match to not fall back
to FormAuthenticate from MISP - which would get the 2FA useless.
2021-12-15 12:48:44 +01:00
Hendrik Baecker
efae024bc7
[chg] added LinOTP to configs
2021-12-14 17:47:07 +01:00
Sami Mokaddem
014ae34c53
new: [server:synchronisation] Type filtering during PULL synchronisation
...
Warning: This feature can introduce unwanted behaviours and inconsistencies
2021-12-09 12:29:03 +01:00
Jakub Onderka
741a74165e
Merge pull request #7974 from JakubOnderka/url-cache
...
fix: [internal] Remove UrlCache
2021-11-22 15:59:59 +01:00
Jakub Onderka
0a941bd7f3
fix: [internal] Remove UrlCache
2021-11-19 11:56:14 +01:00
Jakub Onderka
e8c4378893
new: [internal] Faster caching
2021-11-18 18:48:34 +01:00
Jakub Onderka
0311182085
Merge pull request #7953 from JakubOnderka/cached_attachments_remove
...
fix: [internal] Remove unused MISP.cached_attachments setting
2021-11-11 16:23:03 +01:00
Jakub Onderka
5c617e3420
fix: [internal] Remove unused MISP.cached_attachments setting
2021-11-11 14:27:10 +01:00
Luciano Righetti
565fc26b13
chg: remove track_status setting
2021-11-10 18:24:04 +01:00
Luciano Righetti
ba0399a6fb
chg: remove MISP.use_simple_background_jobs setting in favor of SimpleBackgroundJobs.enabled
2021-11-10 16:44:02 +01:00
Luciano Righetti
2146cd49f7
chg: add background jobs settings to the ui editor
2021-11-09 14:19:07 +01:00
Luciano Righetti
f2c9d12eae
chg: merge develop, fix conflicts.
2021-11-08 11:35:20 +01:00
Luciano Righetti
f80fcec2db
chg: rename settings
2021-11-05 15:46:42 +01:00
Jakub Onderka
82ed12e4cb
fix: [config] Remove not used Attributes_Values_Filter_In_Event
2021-11-05 09:19:56 +01:00
Luciano Righetti
b6361c0f7c
chg: rename conf name
2021-11-04 11:39:10 +01:00
Luciano Righetti
e8274b63d2
chg: call supervisor xml-rpc api, add supervisor app required packages
2021-11-03 17:14:34 +01:00
Luciano Righetti
6695b66d78
new: add default config for new background jobs (disabled).
2021-11-03 11:39:38 +01:00
Sami Mokaddem
ec4074f925
chg: [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS
...
This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true.
2021-10-06 09:09:06 +02:00
mokaddem
2153537e01
new: [event:notification] Added email notification ban system based on users triggering the notification
2021-08-31 09:39:05 +02:00
iglocska
4bb08fe151
fix: [config defaults] unset the default python bin path
2021-07-26 16:18:11 +02:00
iglocska
76af4b9d90
fix: [config defaults] changed default attachment storage
2021-07-26 16:16:23 +02:00
iglocska
1cb1cc546e
chg: [republish ban] enabled by default on new installs
2021-07-26 13:44:38 +02:00
mokaddem
f841cfbc90
chg: [config] Added missing options
...
Fix #7549
2021-07-14 10:53:44 +02:00
mokaddem
6eceb3b8ce
fix: [config] Fixed indentation
2021-07-14 10:33:20 +02:00
Alexandre Dulaunoy
ce93848dea
chg: [config] default config now uses RFC2606 example.com domain
2021-05-25 12:11:19 +02:00
Andras Iklody
0f78aef0c9
Merge pull request #7334 from Wachizungu/fix-allowedlists-route
...
chg: [routes] fix allowedlists routes. Renamed from whitelists.
2021-05-14 12:12:16 +02:00
Jakub Onderka
ad1b373766
new: [log] Audit log
2021-05-03 13:44:44 +02:00
Steven
fd9ca80f35
Change config.default.php to have everything needed for Azure AD authentication in there (as suggested in PR 6661)
2021-04-14 14:02:50 +02:00
Jeroen Pinoy
9ed2ae96ce
chg: [routes] fix allowedlists routes. Renamed from whitelists.
2021-04-13 14:17:32 -07:00
iglocska
afbf95a478
fix: [security] Require password confirmations by default
...
- the setting is optional, but the default should be that it's required unless disabled
- As reported by Patrix Kontura from ESET
2021-01-19 14:01:36 +01:00
nighttardis
39abf9a420
Update core.default.php
...
Fixing PHP syntax error that appears on PHP 7.4
2020-10-14 10:17:51 -05:00
Jakub Onderka
cf1483c906
chg: [cookie] Set session cookie SameSite to Lax to avoid browser warnings
2020-10-09 23:07:14 +02:00
Richard van den Berg
bb8981353b
chg: [Shell] Add MISP.osuser for updates. Fix #6368
2020-10-01 13:47:51 +02:00
Jakub Onderka
04a7398444
fix: [internal] Syntax error in bootstrap.default.php
2020-08-18 12:35:27 +02:00
Vito Piserchia
a393d411e1
rebase continue
2020-08-17 17:13:58 +02:00
Léarch
8207be22ba
Corrected redirections
...
See the following for an explanation:
https://stackoverflow.com/questions/6836990/how-to-get-complete-current-url-for-cakephp#comment11184149_6875310
2020-08-17 15:53:27 +02:00
Vito Piserchia
b8c7485712
resolve merge
2020-08-16 13:31:31 +02:00
Jakub Onderka
c347ffc6db
new: [internal] 'GnuPG.obscure_subject' option to not send unencrypted subject
2020-08-12 19:33:15 +02:00
Jakub Onderka
8c2bdf6d56
fix: `DefaultRoleId` is not implemented for ApacheShibbAuth
2020-01-24 09:26:37 +01:00
Andras Iklody
69ec57dd39
Merge pull request #5375 from JakubOnderka/patch-71
...
fix: Remove unusued config option
2019-12-03 09:06:48 +01:00
Alexandre Dulaunoy
983a58afba
chg: [default] old default 'TLP Amber' is now 'tlp:amber' to be consistent and use MISP taxonomy naming
2019-11-04 12:41:52 +01:00
Jakub Onderka
c22a63f309
fix: Remove unusued config option
2019-10-31 14:17:19 +01:00
RuneBergh
abe0e440d4
Adding commenting for key to use with ldap
...
Commenting in the PHP_AUTH_USER key which is set by basic auth if using ldap or AD authentication.
2019-10-23 10:56:52 +02:00
garanews
85c28ce36e
Fix some typo
...
Fix some typo
2019-10-04 13:02:59 +02:00
Jakub Onderka
128f6c5267
chg: Do not log ForbiddenException by default
...
This exception is thrown when not logged access `users/checkIfLoggedIn.json`
2019-08-15 13:32:10 +02:00
StefanKelm
1660e6a398
Replace http with https
2019-08-12 13:57:57 +02:00
chrisr3d
449474fac0
add: [Config] Added CWE url for the new attribute type
2019-08-01 16:44:15 +02:00