- contact e-mail recipients were incorrectly set resulting in the e-mails landing at the wrong recipient
- disabled users were not excluded from certain e-mails
- until now the encryption of emails happened in a try catch block
- however, crypt_gpg throws a fatal error instead of an exception, killing the background worker
- added an extra checking algorithm that will test the key for a valid encryption key (encryption enabled + not expired)
- if it's not there, it will just log an error message and continue execution of the other e-mails
- Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys
- Also removed the logging of the hashed password for newly created users
Also, reworked a lot of remaining distribution checks not handled by the main fetch methods
Conflicts:
VERSION.json
app/Controller/AttributesController.php
app/Controller/ShadowAttributesController.php
app/View/ShadowAttributes/add.ctp
app/View/ShadowAttributes/edit.ctp
- Fixed a critical bug in the XML export
- As of recently XML exports include relations as they were missing before
- the sanitisation of the event info field in related attributes was incorrectly sanitized of unicode characters
- this can lead to the XML export breaking and also for affected events to be blocked from synchronisation
- Proposal fixes
- fixed an invalid uuid generation that lead to an exception
- fixed the attachments for proposals still using the old attachment system that disallows most filenames
- added the automatic creation of hashes for attachment proposals
Merging all the new changes from master
Conflicts:
VERSION.json
app/Console/Command/AdminShell.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Log.php
app/Model/Server.php
app/Model/User.php
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
app/View/Users/admin_index.ctp
- MISP will now fetch a list of all keys matching the e-mail address from the MIT server from the user edit view
- A popup will present all the matching keys (with the creation date, key ID, email addresses associated - and the fingerprint when hovering over them)
- Once the admin clicks on one, it will fetch the desired key
- future enhancement possibility: move the second stage (the actual key fetch) to the server side instead of a direct ajax query from the user's browser
- HIDS exports did not include filename|hash types
- Sending a password reset / welcome message picked the opposite subject line
- line breaks were sent as literals.
- users can specify an alternate gnupg executable
- Since GnuPG2 is not compatible with the last stable CryptGPG version, there are 3 options for CentOS / Red Hat users:
1. Don't use a passphrase for the server's PGP key
2. Install the beta version of CryptGPG (1.4.0b4)
3. Install GnuPG classic and point MISP to the executable
- This patch enables option 3, administrators can point MISP to the alternate executable in the server settings
- this commit is mostly here to capture what was changed in hotfix 2.3.69
- e-mailing completely reworked, all e-mails now flow through the same method
- that method will handle all encryption and the decisions whether to send e-mails unencrypted to users without an encryption key, whether to keep the body of the e-mail untruncated, etc
- all e-mails are now also logged here (including the reason of a potential failure)
- new server settings for default template messages for password resets / new user welcome messages
- admin e-mail interface reworked and org admins now also have access to the features
- password resets / new user for site and org admins (where applicable) - quickly reset the password of a user and alert them using the pre-defined reset template
=====
- Tuned the freetext import to really accept free-text. Let me know if you have any tips for tuning the detection further!
- it now breaks the passed string on whitespace and line-break and tries to resolve the rest. Filename resolution tightened to exclude anthing that starts or ends with a .
- Reworking the way e-mails are sent - all of it goes through a centralised e-mail method
- just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest
- encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place
- easy to maintain and expand with future changes (such as the S/MIME pull request on github)
- UI cleanup
- separate view for active / passive sharing groups
- deletion of SGs is blocked if there are still events / attributes / threads around that belong to the SG
William Robinet