Jakub Onderka
ff55803a17
fix: [internal] User model can be null
2022-04-10 15:08:52 +02:00
Jakub Onderka
2b61648184
new: [internal] Proper method for json decoding in controller
2022-04-10 09:50:12 +02:00
Sami Mokaddem
57b62dc511
chg: [events:index] Usage of UUIDfor restSearchExport feature
2022-03-31 15:27:06 +02:00
Sami Mokaddem
8afcc6552b
chg: [events:index] Usage of UUIDfor restSearchExport feature
2022-03-31 15:25:07 +02:00
Raphaël Vinot
7650f2d003
chg: [PyMISP] Bump version
2022-03-24 15:32:06 +01:00
iglocska
bd047201a6
fix: [publish] button missing for users, fixes #8233
2022-03-21 17:08:03 +01:00
iglocska
ff9cd40221
chg: [queryversion] bumped
2022-03-17 16:12:13 +01:00
Raphaël Vinot
cbc7361f40
chg: [PyMISP] BUmp version
2022-03-03 15:13:22 +01:00
Jakub Onderka
e1774abe80
new: [oidc] Check user validity
2022-02-19 16:07:10 +01:00
iglocska
c282ea8063
fix: [language] fix (exception text)
2022-02-04 16:25:20 +01:00
Sami Mokaddem
a6dd8572ac
chg: [js:markdown-it] Update markdown-it library from version 11.0.0 to version 12.3.2
2022-01-18 15:04:53 +01:00
Sami Mokaddem
2d5d16431a
fix: [appController:loginByAuthkey] Skip authentication with basic authorization
...
Fix #7576 .
Basic Auth might happen for some setup where the authentication is performed by another component such as LDAP.
For these cases, the Authorization header is present and contains the Basic Auth data used by the authentication plugin. Before this patch, MISP failed to resolve the API key to a user and threw a 403. This was because MISP detected the presence of the Authorization header which triggered an authentication by Authkey that would always fail as the content is not a valid API key.
2022-01-18 14:28:09 +01:00
Jakub Onderka
50d284b643
Merge pull request #7986 from JakubOnderka/better-security
...
chg: [internal] Do not modify session when not necessary
2021-12-30 14:40:01 +01:00
Raphaël Vinot
df84346bb2
chg: [PyMISP] Bump version
2021-12-22 11:14:21 +01:00
Sami Mokaddem
5cdc0cc7a7
chg: [app] Bumped query version
2021-12-17 11:38:34 +01:00
Sami Mokaddem
8cf2914142
new: [event-timeline] Support of image attachments
2021-12-08 12:14:13 +01:00
Luciano Righetti
ed85319d7b
fix: typos, bump js version
2021-12-06 16:20:51 +01:00
iglocska
72548fd9a4
fix: [UI] Ajax forms lose persistence
...
- generic Form builder now has the persistence baked in
- capture all form fields' data before submiting as expected
2021-12-02 14:03:20 +01:00
Jakub Onderka
cb41232777
chg: [internal] Remove useless session closing
2021-11-25 12:01:48 +01:00
Jakub Onderka
b100377a73
chg: [internal] Do not modify session when not necessary
2021-11-25 11:58:32 +01:00
Jakub Onderka
d20795b08c
fix: [internal] Old style view class
2021-11-22 09:58:24 +01:00
Jakub Onderka
41db04ad47
chg: [internal] Avoid calling unnecessary method
2021-11-22 09:58:23 +01:00
Jakub Onderka
5aa1e0cb3b
chg: [internal] Element file cache
2021-11-22 09:58:23 +01:00
Jakub Onderka
e2a0644111
chg: [internal] Move some checks to beforeRender method
2021-11-22 09:58:23 +01:00
Raphaël Vinot
94519efb17
chg: Bump PyMISP
2021-11-19 01:55:58 -08:00
Jakub Onderka
df5ab6a144
chg: [internal] Code style
2021-11-07 14:51:42 +01:00
Jakub Onderka
af234a006c
chg: [internal] AppController cleanup
2021-11-07 14:38:39 +01:00
Jakub Onderka
0198c7b0db
chg: [internal] Make system setting more secure
2021-11-06 21:23:22 +01:00
Jakub Onderka
c9597ba3e9
new: Store system settings in database
2021-11-05 09:19:56 +01:00
Jakub Onderka
24b8c64c58
fix: [UI] Ignore harvest exception
2021-10-29 17:24:35 +02:00
Jakub Onderka
a4f9d14602
fix: [API] Remove default filters for viewEventAttributes
2021-10-29 16:30:24 +02:00
Jakub Onderka
0d78d0f994
chg: [internal] Simplified notifications loading
2021-10-23 19:50:38 +02:00
Jakub Onderka
45b4a326ca
chg: [ajax] Return correct error code when user is not logged
2021-10-19 14:36:42 +02:00
Jakub Onderka
d45ac63bf9
chg: [internal] Do less work when checking if db is updated
2021-10-16 09:58:05 +02:00
Jakub Onderka
d469883395
chg: [rest] Close session to allow concurrent requests
2021-10-15 16:17:00 +02:00
iglocska
0ae53cc1f1
chg: [queryversion] bump
2021-10-12 15:02:34 +02:00
Jakub Onderka
544c9ee8b9
new: [internal] Store MISP live status also in Redis
2021-10-04 10:07:32 +02:00
Jakub Onderka
1262b6124c
chg: [internal] AppController code cleanup
2021-09-26 13:21:55 +02:00
Jakub Onderka
861fdffada
chg: [internal] Move methods to specific controllers
2021-09-26 12:23:23 +02:00
Jakub Onderka
aeffc1b204
fix: [internal] Undefined offset in AppController
2021-09-26 11:39:50 +02:00
Jakub Onderka
dc05fc1302
chg: [internal] Code cleanup
2021-09-20 10:51:10 +02:00
Jakub Onderka
81eddfdb76
chg: [internal] Do not fetch keys from db for authkey login
2021-09-15 09:51:02 +02:00
Jakub Onderka
617fddd069
chg: [internal] Remove deprecated variables
2021-09-14 15:44:35 +02:00
Jakub Onderka
98b87d8987
chg: [security] Use const hasher also for login
2021-08-24 21:45:37 +02:00
Jakub Onderka
b5bb93c51e
fix: [API] Deprecation header
2021-08-23 15:39:25 +02:00
Raphaël Vinot
111cbd349d
chg: [PyMISP] Bump recommended version
2021-08-05 11:47:42 +02:00
Jakub Onderka
30220e86da
Merge pull request #7525 from JakubOnderka/deprecate-getpymisp-version
...
chg: [API] Deprecate getPyMISPVersion
2021-07-01 09:42:30 +02:00
Jakub Onderka
09e6d41fdf
Merge pull request #7482 from JakubOnderka/authkey-read-only
...
new: [API] Read only authkeys
2021-06-29 10:13:08 +02:00
Jakub Onderka
5fbac2d000
chg: [internal] Simplify generating some JSON responses
2021-06-28 14:43:24 +02:00
Jakub Onderka
017249451b
new: [API] Read only authkeys
2021-06-28 12:41:10 +02:00
Jakub Onderka
302faa3150
chg: [API] Deprecate getPyMISPVersion and returns required info in getVersion
2021-06-28 12:36:06 +02:00
Jeroen Pinoy
feaaa1ad93
chg: log remote IP for authkey use attempt if remote IP not allowed by key
2021-06-07 18:27:05 +02:00
Raphaël Vinot
edc469a47d
chg: [PyMISP] Bump
2021-06-07 07:40:09 -07:00
mokaddem
c2600b3c94
fix: [appController] Bumped queryversion
2021-06-04 15:33:40 +02:00
Raphaël Vinot
5a31694254
chg: [PyMISP] Bump version
2021-05-13 22:57:50 -07:00
mokaddem
d19c7538d3
chg: bumped queryversion
2021-05-04 11:04:10 +02:00
Raphaël Vinot
8e108202d1
chg: [PyMISP] Bump
2021-04-26 10:58:33 +02:00
mokaddem
6407b150eb
new: [event:timeline] Fit visible window from provided start/end dates + help tooltip
2021-04-08 16:34:20 +02:00
Raphaël Vinot
c5766f88c8
chg: Bump PyMISP
2021-04-01 14:00:48 +02:00
Jeroen Pinoy
b0714a4045
chg: [UI] fix debugon for debug = 1. fix #7131
2021-03-25 16:36:26 +00:00
iglocska
c7643515d6
chg: [auth] if no API key is provided for an API action - log it
2021-03-24 23:20:28 +01:00
iglocska
5661adcf8f
chg: [auth key] logging no longer collapsed if the new setting is enabled
...
Security.log_each_individual_auth_fail will log all API failures instead of collapsing repeated queries
2021-03-24 23:03:22 +01:00
mokaddem
2d058b6dc1
chg: bumped queryversion
2021-03-09 10:53:24 +01:00
Jakub Onderka
6a5716b69b
Merge pull request #7150 from JakubOnderka/force-https
...
new: [internal] Security setting force_https
2021-03-04 10:44:33 +01:00
iglocska
d4989dbd85
Merge branch '2.4' into develop
2021-03-03 21:31:07 +01:00
Jakub Onderka
2a8ba9020f
new: [internal] Security setting force_https
2021-03-03 20:07:07 +01:00
Jakub Onderka
440eb2372c
fix: [csp] Incorrect variable name
2021-03-03 18:28:18 +01:00
iglocska
e394cfbe66
Merge branch 'develop' of github.com:MISP/MISP into develop
2021-03-03 17:24:36 +01:00
Jakub Onderka
7695b52f0f
chg: [csp] Report only by default
2021-03-03 17:19:07 +01:00
Jakub Onderka
eb75b5c395
fix: [csp] Custom policies
2021-03-03 15:22:37 +01:00
Raphaël Vinot
9f18cec0ca
chg: [PyMISP] Bump version
2021-03-03 13:02:37 +01:00
Raphaël Vinot
9923e30c84
chg: [PyMISP] Bump version
2021-03-03 10:41:50 +01:00
Jakub Onderka
94bba9baca
Merge pull request #7104 from JakubOnderka/authkeys-allowed-ips
...
new: [authkeys] Allowed IPs
2021-03-03 10:05:16 +01:00
Jakub Onderka
a646f03aae
Merge pull request #7111 from JakubOnderka/cookie-name
...
chg: [internal] Set cookie name just when no name is set
2021-03-03 09:25:09 +01:00
Jakub Onderka
599819f7f9
new: [authkeys] Allowed IPs
2021-03-03 09:23:07 +01:00
Jakub Onderka
62537961f0
fix: [internal] Undefined index when importing from module
2021-03-02 14:44:41 +01:00
Jakub Onderka
98ec79db60
chg: [internal] Set cookie name just when no name is set
2021-03-01 17:22:39 +01:00
Jakub Onderka
8a3144f112
new: [security] Content-Security-Policy support
2021-02-26 13:21:00 +01:00
iglocska
bf0bc494b2
Merge branch '2.4' into develop
2021-02-19 19:43:14 +01:00
iglocska
5654b536bd
fix: [caching] monkey-patching a client side MISP bug causing the caching to loop endlessly
...
- MISP caching can run into an endless loop if errors are returned for whatever reason
- This patch handles the specific case when the remote MISP requests an attribute range for caching that has an offset beyond the highest ID (should never happen)
- It's a dirty fix but should have nearly no impact on performance whilst resolving the issue
2021-02-19 19:41:12 +01:00
mokaddem
487253b712
Merge branch 'develop' of github.com:MISP/MISP into develop
2021-02-19 09:01:26 +01:00
mokaddem
8d9d0e6411
fix: [restClient] Make sure to split value on strings
...
Fix #7032
2021-02-19 09:00:45 +01:00
Jakub Onderka
412d9dba1d
Merge pull request #6906 from JakubOnderka/compressed-requests
...
new: [sync] Compressed requests support
2021-02-18 18:03:11 +01:00
mokaddem
37a724ddf3
fix: [events] Attach cluster from matrix in multiselect. Fix #6956
2021-02-15 15:05:23 +01:00
mokaddem
43db6029db
fix: [eventTimeline] Refrsh attribute index when dragging. Fix #6958
2021-02-15 14:21:32 +01:00
iglocska
bf8bd21a35
chg: [connection test] clarified that read only users can pull.
...
- Reduced error level to "orange"
- Added a clarification that they can still pull
2021-02-11 17:46:32 +01:00
Raphaël Vinot
7f85db254c
chg: Bump PyMISP & version
2021-02-08 12:09:07 +01:00
iglocska
8f1dd15601
new: [PHP] version notification
...
- 8.0 is not supported, let users know in a more obvious way
2021-01-28 13:09:07 +01:00
mokaddem
afe9d26e8a
chg: bumped queryversion
2021-01-25 13:43:36 +01:00
mokaddem
d72b626839
chg: bumped queryversion
2021-01-22 14:49:04 +01:00
iglocska
a8688501c3
fix: [diagnostics] complain about PHP >= 8.0
2021-01-22 11:55:35 +01:00
Raphaël Vinot
0d9e95679c
chg: Bump PyMISP version
2021-01-20 12:58:56 +01:00
Jakub Onderka
69f901110a
new: [sync] Compressed requests support
2021-01-19 17:59:08 +01:00
iglocska
3d5c9fb9a6
Merge branch 'develop' of github.com:MISP/MISP into develop
2021-01-05 08:42:47 +01:00
iglocska
44e792617c
fix: [search] don't append the same quicksearch value more than once in the URL
2021-01-05 08:40:37 +01:00
Jakub Onderka
ef3d77a4fe
chg: [optimisation] Decode JSON input from request just once
2021-01-01 22:17:57 +01:00
Jakub Onderka
1a184ebbb5
new: [internal] Allow to output directly TmpFileTool
2020-12-21 21:02:37 +01:00
Jakub Onderka
c7f00b319f
fix: [UI] Move debug mode variable before setting database connection
2020-12-17 13:50:26 +01:00
Jakub Onderka
324cdbafce
chg: [REST] Close session early for `authkey_keep_session` connections
2020-12-17 13:50:26 +01:00
Jakub Onderka
ae5ad7cc36
fix: [monitoring] Do not encode payload, it is string
2020-12-17 13:50:25 +01:00