- added a new optional functionality to temporarily store hashed API keys in redis
- The duration of the temporary storage is controllable by a setting (defaults to 3 minutes)
- the hashing function used is an hmac sha-512 function, with the key being stored in a generated file on the instance
- this cuts the query times of extremely fast endpoints down drastically on heavy repeated use (such as warninglists/checkValue)
- images will no longer be accessible directly, only via inclusion via file-read/b64 encoding
- The new store for org images is MISP/app/files/img/orgs
- As reported by Yusuke Nakajima
- currently implemented for event publish alerts and user enrollment (password_reset.ctp, alert.ctp)
- simply place the new templates in MISP/app/View/Emails/[text|html]/Custom
- app/Lib/EventWarning contains default warnings
- app/Lib/EventWarning/Custom can be used to just drop event warnings
- use app/Lib/EventWarning/DefaultWarning as a template
- Dashboard
- modular similar to restSearch
- build your own widgets
- use a set of visualisation options (more coming!)
- full access to internal functions for queries
- auto discover core and 3rd party widgets
- rearrange / configure widgets for each user individually
- rearrange / resize widgets
- settings can be configured by a site-admin on behalf of others
- modules have a self-explain mode to guide users
- caching mechanism for the modules / org
- set homepage / user
- various other fixes
- no longer requires the live download and execution of the composer package
- compromising https://getcomposer.org/ could lead to RCE for new MISP installations during the installation
- As reported by Trey Darley (@treyka)
What works:
- added submodules for taxonomies
- added import tool for taxonomies
- added models and convenience functions for taxonomies
- site admins can update taxonomy libraries
- list taxonomies / view indvidual ones (with all resolved tags)
- create tags manually if a taxonomy is enabled
- view related tags / events quickly from the Taxonomy view
What doesn't work:
- Users still cannot choose a tag from taxonomy lists (this will be the main functionality)
- Feature cannot be disabled
- python server running in the background doing the publishing
- MISP -> python script communication via redis
- configurable / controllable via the admin UI
- added multi edit to freetext import comments
- added a missing file from hotfix-2.3.87 (pgp key import view)
- updated gitignore to ignore some items that are outside of the scope of the git package