- to_ids fixed
- background processing made optional
- first/last seen format conversion altering the data's format for the recovery script fixed
- added capture of object first/last seen to the recovery script
Event belonging to an organisation which is not
included in the sharing group assigned to the event will not see the
event on the index anymore.
Fix#6033Fix#6107
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
- request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
- they can accept/discard them individually or en masse
- users will be notified of their credentials automatically
- quick user creation if the user asks for an org that doesn't exist yet
- user controlled envelope settings to control memory estimation for attribute/event sizes
- logging of potentially too large events for the current memory envelope
- tuning of the default values
- added a divider for the event:attribute conversion to account for objects / event level contextualisation / correlations
- org admins have the inherent ability to reset passwords for all of their org's users
- this however could be abused if for some reason the host org of an instance would create org admins
- the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
- the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
- only org admins of the same organisation as the site admin could abuse this
- as reported by Raymond Schippers
* Check Plugin.ZeroMQ_event_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in Event.php
* Check Plugin.ZeroMQ_audit_notifications_enable instead of Plugin.ZeroMQ_user_notifications_enable in Log.php
* Check Plugin.ZeroMQ_object_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in MispObject.php
Signed-off-by: Nikos Filippakis <nikolaos.filippakis@cern.ch>