- the process of detecting and editing existing attributes did not account for a case where the uuid is not set for an attribute and therefore should be saved as a new attribute. Fixed
- resolved a missing variable issue on event views with no posts fixes#753
- removed some obsolete code
- sorted tags on the event view when assigning one to an event by name, fixes#416
modified: app/Model/Taxonomy.php
- if a sync user adds / edits an event with a newer version of a sharing group
and the sync user is the local sync user of the SG or is an extender of the SG
then the sharing group will be updated
- valid changes:
- Sharing group metadata changes
- organisation detail changes (except uuid/name)
- add / remove extend flag from orgs in the SG
- add / remove all_orgs flag from servers in the SG
- org filters now accept org ID or org Name as parameter, fixing the sync filter
- Also, fix to saving sharing group IDs on sync edits on an attribute level
- corrected the edit access rights for sync users with sharing groups
- Various fixes to the organisation sync and how creation / modification dates are transmitted
- Internal format differences compared to 2.3 causing mismatched field lookups fixed
- Double sanitisation when edditing an attribute/proposal comment removed
- Fixed an issue where an ip/resource was recognised as a CIDR notation IP range instead of a url
- Changed the flash message for publishing without e-mails to something less scary
- event index filtering now accepts POST requests with a json object
- format has to be filter syntax passed for each field. Example:
- {"tags":"OSINT|TLP:WHITE|!PRIVINT", "published":"1"}
- Fixed an issue with no tags being recognised leading to the index returning an unfiltered list
- Required for filtered pulls from 2.4
- Discussions
- Event discussion thread initiated on first post instead of first view
- allows for saving an event even if an attribute fails
- logs attributes that fail validation
- same for edit
- add_misp_export updated with the above in mind
- called Add MISP export now
- can be an XML / JSON file
- result browser with explanations of failures
- REST XML/JSON add/edit of events returns errors instead of the partially succeeding event
- Fixed an issue with the new UUID generation method call in OpenIOC
- Fixed an invalid validation check on the salt key
- Added a note on the server page to make it more obvious that values can be changed by double clicking them
- as discovered and reported by Egidio Romano of Minded Security
- Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts
- Tightened HTTP method verification across the board for actions that modify data
- Turned some administrative tasks to POST only actions
- also added comment field for attributes
- until now multi line fields were both escaped and the line breaks removed
- this was overkill, linebreaks are now kept intact
Also, reworked a lot of remaining distribution checks not handled by the main fetch methods
Conflicts:
VERSION.json
app/Controller/AttributesController.php
app/Controller/ShadowAttributesController.php
app/View/ShadowAttributes/add.ctp
app/View/ShadowAttributes/edit.ctp