We are pleased to announce the immediate availability of [MISP v2.4.173](https://github.com/MISP/MISP/releases/tag/v2.4.173) with a new password reset feature, along with a host of quality of life improvements and fixes.
# Password reset self-service
We have added a new functionality allowing administrators to enable user self-service for forgotten passwords. When enabled, users will have an additional link below the login screen, allowing them to enter their e-mails and receive a token that can be used to reset their passwords.
The feature requires the user to have a valid encryption key and the lifetime of the tokens is hard-coded to be 10 minutes.
Additional information on the vulnerability can be found at the excellent [blog post from synacktiv](https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle)
Huge thanks to @righel for finding and fixing the vulnerability!
# A long list of fixes
As always, we have been diligent with including a long list of fixes, including for issues with server sync certificate handling, url encoding of spaces in search strings, CSRF errors and much more! For a detailed list of fixes, please refer to the [changelog](https://www.misp-project.org/Changelog.txt).
## MISP Objects and Relationships
- Updated relationships to include the ones used by [LookyLoo](https://lookyloo.circl.lu)
- Many improvements following [OASIS STIX TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti)
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- Updated threat actor database to include Budapest Convention relation.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- New warning list digitalSide.IT warninglist added.
- Updated warning-lists for all sources.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
## MISP taxonomies
For more details, the [misp-taxonomies changelog](https://www.misp-project.org/Changelog-misp-taxonomies.txt) is available.
# Don't forget to follow us on Mastodon
The MISP projet has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.