misp-website/_posts/2019-03-28-MISP.2.4.105.rel...

29 lines
1.7 KiB
Markdown
Raw Normal View History

2019-03-28 17:54:14 +01:00
---
title: MISP 2.4.105 released (aka security fix for CVE-2019-10254)
layout: post
featured: /assets/images/misp/blog/distribution-graph.png
---
A new version of MISP ([2.4.105](https://github.com/MISP/MISP/tree/v2.4.105)) has been released to fix a security vulnerability CVE-2019-10254, minor improvements and a fix for STIX 1.1 files to be imported with additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
This release includes a security fix to a reflected XSS (CVE-2019-10254) in the default layout template as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity (Thanks to them!). We strongly recommend everyone to update to this version.
STIX import in 1.1 can now import STIX files with any additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
# Improvements
- A new diagnostic to display the status of all the git sub-modules.
- Replaced the old non-cached export page with improved restSearch.
- Multiple improvements in the UI.
- Russian translation of the UI added.
- STIX 1.1 export fixed to set the adequate TLP marking.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automati
on.