mirror of https://github.com/MISP/misp-website
29 lines
1.7 KiB
Markdown
29 lines
1.7 KiB
Markdown
|
---
|
||
|
title: MISP 2.4.105 released (aka security fix for CVE-2019-10254)
|
||
|
layout: post
|
||
|
featured: /assets/images/misp/blog/distribution-graph.png
|
||
|
---
|
||
|
|
||
|
A new version of MISP ([2.4.105](https://github.com/MISP/MISP/tree/v2.4.105)) has been released to fix a security vulnerability CVE-2019-10254, minor improvements and a fix for STIX 1.1 files to be imported with additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
|
||
|
|
||
|
This release includes a security fix to a reflected XSS (CVE-2019-10254) in the default layout template as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity (Thanks to them!). We strongly recommend everyone to update to this version.
|
||
|
|
||
|
STIX import in 1.1 can now import STIX files with any additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
|
||
|
|
||
|
# Improvements
|
||
|
|
||
|
- A new diagnostic to display the status of all the git sub-modules.
|
||
|
- Replaced the old non-cached export page with improved restSearch.
|
||
|
- Multiple improvements in the UI.
|
||
|
- Russian translation of the UI added.
|
||
|
- STIX 1.1 export fixed to set the adequate TLP marking.
|
||
|
|
||
|
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
|
||
|
|
||
|
As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
|
||
|
|
||
|
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automati
|
||
|
on.
|
||
|
|
||
|
|