From 0c50b6df9b428b7f3ab46c73c0afbd817c303575 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 6 Feb 2024 11:32:34 +0100 Subject: [PATCH] new: [post] MISP 2.4.184 added --- content/blog/MISP.2.4.184.released.md | 68 +++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 content/blog/MISP.2.4.184.released.md diff --git a/content/blog/MISP.2.4.184.released.md b/content/blog/MISP.2.4.184.released.md new file mode 100644 index 0000000..08d2b1f --- /dev/null +++ b/content/blog/MISP.2.4.184.released.md @@ -0,0 +1,68 @@ +--- +title: MISP 2.4.184 released with performance improvements, security and bugs fixes. +date: 2024-02-06 +layout: post +tags: ["MISP", "Threat Intelligence", "release"] +banner: /img/blog/lookyloo-misp.png +--- + +MISP 2.4.184 released with performance improvements, security and bugs fixes. + +## Improvements + +- Speed up improvements in ssdeep correlation and many other part of MISP. Thanks to Jakub Onderka for the work on this. +- [objects] restsearch first/last seen filters added. +- [event:publication] Added new setting to block event publication if the user is the creator. +- [events:export] Make setting `MISP.disable_cached_exports` enabled by default. Since the /events/export has been marked deprecated for a years started the process to phase it out by first disabling the endpoint by default. The [MISP ReST search API](https://www.misp-project.org/openapi/) is the API to be used if you still have very old scripts relying on export. +- [organisation:orgMerge] Added missing models for organisation handover + +## Security fixes + +A serie of security fixes were done in this release, the vulnerabilities are accessible to authenticated users especially with specific privileges like Org admin. We urge the users to update to this version especially if you have different organisations having access to your instances. + +- [security] Improved security checks for organisation logo upload. (low) +- [security] New auditlogs's fullChange lack of ACL controls. (medium) +- [security] Enforce usage of POST to start an export generation process. (low) + +CVE assignments are pending and will be published on the [security page](https://www.misp-project.org/security). + +## Bugs fixed + +- [GalaxyClusters] fix tag_name restsearch filter (#9512). +- Various UI fixes. + +Many bugs fixed and minor improvements. Feel free to read the detailed [changelog](https://www.misp-project.org/Changelog.txt) + +## PyMISP + +Many improvements in PyMISP including faster JSON parsing with orjson. Feel free to read the detailed [changelog](https://www.misp-project.org/Changelog-PyMISP.txt) + +# MISP project knowledge bases + +## MISP Objects + +- [artifact] Changed the `payload_bin` attribute to attachment type. +- [flowintel-task] add case-uuid. +- [process] Environment variables attribute. + +## MISP Galaxy + +A [new dedicated website has been developed](https://www.misp-galaxy.org/) to easily reference galaxy outside MISP. + +- Improved [Sigma rules galaxy](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json), [threat-actors database](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json) with many new [threat-actors](https://www.misp-galaxy.org/threat-actor/). A huge thanks to all the regular contributors. +- MITRE Data Sources and Data Components are now included in MITRE ATT&CK. +- Stealer galaxy updated. + +## MISP warning-lists + +[Warning-lists updated](https://github.com/MISP/misp-warninglists) to the latest version from the different sources. + +# Don't forget to follow us on Mastodon + +The MISP project has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account. + +# MISP Professional Services + +[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services. + +