mirror of https://github.com/MISP/misp-website
chg: [blog] MISP 2.4.121 release
parent
8bc68b4e0c
commit
22a5999aaf
|
@ -6,8 +6,7 @@ featured: /assets/images/misp/blog/t-misp-overview.png
|
||||||
|
|
||||||
# MISP 2.4.121 released
|
# MISP 2.4.121 released
|
||||||
|
|
||||||
A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.120)) has been released. This version is a security/bug fix release and users are highly encouraged to update as soon as possible. Besides that several issues were resolved and some new functionalities were added.
|
A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.121)) has been released. This version is a security/bug fix release and users are highly encouraged to update as soon as possible. Besides that several issues were resolved and some new functionalities were added.
|
||||||
|
|
||||||
|
|
||||||
# Security issues
|
# Security issues
|
||||||
|
|
||||||
|
@ -16,9 +15,11 @@ The new version includes fixes to a set of vulnerabilities, kindly reported by D
|
||||||
- A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893)
|
- A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893)
|
||||||
- ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8892)
|
- ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8892)
|
||||||
- Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890)
|
- Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890)
|
||||||
- Whilst investigating the above, we have identified and resolved other issues with the brute force protection:
|
|
||||||
* Missing canonicalisation of the usernames before issuing the bruteforce entry.[CVE-2020-8891](https://cve.circl.lu/cve/CVE-2020-8891)
|
Whilst investigating the above, we have identified and resolved other issues with the brute force protection:
|
||||||
* PUT requests for the login were skipping the protection. [CVE-2020-8892](https://cve.circl.lu/cve/CVE-2020-8892)
|
|
||||||
|
- Missing canonicalisation of the usernames before issuing the bruteforce entry.[CVE-2020-8891](https://cve.circl.lu/cve/CVE-2020-8891)
|
||||||
|
- PUT requests for the login were skipping the protection. [CVE-2020-8892](https://cve.circl.lu/cve/CVE-2020-8892)
|
||||||
|
|
||||||
Whilst the issues identified are not deemed critical, it is highly suggested to update and inform your peers to follow suit.
|
Whilst the issues identified are not deemed critical, it is highly suggested to update and inform your peers to follow suit.
|
||||||
|
|
||||||
|
@ -42,6 +43,10 @@ Various improvements to both better inform administrators about potential issues
|
||||||
|
|
||||||
A massive list of improvements to the usability of MISP, with a special thank you to Jakub Onderka again for his endless stream of improvements.
|
A massive list of improvements to the usability of MISP, with a special thank you to Jakub Onderka again for his endless stream of improvements.
|
||||||
|
|
||||||
|
# MISP Objects templates
|
||||||
|
|
||||||
|
We received a significant number of [new object templates](https://www.misp-project.org/objects.html) to describe specific additional use cases including disinformation, media and also improved HTTP representation.
|
||||||
|
|
||||||
# Acknowledgement
|
# Acknowledgement
|
||||||
|
|
||||||
We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large.
|
We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large.
|
||||||
|
|
Loading…
Reference in New Issue