chg: [blog] MISP 2.4.121 release

_posts/2020-02-12-MISP.2.4.121.released.md

@@ -6,8 +6,7 @@ featured: /assets/images/misp/blog/t-misp-overview.png
 
 # MISP 2.4.121 released
 
-A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.120)) has been released. This version is a security/bug fix release and users are highly encouraged to update as soon as possible. Besides that several issues were resolved and some new functionalities were added.
+A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.121)) has been released. This version is a security/bug fix release and users are highly encouraged to update as soon as possible. Besides that several issues were resolved and some new functionalities were added.
-
 
 # Security issues
 
@@ -16,9 +15,11 @@ The new version includes fixes to a set of vulnerabilities, kindly reported by D
 - A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893)
 - ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8892)
 - Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890)
-- Whilst investigating the above, we have identified and resolved other issues with the brute force protection:
+
-* Missing canonicalisation of the usernames before issuing the bruteforce entry.[CVE-2020-8891](https://cve.circl.lu/cve/CVE-2020-8891)
+Whilst investigating the above, we have identified and resolved other issues with the brute force protection:
-* PUT requests for the login were skipping the protection. [CVE-2020-8892](https://cve.circl.lu/cve/CVE-2020-8892)
+
+- Missing canonicalisation of the usernames before issuing the bruteforce entry.[CVE-2020-8891](https://cve.circl.lu/cve/CVE-2020-8891)
+- PUT requests for the login were skipping the protection. [CVE-2020-8892](https://cve.circl.lu/cve/CVE-2020-8892)
 
 Whilst the issues identified are not deemed critical, it is highly suggested to update and inform your peers to follow suit.
 
@@ -28,7 +29,7 @@ One of the most annoying side-effects of the synchronisation mechanism was the p
 
 # New background worker configuration loading
 
-Background workers were loading the server wide configurations on startup, meaning that changes to server settings would not be reflected by any background processed job unless the workers were restarted. A new helper resolves this and loads the configuration on each job execution (Thanks to @RichieB2B for reporting the issue). 
+Background workers were loading the server wide configurations on startup, meaning that changes to server settings would not be reflected by any background processed job unless the workers were restarted. A new helper resolves this and loads the configuration on each job execution (Thanks to @RichieB2B for reporting the issue).
 
 # Memory envelope improvements
 
@@ -42,6 +43,10 @@ Various improvements to both better inform administrators about potential issues
 
 A massive list of improvements to the usability of MISP, with a special thank you to Jakub Onderka again for his endless stream of improvements.
 
+# MISP Objects templates
+
+We received a significant number of [new object templates](https://www.misp-project.org/objects.html) to describe specific additional use cases including disinformation, media and also improved HTTP representation.
+
 # Acknowledgement
 
 We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large.