MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

2.4.77 released

pull/2/head
Alexandre Dulaunoy 2017-07-12 16:51:28 +02:00
parent cd47740e8a
commit 3c52a27418
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
_posts/2017-07-12-MISP.2.4.77.released.md Normal file
View File

@ -0,0 +1,32 @@
---
title: MISP 2.4.77 released
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.77](https://github.com/MISP/MISP/tree/v2.4.77) has been released including security fixes, bug fixes and various improvements.
This version includes multiple security fixes reported by cert.govt.nz including:
- Some security settings including GnuPG password for the signing keys of the MISP notification or redis passwords are now redacted from the server setting.
- Sanitisation of the filenames has been tightening in the template uploader.
- Avoid GFI uploader code to throw exceptions (in debug mode) on failed parsing and give a proper a warning.
- Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login.
- All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking.
A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds.
Screenshots are now included in search results to better support users actively sharing images artefacts using MISP.
Many small and visual improvements were introduced.
MISP taxonomies, galaxy and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added.
The full change log is available [here](https://www.misp.software/Changelog.txt).
Don't hesitate to [open an issue](https://github.com/MISP/MISP/issues) if you have any feedback, found a bug or want to propose new features.
We would like to thank all the contributors and users who reported issues or ideas in order to improve MISP. A special thank for the security report
from cert.govt.nz, we always appreciate security analysis of MISP. Don't hesitate to forward any security report (PGP encrypted) to us [via CIRCL](https://www.circl.lu/report/).
Don't forget our [MISP summit 0x3](https://2017.hack.lu/misp-summit/) before the [hack.lu](https://2017.hack.lu/) 2017 conference which will take place from 14:00 to 18:00, Monday 16 October 2017.