diff --git a/_posts/2017-07-12-MISP.2.4.77.released.md b/_posts/2017-07-12-MISP.2.4.77.released.md new file mode 100644 index 0000000..0f4f3a5 --- /dev/null +++ b/_posts/2017-07-12-MISP.2.4.77.released.md @@ -0,0 +1,32 @@ +--- +title: MISP 2.4.77 released +layout: post +featured: /assets/images/misp-small.png +--- + +A new version of MISP [2.4.77](https://github.com/MISP/MISP/tree/v2.4.77) has been released including security fixes, bug fixes and various improvements. + +This version includes multiple security fixes reported by cert.govt.nz including: + +- Some security settings including GnuPG password for the signing keys of the MISP notification or redis passwords are now redacted from the server setting. +- Sanitisation of the filenames has been tightening in the template uploader. +- Avoid GFI uploader code to throw exceptions (in debug mode) on failed parsing and give a proper a warning. +- Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login. +- All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking. + +A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds. + +Screenshots are now included in search results to better support users actively sharing images artefacts using MISP. + +Many small and visual improvements were introduced. + +MISP taxonomies, galaxy and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added. + +The full change log is available [here](https://www.misp.software/Changelog.txt). + +Don't hesitate to [open an issue](https://github.com/MISP/MISP/issues) if you have any feedback, found a bug or want to propose new features. + +We would like to thank all the contributors and users who reported issues or ideas in order to improve MISP. A special thank for the security report +from cert.govt.nz, we always appreciate security analysis of MISP. Don't hesitate to forward any security report (PGP encrypted) to us [via CIRCL](https://www.circl.lu/report/). + +Don't forget our [MISP summit 0x3](https://2017.hack.lu/misp-summit/) before the [hack.lu](https://2017.hack.lu/) 2017 conference which will take place from 14:00 to 18:00, Monday 16 October 2017.