MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] version 2.4.180, 2.4.181 and 2.4.182

pull/95/head
Alexandre Dulaunoy 2023-12-22 16:10:47 +01:00
parent 6079b5b381
commit 6ae843efcf
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 242 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
content/blog/MISP.2.4.180.released.md Normal file
View File

@ -0,0 +1,115 @@
---
title: MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.
date: 2023-12-20
layout: post
tags: ["MISP", "Threat Intelligence", "release"]
banner: /img/blog/workflow-blue.png
---
MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.
# New
- [api] added X-MISP-AUTH as an alternative header to Authorization,
fixes #9418. [iglocska]
# Changes
- [VERSION] bump. [iglocska]
- [workflows] restored 7.2 and 7.3. [iglocska]
- [user login profile] old version compatibility. [iglocska]
- [event index] hover over ID will show the info field, generally more
useful than the threat level. [iglocska]
# Fix
- [login] fixes bad fix and catches first login after update.
[Christophe Vandeplas]
- [revert] dumb check. [iglocska]
- [compatibility] make the ancient gods happy. [iglocska]
- [user login profile] skip checks for ancient php versions. [iglocska]
- [Attribute:EditPostProcessing] Make sure the ID is set. [Sami
Mokaddem]
- [attribute:editPostProcessing] Fixed typo in condition preventing tags
to be detached. [Sami Mokaddem]
- [attributes] type field added to editable fields. [iglocska]
- [RPZ] export custom parameters ingored, fixes #9420. [iglocska]
- [Attribute:editPostProcessing] Fixed sighting capture. [Sami Mokaddem]
- [Attribute:EditPostProcessing] Make sure the ID is set. [Sami
Mokaddem]
- [attribute:validation] Typo in function name. [Sami Mokaddem]
- [attribute:editPostProcessing] Fixed typo in condition preventing tags
to be detached. [Sami Mokaddem]
# Other
- Merge remote-tracking branch 'origin/develop' into 2.4. [Christophe
Vandeplas]
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' into 2.4. [iglocska]
- Revert "chg: [workflows] restored 7.2 and 7.3" [iglocska]
This reverts commit 206d2af439ae22c35a41568b4dc79562f2cb29e4.
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge remote-tracking branch 'origin/2.4' into develop. [Sami
Mokaddem]
- Merge branch '2.4' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Feature/user login profiles2 (#9379) [Christophe Vandeplas, iglocska]
* new: [userloginprofiles] start over with previous code
* fix: [user_login_profiles] fixes catching up the backlog
* chg: [userloginprofile] email to org_admin for suspicious login
* chg: [userloginprofile] only inform new device
* chg: [userloginprofiles] view_login_history instead of view_auth_history
* chg: [userloginprofile] make login history visually better
* chg: [userloginprofile] inform admins of malicious report
* fix: [userloginprofile] cleanup
* fix: [userloginprofile] fixes Attribute include in Console
* fix: [userloginprofile] db schema and changes
* chg: [CI] log emails
* chg: [PyMISP] branch change
* chg: [test] test
* fix: [userloginprofile] unique rows
* fix: [userloginprofile] unique rows
* chg: [cleanup]
* Revert "chg: [PyMISP] branch change"
This reverts commit 3f6fb46fee9745437998fc013a97af874679c87b.
* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1
* fix: [db] dump schema version
* fix: [CI] newer php versions
* fix: [composer] php version
* fix: [php] revert to normal php7.4 tests
---------
- Merge branch '2.4' into develop. [iglocska]

32
content/blog/MISP.2.4.181.released.md Normal file
View File

@ -0,0 +1,32 @@
---
title: MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes.
date: 2023-12-21
layout: post
tags: ["MISP", "Threat Intelligence", "release"]
banner: /img/blog/workflow-blue.png
---
# MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes.
# Changes
- [tools:misp-delegation] Do not use self-documented expression in
f-string anymore. [Sami Mokaddem]
- [version] bump. [iglocska]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [tests] search for errors in logs. [Christophe Vandeplas]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
# Fix
- [Alert on suspicious logins] disabled by default. [iglocska]
- requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
- Will be made default in an upcoming version once the performance issues are resolved
- [tests] fix path in logs_tests.sh. [Christophe Vandeplas]
- [tests] fixes path of logs_tests. [Christophe Vandeplas]
- [userloginprofiles] undefined variable #9424. [Christophe Vandeplas]
- [customauth] missing Class init fixes #9425. [Christophe Vandeplas]

95
content/blog/MISP.2.4.182.released.md Normal file
View File

@ -0,0 +1,95 @@
---
title: MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.
date: 2023-12-22
layout: post
tags: ["MISP", "Threat Intelligence", "release"]
banner: /img/blog/workflow-blue.png
---
MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.
# MISP Core
## New Features
- [event:view] Added new option `show_server_correlations_for_all_users`
allowing non-privileged users to view server correlations. [Sami
Mokaddem]
## Changes
- [Version] bump. [iglocska]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [misp-stix] Bumped latest version. [Christian Studer]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [Geo-Open] updated to the latest version. [Alexandre Dulaunoy]
- [PyMISP] Bump. [Raphaël Vinot]
- [CLI] runUpdates updated to purge any pending db lock first.
[iglocska]
- [event reports] content field size changed to mediumtext. [Andras
Iklody]
- [logging] fail silently if logging entry can't be saved. [iglocska]
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
- [events:event-graph] Allow expansion of nodes by double-clicking.
[Sami Mokaddem]
In response to significant demand from Terrtia and subsequent evaluation by adulau
- [feed:attachFeedCorrelations] Added comment. [Sami Mokaddem]
- [event:view] Show feed meta-information as popup. [Sami Mokaddem]
- [misp-stix] Bump. [Jakub Onderka]
## Fix
- [db_schema] dump. [iglocska]
- [correlation] exclusion cleaning was broken for noacl correlations,
fixes #8899. [iglocska]
- [eventReport:editReport] Generate an UUID if new report added from
pull. [Sami Mokaddem]
- [workflows:editor] Prepend baseurl to url. [Lukasz Rzasik]
- [TOTP] allow deletion of TOTP from edit page. [Christophe Vandeplas]
- [security] new audit logs lack of ACL controls. [iglocska]
- added proper ACL handling to the new audit logs
- as reported by fukusuket(Fukusuke Takahashi)
- Assigned [CVE-2023-50918](https://cvepremium.circl.lu/cve/CVE-2023-50918) for this vulnerability. The new audit log is not enabled by default.
- [case sensitivity] fix. [iglocska]
- [login_history] fixes str_contains #9433. [Christophe Vandeplas]
- [login_history] fixes str_contains #9433. [Christophe Vandeplas]
- [password reset] required current password for token based reset.
[iglocska]
- [diag] diagnostics page loading issue. [Michael Hirt]
- [openapi] add version to match spec. fixes #9058. [Luciano Righetti]
- [caching] remove uuid validation from the feed caching. [iglocska]
- not really needed and it breaks the entire caching if a single old event has an invalid uuid
- [attribute bulk update] separate out tag deletion as it builds a
ridiculously large query at times. [iglocska]
- [caching] remove uuid validation from the feed caching. [iglocska]
- not really needed and it breaks the entire caching if a single old event has an invalid uuid
# MISP project knowledge bases
## MISP Objects
Improved [shadowserver-malware-url-report](https://www.misp-project.org/objects.html#_shadowserver_malware_url_report) and [cs-beacon-config](https://www.misp-project.org/objects.html#_cs_beacon_config) object template. Updates in the [victim object template](https://www.misp-project.org/objects.html#_victim) and [report object template](https://www.misp-project.org/objects.html#_report).
## MISP Galaxy
Improved [Sigma rules galaxy](https://github.com/MISP/misp-galaxy/blob/main/clusters/sigma-rules.json), [threat-actors database](https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json) with many new threat-actors
## MISP warning-lists
[Warning-lists updated](https://github.com/MISP/misp-warninglists) to the latest version from the different sources.
# Don't forget to follow us on Mastodon
The MISP project has its own Mastodon server [misp-community.org](https://misp-community.org/) - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
# MISP Professional Services
[MISP Professional Services (MPS)](https://www.misp-project.org/professional-services/) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.