chg: [post] new version 2.4.107 released

iglocska-patch-1
Alexandre Dulaunoy 2019-05-13 22:22:51 +02:00
parent d1948ace32
commit 97179f68c3
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 55 additions and 0 deletions

View File

@ -0,0 +1,55 @@
---
title: MISP 2.4.107 released (aka similar objects review, yara native export)
layout: post
featured: /assets/images/misp/blog/similar-objects.png
---
A new version of MISP ([2.4.107](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and security fixes. We strongly all users to update their MISP installation to this latest version.
# New main features
## Similar objects and easy merging tool
MISP objects are now a cornerstone to describe complex data-structure and threat intelligence. We have seen a regular process of analysts to add new objects and having similar objects in their analysis. In MISP 2.4.107 shows similar objects (with common attributes) and proposes merging strategies into existing objects. The user-interface is easy to use and part of the standard project.
## Native yara and yara-json export
For a very long time, MISP supports the sharing of [YARA](https://virustotal.github.io/yara/) attributes and objects. We introduced in version 2.4.107 the ability to export YARA rules from any attributes in MISP. The yara and yara-json export allows to generate YARA rules from any attributes or events. Existing YARA rules will remain and will be generated next to the native YARA rules stored in MISP. The export depends on the [Python plyara module](https://github.com/plyara/plyara).
## API
- New includeWarninglistHits option to the attribute and event search API which includes the result of the warning hits.
- Added new export system (attack return format) for restSearch for [ATT&CK](https://attack.mitre.org/). The new export format returns the ATT&CK matrix data as HTML via the API and directly viewable via the REST client. The export was designed during the [EU ATT&CK community](https://www.attack-community.org/) workshop organised at eurocontrol.
# Various
- New update process included in MISP (to prepare the "zoidberg" version and improve the migration process).
- Installer updated and improved (MISP now works on OpenBSD 6.5 and Debian 9.9).
- Modules selection improved (sorted and nicer looks).
- STIX export fixed for email attachments.
- RPZ export improved including new RPZ policy actions (based on [IETF draft](https://tools.ietf.org/html/draft-vixie-dnsop-dns-rpz-00)).
- New quick button to extend a MISP event.
- Many bugs fixed.
# Security fixes
Thanks to João Lucas Melo Brasio from [Elytron Security S.A.](https://elytronsecurity.com) who reported the following security vulnerabilities which are now fixed in MISP 2.4.107.
- [CVE-2019-11812](https://cve.circl.lu/cve/CVE-2019-11812) A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
- [CVE-2019-11813](https://cve.circl.lu/cve/CVE-2019-11813) An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
- [CVE-2019-11814](https://cve.circl.lu/cve/CVE-2019-11814) An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.:
# Improvements
# MISP modules
Many new [MISP modules](https://github.com/MISP/misp-modules) were added such as PDF, PPT, DOCX and XLS importer along with VMRay sandboxes analysis import.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.