MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [Changelog] v2.4.146 updates

pull/40/head
Alexandre Dulaunoy 2021-01-18 09:54:10 +01:00
parent 6e431e5b7c
commit 9e5a090d2a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 487 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

487
Changelog.txt
View File

@ -2,6 +2,493 @@ Changelog
=========
v2.4.136 (2020-12-16)
---------------------
New
~~~
- [CLI] Import events with compressed file support. [Jakub Onderka]
Useful for importing big files
- [UI] Find org images also by uuid and support SVG images. [Jakub
Onderka]
- [UI] Make possible to filter users by active/disabled. [Jakub Onderka]
- [UI] Show number of events for sharing group. [Jakub Onderka]
- [test] View org page. [Jakub Onderka]
- [UI] Allow to search in sharing group list. [Jakub Onderka]
- [security] Test if user can see sharing groups. [Jakub Onderka]
- [factories] generic confirmation UI factory added. [iglocska]
- [Cerebrates] added Cerebrate sync functionality. [iglocska]
- add/modify cerebrate links
- preview cerebrate instanes for organisations
- fetch organisations from cerebrate
- ingests new organisations and updates existing ones
- More to come in the future
- [Cerebrate] db update added. [iglocska]
- [view factories rework] [iglocska]
indextable:
- org lookup field cleaned up and made more resilient
- remote status: status field for checking of the local vs remote state of objects added
- pagination system updated to allow for ajax pagination
- random named container added for the index table's scaffolding
side menu:
- added cerebrate options
side panels:
- new factory type added for side panel elements (for the usual 2:1 split views)
- added logo element
single views:
- child reworked to use the accordion element
- added side panel support
- [auth] Allow to enforce auth plugin authentication. [Jakub Onderka]
- [shibb] Test for organisation UUID HTTP header. [Jakub Onderka]
- [shibb] Allow to get organisation UUID from HTTP headers. [Jakub
Onderka]
- [test] Test for ApacheShibbAuth. [Jakub Onderka]
- [test] Security test suite. [Jakub Onderka]
- [security] New setting to check `Sec-Fetch-Site` header. [Jakub
Onderka]
- [security] Add new `Security.disable_browser_cache` option to disable
saving data to browser cache. [Jakub Onderka]
Changes
~~~~~~~
- [version] bump. [iglocska]
- [UI] Nicer galaxy cluster view. [Jakub Onderka]
- [UI] Nicer icon for discussion reply. [Jakub Onderka]
- [UI] Move org UUID after ID to match other page style. [Jakub Onderka]
- [UI] Add cancel for sharing group search. [Jakub Onderka]
- [UI] Nicer title when creating event report. [Jakub Onderka]
- [security] For `hide_organisation_index_from_users` hide orgs that
make contribution that user cannot see. [Jakub Onderka]
- [composer] Add ext-rdkafka as suggested dependency. [Jakub Onderka]
- [UI] Use PGP instead of GnuGP, GnuPG is implementation. [Jakub
Onderka]
- [UI] Hide some fields from user profile and use better description.
[Jakub Onderka]
- [internal] HEAD check if org exists. [Jakub Onderka]
- [internal] Simplified SharingGroup::checkIfOwner method. [Jakub
Onderka]
- [internal] Load orgs just when it is necessary. [Jakub Onderka]
- [UI] Use standardised view for sharging group. [Jakub Onderka]
- [composer] Raise minimal PHP version to 7.2 and disable support for
8.0. [Jakub Onderka]
- [shibb] Newly created org should be local. [Jakub Onderka]
- [galaxyClusters:view_relation_tree] Adjust height based on the number
of nodes. [mokaddem]
- [actions] added develop branch. [iglocska]
- [ACL] cerebrate added to the ACL. [iglocska]
- [querystring] bump. [iglocska]
- [image] added cerebrate logo. [iglocska]
- [js] runIndexQuickFilter changes. [iglocska]
- added optional url parameter to set a fixed URL to search from
- added target parameter for ajax refreshes (target css selector)
- added possibility to pass ordered parameters in addition to key value pairs
- added ajax lookups
- [Cerebrate] added to the global menu. [iglocska]
- [synctool] added custom model support for the setuphttpsocket()
function. [iglocska]
- [CRUD component] call model functions in the afterfind. [iglocska]
- added the option to either use anonymous functions or call model functions in the hook
- fixed a bug with a missing modelname in the lookup scope for fields (carryover from cerebrate)
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [installer] Update to latest version. [Steve Clement]
- [installer] Leveled installer out. [Steve Clement]
- [installer] Update to latest. [Steve Clement]
- [installer] More fixes to replayability. [Steve Clement]
- [actions] added to the develop branch. [iglocska]
- [UI] Normalize date format to match rest of MISP. [Jakub Onderka]
- [installer] Update to latest. [Steve Clement]
- [installer] misp-modules install refactor. [Steve Clement]
- [installer] Refactor the core MISP checkout. [Steve Clement]
- [installer] Update to latest. [Steve Clement]
- [fmt] Make it look better. [Steve Clement]
- [sighting] Support for postgres. [Jakub Onderka]
- [tag] Simplified taxonomy handling. [Jakub Onderka]
- [tag] Fetch event count for tags in one query. [Jakub Onderka]
- [sighting] Speedup loading sighting for tags and galaxies. [Jakub
Onderka]
- [sighting] Speedups list all sightings. [Jakub Onderka]
- [sighting] Reworked listing sightings. [Jakub Onderka]
- [sighting] Sighting statistics. [Jakub Onderka]
- [installer] Deploy latest. [Steve Clement]
- [doc] The installer takes certain env_vars into account. [Steve
Clement]
- [installer] Deploy latest installer with automation fixes. [Steve
Clement]
- [installer] Removed expect, this will ease automation. [Steve Clement]
- [internal] Fetch just necessary orgs and server object for sharing
groups. [Jakub Onderka]
- [misp-galaxy] MITRE ATT&CK updated. [Alexandre Dulaunoy]
- [vhash] removed validation altogether. [Andras Iklody]
- vhash is like a box of chocolates, you never know what you're going to get.
- [internal] Better exception description for PGP key validation. [Jakub
Onderka]
- [PyMISP] Bump version, again. [Raphaël Vinot]
- [PyMISP] Bump version. [Raphaël Vinot]
- [internal] Attach event correlations in one call for attribute UI
search. [Jakub Onderka]
- [internal] Attach feed correlations in one call for attribute UI
search. [Jakub Onderka]
- [internal] Optimise attribute search in UI. [Jakub Onderka]
- [internal] removed void return promise. [iglocska]
- to make EOL php versions happy
- [events:view] Possibility to fetch events without attachments via the
API. [mokaddem]
- [galaxyCluster:relationsTreeTool] Ignore duplicated cluster UUIDs.
[mokaddem]
- Some default clusters have the same UUID. They are the same entity but
stored in a different cluster package. It should be addressed in the
future
Fix
~~~
- [UI] Contact form text. [Jakub Onderka]
- [distribution graph] Graph doesn't work for non sync users when event
is shared to sharing group. [Jakub Onderka]
- [UI] Show correct sync org for sharing group view. [Jakub Onderka]
- [UI] Change order for sg view. [Jakub Onderka]
- [UI] Do not show authkey if advanced authkeys are enabled. [Jakub
Onderka]
- [UI] For accorddion external link do not propagate click. [Jakub
Onderka]
- [UI] Send email link should be visible just for admin view. [Jakub
Onderka]
- [UI] User search keeps filter. [Jakub Onderka]
- [UI] Show correct menu for EventsController::importModule action.
[Jakub Onderka]
- [UI] For import show correct active menu. [Jakub Onderka]
- [UI] For tags show actions just when user can permission to use them.
[Jakub Onderka]
- [UI] For Taxonomies show actions just when user can permission to use
them. [Jakub Onderka]
- [UI] Show correct menu for Contact Reporter page. [Jakub Onderka]
- [UI] Remove unused All button from galaxy index. [Jakub Onderka]
- [UI] Show feed cache buttons just to site admins. [Jakub Onderka]
- [UI] For fail when uploading stix, show unit for maximum size. [Jakub
Onderka]
- [UI] Button border when adding thread port. [Jakub Onderka]
- [UI] Show REST client menu item just when user has perm_auth. [Jakub
Onderka]
- [internal] Undefined variable $passedArgs. [Jakub Onderka]
- [internal] Undefined variables when GitHub is not reachable. [Jakub
Onderka]
- [internal] Undefined variable me. [Jakub Onderka]
- [UI] Better error message for permission denied. [Jakub Onderka]
- [security] Do not leak org names when
hide_organisation_index_from_users enabled. [Jakub Onderka]
- [UI] Nicer error message for CSRF. [Jakub Onderka]
- [internal] User should be able to see his org. [Jakub Onderka]
- [UI] Toggle doesn't work with absolute URLs. [Jakub Onderka]
- [UI] Confusing messages after object template is deleted. [Jakub
Onderka]
- [UI] Do not mention that STIX 2 export require library. [Jakub
Onderka]
This information can be useful just for site administrators, but not for users
- [UI] Do not show REST client menu link when user don't have
permission. [Jakub Onderka]
- [UI] Do not show taxonomy delete menu link when user don't have
permission. [Jakub Onderka]
- [UI] Do not show proposals menu link when user don't have permission.
[Jakub Onderka]
- [UI] Do not show extend this event button when user don't have
permission to do that. [Jakub Onderka]
- [UI] Allow to access delegations index just when delegations are
enabled. [Jakub Onderka]
- [UI] Show `Add Cluster` in menu just when user has permission to add
cluster. [Jakub Onderka]
- [sighting] Make sure that correct columns are processed. [Jakub
Onderka]
- [rest-client] Do not raise exception for not site admin. [Jakub
Onderka]
- [UI] Link to role edit. [Jakub Onderka]
- [UI] Show delete and edit button for SG just when user has permission.
[Jakub Onderka]
- [UI] Sort countries by name. [Jakub Onderka]
- [db_schema] added cerebrate. [iglocska]
- [baseurl] validation relaxed. [iglocska]
- no more arbitrary junk blocking https://localhost
- [communities] search fixed, context no longer defaults to "pending"
which is an unknown value. [iglocska]
- [authkey] fixed a bug causing recurring authkey lookups via model
binding failing. [iglocska]
- missing parameter caused the linking to be single use
- [community] removed invalid filter field causing notice errors.
[iglocska]
- [custompagination tool] hardcoded modelname fixed. [iglocska]
- [doc] Location typo fixed. [Alexandre Dulaunoy]
- [pgp] Key info for older GPG versions. [Jakub Onderka]
- [security] XSS in authkey comment field. [Jakub Onderka]
- [sightings] Support mysql in sql_mode=only_full_group_by. [Jakub
Onderka]
- [security] Remove hashed advanced keys from response. [Jakub Onderka]
- [bindmodel] added reset = false to the linking of users to authkeys.
[Andras Iklody]
- added reset = false in parameters (otherwise consecutive calls to the user model will not include the relation)
- [UI] Correctly handle truncated values for import. [Jakub Onderka]
- [UI] Favourite only for tags. [Jakub Onderka]
- [installer] fi was forgotten, #hotfix. [Steve Clement]
- [installer] sfv file was forgotten. [Steve Clement]
- [internal] Remove unused method from AppController. [Jakub Onderka]
- [csvExport] Prevent override when using `includeContext` parameter Fix
#3774. [mokaddem]
- [internal] Redis unlink method for old Redis versions. [Jakub Onderka]
- [text export] cull duplicates after fetching the data. [iglocska]
- pros: No more full group by exceptions
Handles duplicate culling across internally paginated workloads
- cons: The returned dataset's size will not always match the requested count as duplicates are culled
- [authkey] only link the model if the instance is already updated.
[iglocska]
- [UI] user add. [iglocska]
S/MIME label misaligned
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge pull request #6754 from JakubOnderka/fix-contact-ui. [Jakub
Onderka]
fix: [UI] Contact form text
- Merge pull request #6752 from JakubOnderka/distribution_graph_sg_fix.
[Jakub Onderka]
fix: [distribution graph] Graph doesn't work for non sync users
- Merge pull request #6698 from JakubOnderka/small-ui-fixes. [Jakub
Onderka]
Small UI fixes
- Merge pull request #6716 from JakubOnderka/cli-import. [Jakub Onderka]
new: [CLI] Import events with compressed file support
- Merge pull request #6730 from JakubOnderka/org-image-svg-uuid. [Jakub
Onderka]
new: [UI] Find org images also by uuid and support SVG images
- Merge pull request #6746 from JakubOnderka/rest-client-menu-
permission. [Jakub Onderka]
Rest client menu permission
- Merge pull request #6743 from JakubOnderka/undefined-me. [Jakub
Onderka]
fix: [internal] Undefined variables
- Merge pull request #6744 from JakubOnderka/user-filter. [Jakub
Onderka]
new: [UI] Make possible to filter users by active/disabled
- Merge pull request #6739 from JakubOnderka/error-message. [Jakub
Onderka]
fix: [UI] Better error message for permission denied
- Merge pull request #6738 from JakubOnderka/hide-orgs-dont-leak. [Jakub
Onderka]
fix: [security] Do not leak org names
- Merge pull request #6735 from JakubOnderka/error-message. [Jakub
Onderka]
fix: [UI] Nicer error message for CSRF
- Merge pull request #6732 from JakubOnderka/hide-orgs-show-his-org.
[Jakub Onderka]
fix: [internal] User should be able to see his org
- Merge pull request #6727 from JakubOnderka/fix-toggle-url. [Jakub
Onderka]
fix: [UI] Toggle doesn't work with absolute URLs
- Merge pull request #6721 from JakubOnderka/org-can-see. [Jakub
Onderka]
chg: [security] For `hide_organisation_index_from_users` hide more orgs
- Merge pull request #6725 from JakubOnderka/object-delete-ui. [Jakub
Onderka]
fix: [UI] Confusing messages after object template is deleted
- Merge pull request #6724 from JakubOnderka/kafka-suggested-ext. [Jakub
Onderka]
Kafka suggested ext
- Merge pull request #6707 from JakubOnderka/event-export-library-
mention. [Jakub Onderka]
fix: [UI] Do not mention that STIX 2 export require library
- Merge pull request #6720 from JakubOnderka/permission-ui. [Jakub
Onderka]
Permission UI
- Merge pull request #6719 from JakubOnderka/delegation-access. [Jakub
Onderka]
fix: [UI] Allow to access delegations index just when delegations are enabled
- Merge pull request #6717 from JakubOnderka/sharing-group-events.
[Jakub Onderka]
new: [UI] Show number of events for sharing group
- Merge pull request #6696 from JakubOnderka/user-profile-ui. [Jakub
Onderka]
chg: [UI] Hide some fields from user profile and use better description
- Merge pull request #6695 from JakubOnderka/add-cluster-menu-view.
[Jakub Onderka]
fix: [UI] Show `Add Cluster` in menu just when user has permission to…
- Merge branch 'develop' into add-cluster-menu-view. [Jakub Onderka]
- Merge pull request #6676 from JakubOnderka/fix-sighting-columns.
[Jakub Onderka]
fix: [sighting] Make sure that correct columns are processed
- Merge pull request #6694 from JakubOnderka/invalid-controller-name-
fix. [Jakub Onderka]
fix: [rest-client] Do not raise exception for non site admin
- Merge pull request #6706 from JakubOnderka/role-edit-fix. [Jakub
Onderka]
fix: [UI] Link to role edit
- Merge pull request #6699 from folbricht-stripe/s3-fix-writable-check.
[Jakub Onderka]
fix: Don't fail writable attachment dir test for S3
- Don't fail writable attachment dir test for S3. [Frank Olbricht]
- Merge pull request #6703 from JakubOnderka/org-view. [Jakub Onderka]
new: [test] View org page
- Merge pull request #6700 from JakubOnderka/sg-view. [Jakub Onderka]
Sharing group view
- Merge pull request #6701 from JakubOnderka/security-sg-view. [Jakub
Onderka]
new: [security] Test if user can see sharing groups
- Merge pull request #6662 from JakubOnderka/php-test. [Jakub Onderka]
Disable PHP 8 support
- Merge pull request #6693 from JakubOnderka/countries-order. [Jakub
Onderka]
fix: [UI] Sort countries by name
- Merge pull request #6691 from JakubOnderka/shibb-new-org-local. [Jakub
Onderka]
chg: [shibb] Newly created org should be local
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into cerebrate. [iglocska]
- Merge pull request #6733 from legoguy1000/#6355-Suricata-JA3-Rules.
[Alexandre Dulaunoy]
Create JA3 Hash Suricata Rules
- #6355 Create JA3 Hash Suricata Rules. [Alex Resnick]
- Merge pull request #6697 from JakubOnderka/gpg-key-import-fix. [Jakub
Onderka]
fix: [pgp] Key info for older GPG versions
- Merge pull request #6690 from JakubOnderka/xss-authkey-fix. [Jakub
Onderka]
fix: [security] XSS in authkey comment field
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #6675 from SteveClement/guides. [Steve Clement]
chg: [installer] Leveled installer out
- Merge pull request #6674 from SteveClement/guides. [Steve Clement]
chg: [installer] More fixes to replayability.
- Merge pull request #6673 from JakubOnderka/news-date-format-change.
[Jakub Onderka]
chg: [UI] Normalize date format to match rest of MISP
- Merge pull request #6672 from JakubOnderka/fix-full-group. [Jakub
Onderka]
fix: [sightings] Support mysql in sql_mode=only_full_group_by
- Merge pull request #6656 from JakubOnderka/auth-plugin-enforce. [Jakub
Onderka]
new: [auth] Allow to enforce auth plugin authentication
- Merge pull request #6669 from StefanKelm/2.4. [Andras Iklody]
Update event-timeline.js
- Update event-timeline.js. [StefanKelm]
Few typos...
- Merge pull request #6668 from SteveClement/guides. [Steve Clement]
- Merge pull request #6665 from JakubOnderka/remove-hashed-keys. [Jakub
Onderka]
fix: [security] Remove hashed advanced keys from response
- Merge pull request #6664 from SteveClement/guides. [Steve Clement]
chg: [fmt] Make it look better
- Merge pull request #6663 from JakubOnderka/fix-import-truncated-
values. [Jakub Onderka]
fix: [UI] Correctly handle truncated values for import
- Merge pull request #6578 from JakubOnderka/sighting-statistics. [Jakub
Onderka]
- Merge pull request #6660 from SteveClement/guides. [Steve Clement]
chg: [doc] The installer takes certain env_vars into account
- Merge pull request #6658 from SteveClement/guides. [Steve Clement]
chg: [installer] Removed expect, this will ease automation.
- Merge pull request #6657 from JakubOnderka/app-controller-cleanup.
[Jakub Onderka]
fix: [internal] Remove unused method from AppController
- Merge pull request #6633 from JakubOnderka/sg-fetching-optim. [Jakub
Onderka]
chg: [internal] Fetch just necessary orgs and server object for sg
- Merge pull request #6624 from JakubOnderka/shibb-org-uuid. [Jakub
Onderka]
new: [shibb] Allow to get organisation UUID from HTTP headers
- Merge pull request #6613 from JakubOnderka/security-tests. [Jakub
Onderka]
new: [test] Security test suite
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #6081 from
JakubOnderka/security_disable_browser_cache. [Jakub Onderka]
new: [security] HTTP headers hardening
- Merge pull request #6646 from JakubOnderka/gpg-key-validation. [Jakub
Onderka]
chg: [internal] Better exception description for PGP key validation
- Merge pull request #6644 from JakubOnderka/fix-redis-unlink. [Jakub
Onderka]
fix: [internal] Redis unlink method for old Redis versions
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #6634 from JakubOnderka/attribute-search-
optimisation. [Jakub Onderka]
chg: [internal] Optimise attribute search in UI
v2.4.135 (2020-11-24)
---------------------