diff --git a/Changelog.txt b/Changelog.txt index 87232a7..770b84b 100755 --- a/Changelog.txt +++ b/Changelog.txt @@ -2,6 +2,493 @@ Changelog ========= +v2.4.136 (2020-12-16) +--------------------- + +New +~~~ +- [CLI] Import events with compressed file support. [Jakub Onderka] + + Useful for importing big files +- [UI] Find org images also by uuid and support SVG images. [Jakub + Onderka] +- [UI] Make possible to filter users by active/disabled. [Jakub Onderka] +- [UI] Show number of events for sharing group. [Jakub Onderka] +- [test] View org page. [Jakub Onderka] +- [UI] Allow to search in sharing group list. [Jakub Onderka] +- [security] Test if user can see sharing groups. [Jakub Onderka] +- [factories] generic confirmation UI factory added. [iglocska] +- [Cerebrates] added Cerebrate sync functionality. [iglocska] + + - add/modify cerebrate links + - preview cerebrate instanes for organisations + - fetch organisations from cerebrate + - ingests new organisations and updates existing ones + + - More to come in the future +- [Cerebrate] db update added. [iglocska] +- [view factories rework] [iglocska] + + indextable: + - org lookup field cleaned up and made more resilient + - remote status: status field for checking of the local vs remote state of objects added + - pagination system updated to allow for ajax pagination + - random named container added for the index table's scaffolding + + side menu: + - added cerebrate options + + side panels: + - new factory type added for side panel elements (for the usual 2:1 split views) + - added logo element + + single views: + - child reworked to use the accordion element + - added side panel support +- [auth] Allow to enforce auth plugin authentication. [Jakub Onderka] +- [shibb] Test for organisation UUID HTTP header. [Jakub Onderka] +- [shibb] Allow to get organisation UUID from HTTP headers. [Jakub + Onderka] +- [test] Test for ApacheShibbAuth. [Jakub Onderka] +- [test] Security test suite. [Jakub Onderka] +- [security] New setting to check `Sec-Fetch-Site` header. [Jakub + Onderka] +- [security] Add new `Security.disable_browser_cache` option to disable + saving data to browser cache. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [UI] Nicer galaxy cluster view. [Jakub Onderka] +- [UI] Nicer icon for discussion reply. [Jakub Onderka] +- [UI] Move org UUID after ID to match other page style. [Jakub Onderka] +- [UI] Add cancel for sharing group search. [Jakub Onderka] +- [UI] Nicer title when creating event report. [Jakub Onderka] +- [security] For `hide_organisation_index_from_users` hide orgs that + make contribution that user cannot see. [Jakub Onderka] +- [composer] Add ext-rdkafka as suggested dependency. [Jakub Onderka] +- [UI] Use PGP instead of GnuGP, GnuPG is implementation. [Jakub + Onderka] +- [UI] Hide some fields from user profile and use better description. + [Jakub Onderka] +- [internal] HEAD check if org exists. [Jakub Onderka] +- [internal] Simplified SharingGroup::checkIfOwner method. [Jakub + Onderka] +- [internal] Load orgs just when it is necessary. [Jakub Onderka] +- [UI] Use standardised view for sharging group. [Jakub Onderka] +- [composer] Raise minimal PHP version to 7.2 and disable support for + 8.0. [Jakub Onderka] +- [shibb] Newly created org should be local. [Jakub Onderka] +- [galaxyClusters:view_relation_tree] Adjust height based on the number + of nodes. [mokaddem] +- [actions] added develop branch. [iglocska] +- [ACL] cerebrate added to the ACL. [iglocska] +- [querystring] bump. [iglocska] +- [image] added cerebrate logo. [iglocska] +- [js] runIndexQuickFilter changes. [iglocska] + + - added optional url parameter to set a fixed URL to search from + - added target parameter for ajax refreshes (target css selector) + - added possibility to pass ordered parameters in addition to key value pairs + - added ajax lookups +- [Cerebrate] added to the global menu. [iglocska] +- [synctool] added custom model support for the setuphttpsocket() + function. [iglocska] +- [CRUD component] call model functions in the afterfind. [iglocska] + + - added the option to either use anonymous functions or call model functions in the hook + - fixed a bug with a missing modelname in the lookup scope for fields (carryover from cerebrate) +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Update to latest version. [Steve Clement] +- [installer] Leveled installer out. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [installer] More fixes to replayability. [Steve Clement] +- [actions] added to the develop branch. [iglocska] +- [UI] Normalize date format to match rest of MISP. [Jakub Onderka] +- [installer] Update to latest. [Steve Clement] +- [installer] misp-modules install refactor. [Steve Clement] +- [installer] Refactor the core MISP checkout. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [fmt] Make it look better. [Steve Clement] +- [sighting] Support for postgres. [Jakub Onderka] +- [tag] Simplified taxonomy handling. [Jakub Onderka] +- [tag] Fetch event count for tags in one query. [Jakub Onderka] +- [sighting] Speedup loading sighting for tags and galaxies. [Jakub + Onderka] +- [sighting] Speedups list all sightings. [Jakub Onderka] +- [sighting] Reworked listing sightings. [Jakub Onderka] +- [sighting] Sighting statistics. [Jakub Onderka] +- [installer] Deploy latest. [Steve Clement] +- [doc] The installer takes certain env_vars into account. [Steve + Clement] +- [installer] Deploy latest installer with automation fixes. [Steve + Clement] +- [installer] Removed expect, this will ease automation. [Steve Clement] +- [internal] Fetch just necessary orgs and server object for sharing + groups. [Jakub Onderka] +- [misp-galaxy] MITRE ATT&CK updated. [Alexandre Dulaunoy] +- [vhash] removed validation altogether. [Andras Iklody] + + - vhash is like a box of chocolates, you never know what you're going to get. +- [internal] Better exception description for PGP key validation. [Jakub + Onderka] +- [PyMISP] Bump version, again. [Raphaël Vinot] +- [PyMISP] Bump version. [Raphaël Vinot] +- [internal] Attach event correlations in one call for attribute UI + search. [Jakub Onderka] +- [internal] Attach feed correlations in one call for attribute UI + search. [Jakub Onderka] +- [internal] Optimise attribute search in UI. [Jakub Onderka] +- [internal] removed void return promise. [iglocska] + + - to make EOL php versions happy +- [events:view] Possibility to fetch events without attachments via the + API. [mokaddem] +- [galaxyCluster:relationsTreeTool] Ignore duplicated cluster UUIDs. + [mokaddem] + + - Some default clusters have the same UUID. They are the same entity but + stored in a different cluster package. It should be addressed in the + future + +Fix +~~~ +- [UI] Contact form text. [Jakub Onderka] +- [distribution graph] Graph doesn't work for non sync users when event + is shared to sharing group. [Jakub Onderka] +- [UI] Show correct sync org for sharing group view. [Jakub Onderka] +- [UI] Change order for sg view. [Jakub Onderka] +- [UI] Do not show authkey if advanced authkeys are enabled. [Jakub + Onderka] +- [UI] For accorddion external link do not propagate click. [Jakub + Onderka] +- [UI] Send email link should be visible just for admin view. [Jakub + Onderka] +- [UI] User search keeps filter. [Jakub Onderka] +- [UI] Show correct menu for EventsController::importModule action. + [Jakub Onderka] +- [UI] For import show correct active menu. [Jakub Onderka] +- [UI] For tags show actions just when user can permission to use them. + [Jakub Onderka] +- [UI] For Taxonomies show actions just when user can permission to use + them. [Jakub Onderka] +- [UI] Show correct menu for Contact Reporter page. [Jakub Onderka] +- [UI] Remove unused All button from galaxy index. [Jakub Onderka] +- [UI] Show feed cache buttons just to site admins. [Jakub Onderka] +- [UI] For fail when uploading stix, show unit for maximum size. [Jakub + Onderka] +- [UI] Button border when adding thread port. [Jakub Onderka] +- [UI] Show REST client menu item just when user has perm_auth. [Jakub + Onderka] +- [internal] Undefined variable $passedArgs. [Jakub Onderka] +- [internal] Undefined variables when GitHub is not reachable. [Jakub + Onderka] +- [internal] Undefined variable me. [Jakub Onderka] +- [UI] Better error message for permission denied. [Jakub Onderka] +- [security] Do not leak org names when + hide_organisation_index_from_users enabled. [Jakub Onderka] +- [UI] Nicer error message for CSRF. [Jakub Onderka] +- [internal] User should be able to see his org. [Jakub Onderka] +- [UI] Toggle doesn't work with absolute URLs. [Jakub Onderka] +- [UI] Confusing messages after object template is deleted. [Jakub + Onderka] +- [UI] Do not mention that STIX 2 export require library. [Jakub + Onderka] + + This information can be useful just for site administrators, but not for users +- [UI] Do not show REST client menu link when user don't have + permission. [Jakub Onderka] +- [UI] Do not show taxonomy delete menu link when user don't have + permission. [Jakub Onderka] +- [UI] Do not show proposals menu link when user don't have permission. + [Jakub Onderka] +- [UI] Do not show extend this event button when user don't have + permission to do that. [Jakub Onderka] +- [UI] Allow to access delegations index just when delegations are + enabled. [Jakub Onderka] +- [UI] Show `Add Cluster` in menu just when user has permission to add + cluster. [Jakub Onderka] +- [sighting] Make sure that correct columns are processed. [Jakub + Onderka] +- [rest-client] Do not raise exception for not site admin. [Jakub + Onderka] +- [UI] Link to role edit. [Jakub Onderka] +- [UI] Show delete and edit button for SG just when user has permission. + [Jakub Onderka] +- [UI] Sort countries by name. [Jakub Onderka] +- [db_schema] added cerebrate. [iglocska] +- [baseurl] validation relaxed. [iglocska] + + - no more arbitrary junk blocking https://localhost +- [communities] search fixed, context no longer defaults to "pending" + which is an unknown value. [iglocska] +- [authkey] fixed a bug causing recurring authkey lookups via model + binding failing. [iglocska] + + - missing parameter caused the linking to be single use +- [community] removed invalid filter field causing notice errors. + [iglocska] +- [custompagination tool] hardcoded modelname fixed. [iglocska] +- [doc] Location typo fixed. [Alexandre Dulaunoy] +- [pgp] Key info for older GPG versions. [Jakub Onderka] +- [security] XSS in authkey comment field. [Jakub Onderka] +- [sightings] Support mysql in sql_mode=only_full_group_by. [Jakub + Onderka] +- [security] Remove hashed advanced keys from response. [Jakub Onderka] +- [bindmodel] added reset = false to the linking of users to authkeys. + [Andras Iklody] + + - added reset = false in parameters (otherwise consecutive calls to the user model will not include the relation) +- [UI] Correctly handle truncated values for import. [Jakub Onderka] +- [UI] Favourite only for tags. [Jakub Onderka] +- [installer] fi was forgotten, #hotfix. [Steve Clement] +- [installer] sfv file was forgotten. [Steve Clement] +- [internal] Remove unused method from AppController. [Jakub Onderka] +- [csvExport] Prevent override when using `includeContext` parameter Fix + #3774. [mokaddem] +- [internal] Redis unlink method for old Redis versions. [Jakub Onderka] +- [text export] cull duplicates after fetching the data. [iglocska] + + - pros: No more full group by exceptions + Handles duplicate culling across internally paginated workloads + + - cons: The returned dataset's size will not always match the requested count as duplicates are culled +- [authkey] only link the model if the instance is already updated. + [iglocska] +- [UI] user add. [iglocska] + + S/MIME label misaligned + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #6754 from JakubOnderka/fix-contact-ui. [Jakub + Onderka] + + fix: [UI] Contact form text +- Merge pull request #6752 from JakubOnderka/distribution_graph_sg_fix. + [Jakub Onderka] + + fix: [distribution graph] Graph doesn't work for non sync users +- Merge pull request #6698 from JakubOnderka/small-ui-fixes. [Jakub + Onderka] + + Small UI fixes +- Merge pull request #6716 from JakubOnderka/cli-import. [Jakub Onderka] + + new: [CLI] Import events with compressed file support +- Merge pull request #6730 from JakubOnderka/org-image-svg-uuid. [Jakub + Onderka] + + new: [UI] Find org images also by uuid and support SVG images +- Merge pull request #6746 from JakubOnderka/rest-client-menu- + permission. [Jakub Onderka] + + Rest client menu permission +- Merge pull request #6743 from JakubOnderka/undefined-me. [Jakub + Onderka] + + fix: [internal] Undefined variables +- Merge pull request #6744 from JakubOnderka/user-filter. [Jakub + Onderka] + + new: [UI] Make possible to filter users by active/disabled +- Merge pull request #6739 from JakubOnderka/error-message. [Jakub + Onderka] + + fix: [UI] Better error message for permission denied +- Merge pull request #6738 from JakubOnderka/hide-orgs-dont-leak. [Jakub + Onderka] + + fix: [security] Do not leak org names +- Merge pull request #6735 from JakubOnderka/error-message. [Jakub + Onderka] + + fix: [UI] Nicer error message for CSRF +- Merge pull request #6732 from JakubOnderka/hide-orgs-show-his-org. + [Jakub Onderka] + + fix: [internal] User should be able to see his org +- Merge pull request #6727 from JakubOnderka/fix-toggle-url. [Jakub + Onderka] + + fix: [UI] Toggle doesn't work with absolute URLs +- Merge pull request #6721 from JakubOnderka/org-can-see. [Jakub + Onderka] + + chg: [security] For `hide_organisation_index_from_users` hide more orgs +- Merge pull request #6725 from JakubOnderka/object-delete-ui. [Jakub + Onderka] + + fix: [UI] Confusing messages after object template is deleted +- Merge pull request #6724 from JakubOnderka/kafka-suggested-ext. [Jakub + Onderka] + + Kafka suggested ext +- Merge pull request #6707 from JakubOnderka/event-export-library- + mention. [Jakub Onderka] + + fix: [UI] Do not mention that STIX 2 export require library +- Merge pull request #6720 from JakubOnderka/permission-ui. [Jakub + Onderka] + + Permission UI +- Merge pull request #6719 from JakubOnderka/delegation-access. [Jakub + Onderka] + + fix: [UI] Allow to access delegations index just when delegations are enabled +- Merge pull request #6717 from JakubOnderka/sharing-group-events. + [Jakub Onderka] + + new: [UI] Show number of events for sharing group +- Merge pull request #6696 from JakubOnderka/user-profile-ui. [Jakub + Onderka] + + chg: [UI] Hide some fields from user profile and use better description +- Merge pull request #6695 from JakubOnderka/add-cluster-menu-view. + [Jakub Onderka] + + fix: [UI] Show `Add Cluster` in menu just when user has permission to… +- Merge branch 'develop' into add-cluster-menu-view. [Jakub Onderka] +- Merge pull request #6676 from JakubOnderka/fix-sighting-columns. + [Jakub Onderka] + + fix: [sighting] Make sure that correct columns are processed +- Merge pull request #6694 from JakubOnderka/invalid-controller-name- + fix. [Jakub Onderka] + + fix: [rest-client] Do not raise exception for non site admin +- Merge pull request #6706 from JakubOnderka/role-edit-fix. [Jakub + Onderka] + + fix: [UI] Link to role edit +- Merge pull request #6699 from folbricht-stripe/s3-fix-writable-check. + [Jakub Onderka] + + fix: Don't fail writable attachment dir test for S3 +- Don't fail writable attachment dir test for S3. [Frank Olbricht] +- Merge pull request #6703 from JakubOnderka/org-view. [Jakub Onderka] + + new: [test] View org page +- Merge pull request #6700 from JakubOnderka/sg-view. [Jakub Onderka] + + Sharing group view +- Merge pull request #6701 from JakubOnderka/security-sg-view. [Jakub + Onderka] + + new: [security] Test if user can see sharing groups +- Merge pull request #6662 from JakubOnderka/php-test. [Jakub Onderka] + + Disable PHP 8 support +- Merge pull request #6693 from JakubOnderka/countries-order. [Jakub + Onderka] + + fix: [UI] Sort countries by name +- Merge pull request #6691 from JakubOnderka/shibb-new-org-local. [Jakub + Onderka] + + chg: [shibb] Newly created org should be local +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into cerebrate. [iglocska] +- Merge pull request #6733 from legoguy1000/#6355-Suricata-JA3-Rules. + [Alexandre Dulaunoy] + + Create JA3 Hash Suricata Rules +- #6355 Create JA3 Hash Suricata Rules. [Alex Resnick] +- Merge pull request #6697 from JakubOnderka/gpg-key-import-fix. [Jakub + Onderka] + + fix: [pgp] Key info for older GPG versions +- Merge pull request #6690 from JakubOnderka/xss-authkey-fix. [Jakub + Onderka] + + fix: [security] XSS in authkey comment field +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6675 from SteveClement/guides. [Steve Clement] + + chg: [installer] Leveled installer out +- Merge pull request #6674 from SteveClement/guides. [Steve Clement] + + chg: [installer] More fixes to replayability. +- Merge pull request #6673 from JakubOnderka/news-date-format-change. + [Jakub Onderka] + + chg: [UI] Normalize date format to match rest of MISP +- Merge pull request #6672 from JakubOnderka/fix-full-group. [Jakub + Onderka] + + fix: [sightings] Support mysql in sql_mode=only_full_group_by +- Merge pull request #6656 from JakubOnderka/auth-plugin-enforce. [Jakub + Onderka] + + new: [auth] Allow to enforce auth plugin authentication +- Merge pull request #6669 from StefanKelm/2.4. [Andras Iklody] + + Update event-timeline.js +- Update event-timeline.js. [StefanKelm] + + Few typos... +- Merge pull request #6668 from SteveClement/guides. [Steve Clement] +- Merge pull request #6665 from JakubOnderka/remove-hashed-keys. [Jakub + Onderka] + + fix: [security] Remove hashed advanced keys from response +- Merge pull request #6664 from SteveClement/guides. [Steve Clement] + + chg: [fmt] Make it look better +- Merge pull request #6663 from JakubOnderka/fix-import-truncated- + values. [Jakub Onderka] + + fix: [UI] Correctly handle truncated values for import +- Merge pull request #6578 from JakubOnderka/sighting-statistics. [Jakub + Onderka] +- Merge pull request #6660 from SteveClement/guides. [Steve Clement] + + chg: [doc] The installer takes certain env_vars into account +- Merge pull request #6658 from SteveClement/guides. [Steve Clement] + + chg: [installer] Removed expect, this will ease automation. +- Merge pull request #6657 from JakubOnderka/app-controller-cleanup. + [Jakub Onderka] + + fix: [internal] Remove unused method from AppController +- Merge pull request #6633 from JakubOnderka/sg-fetching-optim. [Jakub + Onderka] + + chg: [internal] Fetch just necessary orgs and server object for sg +- Merge pull request #6624 from JakubOnderka/shibb-org-uuid. [Jakub + Onderka] + + new: [shibb] Allow to get organisation UUID from HTTP headers +- Merge pull request #6613 from JakubOnderka/security-tests. [Jakub + Onderka] + + new: [test] Security test suite +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6081 from + JakubOnderka/security_disable_browser_cache. [Jakub Onderka] + + new: [security] HTTP headers hardening +- Merge pull request #6646 from JakubOnderka/gpg-key-validation. [Jakub + Onderka] + + chg: [internal] Better exception description for PGP key validation +- Merge pull request #6644 from JakubOnderka/fix-redis-unlink. [Jakub + Onderka] + + fix: [internal] Redis unlink method for old Redis versions +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6634 from JakubOnderka/attribute-search- + optimisation. [Jakub Onderka] + + chg: [internal] Optimise attribute search in UI + + v2.4.135 (2020-11-24) ---------------------