diff --git a/_posts/2020-09-21-MISP.2.4.132.released.md b/_posts/2020-09-21-MISP.2.4.132.released.md new file mode 100644 index 0000000..0ecb0ad --- /dev/null +++ b/_posts/2020-09-21-MISP.2.4.132.released.md @@ -0,0 +1,32 @@ +--- +title: MISP 2.4.132 released (security fix CVE-2020-25766 and bugs fixed) +layout: post +featured: /assets/images/misp/blog/d4_sshd_widget.png +--- + +# MISP 2.4.132 released + +A new version of MISP ([2.4.132](https://github.com/MISP/MISP/tree/v2.4.132)) has been released with bugs fixed and an important [security](https://www.misp-project.org/security/) fix [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766). + +# Bugs fixed and updates + +- [bootstrap-datepicker] Updated to version 1.9.0 +- [tag filters] fixed a bug introduced with the previous filter fix, resulting in multiple OR tags being ignored as a valid filter. +- [internal] Correctly handle positive tag filters for non site admins. +- [sightings] anonymise pushed sightings using new Sightings_anonymise_as setting. + +# CVE-2020-25766 + +An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. Thanks to Michael Kerscher for report. + +# Many bugs fixed and small improvements + +A host of other improvements are documented in the [complete changelog is available](https://www.misp-project.org/Changelog.txt). + +# Acknowledgement + +We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html). + +As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements. + +