chg: [release] MISP 2.4.132

_posts/2020-09-21-MISP.2.4.132.released.md

@@ -0,0 +1,32 @@
+---
+title: MISP 2.4.132 released (security fix CVE-2020-25766 and bugs fixed)
+layout: post
+featured: /assets/images/misp/blog/d4_sshd_widget.png
+---
+
+# MISP 2.4.132 released
+
+A new version of MISP ([2.4.132](https://github.com/MISP/MISP/tree/v2.4.132)) has been released with bugs fixed and an important [security](https://www.misp-project.org/security/) fix [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766).
+
+# Bugs fixed and updates
+
+- [bootstrap-datepicker] Updated to version 1.9.0
+- [tag filters] fixed a bug introduced with the previous filter fix, resulting in multiple OR tags being ignored as a valid filter.
+- [internal] Correctly handle positive tag filters for non site admins.
+- [sightings] anonymise pushed sightings using new Sightings_anonymise_as setting.
+
+# CVE-2020-25766
+
+An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. Thanks to Michael Kerscher for report.
+
+# Many bugs fixed and small improvements
+
+A host of other improvements are documented in the [complete changelog is available](https://www.misp-project.org/Changelog.txt).
+
+# Acknowledgement
+
+We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html).
+
+As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
+
+