diff --git a/_posts/2019-07-08-MISP.2.4.110.released.md b/_posts/2019-07-08-MISP.2.4.110.released.md index 51ce908..a87d38e 100644 --- a/_posts/2019-07-08-MISP.2.4.110.released.md +++ b/_posts/2019-07-08-MISP.2.4.110.released.md @@ -6,13 +6,13 @@ featured: /assets/images/misp/blog/modules-expand.gif # MISP 2.4.110 released -A new version of MISP ([2.4.110](https://github.com/MISP/MISP/tree/v2.4.110)) has been released with a host of new features, improvements, many bugs fixed and one security fix. Even if this is summer time, the MISP project works under the warm weather while drinking cocktails (with or without booze). +A new version of MISP ([2.4.110](https://github.com/MISP/MISP/tree/v2.4.110)) has been released with a host of new features, improvements, many bugs fixed and one security fix. Even under the searing summer sun, the MISP-project team is hard at work, whilst enjoying some cocktails (with or without booze). # New main features ## MISP modules extended to support the full MISP standard format -[misp-modules](misp-modules) now supports MISP objects and relationships. The old modules are still compatible and the new modules bolster up the complete MISP standard format. New modules such as [url-haus](https://github.com/MISP/misp-modules/blob/52dadd2df32b19241fdd978e50b717f1967e264b/misp_modules/modules/expansion/urlhaus.py), [joe sandbox query](https://github.com/MISP/misp-modules/blob/be61613da4f5dc8f082a7c1a9e1ec07fdb872560/misp_modules/modules/expansion/joesandbox_query.py) and many others include the new MISP standard format. This new feature allows to provide more advanced modules generating MISP objects and associated relationships from any kind of expansion, import or export modules in one click. +[misp-modules](misp-modules) now support MISP objects and relationships. The revamped system is still compatible with the old modules, whilst the new modules bolster up the complete MISP standard format. New modules such as [url-haus](https://github.com/MISP/misp-modules/blob/52dadd2df32b19241fdd978e50b717f1967e264b/misp_modules/modules/expansion/urlhaus.py), [joe sandbox query](https://github.com/MISP/misp-modules/blob/be61613da4f5dc8f082a7c1a9e1ec07fdb872560/misp_modules/modules/expansion/joesandbox_query.py) and many others support the new MISP standard format. This new feature allows module developers to create more advanced modules, generating MISP objects and associated relationships from any type of expansion, import or export modules in one click. ![](/assets/images/misp/blog/misp-modules-new.png) ![](/assets/images/misp/blog/misp-modules-2.png) @@ -21,12 +21,12 @@ A new version of MISP ([2.4.110](https://github.com/MISP/MISP/tree/v2.4.110)) ha ![](/assets/images/misp/blog/local-tags.png) -The long awaited feature "local tags" is now available. You can create tags locally if you are a host org user that in-place tagging for synchronisation and export filtering. MISP events are not modified while using the local tags. Local tags are always stripped before being synchronised with our MISP instances and sharing communities. Local tags allow organisation users to violate the ownership model of MISP and add local tagging to any event or attribute. Local tagging works on tags, galaxies and matrix-like galaxy such as ATT&CK. +The long awaited feature "local tags" is now finally available. You can create tags locally if you are a member of the given MISP instance's host organisation, enabling "in-place" tagging for synchronisation and export filtering. MISP events are not modified while using the local tags and are in turn always stripped before being synchronised with other MISP instances and sharing communities. Local tags allow users to avoid violating the ownership model of MISP, but still be able to tag any event or attribute for further dissemination and data contextualisation. Local tagging works for tags, tag collections, galaxies and matrix-like galaxies such as ATT&CK. ## New Norwegian translation -Thanks to the contribution from [Kortho](https://github.com/Kortho), MISP user-interface includes a Norwegian translation. MISP includes Japanese, French translation and multiple translations are growing such as Russian, German and Chinese. If you want to contribute, feel free to join the [crowdin page for MISP](https://crowdin.com/project/misp). It's simple and efficient, translation can be easily done via the web interface. +Thanks to the contribution from [Kortho](https://github.com/Kortho), the MISP user-interface now includes a Norwegian translation in addition to the previously contributed Japanese, French translations along with multiple work in progress translation efforts getting closer to full coverage, such as Russian, German and Chinese. If you wish to contribute, feel free to join the [crowdin page for MISP](https://crowdin.com/project/misp). It's simple and efficient, translations can be easily done via the web interface. # Various updates and improvements @@ -42,12 +42,12 @@ Thanks to the contribution from [Kortho](https://github.com/Kortho), MISP user-i # Security fix (CVE-2019-12868) -[https://cve.circl.lu/cve/CVE-2019-12868](CVE-2019-12868) has been fixed in MISP 2.4.110. MISP 2.4.109 had remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. This vulnerability can only be triggered by the site admin. +[https://cve.circl.lu/cve/CVE-2019-12868](CVE-2019-12868) has been fixed in MISP 2.4.110. MISP 2.4.109 had remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialisation. This vulnerability can only be triggered by the site admin. Thanks to Dawid Czarnecki for reporting it. # STIX improvements - Parsing observable compositions from external STIX files. -- Fixing issues with 'parse' called on bundles containing custom objects. +- Fixing issues with 'parse' being called on bundles containing custom objects. - Fixed user account pattern and user account observable extension in STIX 2.0 export. - Fixed socket extension parsing. - Fixed registry-key keys and values parsing for patterns.