MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [2.4.129] changelog fixed

pull/23/head
Alexandre Dulaunoy 2020-07-27 09:51:26 +02:00
parent 587055fbde
commit bfc292de09
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 323 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

323
Changelog.txt
View File

@ -1,6 +1,329 @@
Changelog Changelog
========= =========
v2.4.129 (2020-07-13)
---------------------
New
~~~
- [diag] Check if ZIP extension is installed. [Jakub Onderka]
- [merge] functionality reworked. [iglocska]
- handle objects, tags, etc via @chrisr3d's module result parsing
- handle sharing groups correctly - as reported by Jakub Onderka
- using standardised fetchers internally
- API enabled (which will directly merge all contents of the source event into the target event)
- [event block rule system] added. [iglocska]
- add simple tag filters to block events from being added.
- it will not stop a manual creation of an event with subsequent adding of the tag in a later stage
- it will however block synced events
- [statistics] shell added for the git codebase's contributor counters.
[iglocska]
- to be extended with other similar tasks
Changes
~~~~~~~
- [version] bump. [iglocska]
- [stix2 library] Bumped latest version. [chrisr3d]
- [UI] Add attribute fixes. [Jakub Onderka]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [correlations] Faster checking if CIDR is IPv4 or IPv6 version. [Jakub
Onderka]
- [correlations] Just check if redis key exists. [Jakub Onderka]
- [feed] Faster freetext feed caching. [Jakub Onderka]
- [UI] Sort tags by name for server rules. [Jakub Onderka]
- [internal] Use tmp file fro Feed::getCache. [Jakub Onderka]
- [internal] Attribute REST search optimisations and error handling.
[Jakub Onderka]
- [internal] Simplify and optimise eventUI method. [Jakub Onderka]
- [warning-list] updated to the latest version. [Alexandre Dulaunoy]
- [ACL] Allow to access to fetchOrgsForSG and fetchServersForSG just
with perm_sharing_group. [Jakub Onderka]
- [users:resgister] Use the trimmed data instead. [mokaddem]
- [stix2] Bumped latest python stix2 library. [chrisr3d]
- [sightings] Check if sighting already exists before getting attribute
info. [Jakub Onderka]
- [sightings] Save one SQL query when saving sighting if event UUID is
given. [Jakub Onderka]
- [internal] Move getting sightings range to one place. [Jakub Onderka]
- [internal] Faster loading sightings if the same attribute is
requested. [Jakub Onderka]
- [statistics shell] added total commit count. [iglocska]
Fix
~~~
- [installer] Update to latest. [Steve Clement]
- [StixExport] suppress unlink warnings. [Richard van den Berg]
- [stix export] log stack trace on error, support 'AMBER NATO ALLIANCE'
TLP tags. [Richard van den Berg]
- [misp_retention] Support objects, use lists for build_complex_query()
[Richard van den Berg]
- [attributes] Possible duplicate attributes. [Jakub Onderka]
- [internal] Missing field for server model when editing event. [Jakub
Onderka]
- [stix2 import] Fixed some object reference issues. [chrisr3d]
- With the newest PyMISP version, the object
references creation had to get some slight
changes:
- We add the referenced object in the event
before the add the reference between the 2
objects, when it is possible
- ** has been removed while calling add_object
since we are adding already verified MISP
objects, and using ** was actually the reason
why the references were not present in the
objects when they had been created before the
referenced object were added to the event
- [stix2 import] Fixed Observable object type checking, following the
recent changes on the stix2 python library. [chrisr3d]
- [stix upload] Removed 'isset' already tested with 'empty' at the same
place. [chrisr3d]
- [stix2 import] Avoid duplication of original-imported-file objects
during the import process. [chrisr3d]
- Duplication can happen when the result of the
import process is an event that already exists
- [security] setting a favourite homepage was not CSRF protected.
[iglocska]
- a user could be lured into setting a MISP home-page outside of the MISP baseurl
- switched the endpoint to be CSRF protection enabled
- as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
- [opendata export] Fixed resource deletion query creation to avoid
silent syntax errors. [chrisr3d]
- [stix] Store synonymsToTagNames.json file in tmp folder. [Jakub
Onderka]
- [mail] Contacting only event creator. [Jakub Onderka]
Fix sending e-mails in Contact Reporter for when 'Submit only to the person that created the event' is checked
- [mail] Contact reporter body. [Jakub Onderka]
Do not send that GPG or Public key are sent as attachment, when user don't have them
- [proposals] re-edded the edit view for propsoals. [iglocska]
- [security] Remove ShadowAttributesController::{getProposalsByUuid,getP
roposalsByUuidList} [Jakub Onderka]
These methods are not used, but they let sync users to access proposals for any event.
- [security] Remove
ShadowAttributesController::{fetchEditForm,editField} [Jakub Onderka]
These methods are not used, but they allow to access attribute data without proper ACL checks.
- [MispObject] Do not unpublish synced events, fixes #4838. [Richard van
den Berg]
- [UI] Attribute category select. [Jakub Onderka]
- [internal] Do not try to access bool as array. [Jakub Onderka]
- [stix2 import] Better markings parsing for both created with MISP and
external STIX. [chrisr3d]
- [stix2 export] Fixed Markings export following the recent changes on
ListProperty. [chrisr3d]
- [sharingGroup:captureSharingGroup] Fix failing capture in case of
roaming mode. [mokaddem]
- The server list check was incorrect
- When capturing, roaming mode was always defaulted to false
- The logs could not be written due to non-initialized class
- [acl] Added event block rule. [iglocska]
- [security] Check event ACL before allowing user to send event contact
form. [Jakub Onderka]
- [stix2 export] Fixed first_seen/last_seen field parsing. [chrisr3d]
- [returnAttributes] remap small cleanup. [iglocska]
- no need to set xml as returnformat, it's the default based on the injected params
- [security] deprecated function with lacking ACL removed. [iglocska]
- replaced deprecated, sharing group unaware, broken function with one that follows the documentation of the deprecated endpoint
- keeping it alive until we purge the deprecated ones in the move to MISP 3/next whatever
- Thanks to Jakub Onderka for reporting it!
- [security] Insufficient ACL checks in the attachment downloader fixed
- Thanks to Jakub Onderka for reporting it. [mokaddem]
- [tag:checkForOverride] Catch if tag didn't have a numerical value
before the override. [mokaddem]
- [user:registration] Report field validations to the user. Fix #6072
and #6073. [mokaddem]
- [stix2] Fixed conversion of object relations containing dots into
custom object values. [chrisr3d]
- Also includes changes to support the import of
custom objects into MISP objects containing
object relations with dots, to avoid issues or
changes on the mapping
- [stix2] Fixed issue with custom object created from MISP object with
underscore in the name. [chrisr3d]
- Includes fix to export the objects into custom
objects, and to import custom objects into MISP
objects back
- Should fix #6046
- [UI] Fetching from not enabled feed should be error. [Jakub Onderka]
- [feed] Incorrect call in Feed::__saveEvent. [Jakub Onderka]
- [internal] Do not create empty link for anonymized org sighting.
[Jakub Onderka]
- [UI] Expanding attribute correlations on other pages. [Jakub Onderka]
- [stix2 export] Fixed datetime issue with the 'created' field of some
stix objects. [chrisr3d]
- Following some changes on the python stix2
library, that caused an issue with the previous
way we created the 'created' field
- [mail] Fix body of passwordReset/newUser emails. [Václav Bartoš]
When MISP sends an email with new credentials, the body is generated from one of the configured templates - passwordResetText or newUserText. However, these two templates were swapped - the newUserText was used for password reset, while passwordResetText was used when new account is created.
This commit fixes it.
- [internal] HTML code fix. [Jakub Onderka]
Other
~~~~~
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #6110 from RichieB2B/ncsc-nl/unlink. [Andras
Iklody]
fix: [StixExport] suppress unlink warnings
- Merge pull request #6109 from RichieB2B/nscc-nl/stixfix. [Andras
Iklody]
fix: [stix export] log stack trace on error, support 'AMBER NATO ALLI…
- Merge pull request #6108 from RichieB2B/ncsc-nl/fix-retention. [Andras
Iklody]
fix: [misp_retention] Support objects, use lists for build_complex_qu…
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
[chrisr3d]
- Merge pull request #6067 from JakubOnderka/fix-composite-type-
uniquenes. [Andras Iklody]
fix: [attributes] Possible duplicate attributes
- Merge pull request #6069 from JakubOnderka/patch-119. [Andras Iklody]
fix: [internal] Missing field for server model when editing event
- Merge pull request #6089 from JakubOnderka/add-attribute-ui-fixes.
[Andras Iklody]
chg: [UI] Add attribute fixes
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
[chrisr3d]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre
Dulaunoy]
- Merge pull request #6071 from JakubOnderka/patch-120. [Andras Iklody]
fix: [stix] Store synonymsToTagNames.json file in tmp folder
- Merge pull request #6070 from JakubOnderka/cidr-correlation-optim.
[Andras Iklody]
Cidr correlation optim
- Merge pull request #6036 from JakubOnderka/cache-freetext-feed-optim.
[Andras Iklody]
chg: [feed] Faster freetext feed caching
- Merge pull request #6044 from JakubOnderka/sort-tags-by-name. [Andras
Iklody]
chg: [UI] Sort tags by name for server rules
- Merge pull request #6035 from JakubOnderka/rest-search-optim. [Andras
Iklody]
chg: [internal] Attribute REST search optimisations and error handling
- Merge pull request #5963 from JakubOnderka/patch-108. [Andras Iklody]
fix: [mail] Contact reporter body
- Merge pull request #6092 from JakubOnderka/event-ui. [Andras Iklody]
chg: [internal] Simplify and optimise eventUI method
- Merge pull request #6087 from JakubOnderka/zip-ext. [Andras Iklody]
new: [diag] Check if ZIP extension is installed
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge branch 'fix-sg-creation' into 2.4. [mokaddem]
- Merge remote-tracking branch 'origin/2.4' into fix-sg-creation.
[mokaddem]
- Merge pull request #6095 from JakubOnderka/shadow-attribute-unused-
vol2. [Andras Iklody]
fix: [security] Remove ShadowAttributesController::{getProposalsByUuid,getProposalsByUuidList}
- Merge pull request #6093 from JakubOnderka/shadow-attribute-unused.
[Andras Iklody]
fix: [security] Remove ShadowAttributesController::{fetchEditForm,editField}
- Merge pull request #6094 from RichieB2B/ncsc-nl/stop-loop. [Andras
Iklody]
fix: [MispObject] Do not unpublish synced events, fixes #4838
- Merge pull request #6088 from JakubOnderka/patch-121. [Andras Iklody]
fix: [UI] Attribute category select
- Merge pull request #6075 from JakubOnderka/bool-is-not-array. [Andras
Iklody]
fix: [internal] Do not try to access bool as array
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
[chrisr3d]
- Merge pull request #6078 from JakubOnderka/fix-acl. [Andras Iklody]
chg: [ACL] Allow to access to fetchOrgsForSG and fetchServersForSG...
- Merge pull request #6079 from legoguy1000/update_AuthkeyShell. [Andras
Iklody]
Allow you to mannually set the API key for automation purposes
- Allow you to mannually set the API key for automation purposes. [Alex
Resnick]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #6077 from JakubOnderka/contact-acl. [Andras
Iklody]
fix: [security] Check event ACL before allowing user to send event contact form
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
[chrisr3d]
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
[chrisr3d]
- Merge pull request #6063 from JakubOnderka/patch-118. [Andras Iklody]
fix: [UI] Fetching from not enabled feed should be error
- Merge pull request #6062 from JakubOnderka/feed-incorect-call. [Andras
Iklody]
fix: [feed] Incorrect call in Feed::__saveEvent
- Merge pull request #6064 from obert01/fix-diag-accessibility. [Andras
Iklody]
- Added proper ARIA properties for the "fix" button in the DB index and
DB schema diagnostic tables. [Olivier BERT]
- Merge pull request #6061 from JakubOnderka/list-sightings-ui. [Andras
Iklody]
fix: [internal] Do not create empty link for anonymized org sighting
- Merge pull request #6060 from JakubOnderka/correlation-expand-fi.
[Andras Iklody]
fix: [UI] Expanding attribute correlations on other pages
- Ch: Bump warninglists. [Raphaël Vinot]
- Ch: Bump misp-objects. [Raphaël Vinot]
- Merge pull request #5985 from vaclavbartos/2.4. [Andras Iklody]
fix: [mail] Fix body of passwordReset/newUser emails
- Merge pull request #6026 from JakubOnderka/save-sightings-
optimisation. [Andras Iklody]
Save sightings optimisation
- Merge pull request #6043 from StefanKelm/2.4. [Andras Iklody]
Update side_menu.ctp
- Update side_menu.ctp. [StefanKelm]
Adjusts menu to be in line with "Global Actions"
- Merge pull request #6045 from JakubOnderka/sightings-loading-optim.
[Andras Iklody]
chg: [internal] Faster loading sightings if the same attribute is req…
- Merge pull request #6049 from JakubOnderka/patch-116. [Andras Iklody]
fix: [internal] HTML code fix
v2.4.128 (2020-06-22) v2.4.128 (2020-06-22)
--------------------- ---------------------