MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] markdown is markdown

pull/21/head
Alexandre Dulaunoy 2020-03-11 16:52:57 +01:00
parent d226fffb1b
commit c62a53bab3
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
_posts/2020-03-10-MISP.2.4.123.released.md
View File

@ -12,10 +12,10 @@ A new version of MISP ([2.4.123](https://github.com/MISP/MISP/tree/v2.4.123)) ha
Thanks to a pentest conducted on behalf of the Centre for Cyber Security Belgium (CCB), we have received a list of ideas to improve our security posture along with 2 vulnerabilities:
- 2 XSS vulnerabilities (reported and fixed, more info via [CVE-2020-10246](/security) and [CVE-2020-10247](/security))
- various improvements for our password policy
- Improvements by adding preventative headers
- Providing the more information to the users by revealing potential foul play
- 2 XSS vulnerabilities (reported and fixed, more info via [CVE-2020-10246](/security) and [CVE-2020-10247](/security))
- various improvements for our password policy
- Improvements by adding preventative headers
- Providing the more information to the users by revealing potential foul play
We would hereby like to thank both the contracted part as well as CCB for sharing the results with us. We are always glad to receive pentest results, it's a great way for organisations to improve the security of MISP and we highly encourage everyone to MISP for potential issues and to [let us know](/security) - we will do our best to fix any identified issues as soon as possible.
@ -27,12 +27,12 @@ As an outcome of quickly setting up a Coronavirus-sharing community via MISP for
The new Dashboard is accessible directly in MISP and fully customisable by users.
- The system relies on bundled and custom widgets
- widgets work similarly to other modular parts of MISP, design your own, drop it in the MISP directory to get started
- For instructions on how to develop a basic widget visit [The training slide repository](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf)
- Under the hood it uses the user settings system, allowing for custom configurations per user
- Dashboard templates can be saved and shared, both via MISP and via JSON configuration files
- Widgets come with a host of support functionalities (ACL, caching, auto-reloading, configuration systems)
- The system relies on bundled and custom widgets
- widgets work similarly to other modular parts of MISP, design your own, drop it in the MISP directory to get started
- For instructions on how to develop a basic widget visit [The training slide repository](https://www.misp-project.org/misp-training/a.a-widget-dev.pdf)
- Under the hood it uses the user settings system, allowing for custom configurations per user
- Dashboard templates can be saved and shared, both via MISP and via JSON configuration files
- Widgets come with a host of support functionalities (ACL, caching, auto-reloading, configuration systems)
We welcome contributions to our ever growing widget collection from our community, let us know if you want to get involved in the effort!