MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2017-07-12-MISP.2.4.77.released.md

pull/2/head
Andras Iklody 2017-07-12 17:27:33 +02:00 committed by GitHub
parent 3c52a27418
commit c7809bcb55
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
_posts/2017-07-12-MISP.2.4.77.released.md
View File

@ -8,19 +8,19 @@ A new version of MISP [2.4.77](https://github.com/MISP/MISP/tree/v2.4.77) has be
This version includes multiple security fixes reported by cert.govt.nz including:
- Some security settings including GnuPG password for the signing keys of the MISP notification or redis passwords are now redacted from the server setting.
- Sanitisation of the filenames has been tightening in the template uploader.
- Avoid GFI uploader code to throw exceptions (in debug mode) on failed parsing and give a proper a warning.
- Some security settings including GnuPG/SMIME passwords for the signing keys used for notifications in MISP and the redis password are now redacted from the server settings accessible via the UI.
- Sanitisation of template uploader view in regards to file names has been tightened.
- Avoid any data leakage through exceptions thrown by the GFI uploader on failed parsing when debug mode is enabled. Replaced by instead giving proper a warnings via flash messages.
- Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login.
- All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking.
A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds.
A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds. This speed improvement partially carries over to any tasks that add attributes to already large events.
Screenshots are now included in search results to better support users actively sharing images artefacts using MISP.
Screenshots are now included in search results to better support users actively sharing image artefacts using MISP.
Many small and visual improvements were introduced.
A host of minor and visual improvements were introduced.
MISP taxonomies, galaxy and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added.
MISP taxonomies, galaxies and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added.
The full change log is available [here](https://www.misp.software/Changelog.txt).