From c7809bcb55340871a633cfeaaba2392a36c29cde Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 12 Jul 2017 17:27:33 +0200 Subject: [PATCH] Update 2017-07-12-MISP.2.4.77.released.md --- _posts/2017-07-12-MISP.2.4.77.released.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/_posts/2017-07-12-MISP.2.4.77.released.md b/_posts/2017-07-12-MISP.2.4.77.released.md index 0f4f3a5..7dbf0d6 100644 --- a/_posts/2017-07-12-MISP.2.4.77.released.md +++ b/_posts/2017-07-12-MISP.2.4.77.released.md @@ -8,19 +8,19 @@ A new version of MISP [2.4.77](https://github.com/MISP/MISP/tree/v2.4.77) has be This version includes multiple security fixes reported by cert.govt.nz including: -- Some security settings including GnuPG password for the signing keys of the MISP notification or redis passwords are now redacted from the server setting. -- Sanitisation of the filenames has been tightening in the template uploader. -- Avoid GFI uploader code to throw exceptions (in debug mode) on failed parsing and give a proper a warning. +- Some security settings including GnuPG/SMIME passwords for the signing keys used for notifications in MISP and the redis password are now redacted from the server settings accessible via the UI. +- Sanitisation of template uploader view in regards to file names has been tightened. +- Avoid any data leakage through exceptions thrown by the GFI uploader on failed parsing when debug mode is enabled. Replaced by instead giving proper a warnings via flash messages. - Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login. - All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking. -A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds. +A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds. This speed improvement partially carries over to any tasks that add attributes to already large events. -Screenshots are now included in search results to better support users actively sharing images artefacts using MISP. +Screenshots are now included in search results to better support users actively sharing image artefacts using MISP. -Many small and visual improvements were introduced. +A host of minor and visual improvements were introduced. -MISP taxonomies, galaxy and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added. +MISP taxonomies, galaxies and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added. The full change log is available [here](https://www.misp.software/Changelog.txt).