mirror of https://github.com/MISP/misp-website
Update 2017-07-12-MISP.2.4.77.released.md
parent
3c52a27418
commit
c7809bcb55
|
@ -8,19 +8,19 @@ A new version of MISP [2.4.77](https://github.com/MISP/MISP/tree/v2.4.77) has be
|
||||||
|
|
||||||
This version includes multiple security fixes reported by cert.govt.nz including:
|
This version includes multiple security fixes reported by cert.govt.nz including:
|
||||||
|
|
||||||
- Some security settings including GnuPG password for the signing keys of the MISP notification or redis passwords are now redacted from the server setting.
|
- Some security settings including GnuPG/SMIME passwords for the signing keys used for notifications in MISP and the redis password are now redacted from the server settings accessible via the UI.
|
||||||
- Sanitisation of the filenames has been tightening in the template uploader.
|
- Sanitisation of template uploader view in regards to file names has been tightened.
|
||||||
- Avoid GFI uploader code to throw exceptions (in debug mode) on failed parsing and give a proper a warning.
|
- Avoid any data leakage through exceptions thrown by the GFI uploader on failed parsing when debug mode is enabled. Replaced by instead giving proper a warnings via flash messages.
|
||||||
- Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login.
|
- Hashing algorithm updated to bcrypt for new users and updated transparently for existing users at the next login.
|
||||||
- All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking.
|
- All profile edit pages now require the user's or admin's password to be confirmed to limit the impact on potential session hijacking.
|
||||||
|
|
||||||
A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds.
|
A significant speed improvement on the feed pull has been done for the CSV/freetext import especially for very large feeds. This speed improvement partially carries over to any tasks that add attributes to already large events.
|
||||||
|
|
||||||
Screenshots are now included in search results to better support users actively sharing images artefacts using MISP.
|
Screenshots are now included in search results to better support users actively sharing image artefacts using MISP.
|
||||||
|
|
||||||
Many small and visual improvements were introduced.
|
A host of minor and visual improvements were introduced.
|
||||||
|
|
||||||
MISP taxonomies, galaxy and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added.
|
MISP taxonomies, galaxies and PyMISP updated to the latest version. New default feeds (e.g. dataplane.org) have been added.
|
||||||
|
|
||||||
The full change log is available [here](https://www.misp.software/Changelog.txt).
|
The full change log is available [here](https://www.misp.software/Changelog.txt).
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue