chg: [blog] 2.4.123 updated

pull/21/head
Alexandre Dulaunoy 2020-03-11 16:51:25 +01:00
parent 56d0273152
commit d226fffb1b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 3 additions and 3 deletions

View File

@ -1,7 +1,7 @@
--- ---
title: MISP 2.4.123 released (aka the dashboard and security fix release) title: MISP 2.4.123 released (aka the dashboard and security fix release)
layout: post layout: post
featured: /assets/images/misp/blog/t-misp-overview.png featured: /assets/images/misp/blog/dashboard.png
--- ---
# MISP 2.4.123 released # MISP 2.4.123 released
@ -12,12 +12,12 @@ A new version of MISP ([2.4.123](https://github.com/MISP/MISP/tree/v2.4.123)) ha
Thanks to a pentest conducted on behalf of the Centre for Cyber Security Belgium (CCB), we have received a list of ideas to improve our security posture along with 2 vulnerabilities: Thanks to a pentest conducted on behalf of the Centre for Cyber Security Belgium (CCB), we have received a list of ideas to improve our security posture along with 2 vulnerabilities:
- 2 XSS vulnerabilities (reported and fixed, more info via CVE-2020-10246 and CVE-2020-10247) - 2 XSS vulnerabilities (reported and fixed, more info via [CVE-2020-10246](/security) and [CVE-2020-10247](/security))
- various improvements for our password policy - various improvements for our password policy
- Improvements by adding preventative headers - Improvements by adding preventative headers
- Providing the more information to the users by revealing potential foul play - Providing the more information to the users by revealing potential foul play
We would hereby like to thank both the contracted part as well as CCB for sharing the results with us. We are always glad to receive pentest results, it's a great way for organisations to improve the security of MISP and we highly encourage everyone to MISP for potential issues and to let us know - we will do our best to fix any identified issues as soon as possible. We would hereby like to thank both the contracted part as well as CCB for sharing the results with us. We are always glad to receive pentest results, it's a great way for organisations to improve the security of MISP and we highly encourage everyone to MISP for potential issues and to [let us know](/security) - we will do our best to fix any identified issues as soon as possible.
# Dashboard system # Dashboard system