MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [changelog] updated

pull/104/head
Alexandre Dulaunoy 2024-06-07 05:52:46 +02:00
parent 3f7ee9a7ac
commit d75f0ae242
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
9 changed files with 1303 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
static/Changelog
View File

@ -2,23 +2,189 @@ Changelog
=========
%%version%% (unreleased)
------------------------
v2.4.193 (2024-06-06)
---------------------
New
~~~
- [attributes/enrich] endpoint added. [iglocska]
- simply post a list of modules you wish to enrich the attribute by
- url: /attributes/enrich/[attrribute_id|attribute_uuid]
- post body in the format of `{"dns":1, "foo_bar_baz": 1}` listing all modules to execute
- [misp-community] MISP-LEA information sharing community added.
[Alexandre Dulaunoy]
- [events:view] New UI feature allowing to collapse Attributes contained
inside an object. [Sami Mokaddem]
- This comes with an MISP setting to configure this behavior at an instance-wide level
- [fatal error] logging added. [iglocska]
- helps administrators to easily see what went wrong in terms of timeouts / oom issues
- [feed acl] changed for feeds that have visibility set to 1. [iglocska]
- any user can now use open feeds to:
- browse the data
- preview individual events
- search the feed caches for the given feeds
- run overlap comparisons on them
- For any feeds/server correlations that do not allow for users to see the contents
- correctly show the server wide opt-in correlations on local events as text, rather than non-functional links
- [feed] sync pull rule checks on manifest, fixes #9728. [iglocska]
- added a new set of checks to rule out events from MISP feed pulls that do not match the filter rules
- should speed things up considerably
Changes
~~~~~~~
- [version] bump. [iglocska]
- [PyMISP] Bump version. [Raphaël Vinot]
- [misp-stix] Bumped latest version. [Christian Studer]
- [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [misp-objects] updated. [Alexandre Dulaunoy]
- [diagnostics] add Database/MysqlObserverExtended to valid data sources
list. [Jeroen Pinoy]
- [attributes/enrich] added to ACL. [iglocska]
- [community] misp-lea.org is actually vetted by us. [Alexandre
Dulaunoy]
- [PyMISP] Bump for testing. [Raphaël Vinot]
- [event:view] Small UI improvement for attribute's type in the object
row. [Sami Mokaddem]
- [events:view] Small UI tweak to prevent object name to wrap. [Sami
Mokaddem]
- [galaxy:galaxy-matrix] Respect order of tabs based on kill_chain_order
definition. [Sami Mokaddem]
- [analyst-data:relationship] Prevent self-referencing relationships.
[Sami Mokaddem]
- [analyst-data:view] Always return attached analyst-data. [Sami
Mokaddem]
- [analyst-data:capture] Recursively capture nested analyst-data. [Sami
Mokaddem]
- [component:CRUD] Added support of afterFind in the delete function.
[Sami Mokaddem]
Fix
~~~
- [feed settings] unpublish_event setting had the inverted effect, fixes
#9739. [iglocska]
- [JS] invalid comparison fixed. [iglocska]
- 2jsirl4jsirl
- [tag search] fixed. [iglocska]
- [modules] /queryEnrichment endpoint fixed in modules controller -
correctly pass module data. [iglocska]
- fixes #9758
- [event fetcher] pop the tag filter after the first round of lookups.
[iglocska]
- no need to add the - in effect same - condition twice. The set_tag_filters() function already returns the conditions on multiple hierarchical levels
- [tag search] fixes #1. [iglocska]
- correctly break the execution for AND ed tag searches if at least one of the tags in the list doesn't exist
- correctly compare against the event_id field in the attribute_tags table, rather than the copy pasta error of Event.id
- [API] don't html encode JSON documents. [iglocska]
- earlier fix broke shit
- sometimes we pass the type as json sometimes as application/json to the response class, which handles it cleanly - but the check only accounted for one case
- [security] changed menu_custom_right_link to CLI only. [iglocska]
- allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise
- as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSC
- [galaxyClusters:restSearch] filter on org_id and orgc_id if param set.
[Jeroen Pinoy]
- [security] rest client additional sanitisation for non json responses.
[iglocska]
- escape non json response bodies
- as reported by Nils Putnins from NCIA NCSC
- [security] changed menu_custom_right_link_html to CLI only. [iglocska]
- allows a malicious / hijacked admin account to embed malicious js in every page otherwise
- as reported by Nils Putnins from NCIA NCSC
- [PyMISP] Fix the tests. [Raphaël Vinot]
- [Collections] path pluralisation fix inb acl check for collections,
fixes #9745. [iglocska]
- no longer breaks collections index
- [event:view] Correctly handle first click on toggle attribute
visibility. [Sami Mokaddem]
- [audit-logs:eventIndex] Fixed pagination issue while viewing event
history. [Sami Mokaddem]
Fix #9726
- [event-report:publishing] Do not reset the event timestamp when
updating an event report. [Sami Mokaddem]
- [feeds] function name change not handled everywhere. [iglocska]
- [ACL] private function name convention not kept for a new function.
[iglocska]
- causes the ACL self-test to complain about an accessible endpoint (which is a private function)
- [correlation] small fix for the preview_event. [iglocska]
- [server correlation UI] fixed link to index preview. [iglocska]
- [password reset] ACL fix. [iglocska]
- [ACL] fixed pre-auth dynamic function calls. [iglocska]
- [server/feed] correlation bug. [iglocska]
- too many correlating events makes MISP barf
- [bruteforceProtection] Avoid failing when wrong user name is used.
[Sami Mokaddem]
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge pull request #9764 from Wachizungu/add-mysqlobserverextended-
validdatasource. [Andras Iklody]
chg: [diagnostics] add Database/MysqlObserverExtended to valid data s…
- Merge branch 'event_view_collapse' into develop. [iglocska]
- Merge branch 'develop' into event_view_collapse. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge pull request #9717 from Wachizungu/fix-galaxyclusters-org-orgc-
restsearch-param. [Andras Iklody]
fix: [galaxyClusters:restSearch] filter on org_id and orgc_id if para…
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #9741 from schatzistogias/2.4. [Alexandre Dulaunoy]
Updated git link
- Updated git link. [Stelios Chatzistogias]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge branch 'visible_feeds' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge pull request #9720 from schatzistogias/patch-1. [Alexandre
Dulaunoy]
Add Infoblox feed to defaults.json
- Add Infoblox feed to defaults.json. [schatzistogias]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
v2.4.192 (2024-05-03)
@ -71,9 +237,6 @@ Changes
- [UI] clicking on your user name should bring up the user profile,
fixes #9708. [iglocska]
- Set BrowscapPHP logging from default DEBUG to INFO. [Bradley Logan]
- [version bump] [iglocska]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Allow Oidc roles as string. [christianmg99]
- [behavior:analystDataParent] Prevent double nesting analyst data when
bulk fetching. [Sami Mokaddem]
- [CLI] Simplify updating JSON structures. [Jakub Onderka]
@ -178,10 +341,6 @@ Other
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge pull request #9695 from christianmg99/allow-oidc-roles-string.
[Jakub Onderka]
chg: [config] Allow Oidc roles as string
- Merge branch '2.4' into develop. [Sami Mokaddem]
- Revert "Revert "new: [event:index] Added support of ANDed tag
filtering in the backend"" [Sami Mokaddem]
@ -217,6 +376,9 @@ v2.4.191 (2024-04-22)
Changes
~~~~~~~
- [version bump] [iglocska]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Set Oidc issuer. [Christian Morales Guerrero]
Fix
@ -228,6 +390,10 @@ Fix
Other
~~~~~
- Merge pull request #9695 from christianmg99/allow-oidc-roles-string.
[Jakub Onderka]
chg: [config] Allow Oidc roles as string
- Revert "new: [event:index] Added support of ANDed tag filtering in the
backend" [Sami Mokaddem]

40
static/Changelog-PyMISP.txt
View File

@ -2,13 +2,49 @@ Changelog
=========
%%version%% (unreleased)
------------------------
v2.4.193 (2024-06-06)
---------------------
New
~~~
- [analyst-data] Added initial support of analyst data concept and
functions - WiP. [Sami Mokaddem]
Changes
~~~~~~~
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- A bit more refactoring. [Raphaël Vinot]
- Use from_dict in the mixin to initialize the objects. [Raphaël Vinot]
- [analyst-data] Added improvements, API endpoints and tests. [Sami
Mokaddem]
- [analyst-data] Make sure to include note_type_name. [Sami Mokaddem]
- Make mypy happy, change inheritance. [Raphaël Vinot]
- Allow orgc context for search_galaxy_clusters. [Jeroen Pinoy]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- [analyst-data] Continued implementation of analyst-data support. [Sami
Mokaddem]
- Allow orgc context for search_galaxy_clusters. [Jeroen Pinoy]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- Bump changelog. [Raphaël Vinot]
Fix
~~~
- Get the tests to pass. [Raphaël Vinot]
- Properly load AnalystData from dict. [Raphaël Vinot]
- More changes to get the tests to pass. [Raphaël Vinot]
- [event-report] Make sure to generate an UUID. [Sami Mokaddem]
- Pass kwargs to abstract. [Raphaël Vinot]
Other
~~~~~
- Chg; Bump changelog. [Raphaël Vinot]
- Chg; Bump version. [Raphaël Vinot]
- Add test case. [Vincenzo]
- Add attach galaxy cluster method. [Vincenzo]
v2.4.190 (2024-04-18)
---------------------

194
static/Changelog-misp-galaxy.txt
View File

@ -1,6 +1,200 @@
# Changelog
## v2.4.193 (2024-06-06)
### New
* [d3fend] added relationships to ATT&CK. [Christophe Vandeplas]
* [d3fend] initial conversion script for MITRE D3FEND #975. [Christophe Vandeplas]
### Changes
* [threat-actor] jq all the things. [Alexandre Dulaunoy]
* [sigma] updated. [Alexandre Dulaunoy]
* [threat-actor] version updated. [Alexandre Dulaunoy]
* [misp-galaxy] version updated. [Alexandre Dulaunoy]
* [threat-actor] updated following PR #977. [Alexandre Dulaunoy]
The `master` branch should not be used
* [tidal-software] remove duplicate from the API. [Alexandre Dulaunoy]
* [doc] README updated. [Alexandre Dulaunoy]
* [tidal] updated to the latest version. [Alexandre Dulaunoy]
* [sigma] updated to the latest version. [Alexandre Dulaunoy]
* [ATLAS] Update to latest version #newUUIDsForAll. [Christophe Vandeplas]
* [mitre] added TODO about more metadata that breaks things. [Christophe Vandeplas]
* [mitre] Use x_mitre_platforms for kill-chain separation. [Christophe Vandeplas]
* [mitre] minor update. [Christophe Vandeplas]
* [sigma] updated to the latest version. [Alexandre Dulaunoy]
* [threat-actor] STORM ->> Storm. [Rony]
* [threat-actor] `Earth Freybug` added. [Rony]
Tracking it seperately for now though TM identified it as subset of APT41
* [threat-actor] UNC3236 removed. [Rony]
### Fix
* [readme] update index + hide deprecated galaxies. [Christophe Vandeplas]
* [d3fend] updated readme. [Christophe Vandeplas]
* [d3fend] sort keys to make jq_all_the_things happy. [Christophe Vandeplas]
* Resolve conflict. [Rony]
### Other
* Merge pull request #985 from Mathieu4141/threat-actors/c7c9e71f-32b4-4b8c-91d8-dbef5cd895da. [Alexandre Dulaunoy]
[threat actors] Add 7 actors and 1 alias
* [threat-actors] Add Hunt3r Kill3rs. [Mathieu4141]
* [threat-actors] Add LilacSquid. [Mathieu4141]
* [threat-actors] Add SEXi. [Mathieu4141]
* [threat-actors] Add FlyingYeti. [Mathieu4141]
* [threat-actors] Add StucxTeam. [Mathieu4141]
* [threat-actors] Add APT28 aliases. [Mathieu4141]
* [threat-actors] Add Unfading Sea Haze. [Mathieu4141]
* [threat-actors] Add RansomHub. [Mathieu4141]
* Merge pull request #980 from jstnk9/sidewinder-update. [Alexandre Dulaunoy]
update sidewinder information
* Update threat-actor.json. [jstnk9]
* Merge pull request #984 from Delta-Sierra/main. [Alexandre Dulaunoy]
add Europol as producer
* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra]
* Merge pull request #983 from Delta-Sierra/main. [Alexandre Dulaunoy]
add ransomlook_update script
* Merge pull request #979 from Mathieu4141/threat-actor/alpha-spider-f3194f38-902d-4738-91ea-0003abb2c1ab. [Alexandre Dulaunoy]
[threat-actors] Add Alpha Spider
* [threat-actors] Add Alpha Spider. [Mathieu4141]
* Merge pull request #981 from cvandeplas/main. [Alexandre Dulaunoy]
Implement MITRE D3FEND matrix #975
* Merge remote-tracking branch 'MISP/main' [Christophe Vandeplas]
* Merge pull request #982 from Delta-Sierra/main. [Alexandre Dulaunoy]
update ransomware galaxy with ransomlook data
* Add Europol as producer (incomplete) [Delta-Sierra]
* Remove print-tests. [Delta-Sierra]
* Add ransomlook_update script. [Delta-Sierra]
* Should fix duplicate 'refs' in newly added ransomware (did not expect this case) [Delta-Sierra]
* Update ransomware galaxy with ransomlook data. [Delta-Sierra]
* Merge pull request #978 from Mathieu4141/threat-actors/5085bb5f-2aa6-485f-8e57-389d4020b408. [Alexandre Dulaunoy]
Add 3 actors and 1 alias
* [threat actors] fix merge. [Mathieu Beligon]
* Merge branch 'main' into threat-actors/5085bb5f-2aa6-485f-8e57-389d4020b408. [Mathieu Béligon]
* Merge pull request #976 from MISP/dependabot/pip/tools/mkdocs/requests-2.32.0. [Alexandre Dulaunoy]
build(deps): bump requests from 2.31.0 to 2.32.0 in /tools/mkdocs
* --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... [dependabot[bot]]
* Add phantomcore reference. [Mathieu Béligon]
* [threat-actors] Add Kimsuky aliases. [Mathieu4141]
* [threat-actors] Add Void Manticore. [Mathieu4141]
* [threat-actors] Add CiberInteligenciaSV. [Mathieu4141]
* [threat-actors] Add PhantomCore. [Mathieu4141]
* Merge pull request #973 from cvandeplas/main. [Christophe Vandeplas]
chg: [atlas] update to latest version #newUUIDsForAll
* Merge pull request #972 from cvandeplas/main. [Alexandre Dulaunoy]
chg: [MITRE] Split Matrix view based on OS and more metadata
* Merge pull request #971 from MISP/dependabot/pip/tools/mkdocs/jinja2-3.1.4. [Alexandre Dulaunoy]
build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /tools/mkdocs
* Build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /tools/mkdocs. [dependabot[bot]]
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4)
---
updated-dependencies:
- dependency-name: jinja2
dependency-type: direct:production
...
* Merge pull request #970 from Mathieu4141/threat-actors/f2209789-2fa7-4909-9abd-6c6d32bb9213. [Alexandre Dulaunoy]
[threat-actors] Add 1 actor and 1 alias
* [threat-actors] Add SaintBear aliases. [Mathieu4141]
* [threat-actors] Add Water Orthrus. [Mathieu4141]
* Merge pull request #967 from r0ny123/fix. [Alexandre Dulaunoy]
Fix
* Merge branch 'main' into fix. [Rony]
* Merge pull request #969 from Mathieu4141/threat-actors/74b921ec-6404-4d0c-b49b-169be387d1f9. [Alexandre Dulaunoy]
[threat actors] add 2 actors
* [threat-actors] Add USDoD. [Mathieu4141]
* [threat-actors] Add STORM-1849. [Mathieu4141]
## v2.4.192 (2024-04-26)
### New

123
static/Changelog-misp-modules.txt
View File

@ -1,6 +1,129 @@
# Changelog
## v2.4.193 (2024-06-06)
### Fix
* Fix: [REQUIREMENTS] validators no more required as mentioned by @ostefano. [Alexandre Dulaunoy]
* [ipasn] add support for `ip` type. [Alexandre Dulaunoy]
### Other
* Merge pull request #667 from ostefano/fix. [Alexandre Dulaunoy]
remove index information from requirements file
* Remove index information from requirements file. [Stefano Ortolani]
## v2.4.192 (2024-06-06)
### New
* [functionality] checkbox configure module. [David Cruciani]
* [functionality] flowintel + multiple entry. [David Cruciani]
### Changes
* [doc] updated. [Alexandre Dulaunoy]
* [launch] misp-modules. [David Cruciani]
* [misp-modules] doc updated. [Alexandre Dulaunoy]
* [doc] describe that the misp-modules can be used without MISP. [Alexandre Dulaunoy]
* [virustotal] support ip-src/ip-dst|port attribute type. [Alexandre Dulaunoy]
Fix #632
### Fix
* [virustotal] fix the typo for the VT link. [Alexandre Dulaunoy]
Fix #644
Fix #595
* [core] the default buffer size in Tornado HTTP server is not enough for large MISP event. [Alexandre Dulaunoy]
Fix #662
* [dns] add the exception in the error message. [Alexandre Dulaunoy]
As there are still distribution installing old version of dnspython,
it's easier to debug if we receive the exception directly in misp-module.
### Other
* Merge branch 'main' of github.com:MISP/misp-modules. [Alexandre Dulaunoy]
* Merge pull request #666 from davidonzo/main. [Andras Iklody]
Update REQUIREMENTS
* Update REQUIREMENTS. [Davide Baglieri]
apiosintDS updated in order to solve the following (minor) issue https://github.com/davidonzo/apiosintDS/issues/3 opened by @ostefano.
* Remove: [js] useless file. [David Cruciani]
* Merge pull request #659 from MISP/dependabot/pip/website/werkzeug-3.0.3. [David Cruciani]
build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website
* Build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website. [dependabot[bot]]
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.8 to 3.0.3.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/werkzeug/compare/2.3.8...3.0.3)
---
updated-dependencies:
- dependency-name: werkzeug
dependency-type: direct:production
...
* Merge pull request #664 from VirusTotal/feat/gti-doc. [Alexandre Dulaunoy]
[Google Threat Intelligence] Add web doc and fix logo for the module
* Add web doc and fix logo for the Google Threat Intelligence module. [Daniel Pascual]
* Merge pull request #663 from VirusTotal/feat/google-threat-intel. [Alexandre Dulaunoy]
feat: Google Threat Intelligence expansion module
* Merge. [Daniel Pascual]
* Fix hedight. [Daniel Pascual]
* Doc. [Daniel Pascual]
* Logo and desc. [Daniel Pascual]
* Remove debug traces. [Daniel Pascual]
* Google Threat Intelligence MISP module. [Daniel Pascual]
* Merge pull request #661 from goodlandsecurity/slack-action-module. [Alexandre Dulaunoy]
Slack action module
* Add slack action module. [goodlandsecurity]
* Merge pull request #660 from goodlandsecurity/stairwell-expansion-module. [Alexandre Dulaunoy]
add stairwell expansion module and update misp-objects to a193e03
* Forgot the json documentation. [goodlandsecurity]
* Add stairwell expansion module and update misp-objects to a193e03. [goodlandsecurity]
## v2.4.188 (2024-03-20)
### Changes

10
static/Changelog-misp-objects.txt
View File

@ -1,7 +1,7 @@
# Changelog
## %%version%% (unreleased)
## v2.4.193 (2024-06-06)
### Changes
@ -20,10 +20,18 @@
### Fix
* [research-scanner] version updated. [Alexandre Dulaunoy]
* [jq] all the things. [iglocska]
### Other
* Merge pull request #432 from bynt/main. [Alexandre Dulaunoy]
add 'hostname' for scanning host to object 'research-scanner'
* Add 'hostname' for scanning host to object 'research-scanner' [Martin Waleczek]
* Organization object. [Andras Iklody]
- Added "private" to the list of sectors as suggested by Monsieur Hamm.

527
static/Changelog-misp-stix.txt
View File

@ -1,6 +1,533 @@
# Changelog
## v2.4.193 (2024-06-06)
### Changes
* [poetry] Bumped latest version in lock file. [Christian Studer]
* [poetry] Updated version. [Christian Studer]
* [stix2 import] Adding `source` information to the custom Galaxy Clusters imported from STIX 2.x objects. [Christian Studer]
* [stix2 import] Simplify loading JSON files. [Jakub Onderka]
* [tests] Updated tests for `domain-ip` objects import from STIX 2.1 to cover specific cases with UUIDs handling. [Christian Studer]
* [stix2 import] Using the file observable references parsing method to convert v2.0 observable objects. [Christian Studer]
* [stix2 import] Making the network-traffic objects parsing more generic. [Christian Studer]
- Some parts will be more easily reused for
network traffic objects associated to some
observed data objects
* [stix2 import] Added generic conversion methods for observable objects associated to observed data objects imported as MISP objects. [Christian Studer]
* [tests] Deduplicating existing tests for external directory observable objects. [Christian Studer]
### Fix
* [stix2 import] Making Python 3.8 & 3.9 happy with the typing. [Christian Studer]
* [stix2 import] Post Observed Data Converter merge clean up and reassembling. [Christian Studer]
* [stix2 import] Merged missing conflicts. [Christian Studer]
* [stix2 import] Invalid typehint. [Jakub Onderka]
* [stix2 import] Avoid running git process. [Jakub Onderka]
* [stix2 import] No longer require to exclude patterns with 'AND' and 'OR' [Christian Studer]
- With indicators' patterns parsed with the pattern
data parser, we do not need to deal ourselves with
some patterns complexity
- Patterns with 'AND' and 'OR' are parsed as
expected with no loss of one of the expression
* [stix2 import] Fixed UUID handling for `email` object attributes parsed from `email-message` references. [Christian Studer]
* [stix2 import] Fixed `domain-ip` objects UUID handling. [Christian Studer]
* [stix2 import] Handling domains resolving other domains with object references. [Christian Studer]
* [stix2 import] Removed unnecessary intermediary method. [Christian Studer]
* [stix2 import] Avoiding `domain-name` observable objects to be skipped because they're referenced by another domain-name object. [Christian Studer]
* [stix2 import] Fixed `domain-ip` attributes UUIDs handling. [Christian Studer]
* [stix2 import] Fixed `domain-ip` object attributes handling as `_sanitise_attribute_uuid` already returns a dict with the `uuid` key included. [Christian Studer]
* [stix2 import] Fixed `_observable` variable name. [Christian Studer]
* [stix2 import] Protocols error message made clearer. [Christian Studer]
* [tests] Better UUID tests for objects imported from STIX 2.x Network Traffic Observable objects. [Christian Studer]
* [stix2 import] Better internal http-request objects import from Observable objects. [Christian Studer]
* [stix2 import] Better handling of attributes uuid for values converted from internal Network Traffic Observable objects. [Christian Studer]
* [stix2 import] Fixing the internal STIX2 Network Traffic Observable objects and references IDs handling. [Christian Studer]
* [stix2 import] Fixed Network Traffic Observable objects from internal STIX 2.x content parsing. [Christian Studer]
- Added `connection_protocols` mapping to the internal
mapping as it was removed from the parent mapping
to avoid issues with the external mapping but was
supposed to be moved and not completely removed
- Added specific parsing for internal network traffic
references objects
* [stix2 import] Fixed STIX 2.0 Network Traffic Observable objects parsing. [Christian Studer]
* [stix2 import] Added missing `protocol_attribute` property in STIX2Mapping parent class. [Christian Studer]
* [stix2 import] Better handling of internal Galaxy & Cluster description. [Christian Studer]
* [stix2 import] Updated Network Traffic observables objects mapping to MISP objects. [Christian Studer]
* [stix2 import] Importing Network Traffic observable objects referenced by external Observed Data objects with the `network-traffic` generic MISP object template. [Christian Studer]
* [stix2 import] Fixed email message objects parsing. [Christian Studer]
* [stix2 import] Avoiding issues introduced since we updated the observables fetching method. [Christian Studer]
- As observables are fetched in a generator, we have to handle
it before returning a single or multiple observable(s) to
avoid breaking the automation on conversion of the internal
STIX 2.x content without modifying the different methods
* [stix2 import] Avoiding issues with the internal STIX 2.1 Autonomous System observable objects fetching method. [Christian Studer]
* [stix2 import] Making the multiple observables fetching method available to both internal and external STIX 2 Observed Data object converters. [Christian Studer]
* [stix2 import] Avoiding issues with `ssdeep` hash type in STIX 2.0 external content. [Christian Studer]
* [stix2 import] Updated pe object mapping with the `compilation-timestamp` attribute. [Christian Studer]
* [stix2 import] Better STIX 2.0 `windows-pebinary-ext` within File observable object handling. [Christian Studer]
* [stix2 import] MISP object references handling method name. [Christian Studer]
* [stix2 import] Error exceptions handling method name. [Christian Studer]
* [stix2 import] Fixed the MISP object reference duplicates checking. [Christian Studer]
* [stix2 import] Deduplication of MISP object references. [Christian Studer]
- Checking the presence of references with the same
referenced uuid AND relationship type before
adding a reference to a MISP object
* [stix2 import] Fixed File PE extension parsing method name to avoid confusion with the generic method used then from the observable objects converter class. [Christian Studer]
* [stix2 import] Avoiding issues with observables references, by keeping track of each reference within a single STIX 2.0 observed data objects list. [Christian Studer]
* [stix2 import] Returning MISPAttributes in some generic observable objects conversion methods. [Christian Studer]
* [stix2 import] Fixed wrong variable name for a MISP object meta fields check. [Christian Studer]
* [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the `organisation_uuid` argument. [Christian Studer]
* [stix2 import] Setting `single_event` when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods. [Christian Studer]
* [stix2 import] Fixed the case with multiple events as result. [Christian Studer]
- As `single_event` was set again for each report or grouping,
there was no possibility the multiple events were saved
accordingly on different result files
* [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used. [Christian Studer]
- Parsing them when the loading methods are called
can raise issues with some referenced identity
objects are not loaded already
* [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references. [Christian Studer]
* [stix2 import] Fixed MISP Sightings handling. [Christian Studer]
* [stix2 import] Removed unused import. [Christian Studer]
- I guess this was an auto completion typo
* [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle. [Christian Studer]
* [stix2 import] Removed unsued import & added missing blank lines to make pep8 happy. [Christian Studer]
* [stix2 import] Added the missing sorting statement for observable objects types passed to match mapping. [Christian Studer]
* [stix2 import] Clearer observable objects mapping handling in the observed data conversion methods. [Christian Studer]
* [stix2 import] Reusing the STIX 2.1 observable objects fetching method. [Christian Studer]
* [stix2 import] Setting MISP objects timestamp with the datetime value instead of an int. [Christian Studer]
* [stix2 import] Fixed AttributeError with method from parent conversion class. [Christian Studer]
* [tests] Passing observable ids instead of objects themselves for some tests that only need to know about ids. [Christian Studer]
* [tests] Testing MISP Object comment when its uuid is v5. [Christian Studer]
* [stix2 import] Added observed data id as comment for misp objects converted from STIX 2.0 when it has a v5 uuid. [Christian Studer]
* [stix2 import] Some typings fixed. [Christian Studer]
* [stix2 import] Quick reordering to allow more reusability. [Christian Studer]
* [stix2 import] Avoiding issues with marking definitions referenced but not present in a file. [Christian Studer]
- Checking TLP Markings
* [stix2 import] Better tags from indicators parsing & simplified the tags handling method. [Christian Studer]
* [stix2 import] Some methods deduplication between main parser & converters. [Christian Studer]
* [stix2 import] Yield syntax. [Christian Studer]
* [stix2 import] Copy-paste typo. [Christian Studer]
* [tests] Quick fix on the `created` or `created_time` field from a process observable object. [Christian Studer]
* [stix2 import] Avoid future potential issues with object names in generic conversion methods. [Christian Studer]
- When an object name has at least one `-` and we
want to use the related mapping, we need to
`replace('-', '_')` to avoid issues with
mapping names
* [stix2 import] Quick fix in the Process observable objects associated with Observed Data objects conversion method. [Christian Studer]
* [stix2 import] Utilising the newly added `environment-variables` attribute to properly import the environment variables & arguments of a STIX 2.x process object. [Christian Studer]
* [stix2 import] Updated typings. [Christian Studer]
* [stix2 import] Typo on the generic observable object parsing method to call. [Christian Studer]
* [stix2 import] Deduplication in the STIX 2.1 Directory objects parsing. [Christian Studer]
* [stix2 import] Removed duplicated MISP Attribute dict creation methods. [Christian Studer]
* [stix2 import] Better handling of generic observable object parsers. [Christian Studer]
* [stix2 import] Quick clean-up on some observed data method arguments. [Christian Studer]
* [stix2 import] Fixed Observable objects types mapping. [Christian Studer]
- Considering the possibility to have both types of
IP addresses wihtin the Observed Data list of
obervable objects
* [stix2 import] Better overall UUID sanitation & comments handling for MISP attributes creation. [Christian Studer]
* [tests] Removed `spec_version` fields in STIX 2.0 samples. [Christian Studer]
* [stix2 import] Properly calling the UUID sanitation method. [Christian Studer]
* [stix2 import] Removing unused variable in marking definitions parsing. [Christian Studer]
* [stix2 import] Fixed directory observable objects parsing method header. [Christian Studer]
- In this specific location, the `object_id` argument is not Optional
* [tests] Added missing tests for directory path attribute types. [Christian Studer]
* [stix2 import] Reuse of the method parsing Directory observable objects with an `id` field. [Christian Studer]
* [stix2 import] Using the AS value parsing method for an AS value that was missing it. [Christian Studer]
* [stix2 import] Fixed directory mapping. [Christian Studer]
* [stix2 import] Quick pep8 clean-up. [Christian Studer]
* [stix2 import] Fixed the converters composition. [Christian Studer]
- The `getattr` statements were actually making
their default argument execute itself and
re-initialising each converter attribute as if
it was there first call and the attribute did
not exist
* [tests] A tiny clarification change. [Christian Studer]
* [stix2 import] Observable objects fetcher moved to the parent class as it will be reused for internal & external conversion. [Christian Studer]
* [stix2 import] Quick syntax fix. [Christian Studer]
### Other
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'parser_feature' of github.com:misp/misp-stix into parser_feature. [Christian Studer]
* Merge branch 'acs-marking' of github.com:MISP/misp-stix into parser_feature. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into parser_feature. [Christian Studer]
* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer]
* Merge pull request #65 from JakubOnderka/fix-git. [Christian Studer]
fix: [stix2 import] Avoid running git process
* Add: [tests] Tests for Email Message objects - and references - import from STIX 2.x. [Christian Studer]
* Add: [stix2 import] Updated the STIX 2.x Email objects mappings. [Christian Studer]
* Wip: [tests] Tests for `domain-ip` objects import from external STIX 2.x. [Christian Studer]
* Wip: [tests] Tests for Network Traffic Observable objects imported from external STIX 2 bundles as `network-traffic` objects. [Christian Studer]
* Wip: [stix2 import] Better conversion of Network Traffic references observable objects. [Christian Studer]
- Such as IP addresses, Domain names and Mac addresses
referenced with the `src_ref` and `dst_ref` fields
* Wip: [stix2 import] Parsing Network Traffic Observable objects referenced in Observed Data from the Observed Data Converter. [Christian Studer]
* Wip: [stix2 import] Parsing EmailMessage observable objects from Observed Data converter. [Christian Studer]
* Wip: [stix2 import] Reusing `EmailMessage` observable parsing method. [Christian Studer]
* Wip: [stix2 import] Parsing `DomainName` and IP observable objects resolving each others. [Christian Studer]
* Wip: [stix2 import] Parsing `archive-ext` from standalone file observable objects. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Wip: [tests] Added tests for file objects with extensions. [Christian Studer]
* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Wip: [stix2 import] Parsing File objects extensions. [Christian Studer]
* Wip: [stix2 import] Parsing STIX 2.0 Observed Data objects with multiple embedded observable objects with no specific mapping. [Christian Studer]
* Wip: [stix2 import] Better observable objects fetching methods. [Christian Studer]
* Wip: [stix2 import] Parsing Observable objects referenced together by a single Observed Data object with no specific mapping. [Christian Studer]
* Wip: [tests] Tests for File objects and their Directory & Artifact references import from STIX 2.x. [Christian Studer]
* Wip: [stix2 import] Converting File observable objects and their Directory & Artifact references. [Christian Studer]
* Wip: [stix2 import] Better observable objects parsing. [Christian Studer]
* Wip: [stix2 import] Better embedded directory observable object references parsing. [Christian Studer]
* Wip: [stix2 import] Parsing the observable objects referenced with `contains_refs` references in a generic method that will be reused later. [Christian Studer]
* Wip: [tests] Tests for some objects referenced by Opinions. [Christian Studer]
* Add: [stix2 import] Added `organisation_uuid` argument to use to generate the custom clusters UUID. [Christian Studer]
* Wip: [tests] Tests for user account observable objects referenced by registry keys as creators. [Christian Studer]
* Wip: [stix2 import] Handling cases where some STIX 2.1 observable objects are referenced by multiple observed data objects. [Christian Studer]
* Wip: [stix2 import] Parsing User Account observables referenced by registry keys to be the creator reference. [Christian Studer]
* Wip: [tests] Tests for STIX 2.x Windows Registry Key objects conversion. [Christian Studer]
* Wip: [stix2 import] Converting STIX 2.x Windows Registry Key objects. [Christian Studer]
* Wip: [tests] Tests for External STIX 2.x User Account observable objects import as MISP objects. [Christian Studer]
* Wip: [stix2 import] Parsing external STIX 2.x User Account observable objects from converters. [Christian Studer]
* Wip: [tests] Tests for external STIX 2.x Process observable objects associated with Observed Data object import as MISP `process` objects. [Christian Studer]
* Wip: [stix2 import] Parsing Process observable objects from converters. [Christian Studer]
* Wip: [tests] Tests for X509 Certificate objects import from STIX 2.x. [Christian Studer]
* Wip: [stix2 import] Reusing the generic observed data parsing methods to support X509 observable objects conversion from the converters. [Christian Studer]
* Wip: [tests] Tests for external Software Observable objects - within or referenced by Observed data objects - import to MISP objects. [Christian Studer]
* Wip: [stix2 import] Reusing the generic observed data parsing methods to support Software observable objects conversion from the converters. [Christian Studer]
* Wip: [tests] Tests for external STIX 2.x Observed Data with artifact observable objects import to MISP. [Christian Studer]
* Wip: [stix2 import] Parsing external STIX 2.x Observed data with artifact observable objects, from converters. [Christian Studer]
* Wip: [stix2 import] Handling the observable relationships after the observed data objects are all parsed. [Christian Studer]
* Wip: [tests] Tests for Observable objects converted in a generic way to MISP attributes. [Christian Studer]
* Wip: [stix2 import] Parsing some Observable objects - converted to MISP attributes - in a generic way, from Observed Data converter. [Christian Studer]
* Wip: [tests] Tests for email address observable objects in observed data import from external STIX 2.x content. [Christian Studer]
* Wip: [stix2 import] Parsing email address observable objects in observed data from external STIX 2.x content, in converters. [Christian Studer]
* Add: [tests] Tests for Autonomous System observable objects with observed data import from STIX 2.x. [Christian Studer]
* Add: [stix2 import] Parsing Observed Data with Autonomous System observable objects from converters. [Christian Studer]
* Wip: [tests] Tests for directory observable objects import from STIX 2.x. [Christian Studer]
* Wip: [stix2 import] Porting Observed Data objects conversion ability to converters, starting with Directory objects. [Christian Studer]
- Introducing a better conversion process
- Handling complex references between observable
objects amongst observed data objects
## v2.4.188 (2024-03-21)
### Changes
* [poetry] Bumped lock file with latest versions. [Christian Studer]
* [package] Bumping new version. [Christian Studer]
### Fix
* [stix2 import] Centralised the cluster creation in one single place and added the meta parsing as galaxy elements statement. [Christian Studer]
* [stix2 import] Storing the galaxy args. [Christian Studer]
- The idea is to create a MISP Galaxy object each
time it is needed instead of storing it
* [stix2 import] Using the `_add_misp_object` helper that already handles tags and other stuff related to a MISP object and its attributes. [Christian Studer]
* [stix2 import] Added missing `collection_uuid` value to the ACS marking clusters. [Christian Studer]
* [stix2 import] Some typing and pycodestyle issues fixed. [Christian Studer]
* [stix2 import] Fixed ACS marking parsing. [Christian Studer]
- Privilege scope fields and values are correctly
flattened, and the Marking Definition spec'
version is correctly used
* [stix2 import] Fixed variable assignment typo & storing of the acs marking clusters raising issues. [Christian Studer]
### Other
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Merge branch 'acs-marking' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Wip: [stix2 import] Adding a set of tags alongside with the Galaxy Clusters converted from ACS markings. [Christian Studer]
* Wip: [stix2 import] Attaching ACS markings as galaxies to the referenred data layer (attribute or event) [Christian Studer]
* Wip: [stix2 import] First shot of an ACS marking parsing method. [Christian Studer]
* Wip: [stix2 import] Preparing for an update on marking definitions parsing. [Christian Studer]
## v2.4.186 (2024-02-27)
### Changes
* [package, poetry] New version. [Christian Studer]
* [poetry] Bumped latest versions. [Christian Studer]
### Fix
* [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the `organisation_uuid` argument. [Christian Studer]
* [stix2 import] Avoiding issues with Marking Definition objects that are parsed and handle directly when they're loaded. [Christian Studer]
* [stix2 import] Setting `single_event` when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods. [Christian Studer]
* [stix2 import] Fixed the case with multiple events as result. [Christian Studer]
- As `single_event` was set again for each report or grouping,
there was no possibility the multiple events were saved
accordingly on different result files
* [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used. [Christian Studer]
- Parsing them when the loading methods are called
can raise issues with some referenced identity
objects are not loaded already
* [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references. [Christian Studer]
* [stix2 import] Fixed MISP Sightings handling. [Christian Studer]
* [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle. [Christian Studer]
### Other
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Add: [stix2 import] Added `organisation_uuid` argument to use to generate the custom clusters UUID. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]
## v2.4.185 (2024-02-16)
### Changes
* [poetry] Bumped latest dependencies versions. [Christian Studer]
* [poetry, package] Set latest version. [Christian Studer]
### Fix
* [stix2 import] Yield syntax. [Christian Studer]
* [stix2 import] Fixed Observable objects types mapping. [Christian Studer]
- Considering the possibility to have both types of
IP addresses wihtin the Observed Data list of
obervable objects
* [stix2 import] Removing unused variable in marking definitions parsing. [Christian Studer]
* [stix2 import] Using the AS value parsing method for an AS value that was missing it. [Christian Studer]
* [stix2 import] Fixed directory mapping. [Christian Studer]
* [stix2 import] Fixed the converters composition. [Christian Studer]
- The `getattr` statements were actually making
their default argument execute itself and
re-initialising each converter attribute as if
it was there first call and the attribute did
not exist
* [stix2 import] Avoiding issues with marking definitions referenced but not present in a file. [Christian Studer]
- Checking TLP Markings
### Other
* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
## v2.4.183 (2024-01-04)
### Changes

13
static/Changelog-misp-taxonomies.txt
View File

@ -1,6 +1,19 @@
# Changelog
## v2.4.193 (2024-06-06)
### Other
* Merge pull request #282 from vxsh4d0w/patch-7. [Alexandre Dulaunoy]
Update machinetag.json
* Update machinetag.json. [V]
Added Zombieware category, malware that has been abandoned by its operators, and despite being abandoned, new replications of the malware continue to appear in the wild.
## v2.4.190 (2024-04-18)
### Changes

49
static/Changelog-misp-warninglists.txt
View File

@ -1,6 +1,55 @@
# Changelog
## v2.4.193 (2024-06-06)
### Changes
* [lists] updated. [Alexandre Dulaunoy]
* [bank] list updated. [Alexandre Dulaunoy]
* [updated] warning-lists updated. [Alexandre Dulaunoy]
### Other
* Merge pull request #274 from czenek/bank-website-update. [Alexandre Dulaunoy]
Update bank-website
* Update bank-website. [czenek]
added new domain of Commercial Bank of Qatar
* Merge pull request #273 from karenyousefi/main. [Alexandre Dulaunoy]
update
* Update list.json. [Karen Yousefi]
* Update link in bio. [Karen Yousefi]
Update to V3
* Merge pull request #272 from karenyousefi/main. [Alexandre Dulaunoy]
Update
* Update url-shortener. [Karen Yousefi]
update to V14
* Update to V2. [Karen Yousefi]
update to V2
* Merge pull request #271 from cudeso/main. [Alexandre Dulaunoy]
Add URL match for banks, google and microsoft
* Add URL match for banks, google and microsoft. [Koen Van Impe]
## v2.4.192 (2024-04-26)
### Changes

184
static/Changelog.txt
View File

@ -2,23 +2,189 @@ Changelog
=========
%%version%% (unreleased)
------------------------
v2.4.193 (2024-06-06)
---------------------
New
~~~
- [attributes/enrich] endpoint added. [iglocska]
- simply post a list of modules you wish to enrich the attribute by
- url: /attributes/enrich/[attrribute_id|attribute_uuid]
- post body in the format of `{"dns":1, "foo_bar_baz": 1}` listing all modules to execute
- [misp-community] MISP-LEA information sharing community added.
[Alexandre Dulaunoy]
- [events:view] New UI feature allowing to collapse Attributes contained
inside an object. [Sami Mokaddem]
- This comes with an MISP setting to configure this behavior at an instance-wide level
- [fatal error] logging added. [iglocska]
- helps administrators to easily see what went wrong in terms of timeouts / oom issues
- [feed acl] changed for feeds that have visibility set to 1. [iglocska]
- any user can now use open feeds to:
- browse the data
- preview individual events
- search the feed caches for the given feeds
- run overlap comparisons on them
- For any feeds/server correlations that do not allow for users to see the contents
- correctly show the server wide opt-in correlations on local events as text, rather than non-functional links
- [feed] sync pull rule checks on manifest, fixes #9728. [iglocska]
- added a new set of checks to rule out events from MISP feed pulls that do not match the filter rules
- should speed things up considerably
Changes
~~~~~~~
- [version] bump. [iglocska]
- [PyMISP] Bump version. [Raphaël Vinot]
- [misp-stix] Bumped latest version. [Christian Studer]
- [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [misp-objects] updated. [Alexandre Dulaunoy]
- [diagnostics] add Database/MysqlObserverExtended to valid data sources
list. [Jeroen Pinoy]
- [attributes/enrich] added to ACL. [iglocska]
- [community] misp-lea.org is actually vetted by us. [Alexandre
Dulaunoy]
- [PyMISP] Bump for testing. [Raphaël Vinot]
- [event:view] Small UI improvement for attribute's type in the object
row. [Sami Mokaddem]
- [events:view] Small UI tweak to prevent object name to wrap. [Sami
Mokaddem]
- [galaxy:galaxy-matrix] Respect order of tabs based on kill_chain_order
definition. [Sami Mokaddem]
- [analyst-data:relationship] Prevent self-referencing relationships.
[Sami Mokaddem]
- [analyst-data:view] Always return attached analyst-data. [Sami
Mokaddem]
- [analyst-data:capture] Recursively capture nested analyst-data. [Sami
Mokaddem]
- [component:CRUD] Added support of afterFind in the delete function.
[Sami Mokaddem]
Fix
~~~
- [feed settings] unpublish_event setting had the inverted effect, fixes
#9739. [iglocska]
- [JS] invalid comparison fixed. [iglocska]
- 2jsirl4jsirl
- [tag search] fixed. [iglocska]
- [modules] /queryEnrichment endpoint fixed in modules controller -
correctly pass module data. [iglocska]
- fixes #9758
- [event fetcher] pop the tag filter after the first round of lookups.
[iglocska]
- no need to add the - in effect same - condition twice. The set_tag_filters() function already returns the conditions on multiple hierarchical levels
- [tag search] fixes #1. [iglocska]
- correctly break the execution for AND ed tag searches if at least one of the tags in the list doesn't exist
- correctly compare against the event_id field in the attribute_tags table, rather than the copy pasta error of Event.id
- [API] don't html encode JSON documents. [iglocska]
- earlier fix broke shit
- sometimes we pass the type as json sometimes as application/json to the response class, which handles it cleanly - but the check only accounted for one case
- [security] changed menu_custom_right_link to CLI only. [iglocska]
- allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise
- as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSC
- [galaxyClusters:restSearch] filter on org_id and orgc_id if param set.
[Jeroen Pinoy]
- [security] rest client additional sanitisation for non json responses.
[iglocska]
- escape non json response bodies
- as reported by Nils Putnins from NCIA NCSC
- [security] changed menu_custom_right_link_html to CLI only. [iglocska]
- allows a malicious / hijacked admin account to embed malicious js in every page otherwise
- as reported by Nils Putnins from NCIA NCSC
- [PyMISP] Fix the tests. [Raphaël Vinot]
- [Collections] path pluralisation fix inb acl check for collections,
fixes #9745. [iglocska]
- no longer breaks collections index
- [event:view] Correctly handle first click on toggle attribute
visibility. [Sami Mokaddem]
- [audit-logs:eventIndex] Fixed pagination issue while viewing event
history. [Sami Mokaddem]
Fix #9726
- [event-report:publishing] Do not reset the event timestamp when
updating an event report. [Sami Mokaddem]
- [feeds] function name change not handled everywhere. [iglocska]
- [ACL] private function name convention not kept for a new function.
[iglocska]
- causes the ACL self-test to complain about an accessible endpoint (which is a private function)
- [correlation] small fix for the preview_event. [iglocska]
- [server correlation UI] fixed link to index preview. [iglocska]
- [password reset] ACL fix. [iglocska]
- [ACL] fixed pre-auth dynamic function calls. [iglocska]
- [server/feed] correlation bug. [iglocska]
- too many correlating events makes MISP barf
- [bruteforceProtection] Avoid failing when wrong user name is used.
[Sami Mokaddem]
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge pull request #9764 from Wachizungu/add-mysqlobserverextended-
validdatasource. [Andras Iklody]
chg: [diagnostics] add Database/MysqlObserverExtended to valid data s…
- Merge branch 'event_view_collapse' into develop. [iglocska]
- Merge branch 'develop' into event_view_collapse. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge pull request #9717 from Wachizungu/fix-galaxyclusters-org-orgc-
restsearch-param. [Andras Iklody]
fix: [galaxyClusters:restSearch] filter on org_id and orgc_id if para…
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #9741 from schatzistogias/2.4. [Alexandre Dulaunoy]
Updated git link
- Updated git link. [Stelios Chatzistogias]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge branch 'visible_feeds' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge pull request #9720 from schatzistogias/patch-1. [Alexandre
Dulaunoy]
Add Infoblox feed to defaults.json
- Add Infoblox feed to defaults.json. [schatzistogias]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
v2.4.192 (2024-05-03)
@ -71,9 +237,6 @@ Changes
- [UI] clicking on your user name should bring up the user profile,
fixes #9708. [iglocska]
- Set BrowscapPHP logging from default DEBUG to INFO. [Bradley Logan]
- [version bump] [iglocska]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Allow Oidc roles as string. [christianmg99]
- [behavior:analystDataParent] Prevent double nesting analyst data when
bulk fetching. [Sami Mokaddem]
- [CLI] Simplify updating JSON structures. [Jakub Onderka]
@ -178,10 +341,6 @@ Other
- Merge branch '2.4' into develop. [iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge pull request #9695 from christianmg99/allow-oidc-roles-string.
[Jakub Onderka]
chg: [config] Allow Oidc roles as string
- Merge branch '2.4' into develop. [Sami Mokaddem]
- Revert "Revert "new: [event:index] Added support of ANDed tag
filtering in the backend"" [Sami Mokaddem]
@ -217,6 +376,9 @@ v2.4.191 (2024-04-22)
Changes
~~~~~~~
- [version bump] [iglocska]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Allow Oidc roles as string. [christianmg99]
- [config] Set Oidc issuer. [Christian Morales Guerrero]
Fix
@ -228,6 +390,10 @@ Fix
Other
~~~~~
- Merge pull request #9695 from christianmg99/allow-oidc-roles-string.
[Jakub Onderka]
chg: [config] Allow Oidc roles as string
- Revert "new: [event:index] Added support of ANDed tag filtering in the
backend" [Sami Mokaddem]