diff --git a/static/Changelog b/static/Changelog index fd05b9c..26646af 100644 --- a/static/Changelog +++ b/static/Changelog @@ -2,23 +2,189 @@ Changelog ========= -%%version%% (unreleased) ------------------------- +v2.4.193 (2024-06-06) +--------------------- + +New +~~~ +- [attributes/enrich] endpoint added. [iglocska] + + - simply post a list of modules you wish to enrich the attribute by + - url: /attributes/enrich/[attrribute_id|attribute_uuid] + - post body in the format of `{"dns":1, "foo_bar_baz": 1}` listing all modules to execute +- [misp-community] MISP-LEA information sharing community added. + [Alexandre Dulaunoy] +- [events:view] New UI feature allowing to collapse Attributes contained + inside an object. [Sami Mokaddem] + + - This comes with an MISP setting to configure this behavior at an instance-wide level +- [fatal error] logging added. [iglocska] + + - helps administrators to easily see what went wrong in terms of timeouts / oom issues +- [feed acl] changed for feeds that have visibility set to 1. [iglocska] + + - any user can now use open feeds to: + - browse the data + - preview individual events + - search the feed caches for the given feeds + - run overlap comparisons on them + + - For any feeds/server correlations that do not allow for users to see the contents + - correctly show the server wide opt-in correlations on local events as text, rather than non-functional links +- [feed] sync pull rule checks on manifest, fixes #9728. [iglocska] + + - added a new set of checks to rule out events from MISP feed pulls that do not match the filter rules + - should speed things up considerably + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump version. [Raphaël Vinot] +- [misp-stix] Bumped latest version. [Christian Studer] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [diagnostics] add Database/MysqlObserverExtended to valid data sources + list. [Jeroen Pinoy] +- [attributes/enrich] added to ACL. [iglocska] +- [community] misp-lea.org is actually vetted by us. [Alexandre + Dulaunoy] +- [PyMISP] Bump for testing. [Raphaël Vinot] +- [event:view] Small UI improvement for attribute's type in the object + row. [Sami Mokaddem] +- [events:view] Small UI tweak to prevent object name to wrap. [Sami + Mokaddem] +- [galaxy:galaxy-matrix] Respect order of tabs based on kill_chain_order + definition. [Sami Mokaddem] +- [analyst-data:relationship] Prevent self-referencing relationships. + [Sami Mokaddem] +- [analyst-data:view] Always return attached analyst-data. [Sami + Mokaddem] +- [analyst-data:capture] Recursively capture nested analyst-data. [Sami + Mokaddem] +- [component:CRUD] Added support of afterFind in the delete function. + [Sami Mokaddem] Fix ~~~ +- [feed settings] unpublish_event setting had the inverted effect, fixes + #9739. [iglocska] +- [JS] invalid comparison fixed. [iglocska] + + - 2jsirl4jsirl +- [tag search] fixed. [iglocska] +- [modules] /queryEnrichment endpoint fixed in modules controller - + correctly pass module data. [iglocska] + + - fixes #9758 +- [event fetcher] pop the tag filter after the first round of lookups. + [iglocska] + + - no need to add the - in effect same - condition twice. The set_tag_filters() function already returns the conditions on multiple hierarchical levels +- [tag search] fixes #1. [iglocska] + + - correctly break the execution for AND ed tag searches if at least one of the tags in the list doesn't exist + - correctly compare against the event_id field in the attribute_tags table, rather than the copy pasta error of Event.id +- [API] don't html encode JSON documents. [iglocska] + + - earlier fix broke shit + - sometimes we pass the type as json sometimes as application/json to the response class, which handles it cleanly - but the check only accounted for one case +- [security] changed menu_custom_right_link to CLI only. [iglocska] + + - allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise + - as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSC +- [galaxyClusters:restSearch] filter on org_id and orgc_id if param set. + [Jeroen Pinoy] +- [security] rest client additional sanitisation for non json responses. + [iglocska] + + - escape non json response bodies + - as reported by Nils Putnins from NCIA NCSC +- [security] changed menu_custom_right_link_html to CLI only. [iglocska] + + - allows a malicious / hijacked admin account to embed malicious js in every page otherwise + - as reported by Nils Putnins from NCIA NCSC +- [PyMISP] Fix the tests. [Raphaël Vinot] +- [Collections] path pluralisation fix inb acl check for collections, + fixes #9745. [iglocska] + + - no longer breaks collections index +- [event:view] Correctly handle first click on toggle attribute + visibility. [Sami Mokaddem] +- [audit-logs:eventIndex] Fixed pagination issue while viewing event + history. [Sami Mokaddem] + + Fix #9726 +- [event-report:publishing] Do not reset the event timestamp when + updating an event report. [Sami Mokaddem] +- [feeds] function name change not handled everywhere. [iglocska] +- [ACL] private function name convention not kept for a new function. + [iglocska] + + - causes the ACL self-test to complain about an accessible endpoint (which is a private function) +- [correlation] small fix for the preview_event. [iglocska] +- [server correlation UI] fixed link to index preview. [iglocska] +- [password reset] ACL fix. [iglocska] +- [ACL] fixed pre-auth dynamic function calls. [iglocska] - [server/feed] correlation bug. [iglocska] - too many correlating events makes MISP barf +- [bruteforceProtection] Avoid failing when wrong user name is used. + [Sami Mokaddem] Other ~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Christian Studer] +- Merge pull request #9764 from Wachizungu/add-mysqlobserverextended- + validdatasource. [Andras Iklody] + + chg: [diagnostics] add Database/MysqlObserverExtended to valid data s… +- Merge branch 'event_view_collapse' into develop. [iglocska] +- Merge branch 'develop' into event_view_collapse. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #9717 from Wachizungu/fix-galaxyclusters-org-orgc- + restsearch-param. [Andras Iklody] + + fix: [galaxyClusters:restSearch] filter on org_id and orgc_id if para… +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #9741 from schatzistogias/2.4. [Alexandre Dulaunoy] + + Updated git link +- Updated git link. [Stelios Chatzistogias] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'visible_feeds' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] - Merge pull request #9720 from schatzistogias/patch-1. [Alexandre Dulaunoy] Add Infoblox feed to defaults.json - Add Infoblox feed to defaults.json. [schatzistogias] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] v2.4.192 (2024-05-03) @@ -71,9 +237,6 @@ Changes - [UI] clicking on your user name should bring up the user profile, fixes #9708. [iglocska] - Set BrowscapPHP logging from default DEBUG to INFO. [Bradley Logan] -- [version bump] [iglocska] -- [config] Allow Oidc roles as string. [christianmg99] -- [config] Allow Oidc roles as string. [christianmg99] - [behavior:analystDataParent] Prevent double nesting analyst data when bulk fetching. [Sami Mokaddem] - [CLI] Simplify updating JSON structures. [Jakub Onderka] @@ -178,10 +341,6 @@ Other - Merge branch '2.4' into develop. [iglocska] - Merge branch '2.4' into develop. [Alexandre Dulaunoy] - Merge branch '2.4' into develop. [Alexandre Dulaunoy] -- Merge pull request #9695 from christianmg99/allow-oidc-roles-string. - [Jakub Onderka] - - chg: [config] Allow Oidc roles as string - Merge branch '2.4' into develop. [Sami Mokaddem] - Revert "Revert "new: [event:index] Added support of ANDed tag filtering in the backend"" [Sami Mokaddem] @@ -217,6 +376,9 @@ v2.4.191 (2024-04-22) Changes ~~~~~~~ +- [version bump] [iglocska] +- [config] Allow Oidc roles as string. [christianmg99] +- [config] Allow Oidc roles as string. [christianmg99] - [config] Set Oidc issuer. [Christian Morales Guerrero] Fix @@ -228,6 +390,10 @@ Fix Other ~~~~~ +- Merge pull request #9695 from christianmg99/allow-oidc-roles-string. + [Jakub Onderka] + + chg: [config] Allow Oidc roles as string - Revert "new: [event:index] Added support of ANDed tag filtering in the backend" [Sami Mokaddem] diff --git a/static/Changelog-PyMISP.txt b/static/Changelog-PyMISP.txt index ef0dfbf..3ed75e7 100644 --- a/static/Changelog-PyMISP.txt +++ b/static/Changelog-PyMISP.txt @@ -2,13 +2,49 @@ Changelog ========= -%%version%% (unreleased) ------------------------- +v2.4.193 (2024-06-06) +--------------------- + +New +~~~ +- [analyst-data] Added initial support of analyst data concept and + functions - WiP. [Sami Mokaddem] Changes ~~~~~~~ +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- A bit more refactoring. [Raphaël Vinot] +- Use from_dict in the mixin to initialize the objects. [Raphaël Vinot] +- [analyst-data] Added improvements, API endpoints and tests. [Sami + Mokaddem] +- [analyst-data] Make sure to include note_type_name. [Sami Mokaddem] +- Make mypy happy, change inheritance. [Raphaël Vinot] +- Allow orgc context for search_galaxy_clusters. [Jeroen Pinoy] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [analyst-data] Continued implementation of analyst-data support. [Sami + Mokaddem] +- Allow orgc context for search_galaxy_clusters. [Jeroen Pinoy] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] - Bump changelog. [Raphaël Vinot] +Fix +~~~ +- Get the tests to pass. [Raphaël Vinot] +- Properly load AnalystData from dict. [Raphaël Vinot] +- More changes to get the tests to pass. [Raphaël Vinot] +- [event-report] Make sure to generate an UUID. [Sami Mokaddem] +- Pass kwargs to abstract. [Raphaël Vinot] + +Other +~~~~~ +- Chg; Bump changelog. [Raphaël Vinot] +- Chg; Bump version. [Raphaël Vinot] +- Add test case. [Vincenzo] +- Add attach galaxy cluster method. [Vincenzo] + v2.4.190 (2024-04-18) --------------------- diff --git a/static/Changelog-misp-galaxy.txt b/static/Changelog-misp-galaxy.txt index d30e8a4..e90227a 100644 --- a/static/Changelog-misp-galaxy.txt +++ b/static/Changelog-misp-galaxy.txt @@ -1,6 +1,200 @@ # Changelog +## v2.4.193 (2024-06-06) + +### New + +* [d3fend] added relationships to ATT&CK. [Christophe Vandeplas] + +* [d3fend] initial conversion script for MITRE D3FEND #975. [Christophe Vandeplas] + +### Changes + +* [threat-actor] jq all the things. [Alexandre Dulaunoy] + +* [sigma] updated. [Alexandre Dulaunoy] + +* [threat-actor] version updated. [Alexandre Dulaunoy] + +* [misp-galaxy] version updated. [Alexandre Dulaunoy] + +* [threat-actor] updated following PR #977. [Alexandre Dulaunoy] + + The `master` branch should not be used + +* [tidal-software] remove duplicate from the API. [Alexandre Dulaunoy] + +* [doc] README updated. [Alexandre Dulaunoy] + +* [tidal] updated to the latest version. [Alexandre Dulaunoy] + +* [sigma] updated to the latest version. [Alexandre Dulaunoy] + +* [ATLAS] Update to latest version #newUUIDsForAll. [Christophe Vandeplas] + +* [mitre] added TODO about more metadata that breaks things. [Christophe Vandeplas] + +* [mitre] Use x_mitre_platforms for kill-chain separation. [Christophe Vandeplas] + +* [mitre] minor update. [Christophe Vandeplas] + +* [sigma] updated to the latest version. [Alexandre Dulaunoy] + +* [threat-actor] STORM ->> Storm. [Rony] + +* [threat-actor] `Earth Freybug` added. [Rony] + + Tracking it seperately for now though TM identified it as subset of APT41 + +* [threat-actor] UNC3236 removed. [Rony] + +### Fix + +* [readme] update index + hide deprecated galaxies. [Christophe Vandeplas] + +* [d3fend] updated readme. [Christophe Vandeplas] + +* [d3fend] sort keys to make jq_all_the_things happy. [Christophe Vandeplas] + +* Resolve conflict. [Rony] + +### Other + +* Merge pull request #985 from Mathieu4141/threat-actors/c7c9e71f-32b4-4b8c-91d8-dbef5cd895da. [Alexandre Dulaunoy] + + [threat actors] Add 7 actors and 1 alias + +* [threat-actors] Add Hunt3r Kill3rs. [Mathieu4141] + +* [threat-actors] Add LilacSquid. [Mathieu4141] + +* [threat-actors] Add SEXi. [Mathieu4141] + +* [threat-actors] Add FlyingYeti. [Mathieu4141] + +* [threat-actors] Add StucxTeam. [Mathieu4141] + +* [threat-actors] Add APT28 aliases. [Mathieu4141] + +* [threat-actors] Add Unfading Sea Haze. [Mathieu4141] + +* [threat-actors] Add RansomHub. [Mathieu4141] + +* Merge pull request #980 from jstnk9/sidewinder-update. [Alexandre Dulaunoy] + + update sidewinder information + +* Update threat-actor.json. [jstnk9] + +* Merge pull request #984 from Delta-Sierra/main. [Alexandre Dulaunoy] + + add Europol as producer + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Merge pull request #983 from Delta-Sierra/main. [Alexandre Dulaunoy] + + add ransomlook_update script + +* Merge pull request #979 from Mathieu4141/threat-actor/alpha-spider-f3194f38-902d-4738-91ea-0003abb2c1ab. [Alexandre Dulaunoy] + + [threat-actors] Add Alpha Spider + +* [threat-actors] Add Alpha Spider. [Mathieu4141] + +* Merge pull request #981 from cvandeplas/main. [Alexandre Dulaunoy] + + Implement MITRE D3FEND matrix #975 + +* Merge remote-tracking branch 'MISP/main' [Christophe Vandeplas] + +* Merge pull request #982 from Delta-Sierra/main. [Alexandre Dulaunoy] + + update ransomware galaxy with ransomlook data + +* Add Europol as producer (incomplete) [Delta-Sierra] + +* Remove print-tests. [Delta-Sierra] + +* Add ransomlook_update script. [Delta-Sierra] + +* Should fix duplicate 'refs' in newly added ransomware (did not expect this case) [Delta-Sierra] + +* Update ransomware galaxy with ransomlook data. [Delta-Sierra] + +* Merge pull request #978 from Mathieu4141/threat-actors/5085bb5f-2aa6-485f-8e57-389d4020b408. [Alexandre Dulaunoy] + + Add 3 actors and 1 alias + +* [threat actors] fix merge. [Mathieu Beligon] + +* Merge branch 'main' into threat-actors/5085bb5f-2aa6-485f-8e57-389d4020b408. [Mathieu Béligon] + +* Merge pull request #976 from MISP/dependabot/pip/tools/mkdocs/requests-2.32.0. [Alexandre Dulaunoy] + + build(deps): bump requests from 2.31.0 to 2.32.0 in /tools/mkdocs + +* --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... [dependabot[bot]] + +* Add phantomcore reference. [Mathieu Béligon] + +* [threat-actors] Add Kimsuky aliases. [Mathieu4141] + +* [threat-actors] Add Void Manticore. [Mathieu4141] + +* [threat-actors] Add CiberInteligenciaSV. [Mathieu4141] + +* [threat-actors] Add PhantomCore. [Mathieu4141] + +* Merge pull request #973 from cvandeplas/main. [Christophe Vandeplas] + + chg: [atlas] update to latest version #newUUIDsForAll + +* Merge pull request #972 from cvandeplas/main. [Alexandre Dulaunoy] + + chg: [MITRE] Split Matrix view based on OS and more metadata + +* Merge pull request #971 from MISP/dependabot/pip/tools/mkdocs/jinja2-3.1.4. [Alexandre Dulaunoy] + + build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /tools/mkdocs + +* Build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /tools/mkdocs. [dependabot[bot]] + + Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. + - [Release notes](https://github.com/pallets/jinja/releases) + - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) + - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) + + --- + updated-dependencies: + - dependency-name: jinja2 + dependency-type: direct:production + ... + +* Merge pull request #970 from Mathieu4141/threat-actors/f2209789-2fa7-4909-9abd-6c6d32bb9213. [Alexandre Dulaunoy] + + [threat-actors] Add 1 actor and 1 alias + +* [threat-actors] Add SaintBear aliases. [Mathieu4141] + +* [threat-actors] Add Water Orthrus. [Mathieu4141] + +* Merge pull request #967 from r0ny123/fix. [Alexandre Dulaunoy] + + Fix + +* Merge branch 'main' into fix. [Rony] + +* Merge pull request #969 from Mathieu4141/threat-actors/74b921ec-6404-4d0c-b49b-169be387d1f9. [Alexandre Dulaunoy] + + [threat actors] add 2 actors + +* [threat-actors] Add USDoD. [Mathieu4141] + +* [threat-actors] Add STORM-1849. [Mathieu4141] + + ## v2.4.192 (2024-04-26) ### New diff --git a/static/Changelog-misp-modules.txt b/static/Changelog-misp-modules.txt index 840b9a3..148eed6 100644 --- a/static/Changelog-misp-modules.txt +++ b/static/Changelog-misp-modules.txt @@ -1,6 +1,129 @@ # Changelog +## v2.4.193 (2024-06-06) + +### Fix + +* Fix: [REQUIREMENTS] validators no more required as mentioned by @ostefano. [Alexandre Dulaunoy] + +* [ipasn] add support for `ip` type. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #667 from ostefano/fix. [Alexandre Dulaunoy] + + remove index information from requirements file + +* Remove index information from requirements file. [Stefano Ortolani] + + +## v2.4.192 (2024-06-06) + +### New + +* [functionality] checkbox configure module. [David Cruciani] + +* [functionality] flowintel + multiple entry. [David Cruciani] + +### Changes + +* [doc] updated. [Alexandre Dulaunoy] + +* [launch] misp-modules. [David Cruciani] + +* [misp-modules] doc updated. [Alexandre Dulaunoy] + +* [doc] describe that the misp-modules can be used without MISP. [Alexandre Dulaunoy] + +* [virustotal] support ip-src/ip-dst|port attribute type. [Alexandre Dulaunoy] + + Fix #632 + +### Fix + +* [virustotal] fix the typo for the VT link. [Alexandre Dulaunoy] + + Fix #644 + Fix #595 + +* [core] the default buffer size in Tornado HTTP server is not enough for large MISP event. [Alexandre Dulaunoy] + + Fix #662 + +* [dns] add the exception in the error message. [Alexandre Dulaunoy] + + As there are still distribution installing old version of dnspython, + it's easier to debug if we receive the exception directly in misp-module. + +### Other + +* Merge branch 'main' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #666 from davidonzo/main. [Andras Iklody] + + Update REQUIREMENTS + +* Update REQUIREMENTS. [Davide Baglieri] + + apiosintDS updated in order to solve the following (minor) issue https://github.com/davidonzo/apiosintDS/issues/3 opened by @ostefano. + +* Remove: [js] useless file. [David Cruciani] + +* Merge pull request #659 from MISP/dependabot/pip/website/werkzeug-3.0.3. [David Cruciani] + + build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website + +* Build(deps): bump werkzeug from 2.3.8 to 3.0.3 in /website. [dependabot[bot]] + + Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.8 to 3.0.3. + - [Release notes](https://github.com/pallets/werkzeug/releases) + - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) + - [Commits](https://github.com/pallets/werkzeug/compare/2.3.8...3.0.3) + + --- + updated-dependencies: + - dependency-name: werkzeug + dependency-type: direct:production + ... + +* Merge pull request #664 from VirusTotal/feat/gti-doc. [Alexandre Dulaunoy] + + [Google Threat Intelligence] Add web doc and fix logo for the module + +* Add web doc and fix logo for the Google Threat Intelligence module. [Daniel Pascual] + +* Merge pull request #663 from VirusTotal/feat/google-threat-intel. [Alexandre Dulaunoy] + + feat: Google Threat Intelligence expansion module + +* Merge. [Daniel Pascual] + +* Fix hedight. [Daniel Pascual] + +* Doc. [Daniel Pascual] + +* Logo and desc. [Daniel Pascual] + +* Remove debug traces. [Daniel Pascual] + +* Google Threat Intelligence MISP module. [Daniel Pascual] + +* Merge pull request #661 from goodlandsecurity/slack-action-module. [Alexandre Dulaunoy] + + Slack action module + +* Add slack action module. [goodlandsecurity] + +* Merge pull request #660 from goodlandsecurity/stairwell-expansion-module. [Alexandre Dulaunoy] + + add stairwell expansion module and update misp-objects to a193e03 + +* Forgot the json documentation. [goodlandsecurity] + +* Add stairwell expansion module and update misp-objects to a193e03. [goodlandsecurity] + + ## v2.4.188 (2024-03-20) ### Changes diff --git a/static/Changelog-misp-objects.txt b/static/Changelog-misp-objects.txt index 6a09d27..0cd3461 100644 --- a/static/Changelog-misp-objects.txt +++ b/static/Changelog-misp-objects.txt @@ -1,7 +1,7 @@ # Changelog -## %%version%% (unreleased) +## v2.4.193 (2024-06-06) ### Changes @@ -20,10 +20,18 @@ ### Fix +* [research-scanner] version updated. [Alexandre Dulaunoy] + * [jq] all the things. [iglocska] ### Other +* Merge pull request #432 from bynt/main. [Alexandre Dulaunoy] + + add 'hostname' for scanning host to object 'research-scanner' + +* Add 'hostname' for scanning host to object 'research-scanner' [Martin Waleczek] + * Organization object. [Andras Iklody] - Added "private" to the list of sectors as suggested by Monsieur Hamm. diff --git a/static/Changelog-misp-stix.txt b/static/Changelog-misp-stix.txt index dd394b7..040bd70 100644 --- a/static/Changelog-misp-stix.txt +++ b/static/Changelog-misp-stix.txt @@ -1,6 +1,533 @@ # Changelog +## v2.4.193 (2024-06-06) + +### Changes + +* [poetry] Bumped latest version in lock file. [Christian Studer] + +* [poetry] Updated version. [Christian Studer] + +* [stix2 import] Adding `source` information to the custom Galaxy Clusters imported from STIX 2.x objects. [Christian Studer] + +* [stix2 import] Simplify loading JSON files. [Jakub Onderka] + +* [tests] Updated tests for `domain-ip` objects import from STIX 2.1 to cover specific cases with UUIDs handling. [Christian Studer] + +* [stix2 import] Using the file observable references parsing method to convert v2.0 observable objects. [Christian Studer] + +* [stix2 import] Making the network-traffic objects parsing more generic. [Christian Studer] + + - Some parts will be more easily reused for + network traffic objects associated to some + observed data objects + +* [stix2 import] Added generic conversion methods for observable objects associated to observed data objects imported as MISP objects. [Christian Studer] + +* [tests] Deduplicating existing tests for external directory observable objects. [Christian Studer] + +### Fix + +* [stix2 import] Making Python 3.8 & 3.9 happy with the typing. [Christian Studer] + +* [stix2 import] Post Observed Data Converter merge clean up and reassembling. [Christian Studer] + +* [stix2 import] Merged missing conflicts. [Christian Studer] + +* [stix2 import] Invalid typehint. [Jakub Onderka] + +* [stix2 import] Avoid running git process. [Jakub Onderka] + +* [stix2 import] No longer require to exclude patterns with 'AND' and 'OR' [Christian Studer] + + - With indicators' patterns parsed with the pattern + data parser, we do not need to deal ourselves with + some patterns complexity + - Patterns with 'AND' and 'OR' are parsed as + expected with no loss of one of the expression + +* [stix2 import] Fixed UUID handling for `email` object attributes parsed from `email-message` references. [Christian Studer] + +* [stix2 import] Fixed `domain-ip` objects UUID handling. [Christian Studer] + +* [stix2 import] Handling domains resolving other domains with object references. [Christian Studer] + +* [stix2 import] Removed unnecessary intermediary method. [Christian Studer] + +* [stix2 import] Avoiding `domain-name` observable objects to be skipped because they're referenced by another domain-name object. [Christian Studer] + +* [stix2 import] Fixed `domain-ip` attributes UUIDs handling. [Christian Studer] + +* [stix2 import] Fixed `domain-ip` object attributes handling as `_sanitise_attribute_uuid` already returns a dict with the `uuid` key included. [Christian Studer] + +* [stix2 import] Fixed `_observable` variable name. [Christian Studer] + +* [stix2 import] Protocols error message made clearer. [Christian Studer] + +* [tests] Better UUID tests for objects imported from STIX 2.x Network Traffic Observable objects. [Christian Studer] + +* [stix2 import] Better internal http-request objects import from Observable objects. [Christian Studer] + +* [stix2 import] Better handling of attributes uuid for values converted from internal Network Traffic Observable objects. [Christian Studer] + +* [stix2 import] Fixing the internal STIX2 Network Traffic Observable objects and references IDs handling. [Christian Studer] + +* [stix2 import] Fixed Network Traffic Observable objects from internal STIX 2.x content parsing. [Christian Studer] + + - Added `connection_protocols` mapping to the internal + mapping as it was removed from the parent mapping + to avoid issues with the external mapping but was + supposed to be moved and not completely removed + - Added specific parsing for internal network traffic + references objects + +* [stix2 import] Fixed STIX 2.0 Network Traffic Observable objects parsing. [Christian Studer] + +* [stix2 import] Added missing `protocol_attribute` property in STIX2Mapping parent class. [Christian Studer] + +* [stix2 import] Better handling of internal Galaxy & Cluster description. [Christian Studer] + +* [stix2 import] Updated Network Traffic observables objects mapping to MISP objects. [Christian Studer] + +* [stix2 import] Importing Network Traffic observable objects referenced by external Observed Data objects with the `network-traffic` generic MISP object template. [Christian Studer] + +* [stix2 import] Fixed email message objects parsing. [Christian Studer] + +* [stix2 import] Avoiding issues introduced since we updated the observables fetching method. [Christian Studer] + + - As observables are fetched in a generator, we have to handle + it before returning a single or multiple observable(s) to + avoid breaking the automation on conversion of the internal + STIX 2.x content without modifying the different methods + +* [stix2 import] Avoiding issues with the internal STIX 2.1 Autonomous System observable objects fetching method. [Christian Studer] + +* [stix2 import] Making the multiple observables fetching method available to both internal and external STIX 2 Observed Data object converters. [Christian Studer] + +* [stix2 import] Avoiding issues with `ssdeep` hash type in STIX 2.0 external content. [Christian Studer] + +* [stix2 import] Updated pe object mapping with the `compilation-timestamp` attribute. [Christian Studer] + +* [stix2 import] Better STIX 2.0 `windows-pebinary-ext` within File observable object handling. [Christian Studer] + +* [stix2 import] MISP object references handling method name. [Christian Studer] + +* [stix2 import] Error exceptions handling method name. [Christian Studer] + +* [stix2 import] Fixed the MISP object reference duplicates checking. [Christian Studer] + +* [stix2 import] Deduplication of MISP object references. [Christian Studer] + + - Checking the presence of references with the same + referenced uuid AND relationship type before + adding a reference to a MISP object + +* [stix2 import] Fixed File PE extension parsing method name to avoid confusion with the generic method used then from the observable objects converter class. [Christian Studer] + +* [stix2 import] Avoiding issues with observables references, by keeping track of each reference within a single STIX 2.0 observed data objects list. [Christian Studer] + +* [stix2 import] Returning MISPAttributes in some generic observable objects conversion methods. [Christian Studer] + +* [stix2 import] Fixed wrong variable name for a MISP object meta fields check. [Christian Studer] + +* [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the `organisation_uuid` argument. [Christian Studer] + +* [stix2 import] Setting `single_event` when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods. [Christian Studer] + +* [stix2 import] Fixed the case with multiple events as result. [Christian Studer] + + - As `single_event` was set again for each report or grouping, + there was no possibility the multiple events were saved + accordingly on different result files + +* [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used. [Christian Studer] + + - Parsing them when the loading methods are called + can raise issues with some referenced identity + objects are not loaded already + +* [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references. [Christian Studer] + +* [stix2 import] Fixed MISP Sightings handling. [Christian Studer] + +* [stix2 import] Removed unused import. [Christian Studer] + + - I guess this was an auto completion typo + +* [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle. [Christian Studer] + +* [stix2 import] Removed unsued import & added missing blank lines to make pep8 happy. [Christian Studer] + +* [stix2 import] Added the missing sorting statement for observable objects types passed to match mapping. [Christian Studer] + +* [stix2 import] Clearer observable objects mapping handling in the observed data conversion methods. [Christian Studer] + +* [stix2 import] Reusing the STIX 2.1 observable objects fetching method. [Christian Studer] + +* [stix2 import] Setting MISP objects timestamp with the datetime value instead of an int. [Christian Studer] + +* [stix2 import] Fixed AttributeError with method from parent conversion class. [Christian Studer] + +* [tests] Passing observable ids instead of objects themselves for some tests that only need to know about ids. [Christian Studer] + +* [tests] Testing MISP Object comment when its uuid is v5. [Christian Studer] + +* [stix2 import] Added observed data id as comment for misp objects converted from STIX 2.0 when it has a v5 uuid. [Christian Studer] + +* [stix2 import] Some typings fixed. [Christian Studer] + +* [stix2 import] Quick reordering to allow more reusability. [Christian Studer] + +* [stix2 import] Avoiding issues with marking definitions referenced but not present in a file. [Christian Studer] + + - Checking TLP Markings + +* [stix2 import] Better tags from indicators parsing & simplified the tags handling method. [Christian Studer] + +* [stix2 import] Some methods deduplication between main parser & converters. [Christian Studer] + +* [stix2 import] Yield syntax. [Christian Studer] + +* [stix2 import] Copy-paste typo. [Christian Studer] + +* [tests] Quick fix on the `created` or `created_time` field from a process observable object. [Christian Studer] + +* [stix2 import] Avoid future potential issues with object names in generic conversion methods. [Christian Studer] + + - When an object name has at least one `-` and we + want to use the related mapping, we need to + `replace('-', '_')` to avoid issues with + mapping names + +* [stix2 import] Quick fix in the Process observable objects associated with Observed Data objects conversion method. [Christian Studer] + +* [stix2 import] Utilising the newly added `environment-variables` attribute to properly import the environment variables & arguments of a STIX 2.x process object. [Christian Studer] + +* [stix2 import] Updated typings. [Christian Studer] + +* [stix2 import] Typo on the generic observable object parsing method to call. [Christian Studer] + +* [stix2 import] Deduplication in the STIX 2.1 Directory objects parsing. [Christian Studer] + +* [stix2 import] Removed duplicated MISP Attribute dict creation methods. [Christian Studer] + +* [stix2 import] Better handling of generic observable object parsers. [Christian Studer] + +* [stix2 import] Quick clean-up on some observed data method arguments. [Christian Studer] + +* [stix2 import] Fixed Observable objects types mapping. [Christian Studer] + + - Considering the possibility to have both types of + IP addresses wihtin the Observed Data list of + obervable objects + +* [stix2 import] Better overall UUID sanitation & comments handling for MISP attributes creation. [Christian Studer] + +* [tests] Removed `spec_version` fields in STIX 2.0 samples. [Christian Studer] + +* [stix2 import] Properly calling the UUID sanitation method. [Christian Studer] + +* [stix2 import] Removing unused variable in marking definitions parsing. [Christian Studer] + +* [stix2 import] Fixed directory observable objects parsing method header. [Christian Studer] + + - In this specific location, the `object_id` argument is not Optional + +* [tests] Added missing tests for directory path attribute types. [Christian Studer] + +* [stix2 import] Reuse of the method parsing Directory observable objects with an `id` field. [Christian Studer] + +* [stix2 import] Using the AS value parsing method for an AS value that was missing it. [Christian Studer] + +* [stix2 import] Fixed directory mapping. [Christian Studer] + +* [stix2 import] Quick pep8 clean-up. [Christian Studer] + +* [stix2 import] Fixed the converters composition. [Christian Studer] + + - The `getattr` statements were actually making + their default argument execute itself and + re-initialising each converter attribute as if + it was there first call and the attribute did + not exist + +* [tests] A tiny clarification change. [Christian Studer] + +* [stix2 import] Observable objects fetcher moved to the parent class as it will be reused for internal & external conversion. [Christian Studer] + +* [stix2 import] Quick syntax fix. [Christian Studer] + +### Other + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'acs-marking' of github.com:MISP/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge pull request #65 from JakubOnderka/fix-git. [Christian Studer] + + fix: [stix2 import] Avoid running git process + +* Add: [tests] Tests for Email Message objects - and references - import from STIX 2.x. [Christian Studer] + +* Add: [stix2 import] Updated the STIX 2.x Email objects mappings. [Christian Studer] + +* Wip: [tests] Tests for `domain-ip` objects import from external STIX 2.x. [Christian Studer] + +* Wip: [tests] Tests for Network Traffic Observable objects imported from external STIX 2 bundles as `network-traffic` objects. [Christian Studer] + +* Wip: [stix2 import] Better conversion of Network Traffic references observable objects. [Christian Studer] + + - Such as IP addresses, Domain names and Mac addresses + referenced with the `src_ref` and `dst_ref` fields + +* Wip: [stix2 import] Parsing Network Traffic Observable objects referenced in Observed Data from the Observed Data Converter. [Christian Studer] + +* Wip: [stix2 import] Parsing EmailMessage observable objects from Observed Data converter. [Christian Studer] + +* Wip: [stix2 import] Reusing `EmailMessage` observable parsing method. [Christian Studer] + +* Wip: [stix2 import] Parsing `DomainName` and IP observable objects resolving each others. [Christian Studer] + +* Wip: [stix2 import] Parsing `archive-ext` from standalone file observable objects. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Wip: [tests] Added tests for file objects with extensions. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Wip: [stix2 import] Parsing File objects extensions. [Christian Studer] + +* Wip: [stix2 import] Parsing STIX 2.0 Observed Data objects with multiple embedded observable objects with no specific mapping. [Christian Studer] + +* Wip: [stix2 import] Better observable objects fetching methods. [Christian Studer] + +* Wip: [stix2 import] Parsing Observable objects referenced together by a single Observed Data object with no specific mapping. [Christian Studer] + +* Wip: [tests] Tests for File objects and their Directory & Artifact references import from STIX 2.x. [Christian Studer] + +* Wip: [stix2 import] Converting File observable objects and their Directory & Artifact references. [Christian Studer] + +* Wip: [stix2 import] Better observable objects parsing. [Christian Studer] + +* Wip: [stix2 import] Better embedded directory observable object references parsing. [Christian Studer] + +* Wip: [stix2 import] Parsing the observable objects referenced with `contains_refs` references in a generic method that will be reused later. [Christian Studer] + +* Wip: [tests] Tests for some objects referenced by Opinions. [Christian Studer] + +* Add: [stix2 import] Added `organisation_uuid` argument to use to generate the custom clusters UUID. [Christian Studer] + +* Wip: [tests] Tests for user account observable objects referenced by registry keys as creators. [Christian Studer] + +* Wip: [stix2 import] Handling cases where some STIX 2.1 observable objects are referenced by multiple observed data objects. [Christian Studer] + +* Wip: [stix2 import] Parsing User Account observables referenced by registry keys to be the creator reference. [Christian Studer] + +* Wip: [tests] Tests for STIX 2.x Windows Registry Key objects conversion. [Christian Studer] + +* Wip: [stix2 import] Converting STIX 2.x Windows Registry Key objects. [Christian Studer] + +* Wip: [tests] Tests for External STIX 2.x User Account observable objects import as MISP objects. [Christian Studer] + +* Wip: [stix2 import] Parsing external STIX 2.x User Account observable objects from converters. [Christian Studer] + +* Wip: [tests] Tests for external STIX 2.x Process observable objects associated with Observed Data object import as MISP `process` objects. [Christian Studer] + +* Wip: [stix2 import] Parsing Process observable objects from converters. [Christian Studer] + +* Wip: [tests] Tests for X509 Certificate objects import from STIX 2.x. [Christian Studer] + +* Wip: [stix2 import] Reusing the generic observed data parsing methods to support X509 observable objects conversion from the converters. [Christian Studer] + +* Wip: [tests] Tests for external Software Observable objects - within or referenced by Observed data objects - import to MISP objects. [Christian Studer] + +* Wip: [stix2 import] Reusing the generic observed data parsing methods to support Software observable objects conversion from the converters. [Christian Studer] + +* Wip: [tests] Tests for external STIX 2.x Observed Data with artifact observable objects import to MISP. [Christian Studer] + +* Wip: [stix2 import] Parsing external STIX 2.x Observed data with artifact observable objects, from converters. [Christian Studer] + +* Wip: [stix2 import] Handling the observable relationships after the observed data objects are all parsed. [Christian Studer] + +* Wip: [tests] Tests for Observable objects converted in a generic way to MISP attributes. [Christian Studer] + +* Wip: [stix2 import] Parsing some Observable objects - converted to MISP attributes - in a generic way, from Observed Data converter. [Christian Studer] + +* Wip: [tests] Tests for email address observable objects in observed data import from external STIX 2.x content. [Christian Studer] + +* Wip: [stix2 import] Parsing email address observable objects in observed data from external STIX 2.x content, in converters. [Christian Studer] + +* Add: [tests] Tests for Autonomous System observable objects with observed data import from STIX 2.x. [Christian Studer] + +* Add: [stix2 import] Parsing Observed Data with Autonomous System observable objects from converters. [Christian Studer] + +* Wip: [tests] Tests for directory observable objects import from STIX 2.x. [Christian Studer] + +* Wip: [stix2 import] Porting Observed Data objects conversion ability to converters, starting with Directory objects. [Christian Studer] + + - Introducing a better conversion process + - Handling complex references between observable + objects amongst observed data objects + + +## v2.4.188 (2024-03-21) + +### Changes + +* [poetry] Bumped lock file with latest versions. [Christian Studer] + +* [package] Bumping new version. [Christian Studer] + +### Fix + +* [stix2 import] Centralised the cluster creation in one single place and added the meta parsing as galaxy elements statement. [Christian Studer] + +* [stix2 import] Storing the galaxy args. [Christian Studer] + + - The idea is to create a MISP Galaxy object each + time it is needed instead of storing it + +* [stix2 import] Using the `_add_misp_object` helper that already handles tags and other stuff related to a MISP object and its attributes. [Christian Studer] + +* [stix2 import] Added missing `collection_uuid` value to the ACS marking clusters. [Christian Studer] + +* [stix2 import] Some typing and pycodestyle issues fixed. [Christian Studer] + +* [stix2 import] Fixed ACS marking parsing. [Christian Studer] + + - Privilege scope fields and values are correctly + flattened, and the Marking Definition spec' + version is correctly used + +* [stix2 import] Fixed variable assignment typo & storing of the acs marking clusters raising issues. [Christian Studer] + +### Other + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'acs-marking' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Wip: [stix2 import] Adding a set of tags alongside with the Galaxy Clusters converted from ACS markings. [Christian Studer] + +* Wip: [stix2 import] Attaching ACS markings as galaxies to the referenred data layer (attribute or event) [Christian Studer] + +* Wip: [stix2 import] First shot of an ACS marking parsing method. [Christian Studer] + +* Wip: [stix2 import] Preparing for an update on marking definitions parsing. [Christian Studer] + + +## v2.4.186 (2024-02-27) + +### Changes + +* [package, poetry] New version. [Christian Studer] + +* [poetry] Bumped latest versions. [Christian Studer] + +### Fix + +* [tests] Fixed tests for external STIX 2.x SDOs imported as Galaxy Clusters following the recent add of the `organisation_uuid` argument. [Christian Studer] + +* [stix2 import] Avoiding issues with Marking Definition objects that are parsed and handle directly when they're loaded. [Christian Studer] + +* [stix2 import] Setting `single_event` when parsing a bundle with a single report/grouping, to avoid issues raised with multiple reports/groupings handling methods. [Christian Studer] + +* [stix2 import] Fixed the case with multiple events as result. [Christian Studer] + + - As `single_event` was set again for each report or grouping, + there was no possibility the multiple events were saved + accordingly on different result files + +* [stix2 import] In the end we have to parse the Sighting & Opinion objects and convert them as MISP Sighting when they are used. [Christian Studer] + + - Parsing them when the loading methods are called + can raise issues with some referenced identity + objects are not loaded already + +* [stix2 import] Fixed relationships handling between sighting & opinion objects, and their references. [Christian Studer] + +* [stix2 import] Fixed MISP Sightings handling. [Christian Studer] + +* [stix2 import] Avoiding issues with STIX 2.x content coming from a TAXII collection or embedded into a single list instead of a Bundle. [Christian Studer] + +### Other + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Add: [stix2 import] Added `organisation_uuid` argument to use to generate the custom clusters UUID. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + + +## v2.4.185 (2024-02-16) + +### Changes + +* [poetry] Bumped latest dependencies versions. [Christian Studer] + +* [poetry, package] Set latest version. [Christian Studer] + +### Fix + +* [stix2 import] Yield syntax. [Christian Studer] + +* [stix2 import] Fixed Observable objects types mapping. [Christian Studer] + + - Considering the possibility to have both types of + IP addresses wihtin the Observed Data list of + obervable objects + +* [stix2 import] Removing unused variable in marking definitions parsing. [Christian Studer] + +* [stix2 import] Using the AS value parsing method for an AS value that was missing it. [Christian Studer] + +* [stix2 import] Fixed directory mapping. [Christian Studer] + +* [stix2 import] Fixed the converters composition. [Christian Studer] + + - The `getattr` statements were actually making + their default argument execute itself and + re-initialising each converter attribute as if + it was there first call and the attribute did + not exist + +* [stix2 import] Avoiding issues with marking definitions referenced but not present in a file. [Christian Studer] + + - Checking TLP Markings + +### Other + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + + ## v2.4.183 (2024-01-04) ### Changes diff --git a/static/Changelog-misp-taxonomies.txt b/static/Changelog-misp-taxonomies.txt index 98383f0..61721c6 100644 --- a/static/Changelog-misp-taxonomies.txt +++ b/static/Changelog-misp-taxonomies.txt @@ -1,6 +1,19 @@ # Changelog +## v2.4.193 (2024-06-06) + +### Other + +* Merge pull request #282 from vxsh4d0w/patch-7. [Alexandre Dulaunoy] + + Update machinetag.json + +* Update machinetag.json. [V] + + Added Zombieware category, malware that has been abandoned by its operators, and despite being abandoned, new replications of the malware continue to appear in the wild. + + ## v2.4.190 (2024-04-18) ### Changes diff --git a/static/Changelog-misp-warninglists.txt b/static/Changelog-misp-warninglists.txt index 71ba59d..402a743 100644 --- a/static/Changelog-misp-warninglists.txt +++ b/static/Changelog-misp-warninglists.txt @@ -1,6 +1,55 @@ # Changelog +## v2.4.193 (2024-06-06) + +### Changes + +* [lists] updated. [Alexandre Dulaunoy] + +* [bank] list updated. [Alexandre Dulaunoy] + +* [updated] warning-lists updated. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #274 from czenek/bank-website-update. [Alexandre Dulaunoy] + + Update bank-website + +* Update bank-website. [czenek] + + added new domain of Commercial Bank of Qatar + +* Merge pull request #273 from karenyousefi/main. [Alexandre Dulaunoy] + + update + +* Update list.json. [Karen Yousefi] + +* Update link in bio. [Karen Yousefi] + + Update to V3 + +* Merge pull request #272 from karenyousefi/main. [Alexandre Dulaunoy] + + Update + +* Update url-shortener. [Karen Yousefi] + + update to V14 + +* Update to V2. [Karen Yousefi] + + update to V2 + +* Merge pull request #271 from cudeso/main. [Alexandre Dulaunoy] + + Add URL match for banks, google and microsoft + +* Add URL match for banks, google and microsoft. [Koen Van Impe] + + ## v2.4.192 (2024-04-26) ### Changes diff --git a/static/Changelog.txt b/static/Changelog.txt index fd05b9c..26646af 100755 --- a/static/Changelog.txt +++ b/static/Changelog.txt @@ -2,23 +2,189 @@ Changelog ========= -%%version%% (unreleased) ------------------------- +v2.4.193 (2024-06-06) +--------------------- + +New +~~~ +- [attributes/enrich] endpoint added. [iglocska] + + - simply post a list of modules you wish to enrich the attribute by + - url: /attributes/enrich/[attrribute_id|attribute_uuid] + - post body in the format of `{"dns":1, "foo_bar_baz": 1}` listing all modules to execute +- [misp-community] MISP-LEA information sharing community added. + [Alexandre Dulaunoy] +- [events:view] New UI feature allowing to collapse Attributes contained + inside an object. [Sami Mokaddem] + + - This comes with an MISP setting to configure this behavior at an instance-wide level +- [fatal error] logging added. [iglocska] + + - helps administrators to easily see what went wrong in terms of timeouts / oom issues +- [feed acl] changed for feeds that have visibility set to 1. [iglocska] + + - any user can now use open feeds to: + - browse the data + - preview individual events + - search the feed caches for the given feeds + - run overlap comparisons on them + + - For any feeds/server correlations that do not allow for users to see the contents + - correctly show the server wide opt-in correlations on local events as text, rather than non-functional links +- [feed] sync pull rule checks on manifest, fixes #9728. [iglocska] + + - added a new set of checks to rule out events from MISP feed pulls that do not match the filter rules + - should speed things up considerably + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump version. [Raphaël Vinot] +- [misp-stix] Bumped latest version. [Christian Studer] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [diagnostics] add Database/MysqlObserverExtended to valid data sources + list. [Jeroen Pinoy] +- [attributes/enrich] added to ACL. [iglocska] +- [community] misp-lea.org is actually vetted by us. [Alexandre + Dulaunoy] +- [PyMISP] Bump for testing. [Raphaël Vinot] +- [event:view] Small UI improvement for attribute's type in the object + row. [Sami Mokaddem] +- [events:view] Small UI tweak to prevent object name to wrap. [Sami + Mokaddem] +- [galaxy:galaxy-matrix] Respect order of tabs based on kill_chain_order + definition. [Sami Mokaddem] +- [analyst-data:relationship] Prevent self-referencing relationships. + [Sami Mokaddem] +- [analyst-data:view] Always return attached analyst-data. [Sami + Mokaddem] +- [analyst-data:capture] Recursively capture nested analyst-data. [Sami + Mokaddem] +- [component:CRUD] Added support of afterFind in the delete function. + [Sami Mokaddem] Fix ~~~ +- [feed settings] unpublish_event setting had the inverted effect, fixes + #9739. [iglocska] +- [JS] invalid comparison fixed. [iglocska] + + - 2jsirl4jsirl +- [tag search] fixed. [iglocska] +- [modules] /queryEnrichment endpoint fixed in modules controller - + correctly pass module data. [iglocska] + + - fixes #9758 +- [event fetcher] pop the tag filter after the first round of lookups. + [iglocska] + + - no need to add the - in effect same - condition twice. The set_tag_filters() function already returns the conditions on multiple hierarchical levels +- [tag search] fixes #1. [iglocska] + + - correctly break the execution for AND ed tag searches if at least one of the tags in the list doesn't exist + - correctly compare against the event_id field in the attribute_tags table, rather than the copy pasta error of Event.id +- [API] don't html encode JSON documents. [iglocska] + + - earlier fix broke shit + - sometimes we pass the type as json sometimes as application/json to the response class, which handles it cleanly - but the check only accounted for one case +- [security] changed menu_custom_right_link to CLI only. [iglocska] + + - allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise + - as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSC +- [galaxyClusters:restSearch] filter on org_id and orgc_id if param set. + [Jeroen Pinoy] +- [security] rest client additional sanitisation for non json responses. + [iglocska] + + - escape non json response bodies + - as reported by Nils Putnins from NCIA NCSC +- [security] changed menu_custom_right_link_html to CLI only. [iglocska] + + - allows a malicious / hijacked admin account to embed malicious js in every page otherwise + - as reported by Nils Putnins from NCIA NCSC +- [PyMISP] Fix the tests. [Raphaël Vinot] +- [Collections] path pluralisation fix inb acl check for collections, + fixes #9745. [iglocska] + + - no longer breaks collections index +- [event:view] Correctly handle first click on toggle attribute + visibility. [Sami Mokaddem] +- [audit-logs:eventIndex] Fixed pagination issue while viewing event + history. [Sami Mokaddem] + + Fix #9726 +- [event-report:publishing] Do not reset the event timestamp when + updating an event report. [Sami Mokaddem] +- [feeds] function name change not handled everywhere. [iglocska] +- [ACL] private function name convention not kept for a new function. + [iglocska] + + - causes the ACL self-test to complain about an accessible endpoint (which is a private function) +- [correlation] small fix for the preview_event. [iglocska] +- [server correlation UI] fixed link to index preview. [iglocska] +- [password reset] ACL fix. [iglocska] +- [ACL] fixed pre-auth dynamic function calls. [iglocska] - [server/feed] correlation bug. [iglocska] - too many correlating events makes MISP barf +- [bruteforceProtection] Avoid failing when wrong user name is used. + [Sami Mokaddem] Other ~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Christian Studer] +- Merge pull request #9764 from Wachizungu/add-mysqlobserverextended- + validdatasource. [Andras Iklody] + + chg: [diagnostics] add Database/MysqlObserverExtended to valid data s… +- Merge branch 'event_view_collapse' into develop. [iglocska] +- Merge branch 'develop' into event_view_collapse. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #9717 from Wachizungu/fix-galaxyclusters-org-orgc- + restsearch-param. [Andras Iklody] + + fix: [galaxyClusters:restSearch] filter on org_id and orgc_id if para… +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #9741 from schatzistogias/2.4. [Alexandre Dulaunoy] + + Updated git link +- Updated git link. [Stelios Chatzistogias] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'visible_feeds' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] - Merge pull request #9720 from schatzistogias/patch-1. [Alexandre Dulaunoy] Add Infoblox feed to defaults.json - Add Infoblox feed to defaults.json. [schatzistogias] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] v2.4.192 (2024-05-03) @@ -71,9 +237,6 @@ Changes - [UI] clicking on your user name should bring up the user profile, fixes #9708. [iglocska] - Set BrowscapPHP logging from default DEBUG to INFO. [Bradley Logan] -- [version bump] [iglocska] -- [config] Allow Oidc roles as string. [christianmg99] -- [config] Allow Oidc roles as string. [christianmg99] - [behavior:analystDataParent] Prevent double nesting analyst data when bulk fetching. [Sami Mokaddem] - [CLI] Simplify updating JSON structures. [Jakub Onderka] @@ -178,10 +341,6 @@ Other - Merge branch '2.4' into develop. [iglocska] - Merge branch '2.4' into develop. [Alexandre Dulaunoy] - Merge branch '2.4' into develop. [Alexandre Dulaunoy] -- Merge pull request #9695 from christianmg99/allow-oidc-roles-string. - [Jakub Onderka] - - chg: [config] Allow Oidc roles as string - Merge branch '2.4' into develop. [Sami Mokaddem] - Revert "Revert "new: [event:index] Added support of ANDed tag filtering in the backend"" [Sami Mokaddem] @@ -217,6 +376,9 @@ v2.4.191 (2024-04-22) Changes ~~~~~~~ +- [version bump] [iglocska] +- [config] Allow Oidc roles as string. [christianmg99] +- [config] Allow Oidc roles as string. [christianmg99] - [config] Set Oidc issuer. [Christian Morales Guerrero] Fix @@ -228,6 +390,10 @@ Fix Other ~~~~~ +- Merge pull request #9695 from christianmg99/allow-oidc-roles-string. + [Jakub Onderka] + + chg: [config] Allow Oidc roles as string - Revert "new: [event:index] Added support of ANDed tag filtering in the backend" [Sami Mokaddem]