chg: [blog] MISP 2.4.105 added

iglocska-patch-1
Alexandre Dulaunoy 2019-03-28 17:54:14 +01:00
parent 4f94e0e1a9
commit d8b34d5a66
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,28 @@
---
title: MISP 2.4.105 released (aka security fix for CVE-2019-10254)
layout: post
featured: /assets/images/misp/blog/distribution-graph.png
---
A new version of MISP ([2.4.105](https://github.com/MISP/MISP/tree/v2.4.105)) has been released to fix a security vulnerability CVE-2019-10254, minor improvements and a fix for STIX 1.1 files to be imported with additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
This release includes a security fix to a reflected XSS (CVE-2019-10254) in the default layout template as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity (Thanks to them!). We strongly recommend everyone to update to this version.
STIX import in 1.1 can now import STIX files with any additional namespaces (such as [CISCP](https://www.dhs.gov/cisa/cyber-information-sharing-and-collaboration-program-ciscp)).
# Improvements
- A new diagnostic to display the status of all the git sub-modules.
- Replaced the old non-cached export page with improved restSearch.
- Multiple improvements in the UI.
- Russian translation of the UI added.
- STIX 1.1 export fixed to set the adequate TLP marking.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automati
on.