Update 2020-09-21-MISP.2.4.132.released.md

_posts/2020-09-21-MISP.2.4.132.released.md

@@ -6,7 +6,7 @@ featured: /assets/images/misp/blog/d4_sshd_widget.png
 
 # MISP 2.4.132 released
 
-A new version of MISP ([2.4.132](https://github.com/MISP/MISP/tree/v2.4.132)) has been released with bugs fixed and an important [security](https://www.misp-project.org/security/) fix [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766).
+A new version of MISP ([2.4.132](https://github.com/MISP/MISP/tree/v2.4.132)) has been released with several bugs fixed including an important [security](https://www.misp-project.org/security/) fix [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766). 
 
 # Bugs fixed and updates
 
@@ -17,7 +17,11 @@ A new version of MISP ([2.4.132](https://github.com/MISP/MISP/tree/v2.4.132)) ha
 
 # CVE-2020-25766
 
-An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. Thanks to Michael Kerscher for report.
+An issue was discovered in MISP before 2.4.132. This could lead to an unwanted actions (such as an event deletion) being triggered. Thanks to Michael Kerscher for the report.
+
+It was discovered that under certain situations (resource exhaustion when retrieving sessions data for example), a user could incorrectly receive the login page as a response when paginating the event view's attribute list. This in itself should not cause any issues, but due to a bug in the login form's GET/POST exchange, the user actually having a valid session would instead retrieve the event index, on which the first form was submitted (which was an event deletion). In normal situations this is extremely rare and we have only identiefied a handful of such deletions on our most heavily used community instances.
+
+Version 2.4.133 will include a new diagnsotic tool that highlights deletions from the time period when the bug was active along with a recovery functionality.
 
 # Many bugs fixed and small improvements