From f78fa004ce6e1c127dcfa5253cbe6987cce4c1bd Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 23 Mar 2018 15:05:02 +0100
Subject: [PATCH] MISP release 2.4.89

---
 _posts/2018-03-23-MISP.2.4.89.released.md | 33 +++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100755 _posts/2018-03-23-MISP.2.4.89.released.md

diff --git a/_posts/2018-03-23-MISP.2.4.89.released.md b/_posts/2018-03-23-MISP.2.4.89.released.md
new file mode 100755
index 0000000..b8769ba
--- /dev/null
+++ b/_posts/2018-03-23-MISP.2.4.89.released.md
@@ -0,0 +1,33 @@
+---
+title: MISP 2.4.89 released (aka Event graph viewer/editor)
+layout: post
+featured: /assets/images/misp-small.png
+---
+
+A new version of MISP [2.4.89](https://github.com/MISP/MISP/tree/v2.4.89) has been released including a new MISP event graph viewer/editor, many API improvements and critical bug fixes (including security related bug fixes).
+
+We introduced a new functionality allowing analysts and MISP users to view objects and attributes via a graphical visualisation. The event graph view supports the ability to edit objects, attributes and create easily relationships. We foreseen many extensions to the event graph in the future.
+
+<div class="myvideo">
+   <video  style="display:block; width:100%; height:auto;" autoplay controls loop="loop">
+        <source src="{{ site.baseurl }}/assets/images/misp/video/event-graph.webm"  type="video/webm"  />
+   </video>
+</div>
+
+In addition to STIX 2.0, MISP now supports STIX 2.0 file format import from the UI. Significant improvements were made in the parsers for STIX 1.x and STIX 2.0 to support additional files. Don't hesitate to send us sample files which don't work as expected. Add a clarification in the STIX import to describe that the STIX format can be lossy compared to the MISP standard format.
+
+API was significantly improved including attribute UUID in attribute level restSearch, deleteAttributes API can now mass-delete and many improvements.
+
+Two security bugs were fixed:
+
+- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules.
+- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set.
+
+Another important fix was done on objects handling where in specific conditions could be overwritten. A recovery tool has been added in the diagnostics page.
+
+Tons of bug fixes and minor improvement were done. [Changelog](http://www.misp-project.org/Changelog.txt) contains the complete list of what's changed from version 2.4.88.
+
+We would like to thank all the contributors who helped to fix bugs, contributed new features or support us to release this version.
+
+MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule u
+pdate` and update galaxies, objects and taxonomies via the UI.