new: 2.4.126 release omitted

pull/21/head
iglocska 2020-06-04 17:36:11 +02:00
parent 59ce26b9b6
commit f8f14b7916
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 35 additions and 0 deletions

View File

@ -0,0 +1,35 @@
---
title: MISP 2.4.126 released (Spring release edition)
layout: post
featured: /assets/images/misp/blog/dashboard.png
---
# MISP 2.4.126 released
A new version of MISP ([2.4.126](https://github.com/MISP/MISP/tree/v2.4.126)) has been released a while ago, though we have forgotten to publish a blog post about it - thanks to @coolacid for the reminder. This version includes a security fix and various quality of life improvements.
# Security fix - fixed XSS
Fixed a persistent XSS that could be triggered by correlating an attribute via the freetext import tool with an attribute that contains a javascript payload in the comment field. By hovering over the correlation, the analyst encoding the information would have the exploit triggered.
Thanks to @JakubOnderka for reporting it!
# Tool to generate the communities webpage
Being able to find the right communities is key when utilising MISP. Thanks to @cvandeplas for implementing this!
# experimental CLI only force pull method added
It allows an administrator to issue a special kind of pull via the API that overwrites the local data with that on the remote, no matter which one is newer. No additional data gets deleted, but modifications will get reverted to the remote's state. This tool is meant as a last resort if things have gone awry with unwanted local modifications.
# A host of quality of life fixes
A long list of improvements, fixes and new functionalities have been added, make sure to check out the changelog for an exhaustive list!
# Acknowledgement
We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html).
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.