From fec8ad09db2a72e7b6ba45436b14ea67a31b7bdb Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Tue, 6 Feb 2024 13:55:48 +0100 Subject: [PATCH] chg: add small clarifications to 2.4.184 release page --- content/blog/MISP.2.4.184.released.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/blog/MISP.2.4.184.released.md b/content/blog/MISP.2.4.184.released.md index 08d2b1f..6c32f2e 100644 --- a/content/blog/MISP.2.4.184.released.md +++ b/content/blog/MISP.2.4.184.released.md @@ -10,15 +10,15 @@ MISP 2.4.184 released with performance improvements, security and bugs fixes. ## Improvements -- Speed up improvements in ssdeep correlation and many other part of MISP. Thanks to Jakub Onderka for the work on this. +- Speed up improvements in ssdeep correlation and many other parts of MISP. Thanks to Jakub Onderka for the work on this. - [objects] restsearch first/last seen filters added. -- [event:publication] Added new setting to block event publication if the user is the creator. -- [events:export] Make setting `MISP.disable_cached_exports` enabled by default. Since the /events/export has been marked deprecated for a years started the process to phase it out by first disabling the endpoint by default. The [MISP ReST search API](https://www.misp-project.org/openapi/) is the API to be used if you still have very old scripts relying on export. +- [event:publication] Added new setting to block event publication if the publishing user is the creator. +- [events:export] Make setting `MISP.disable_cached_exports` enabled by default. Since the /events/export has been marked deprecated for a years, we are starting the process to phase it out by first disabling the endpoint by default. The [MISP ReST search API](https://www.misp-project.org/openapi/) is the API to be used in the future if you still have very old scripts relying on export. We recommend to start making plans to rework those scripts. - [organisation:orgMerge] Added missing models for organisation handover ## Security fixes -A serie of security fixes were done in this release, the vulnerabilities are accessible to authenticated users especially with specific privileges like Org admin. We urge the users to update to this version especially if you have different organisations having access to your instances. +A series of security fixes were done in this release, the vulnerabilities are accessible to authenticated users, especially those with specific privileges like Org admin. We urge users to update to this version especially if you have different organisations having access to your instances. - [security] Improved security checks for organisation logo upload. (low) - [security] New auditlogs's fullChange lack of ACL controls. (medium)