Merge pull request #19 from dawid-czarnecki/2020-02-12-typo

fix: [blog] MISP 2.4.121 release typo
pull/21/head
Alexandre Dulaunoy 2020-02-14 22:56:00 +01:00 committed by GitHub
commit fecdd3685f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -13,7 +13,7 @@ A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.121)) ha
The new version includes fixes to a set of vulnerabilities, kindly reported by Dawid Czarnecki. For details, see the attached CVE information. The new version includes fixes to a set of vulnerabilities, kindly reported by Dawid Czarnecki. For details, see the attached CVE information.
- A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893) - A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893)
- ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8892) - ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8894)
- Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890) - Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890)
Whilst investigating the above, we have identified and resolved other issues with the brute force protection: Whilst investigating the above, we have identified and resolved other issues with the brute force protection: