2.2 KiB
| title | layout | featured |
|---|---|---|
| MISP 2.4.128 released (STIX import/export refactored release edition) | post | /assets/images/misp/blog/decay.png |
MISP 2.4.128 released
A new version of MISP (2.4.128) has been released with a significant refactoring of the STIX import/export, many improvements and bugs fixed.
STIX 2 and 1 major refactoring and improvements
A major refactoring of the STIX (version 1 and version 2) import/export has been performed by Christian Studer. We invite you to read the Changelog for the complete set of changes and improvements. The most significant change is the import of threat-actor, tools and alike. The import process now does an automatically mapping with potential existing galaxies. As an example, if a synonym of a threat-actor is found in the original STIX file, the import will add the existing MISP galaxy with the appropriate threat-actor. It also works with tags.
Security fix
- CVE-2020-14969 <= MISP 2.4.128 - app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.
New features
- [correlations] Enable CIDR correlations for ip-src|port and ip-dst|port types
- [widget] Authentication failure widget added to provide a dashboard from D4 project.
Many other improvements are documented in the complete changelog is available.
Acknowledgement
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.