Merge branch 'recordGDPR' of https://github.com/monarc-project/MonarcAppFO into recordGDPR

2019-06-18 10:12:29 +02:00 · 2019-06-18 10:12:29 +02:00 · a599150a36
parent ff22f0910e a5faabd03a
commit a599150a36
19 changed files with 87 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,32 @@ MONARC Changelog
 ================


+## 2.8.2 (2019-05-28)
+
+### New
+
+- the MONARC core objects (assets, threats, vulnerabilities and risks) are now
+  identified with UUIDs. We published the objects on the
+  [MONARC objects sharing platform](https://objects.monarc.lu). Risks from
+  the CASES models are also [available](https://objects.monarc.lu/schema/16);
+- Assets, threats, vulnerabilities, risks and referentials can be imported
+  in the knowledge base of your analysis from MOSP without leaving the MONARC
+  user interface.
+
+### Enhancement
+
+- Adding referential afterwards does not update the knowledge base
+  [#156](https://github.com/monarc-project/MonarcAppFO/issues/156).
+
+### Fix
+
+- Import analysis in 2.81, exported from 2.72, gives errors [#152](https://github.com/monarc-project/MonarcAppFO/issues/152);
+- Edit label of added Referentials does not work [#153](https://github.com/monarc-project/MonarcAppFO/issues/153);
+- Problem generating deliverable [#157](https://github.com/monarc-project/MonarcAppFO/issues/157);
+- Categories are duplicated in import [#158](https://github.com/monarc-project/MonarcAppFO/issues/158);
+- Getting prob & impacts on operational risks [#161](https://github.com/monarc-project/MonarcAppFO/issues/161).
+
+
 ## 2.8.1 (2019-04-24)

 ### New
--- a/INSTALL/INSTALL.rhel7.md
+++ b/INSTALL/INSTALL.rhel7.md
@ -121,4 +121,11 @@ Set file ownership for monarc installation
        Require all granted
    </Directory>

+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
    SetEnv APPLICATION_ENV "development"
--- a/INSTALL/INSTALL.ubuntu1604.md
+++ b/INSTALL/INSTALL.ubuntu1604.md
@ -42,6 +42,13 @@ Especially by setting a strong root password.
            Require all granted
        </Directory>

+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
        SetEnv APPLICATION_ENV "development"
    </VirtualHost>

--- a/INSTALL/INSTALL.ubuntu1804.md
+++ b/INSTALL/INSTALL.ubuntu1804.md
@ -5,7 +5,7 @@ Installation on Ubuntu 18.04

 ## Install the dependencies

-    $ sudo apt-get install vim zip unzip git gettext curl
+    $ sudo apt-get install vim zip unzip git gettext curl gsfonts

 Some might already be installed.

@ -42,6 +42,13 @@ Especially by setting a strong root password.
            Require all granted
        </Directory>

+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
        SetEnv APPLICATION_ENV "development"
    </VirtualHost>

--- a/README.md
+++ b/README.md
@ -92,4 +92,3 @@ These objects are available through the
 [MONARC Objects Sharing Plarform](https://objects.monarc.lu).
 If a specific author wants to license an object under a different license,
 a pull request can be requested.
-
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Last stable version of MONARC always provides security updates.
+
+## Reporting a Vulnerability
+
+If you think you have found a potential security issue in MONARC, do not open
+directly a GitHub issue. Please email us. You can contact
+[info@cases.lu](mailto:info@cases.lu).
+
+You can also specify how you would like to be credited for your finding
+(commit message, release notes or blog post for the new release). We will
+respect your privacy and will only publicize your involvement if you
+grant us permission.
--- a/VERSION.json
+++ b/VERSION.json
@ -1 +1 @@
-{"major":2, "minor":8, "hotfix":1}
+{"major":2, "minor":8, "hotfix":2}
--- a/config/autoload/local.php.dist
+++ b/config/autoload/local.php.dist
@ -93,6 +93,8 @@ return array(
        'from' => 'info@monarc.lu',
    ],

+    'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
    'terms' => 'https://my.monarc.lu/terms.html',

    'monarc' => array(
--- a/deliveries/cases/DE/3.docx
+++ b/deliveries/cases/DE/3.docx
--- a/deliveries/cases/EN/2.docx
+++ b/deliveries/cases/EN/2.docx
--- a/deliveries/cases/EN/3.docx
+++ b/deliveries/cases/EN/3.docx
--- a/deliveries/cases/FR/3.docx
+++ b/deliveries/cases/FR/3.docx
--- a/deliveries/cases/FR/4.docx
+++ b/deliveries/cases/FR/4.docx
--- a/deliveries/cases/FR/5.docx
+++ b/deliveries/cases/FR/5.docx
--- a/deliveries/cases/NE/2.docx
+++ b/deliveries/cases/NE/2.docx
--- a/deliveries/cases/NE/3.docx
+++ b/deliveries/cases/NE/3.docx
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "MONARC",
-  "version": "2.8.1",
+  "version": "2.8.2",
  "description": "MONARC Frontoffice App",
  "private": true,
  "repository": {
@ -10,8 +10,8 @@
  "author": "CASES",
  "license": "GNU Affero General Public License version 3",
  "dependencies": {
-    "ng_anr": "https://github.com/monarc-project/ng-anr#master",
-    "ng_client": "https://github.com/monarc-project/ng-client#master"
+    "ng_anr": "git+https://github.com/monarc-project/ng-anr.git#master",
+    "ng_client": "git+https://github.com/monarc-project/ng-client.git#master"
  },
  "devDependencies": {
    "grunt": "~1.0.3",
--- a/scripts/update-all.sh
+++ b/scripts/update-all.sh
@ -61,6 +61,11 @@ fi

 $gitcommand pull

+if [ $? != 0 ]; then
+       echo "A problem occurred while retrieving remote files from repository."
+       exit 1
+fi
+
 composercommand=`command -v composer`
 if [[ -z "$composercommand" ]]; then
 	if [[ ! -f "composer.phar" ]]; then
--- a/vagrant/bootstrap.sh
+++ b/vagrant/bootstrap.sh
@ -36,7 +36,7 @@ echo -e "\n--- Updating packages list… ---\n"
 apt-get update

 echo -e "\n--- Install base packages… ---\n"
-apt-get -y install vim zip unzip git gettext curl > /dev/null
+apt-get -y install vim zip unzip git gettext curl gsfonts > /dev/null

 echo -e "\n--- Install MariaDB specific packages and settings… ---\n"
 # echo "mysql-server mysql-server/root_password password $DBPASSWORD_ADMIN" | debconf-set-selections
@ -82,6 +82,7 @@ done
 echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
 a2enmod rewrite > /dev/null 2>&1
 a2enmod ssl > /dev/null 2>&1
+a2enmod headers > /dev/null 2>&1

 echo -e "\n--- Allowing Apache override to all ---\n"
 sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
@ -162,6 +163,13 @@ cat > /etc/apache2/sites-enabled/000-default.conf <<EOF
        Require all granted
    </Directory>

+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
    SetEnv APPLICATION_ENV $ENVIRONMENT
    SetEnv APP_DIR $PATH_TO_MONARC
 </VirtualHost>
@ -230,9 +238,11 @@ return array(
            'from' => 'info@monarc.lu',
    ],

+    'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
    'monarc' => array(
        'ttl' => 60, // timeout
-        'salt' => '', // salt privé pour chiffrement pwd
+        'salt' => '', // private salt for password encryption
    ),
 );
 EOF