MISP

Changelog

v2.4.153 (2022-02-04)

New

- [UI] Show TLS version for server test. [Jakub Onderka]
- [security] Check TLSv1.3 connection. [Jakub Onderka]
- [oidc] Add new option: OidcAuth.authentication_method. [Jakub Onderka]
- [oidc] Add support for jakub-onderka/openid-connect-php OIDC fork.
  [Jakub Onderka]
- [CLI] admin configLint. [Jakub Onderka]
- [security] Allow to specify min_tls_version. [Jakub Onderka]
- [security] securityAuditTls. [Jakub Onderka]
- [CLI] Security audit. [Jakub Onderka]
- [form factory] added a div field type. [iglocska]

  - allows to create parametrised divs for additional placeholders
  - parameters are id, class, style, to be extended when needed
- [test] New audit. [Jakub Onderka]

Changes

Fix

- [language] fix (exception text) [iglocska]
- [internal] Array to string conversion. [Jakub Onderka]
- [misp-stix] Same errors handling for STIX1 as it recently has been
  pushed for STIX2. [chrisr3d]
- [API key] shown on automation page when using classic keys. [iglocska]
- [misp-stix] Bumped latest version with enhanced parsing of objects
  which encountered parsing errors. [chrisr3d]

  - Instead of simply storing the error message, we
    also convert those objects as STIX Custom objects
- [misp-stix] Bumped latest version with a better exceptions handling
  for file, pe & pe-section objects converted to STIX2 file objects with
  a pebinary extension. [chrisr3d]
- [stix export] Fixed wrong indentation causing variable name errors.
  [chrisr3d]
- [misp-stix] Bumped latest version with a quick fix on Tags handling as
  STIX2 markings. [chrisr3d]
- [misp-stix] Bumped latest version with some fixes on the tags parsing.
  [chrisr3d]
- [internal] testForCABundle should return true. [Jakub Onderka]
- [stix] STIX test. [Jakub Onderka]
- [internal] Syntax error in PHP 7.2. [Jakub Onderka]
- [test] Do not force libpcre2 installation. [Jakub Onderka]
- [setting] Default value for MISP.require_password_confirmation is
  false. [Jakub Onderka]
- [appController:loginByAuthkey] Skip authentication with basic
  authorization. [Sami Mokaddem]

  Fix #7576.
  Basic Auth might happen for some setup where the authentication is performed by another component such as LDAP.
  For these cases, the Authorization header is present and contains the Basic Auth data used by the authentication plugin. Before this patch, MISP failed to resolve the API key to a user and threw a 403. This was because MISP detected the presence of the Authorization header which triggered an authentication by Authkey that would always fail as the content is not a valid API key.
- [event add] resolved notice error when viewing the event add form.
  [iglocska]

  - converted the html div added as a field to a proper factory field
- [audit] Send IP address to ZMQ in full form. [Jakub Onderka]
- Supervisord_status showing as a worker when its not. [Luciano
  Righetti]
- [CLI] Authkey valid - reconnect in case of failure. [Jakub Onderka]
- Fix: add flag to update deps as suggested by @hlijan. [Luciano
  Righetti]
- Bug defaulting source_format instead of fixed_event on /feeds/add
  endpoint. [Luciano Righetti]
- [UI] Fix authkey field type. [Jakub Onderka]
- [internal] Closing session for statistics. [Jakub Onderka]
- Fix: unix timestamps should have a @ prefix. [Luciano Righetti]
- Make SimpleBackgroundJobs work on RHEL 7 with
  supervisorphp/supervisor:^3.0. [Richard van den Berg]
- Change simple bg jobs settings to critical, fix notice in server
  shell. [Luciano Righetti]
- [stix1 export] Removed unused imports. [chrisr3d]
- [stix2 import] Fixed wrong variable name. [chrisr3d]
- [misp-stix] Bumped latest fixed version of the library. [chrisr3d]

  - Includes fixes on the usage of orgnames during
    a STIX 1 export:
    - The orgname used to define the information
      source and the reporter identity remains
      the same
    - The orgname used to define every STIX object
      id is sanitized to comply with the STIX
      validation process
- [CI] libpcre2 issue. [Alexandre Dulaunoy]
- Error later on when json enconding a binary repr ipv6. [Luciano
  Righetti]
- [i18n] Typo. [Steve Clement]
- [typo] check - not chech. [Steve Clement]
- [galaxyclusters] view by uuid fixed. [iglocska]
- [typo] tagID. [Steve Clement]
- Fix: unix timestamps should have a @ prefix. [Luciano Righetti]

Other

v2.4.152 (2021-12-22)

New

- [CLI] user authkey_valid command. [Jakub Onderka]
- [tag] Generate predictable tag color. [Jakub Onderka]
- [server:synchronisation] Type filtering during PULL synchronisation.
  [Sami Mokaddem]
- [event-timeline] Support of image attachments. [Sami Mokaddem]
- [CLI] Get authkey info by `cake user authkey` [Jakub Onderka]
- [securityAudit] Check expose_php setting. [Jakub Onderka]
- [test] Exports. [Jakub Onderka]
- [securityAudit] Check if xdebug is enabled. [Jakub Onderka]
- [bg] Support unix socket for supervisord. [Jakub Onderka]
- [internal] Use pubToZmq to check if publish to ZMQ. [Jakub Onderka]

Changes

Fix

- [stix1 export] Ordering object types to avoid validation issues.
  [chrisr3d]

  - STIX validator seems to dislike `Observables`
    objects coming after `Indicators`, so we put
    the object types in the order they are presented
    in the documentation
- [event:checkDistributionForPush] typos. [Richard van den Berg]
- [event:uploadEventSightingsToServersRouter] use Event model for
  Sighting context. [Richard van den Berg]
- [event:uploadEventSightingsToServersRouter] allow sightings to be
  pushed upstream. [Richard van den Berg]
- [server:add] Pass the correct variables to the view. [Sami Mokaddem]
- [event:push] Unset attribute before processing it and nesting typo.
  [Sami Mokaddem]
- [server:pull] Typo in objectAttribute filtering. [Sami Mokaddem]
- [server:edit] Extra field in group by leading to object duplication.
  [Sami Mokaddem]
- [server:edit] Typo synchronisation. [Sami Mokaddem]
- [server:pull] Typo while unsetting attribute blocked by filtering
  rule. [Sami Mokaddem]
- [events:synchronisation] debug and typos. [Sami Mokaddem]
- [servers:edit] Capture filtering freetext tags for PUSH. [Sami
  Mokaddem]
- [tools:timeline] Usage of correct UUID and disabled polling
  extrapolation. [Sami Mokaddem]

  This half baked feature was making thing confusing for the users. If we ever need it implemented it should be something more robust and configurable.
- Do not try to autocomplete with users authkey. [Luciano Righetti]
- Publishtimestamp defaults. [Luciano Righetti]
- Array to string notice. [Luciano Righetti]
- Typos, bump js version. [Luciano Righetti]
- Datetime format. [Luciano Righetti]
- Revert change. [Luciano Righetti]
- Use from/until input in UI filters. [Luciano Righetti]
- Notice when filter is array. [Luciano Righetti]
- Show error message instead of fatal error when diagnostics tool fails
  to run. [Luciano Righetti]
- [UI] Ajax forms lose persistence. [iglocska]

  - generic Form builder now has the persistence baked in
  - capture all form fields' data before submiting as expected
- [feeds] i18n some strings. [iglocska]
- [feeds] preview attribute distribution. [iglocska]

  - escape sharing group name
- Wrong params. [Luciano Righetti]
- Improve error handling when supervisor is not available or connection
  settings are wrong. [Luciano Righetti]
- [internal] Fixes #7961. [Jakub Onderka]
- [UI] Adding attributes to object. [Jakub Onderka]
- [tools:backgroundjob] Support of legacy systems (3) [Sami Mokaddem]
- [tools:backgroundjob] Support of legacy systems (2) [Sami Mokaddem]
- [backgroundjob] Support of legacy system. [Sami Mokaddem]
- [test] Ignore beforeRender function. [Jakub Onderka]
- [internal] Deleting events. [Jakub Onderka]
- [internal] Old style view class. [Jakub Onderka]
- [security] Disable caching of images. [Jakub Onderka]
- [CLI] Show error when calling methods for managing workers when
  SimpleBackgroundJobs are enabled. [Jakub Onderka]
- [internal] Fix checking if system is Linux. [Jakub Onderka]
- [internal] User ProcessTool for selfTest. [Jakub Onderka]
- [auditlog] Array converted to const. [Jakub Onderka]
- [auditLog] Warning when deleting event. [Jakub Onderka]
- [internal] Remove UrlCache. [Jakub Onderka]
- ServerShell fails if SimpleBackgroundJobs config does not exists.
  [Luciano Righetti]
- Update dep for fixing php74 build. [Luciano Righetti]
- [misp-stix] Bumped latest version with up-to-date dependencies &
  requirements. [chrisr3d]
- [stix export] Added parameters to the temporary files deleting
  function. [chrisr3d]

  - Can delete output files when we get an exception
    from the python scirpt
  - Can delete a specific list of files that are not
    suffixed with a '.out' extension, like it is the
    case for attributes collections export as STIX 1
- [stix export] Removed unused variables. [chrisr3d]
- [stix export] Copy paste issue from merge conflict handling.
  [chrisr3d]
- [stix1 export] Syntax typo from merge conflict handling. [chrisr3d]
- [API] downloadAttachment API user object fetching fixed. [iglocska]

  - user is already in session, just reuse it
- [feeds] pulling freetext feed sets attribute distribution, fixes
  #7992. [iglocska]

  - should just inherit the event's setting
  - when using sharing groups this becomes a serious issue
- [audit] fix user modifications not working with the modern audit log.
  [iglocska]

  - trying to get the old state of non persistent form fields breaks
- [stix1 export] Removed debugging print. [chrisr3d]
- [stix2 export] Added the required traceback parameter to the
  `print_tb` call. [chrisr3d]
- [upload_stix] Going back to the previous  way of handling files before
  we properly merge `develop` and this branch together. [chrisr3d]

  - The publish flag added in `develop` remains here
    but we come back to the previous way of handling
    the input file, like before we cherry-picked the
    commit containing the changes concerning the
    publish flag.
- [misp-stix] Bumped latest version. [chrisr3d]
- [stix export] Removing traceback parsing since it is handled in
  stderr. [chrisr3d]
- [stix export] Keeping traceback messages for the logs. [chrisr3d]
- [stix export] Making sure the error message is displayed when there is
  no input file. [chrisr3d]
- [stix1 export] Indentation issues caused STIX1 result files not to be
  written. [chrisr3d]
- [stix export] Displaying errors with their traceback. [chrisr3d]
- [stix2 export] Removed unnecessary loop split. [chrisr3d]
- [stix2 export] Removed separator that should not be set here.
  [chrisr3d]
- [stix export] Typo on a class variable. [chrisr3d]
- [stix export] Better galaxies & clusters handling when dealing with
  attributes collections. [chrisr3d]

  - We skip some fields from galaxies and clusters,
    as well as adding the event timestamp that is
    going to be used when exporting event galaxies

Other

v2.4.151 (2021-11-23)

New

- [internal] Faster caching. [Jakub Onderka]
- [user] Add sub field for user. [Jakub Onderka]
- [CLI] For redisMemoryUsage show also server cache size. [Jakub
  Onderka]
- Support existing worker controls via supervisor api. [Luciano
  Righetti]
- Add default config for new background jobs (disabled). [Luciano
  Righetti]
- [CLI] Redis memory usage diagnostics. [Jakub Onderka]
- [CLI] admin reencrypt command. [Jakub Onderka]
- [security] Store authkeys for servers encrypted. [Jakub Onderka]
- [UI] Define custom right menu link. [Jakub Onderka]
- [CLI] Allow to set setting value to `null` [Jakub Onderka]
- [internal] Save to config file just what was in file. [Jakub Onderka]
- [internal] encryption_key config. [Jakub Onderka]
- [internal] Fix when authkey is invalid. [Jakub Onderka]
- [internal] BetterSecurity tool. [Jakub Onderka]
- [setting] Allow to encrypt setting. [Jakub Onderka]
- [setting] Add new MISP.system_setting_db setting. [Jakub Onderka]
- Store system settings in database. [Jakub Onderka]
- [MISP fetcher] added to create an offline update package. [iglocska]
- [doc] Initial php8.0 and Ubuntu 22.04. [Steve Clement]
- [test] test_add_duplicate_tags. [Jakub Onderka]
- [test] test_log_new_audit. [Jakub Onderka]
- [test] test_restsearch_event_by_tags. [Jakub Onderka]
- [settings] Allow to use ThreatLevel.name for alert filter. [Jakub
  Onderka]
- [API] Return JSON for server index preview. [Jakub Onderka]
- [CLI] New task for removeOrphanedCorrelations and optimiseTables.
  [Jakub Onderka]
- [attribute type] ssh-fingerprint - a fingerprint of SSH key material.
  [Alexandre Dulaunoy]
- [attribute type] ssh-fingerprint - a fingerprint of SSH key material.
  [Alexandre Dulaunoy]
- [test] test_deleted_attributes. [Jakub Onderka]
- [CLI] Assign UserSetting to list output. [Jakub Onderka]
- [oidc] User setting for oidc metadata. [Jakub Onderka]
- [test] test_delete_event_blocklist. [Jakub Onderka]
- [sync] Server sync logging. [Jakub Onderka]
- [test] test_search_index_by_all. [Jakub Onderka]

Changes

Fix

- [tools:backgroundjob] Support of legacy systems (3) [Sami Mokaddem]
- [tools:backgroundjob] Support of legacy systems (2) [Sami Mokaddem]
- [backgroundjob] Support of legacy system. [Sami Mokaddem]
- Update dep for fixing php74 build. [Luciano Righetti]
- ServerShell fails if SimpleBackgroundJobs config does not exists.
  [Luciano Righetti]
- [internal] Attaching cluster. [Jakub Onderka]
- [systemSetting] Check if database exists. [Jakub Onderka]
- [internal] Try to create directory if not exist. [Jakub Onderka]
- [user creation] don't show old style API key in the UI if advanced
  authkeys are enabled. [iglocska]

  - confusing and unusable anyway
- [user creation] Don't create an advanced authkey by default when
  creating a new user. [iglocska]

  - nobody will see the initial key, users can always create API keys for themselves
- [internal] Remove redundant condition. [Jakub Onderka]
- [internal] Correctly count matched attributes. [Jakub Onderka]
- [internal] Skip empty line. [Jakub Onderka]
- [internal] Update JSON. [Jakub Onderka]
- [internal] Param order. [Jakub Onderka]
- [internal] Private property access. [Jakub Onderka]
- [CLI] redisMemoryUsage. [Jakub Onderka]
- [UI] Correct attaching cache timestamp to server. [Jakub Onderka]
- [internal] Remove unused MISP.cached_attachments setting. [Jakub
  Onderka]
- Wrong default. [Luciano Righetti]
- Wrong default. [Luciano Righetti]
- Allow start worker by queue type. [Luciano Righetti]
- Issues when worker is stopped, allow null pid and user in worker
  class. [Luciano Righetti]
- Do not fail on process_id=null. [Luciano Righetti]
- Class not found issue. [Luciano Righetti]
- Bad merge. [Luciano Righetti]
- Minor cs issues. [Luciano Righetti]
- Revert bad merge. [Luciano Righetti]
- Fix typo. [Luciano Righetti]
- Replace splat operator, follow cake 2.x private methods naming.
  [Luciano Righetti]
- Change expected db version. [Luciano Righetti]
- Wrong update query. [Luciano Righetti]
- Use class registry to get job class. [Luciano Righetti]
- Add missing jobId param to enqueue() calls. [Luciano Righetti]
- Fix get worker status. [Luciano Righetti]
- Handle job status not found. [Luciano Righetti]
- Fix typo. [Luciano Righetti]
- Return correct X-Result-Count value in /attributes/restSearch.
  [Luciano Righetti]
- [CLI] fixes to the appshell. [iglocska]

  - always load the configload task
- [CLI/background jobs] reverted removal of perform command. [iglocska]
- [email OTP] subject tag fixed. [iglocska]

  - [MISP foo] to [foo MISP] to be aligned with other e-mails
- [doc] Added missing misp-stix to the documentation. [Steve Clement]
- [schema] updated. [iglocska]
- [internal] Remove unused helper. [Jakub Onderka]
- [internal] Remove potentially problematic and non functional
  searchAlternate. [Jakub Onderka]
- [config] Remove not used Attributes_Values_Filter_In_Event. [Jakub
  Onderka]
- [internal] Fetching clusters. [Jakub Onderka]
- [tags] enforce local_only check on backend. [Loïc Fortemps]
- [API] Object reference view. [Jakub Onderka]
- [auditlog] Fetch event_id when necessary. [Jakub Onderka]
- [API] Do not allow same tags for one object (local/global) [Jakub
  Onderka]
- [internal] Attaching tags to attachment attribute. [Jakub Onderka]
- [test] Permission for workers. [Jakub Onderka]
- [API] Exception value. [Jakub Onderka]
- [API] UserSetting::getSetting method. [Jakub Onderka]
- [API] Deleting user setting. [Jakub Onderka]
- [UI] Ignore harvest exception. [Jakub Onderka]
- [UI] Correct link to focus. [Jakub Onderka]
- [API] Remove default filters for viewEventAttributes. [Jakub Onderka]
- [UI] Element name. [Jakub Onderka]
- [UI] Filtering attribute when distribution is zero. [Jakub Onderka]
- [UI] Feed hits. [Jakub Onderka]
- [UI] Add link to full attribute. [Jakub Onderka]
- [validation] Correctly validate filename|tlsh attribute. [Jakub
  Onderka]
- [internal] removeOrphanedCorrelations. [Jakub Onderka]
- [internal] Filename|xxx could not contain new line char. [Jakub
  Onderka]
- [internal] named pipe validation. [Jakub Onderka]
- [internal] Remove unreachable code. [Jakub Onderka]
- [internal] Simplify Attribute code. [Jakub Onderka]
- [API] Simplify some validations. [Jakub Onderka]
- [cti-python-stix2] Correctly bumped latest version... [chrisr3d]
- [cti-python-stix2] Correctly bumped latest version... [chrisr3d]
- [database] upgrade script using mb4 defaulted to 255 key length.
  [iglocska]

  - default should be 191
- [API] Faster assigning objects and attributes to references. [Jakub
  Onderka]
- [internal] Do not duplicate column. [Jakub Onderka]
- [API] Simplify linking proposals to attributes. [Jakub Onderka]
- [API] Simplify fetchEvent code. [Jakub Onderka]
- [internal] Attaching servere/feed correlation to proposals. [Jakub
  Onderka]
- [internal] Proposal validation. [Jakub Onderka]
- [schema] Modify User.change_pw column to boolean. [Jakub Onderka]
- [internal] No exception when db logs are disabled. [Jakub Onderka]
- [UI] Correct values for deleted attribute filtering. [Jakub Onderka]
- [github actions] For the tests purpose, installing the stix1 python
  library from the submodule. [chrisr3d]
- [gitignore] Removed directories related to python libraries.
  [chrisr3d]
- [stix python install] Added STIX python dependencies to the install.
  [chrisr3d]
- [validation] TLSH new format validation added. [iglocska]

  - ffs
- [internal] Do not allow deleting SG when object or event reprot is
  assigned to that SG. [Jakub Onderka]
- [internal] Prevent duplicate org for sharing group. [Jakub Onderka]
- [CLI] Cluster publishing. [Jakub Onderka]
- [UI] Active rules value. [Jakub Onderka]
- [UI] Event filtering. [Jakub Onderka]
- [ui] Do not call checkAndSetPublishedInfo when no need. [Jakub
  Onderka]
- [UI] Correctly handle links to related events. [Jakub Onderka]
- [UI] Broken tag attaching. [Jakub Onderka]
- [internal] Deleting events. [Jakub Onderka]
- [internal] Try to prevent deadlocks when updating event attribute
  count. [Jakub Onderka]
- [internal] Fetch event index in CSV. [Jakub Onderka]
- [test] Fix event index tests. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [stix-export] Delete tmp files. [Jakub Onderka]
- [index] Org condition. [Jakub Onderka]
- [index] Remove all virtual fields. [Jakub Onderka]
- [API] Fix fetching events by org UUID. [Jakub Onderka]
- [event index] search by org fixed when using string names, fixes
  MISP/PyMISP#799. [iglocska]

Other

v2.4.150 (2021-10-12)

New

- [test] Build test. [Jakub Onderka]

Changes

Fix

- [attribute index] fixed attribute tag widget. [iglocska]

  - notice errors due to missing variables in the closure
- [attribute index] fix galaxy widget for the attribute index.
  [iglocska]

  - notice errors when logged in as a user
- [attribute index] action ACL fixed. [iglocska]
- Incorrect sort keys. [Luciano Righetti]
- [internal] withCredentials property was added into $.ajaxSetup() to
  get rid of 403 and 302 responses. [MrBoba]
- [internal] Fix saving tags. [Jakub Onderka]
- [log] Undefined index local. [Jakub Onderka]
- [internal] Remove unused SharingGroup::getSGSyncRules method. [Jakub
  Onderka]
- [internal] Remove unused Event::checkIfAuthorised method. [Jakub
  Onderka]
- [internal] Deleting event propagation to ZMQ and Kafka. [Jakub
  Onderka]
- [shell] EventShell::contactemail command. [Jakub Onderka]
- [community-metadata] Fix typos and improve wording. [Jeroen Pinoy]
- [API] Return correct error message if event is blocklisted. [Jakub
  Onderka]
- [attribute] Use `filename-pattern` [Jakub Onderka]
- [internal] Server save setting file. [Jakub Onderka]
- [stix1 export] Removed unnecessary write. [chrisr3d]

Other

v2.4.149 (2021-10-09)

New

- [internal] Store MISP live status also in Redis. [Jakub Onderka]
- [internal] OrgBlocklist::removeBlockedEvents. [Jakub Onderka]
- [internal] Method Job::createJob. [Jakub Onderka]
- Support for BECH32 (P2WPKH) BTC address. [Jakub Onderka]
- [CLI] UserShell::ip_user command. [Jakub Onderka]
- [CLI] New tasks that will check if Redis is available. [Jakub Onderka]
- Add more /taxonomies/* endpoints api docs. [Luciano Righetti]
- Add openapi docs for /users_settings/* endpoints. [Luciano Righetti]
- [shell] Tag merging. [Jakub Onderka]
- [event:notification] Added email notification ban system based on
  users triggering the notification. [mokaddem]
- [cerebrate:pull_sg] Pull sharing groups from a cerebrate instance.
  [mokaddem]
- [UI] Allow to filter attributes by specific warninglist. [Jakub
  Onderka]
- [CLI] User shell. [Jakub Onderka]
- [oidc] Allow to automatically unblock user after successful login.
  [Jakub Onderka]
- [security] Disable browser autocomplete for authkeys field. [Jakub
  Onderka]
- [export:host] RestSearch export for blackholing via host file.
  [mokaddem]
- [warninglist] Assign warninglist comment. [Jakub Onderka]
- [sighting:add] Ability to provide filtering parameters when adding
  sightings for specific values Fix #7669. [mokaddem]
- [API] Allow to delete multiple events by UUID. [Jakub Onderka]
- [test] Test more endpoints in sync test. [Jakub Onderka]
- [API] Allow more granular specification what data to return when
  viewing event. [Jakub Onderka]
- [test] Push to remote server. [Jakub Onderka]
- [test] Sync. [Jakub Onderka]

Changes

Fix

- [misp-stix] updated to the latest version (incorrect submodule)
  [Alexandre Dulaunoy]

  Fix #7812
- Sharing groups dropdown not showing when adding a feed with
  distribution set to sharing group. [Luciano Righetti]
- [misp-stix] Bumped latest version. [chrisr3d]
- [github actions] removed the cti stix installation as it's no longer
  there. [iglocska]
- [github actions] removed the cti stix installation as it's no longer
  there. [iglocska]
- [stix2 import] Using path to import the stix2 python library.
  [chrisr3d]
- [stix1 export] Added the required stix python library path for their
  import. [chrisr3d]

  - Support of the coming changes to use paths instead
    of maintaining the pip updates
- [stix1 import] Quick fix due to some recent changes library changes
  and the support of STIX 1.2. [chrisr3d]
- [stix export] Aligning path of the STIX2 python library to following
  its recent location change. [chrisr3d]
- [stix export] Added all the needed paths to load the required python
  libraries. [chrisr3d]
- [misp-stix] Bumped latest version with a quick fix on email objects
  export as STIX 2.0 & 2.1. [chrisr3d]
- [diagnostic] Updated stix2 python library requirements. [chrisr3d]
- [stix1 export] Removed debugging prints. [chrisr3d]
- [stix export] Quick single line php `if else` command clean-up.
  [chrisr3d]
- [gitmodules] Added current misp-stix branch. [chrisr3d]
- [misp-stix] Dumped latest MISP-STIX Converter version. [chrisr3d]
- [log] Do not call callbacks when deleting. [Jakub Onderka]
- [users] adding/modifying users fails silently for org admins if domain
  restriction checks fail. [iglocska]
- [organisations] correctly handle a list of org domain restrictions.
  [iglocska]
- [internal] Bad merge. [Jakub Onderka]
- Incorrect check for alertemail and publishSightings event commands.
  [Luciano Righetti]
- Incorrect check for publish event command. [Luciano Righetti]
- [shells] Sync improved cmd line help to 9d7da310. [Matjaz Rihtar]
- [shells] Additional command line help. [Matjaz Rihtar]
- [refanging] Fix test for commit b7733615. [Matjaz Rihtar]
- [shells] Fixed/improved command line help. [Matjaz Rihtar]
- [eventReport:contextExtraction] Make sure the cluster's value has
  enough characters before trying to perform the replacement. [mokaddem]
- [stix1 import] Fixed STIX header call that made the classification of
  the STIX file always being external. [chrisr3d]

  - `from_misp` variable was always False since the
    try / catch to get the title always raised an
    exception with `event.header` being an invalid
    attribute. The valid one is `event.stix_header`
- [internal] Better error handling when uploading STIX file. [Jakub
  Onderka]
- [internal] Undefined offset in AppController. [Jakub Onderka]
- Wrong input name. [Luciano Righetti]
- Add missing translation function. [Luciano Righetti]
- Remove CRUDComponent usage. [Luciano Righetti]
- Add missing new line. [Luciano Righetti]
- Remove CRUDComponent usage to mantain same api response. [Luciano
  Righetti]
- [eventReport:contextExtraction] Make sure the cluster's value has
  enough characters before trying to perform the replacement. [mokaddem]
- [internal] Modifying domain|ip attribute. [Jakub Onderka]
- [misp-retention] use update_tag. [Richard van den Berg]
- Bug correlation exclusion comment overriding value. [Luciano Righetti]
- [internal] Sending external e-mail. [Jakub Onderka]
- [UI] Fix link to user profile. [Jakub Onderka]
- [taxonomies] disabling tags via API call failed. [iglocska]
- [taxonomies] enabling breaks on POST request if named parameters
  aren't used. [iglocska]
- [Taxonomy] search for taxonomy by namespace when accessing
  /taxonomies/view. [iglocska]
- [internal] Argument parsing for testEventNotificationEmail command.
  [Jakub Onderka]
- [object] validation and modification fixes. [iglocska]

  - require certain metafields to be set (such as template uuid, template version, etc)
  - allow editing for unknown templates / no templates via the API (was previously incorrectly blocked / generated notices due to some UI related functionalities being triggered)
- [acl] Added routes in ACL. [mokaddem]
- [internal] Remove ssdeep data when deleting attribute. [Jakub Onderka]
- [internal] Filtering warninglist in objects. [Jakub Onderka]
- [UI] Warninglist order. [Jakub Onderka]
- [internal] Typo. [Jakub Onderka]
- Add missing requestBodies to servers endpoint. [Luciano Righetti]
- [internal] Fetching filter rules. [Jakub Onderka]
- [sync] Fix pulling sightings. [Jakub Onderka]
- [sync] Pushing sightings. [Jakub Onderka]
- [ACL] queryAvailableSyncFilteringRules is required just for site
  admins. [Jakub Onderka]
- [security] Check permission when viewing shadow attribute picture.
  [Jakub Onderka]
- [internal] Code cleanup. [Jakub Onderka]
- [API] Deprecation header. [Jakub Onderka]
- Fix query to make it work on all supported db engines. [Luciano
  Righetti]
- [tools] fixed gen_misp_types_categories script. [Christophe Vandeplas]
- Fix broken queries on postgres. [Luciano Righetti]
- [eventReport:reprotFromEvent] Make sure filtering condition are not
  empty. [mokaddem]
- [UI] Warninglist form. [Jakub Onderka]
- [event:filter_value] Allow searching for multiple values. [mokaddem]
- [db_schema] Fixed column default value for audit_log table - Fix
  #7662. [mokaddem]
- [event:view] Attribute filtering widget `deleted` parameter
  inconsistency. [mokaddem]

  - Potentially fix #7594
- [log] Array to string conversion. [Jakub Onderka]
- [API] Boolean options in index filter conditions. [Jakub Onderka]
- [internal] Shadow attributes don't have tags. [Jakub Onderka]
- [acl] Bumped ACL. [mokaddem]

Other

v2.4.148 (2021-08-05)

New

- [test] Check schema diagnostics in CI. [Jakub Onderka]
- [citation-cff] added. [Alexandre Dulaunoy]
- [citation-cff] added. [Alexandre Dulaunoy]
- [test] Security test for publishing events. [Jakub Onderka]

Changes

Fix

- [js] Show correct error message for get remote version. [Jakub
  Onderka]
- [UI] Show correct error message for get remote user. [Jakub Onderka]
- [sync] Fetching remote server version. [Jakub Onderka]
- [schema] audit_logs.authkey_id columns should be nullable. [Jakub
  Onderka]
- [zmq] Add missing `misp_json_warninglist` topic to Python script.
  [Jakub Onderka]
- [API] Undefined index when just last_seen is set. [Jakub Onderka]
- [afterHook] for setting changes wasn't returning true, fixes 7477.
  [iglocska]

  - this caused the CLI setting change to error out
- [stix2misp] Use describeTypes from PyMISP. [Jakub Onderka]
- [security] Stored XSS when viewing galaxy cluster relationships - As
  reported by Dawid Czarnecki. [mokaddem]
- [security] Stored XSS when viewing galaxy cluster elements in JSON
  format. [mokaddem]
- [compatibility] several scoped constants reverted. [iglocska]
- [proposal alert email] function call fixed. [iglocska]

Other

v2.4.147 (2021-07-27)

New

- [sync] When saving sightings, push just new sightings. [Jakub Onderka]
- [sync] When pushing event, upload sightings by another call. [Jakub
  Onderka]
- [sync] Filter out existing sightings if remote sever supports that
  method. [Jakub Onderka]
- [sync] Method for filtering out existing sightings. [Jakub Onderka]
- [API] Taxonomy export. [Jakub Onderka]
- [misp2stix2] Return traceback for error. [Jakub Onderka]

Changes

Fix

- [test] Set expected config for security tests. [Jakub Onderka]
- [test] Check if user is logged. [Jakub Onderka]
- [config defaults] unset the default python bin path. [iglocska]
- [config defaults] changed default attachment storage. [iglocska]
- [Userinit] create advanced auth key when needed. [iglocska]
- [config] Fixed indentation. [mokaddem]
- [test] Redis password can be empty. [Jakub Onderka]
- [test] After CLI setSetting change. [Jakub Onderka]
- [security] Stored XSS when forking a galaxy cluster As reported by
  Giuseppe Diego Gianni. [mokaddem]
- [posts] add org field to email job. [iglocska]
- Add missing newline. [Luciano Righetti]
- Rename container div. [Luciano Righetti]
- Add mass selector for deleting event blocklists. [Luciano Righetti]
- Remove old copy. [Luciano Righetti]
- Add view action to index templates. [Luciano Righetti]
- [internal] Remove unused variable. [Jakub Onderka]
- [API] Remove duplicate objects from warninglist. [Jakub Onderka]
- [internal] Remove unused variable. [Jakub Onderka]
- Add missing search parameters for [POST]/events/index. [Luciano
  Righetti]
- [UI] Do not use inline JS. [Jakub Onderka]
- [API] Always return bool for perm fields in getVersion response.
  [Jakub Onderka]
- Nest noticelist entries inside Noticelist property. [Luciano Righetti]
- Add noticelist entries in view response. [Luciano Righetti]
- Undefined index notice when enable/disable noticelist. [Luciano
  Righetti]
- Remove unsused field. [Luciano Righetti]
- Merge develop branch. [Luciano Righetti]
- Fix ui issues on multiple views. [Luciano Righetti]
- Add missing input descriptions. [Luciano Righetti]
- Fix pr comments: add warning notice for local feeds disabled on
  feeds/add, fix various ui elements. [Luciano Righetti]
- Add missing refresh to feed pull rules. [Luciano Righetti]
- Fix issue when adding attribute, add optionalField class to inputs.
  [Luciano Righetti]
- Fix pr comments: replace whitelist->allowlist, checkbox label inline,
  add missing feed fields for csv and freetext. add missing button for
  adding basic auth headers. [Luciano Righetti]
- Remove required attr from hidden inputs in add attribute form.
  [Luciano Righetti]
- Remove required attr from hidden inputs in add event form. [Luciano
  Righetti]
- Escape js variable. [Luciano Righetti]
- Fix error when decoding array feed settings, maintain same response
  schema as before. [Luciano Righetti]
- Add type dropdown in all generic forms. [Luciano Righetti]
- Fix pull rules legend not showing on feeds/edit load. [Luciano
  Righetti]
- Handle feed rules. [Luciano Righetti]
- Fix genericForm builder issues. [Luciano Righetti]
- Only override values that were set in the input. [Luciano Righetti]
- Allow 0 or '0' to be a possible field value, for example 'selected'
  property. [Luciano Righetti]
- [sync] Better error handling when fetching IDs for push/pull. [Jakub
  Onderka]
- [tags:attachTagToObject] No longer return a failure message is
  relation already exists Fix #6569. [mokaddem]
- [organisations:view] Restored org logo Fix #7491. [mokaddem]
- [event:contact] User object passed in contact reporter Fix #7471.
  [mokaddem]
- [sync] Do not append 'metadata:1' when pushing event. [Jakub Onderka]
- [attribute:edit] Make sure event_id cannot be changed. [mokaddem]
- [tags:detachFromObject] Make travis test passes. [mokaddem]
- [internal] Update object relationships when updating JSONs. [Jakub
  Onderka]
- [API] Check if user can view object that contains reference. [Jakub
  Onderka]
- [UI] Trim object UUID when adding reference. [Jakub Onderka]
- [internal] Change exception type. [Jakub Onderka]
- [internal] Relationship import. [Jakub Onderka]
- [tag] Update object's timestamp and unpublish only if in global
  context Fix #5806. [mokaddem]
- [internal] Faster deleting warninglist. [Jakub Onderka]
- [galaxies:add] Missing entry in sidebar Fix #7499. [mokaddem]
- [install:MySQL] Removed org_blacklists table creation Fix #7476.
  [mokaddem]
- Wrong attribute value hash computed inside checkForDuplicateObjects
  function. [Sebastiano Mariani]
- [doc] Fix conditonal error. [Steve Clement]
- [tools] Catch openssl not being installed. [Steve Clement]
- [galaxies:add] Missing entry in sidebar Fix #7499. [mokaddem]

Other

v2.4.146 (2021-06-30)

New

- [API] Read only authkeys. [Jakub Onderka]

Changes

Fix

- [UI] Loading non exists library in Audit log index. [Jakub Onderka]
- [event:add] Typo in accessing sharing group roaming information.
  [mokaddem]

Other

v2.4.145 (2021-06-28)

New

- [API] Import warninglist. [Jakub Onderka]
- [internal] Support Cake installation by composer. [Jakub Onderka]
- [ZMQ] Send warninglist changes to ZMQ. [Jakub Onderka]
- [API] Export warninglists to CSV. [Jakub Onderka]
- [API] Export warninglists. [Jakub Onderka]
- Custom warninglist. [Jakub Onderka]
- [emailing] added event summaries only as a setting. [iglocska]

  - publish the normal alert report to eligible users
  - exclude attributes/objects, so the e-mail will only include a summary

Changes

Fix

- [rest client] Handle state when body is too big to save into rest
  client history. [Jakub Onderka]
- [server caching] only push data to redis / logs if there's something
  to push. [iglocska]

  - avoids the count() notice if no data was returned by the remote
- Add mising return formats for rest search endpoints. [Luciano
  Righetti]
- Add missing returnFormat to restSearch endpoints, move the parameter
  as requestBody property. [Luciano Righetti]
- [getSettings] include the options. [iglocska]
- [API] Taxonomy namespace is case insensitive. [Jakub Onderka]
- Copy/pasta, rename galaxy clusters tag, move restSearch endpoints to
  resource 1st. [Luciano Righetti]
- [server:edit] Typo in index. [Sami Mokaddem]
- [user edit] lost the set password checkbox. [iglocska]
- [server caching] only push data to redis / logs if there's something
  to push. [iglocska]

  - avoids the count() notice if no data was returned by the remote
- Add mising return formats for rest search endpoints. [Luciano
  Righetti]
- [user add/edit] added missing JS change to restore the external auth
  field. [iglocska]
- [external auth key / password] fields changed, fixes #7488. [iglocska]

  - show what's relevant based on the customauth settings and hide that which is not
- [emailing] added missing if branch for the publish alert summary mode
  to trigger. [iglocska]
- [validation] account for the edge-case where a composite attribute
  does not yet have a second value. [iglocska]
- [attribute validation] - also check for composite values containing
  control characters, fixes #7391. [iglocska]
- [validation] fixed issue introduced in last commit. [iglocska]
- [attribute] validation tightened for empty strings. [iglocska]

  - a value containing only control characters will now be blocked from entry
- [CRUD] accept contain as a parameter for edit, fixes an issue with
  auth key edits. [iglocska]
- Typo. [Bart]

  😅

Other

v2.4.144 (2021-06-07)

New

- Add initial version of openapi spec, add ReDoc js files. [Luciano
  Righetti]
- [doc:sync] Added notes and diagrams about synchornisation logics.
  [mokaddem]
- [galaxy] Support of enabled/disabled state at galaxy level. [mokaddem]

  Fix #7019
- [CyCat integration] v1. [iglocska]

  - lookup on relationshis for a given galaxy cluster
- [UI] Add link to event report history. [Jakub Onderka]
- [doc:auth-diagram] Added authentication diagram. [mokaddem]

Changes

Fix

- [PyMISP] Bump pipenv. [Raphaël Vinot]
- /feeds/add endpoint returns empty 'name' error via api call. [Luciano
  Righetti]
- Pr comments, update acl to allow all for /servers/openapi view, remove
  rest client from events menu, remove php7 return hint. [Luciano
  Righetti]
- [appController] Bumped queryversion. [mokaddem]
- [events:view] Correctly support arrays passed as deleted parameter.
  [mokaddem]
- [events:view] Restored previous deleted behavior. [mokaddem]
- [events:view] Replaced correlation scope to behave similarly to the
  filtering tool. [mokaddem]
- [events:view] Fixed deleted toggle enabled by default. [mokaddem]
- [galaxyCluster:view] Use CyCat local icon. [mokaddem]
- [galaxyCluster:view] Make sure the cluster contain cycat relations
  before inserting content. [mokaddem]
- [galaxyCluster:view] Typo in setting name. [mokaddem]
- [event:__prepareForPushToServer] Slight refactoring. [mokaddem]
- [event:prepareForPush] Gracefully handle the case if
  SharingGroupServer is empty. [mokaddem]
- [sharinggroup:capture] Re-use the ID of an existing SG if it exists
  instead of the defaulted value 0. [mokaddem]
- [sharinggroup:captureOrg/captureServer] Use the ID of the existing
  sharing group. [mokaddem]
- [dashboard:update_settings] Added missing view. [mokaddem]
- [dashbpard:updateSetting] Usage of CSRF token. [mokaddem]
- [security] Always capture attribute sharing groups. [iglocska]

  - via object edits it was omitted, leading to a possible misassociation of sharing groups by using the local ID of a referenced SG

  - as reported by Jeroen Pinoy
- [Event:set_filter_value] Support of wildcard searches. [mokaddem]
- Nonaggregated column mysql error when calling
  /sightings/index/[event_id] [Luciano Righetti]
- Decode json ref and geographical_area properties in
  /noticelists/view/[noticelist_id] endpoint. [Luciano Righetti]
- [Event:set_filter_value] Reset array indexing. [mokaddem]
- [Event:set_filter_value] Allows searching for composite attributes.
  [mokaddem]

  Fix #7119
- [typo in attribute add] caused the view to fail when adding
  attributes. [iglocska]
- [doc:auth-diagram] Filename typo. [mokaddem]
- [UI] Security audit message. [Jakub Onderka]
- [UI] Simplify warninglist view template. [Jakub Onderka]
- Return api error when feed is not enabled. [Luciano Righetti]
- [UI] Show error only if it is not empty. [Jakub Onderka]
- [UI] Add missing event report model in audit log. [Jakub Onderka]
- [events:index] Reindex tag array to always return a list. [mokaddem]
- [markdown-editor:event-report] Fixed MISPElements in table. [mokaddem]
- [organisations:add] Wrong label value. [mokaddem]
- [db] rename org_blacklists to org_blocklists everywhere. [Richard van
  den Berg]
- [post:send_mails] Make sure to have full group_by. [mokaddem]
- [attribute add] fixed typo causing the add function to fail.
  [iglocska]
- [organisations index] added quickfilter as an alias for the search.
  [iglocska]
- [Sharing groups] show roaming state in the API view. [iglocska]
- [UI] Restore notice list warnings when adding or editing attribute.
  [Anders Einar Hilden]

  Restore the notice_message div that vanished in commit 0d4df7c98b0fc67618b1c3c298e64efb668fc4fe.
- [security] disable email uniqueness validation for the self
  registration. [iglocska]
- [OTP] identifier tag fixed. [iglocska]

  - was hard coded to [MISP]
- [events:index] Reindex tag array to always return a list. [mokaddem]
- [organisations:add] Wrong label value. [mokaddem]
- [group by] error fixed in diagnostics,  fixes #7411. [iglocska]

Other

v2.4.143 (2021-05-14)

New

- [internal] View event as different user. [Jakub Onderka]
- [event index] add report count. [iglocska]
- [users:index] Batch toggleable fields. [mokaddem]
- [elements:genericForm] Added support of field descriptions. [mokaddem]
- [elements:indexCountry] Added country element to display flags and
  nationalities. [mokaddem]
- [log] Add supoort for AuthKeys. [Jakub Onderka]
- [log] Show full change in popup. [Jakub Onderka]
- [log] Audit Log statistics. [Jakub Onderka]
- [log] LogShell. [Jakub Onderka]
- [log] Audit log. [Jakub Onderka]
- [event:alert] Re-publishing ban feature based on configurable
  threshold. [mokaddem]
- [event:alert] Re-publishing ban feature based on configurable
  threshold. [mokaddem]
- [Correlation exclusions] clean function reworked. [iglocska]

  - does everything on DB side
  - no more issues with large lists being passed around
  - should also be a fair bit faster

Changes

Fix

- [jobs view] Typo with $baseurl variable name. [chrisr3d]
- [module results] References between objects returned with module
  results and the original object attribute are now pointing to the
  original object itself. [chrisr3d]

  - A reference between an object and an object
    attribute is supported in the API, but does not
    appear on the event graph
  - Instead of pointing to the initial object
    attribute then, we look for the uuid of the
    object containing the attribute and use this
    uuid for the reference
  - The references between objects returned as
    module results and the object containing the
    attribute initially used for the enrichment
    with a module are then handled properly
- [taxonomies] updated. [Alexandre Dulaunoy]
- [attribute:first_seen/last_seen] First seen value can be equal to the
  last_seen value. Fix #7404. [mokaddem]
- [module results] Included the object references handling loop in the
  objects handling loop. [chrisr3d]

  - If we did not get any object in a result from
    a misp module, the `$references` variable would
    not have been defined and would have raised an
    issue. The references are related to objects,
    it is then obvious to handle them both together
- [modules results] Fixed the query to find the uuid of the attribute
  used as input of a misp-module. [chrisr3d]

  - With `Attribute.object_id => 0`, the query did
    only return attributes outside of a MISP object
  - This was causing issues with references between
    the MISP objects returned by the modules and the
    attribute used as input to the module. Those
    references were visible in the module results
    preview, but skipped then after the submit
    button is pressed.
  - The references are now correctly handled
- [attributes] Enforce FS to be before LS (also for ShadowAttributes &
  Objects) [mokaddem]
- Servers cannot be edited via API when MISP.host_org_id setting is
  empty. [Luciano Righetti]
- [attribute:first_seen/last_seen] First seen value can be equal to the
  last_seen value. Fix #7404. [mokaddem]
- [correlations] Correctly handle exclusion. [Jakub Onderka]
- [internal] Attribute correlation toggle. [Jakub Onderka]
- [attributes] Enforce FS to be before LS (also for ShadowAttributes &
  Objects) [mokaddem]
- [internal] Missing variable. [Jakub Onderka]
- [UI] Chosen autofocus for attribute mass edit. [Jakub Onderka]
- [feed] Better error handling when downloading MISP feeds. [Jakub
  Onderka]
- [export] YARA export. [Jakub Onderka]
- [warninglists:index] Restored site admin permission requirement for
  deletion. [mokaddem]
- [log] Do not log unnecessary data to AuditLog. [Jakub Onderka]
- [feed preview] fixed exception thrown to invalid threat level listing
  call. [iglocska]
- [UI] Warning message for event modification warning. [Jakub Onderka]
- [server:settings] Typo. [mokaddem]
- [db_schema] Update to version 68. [Jakub Onderka]
- [files:defaut_feeds] Added trailing slash Fix #7022. [mokaddem]
- [worker] restart not working correctly with SELinux. [iglocska]

  - endless process spawn due to not being able to fetch the user's name
- [server:settings] Typo. [mokaddem]
- [db_schema] Update to version 68. [Jakub Onderka]
- [stix2 export] Making sure timestamps are always converted into the
  format STIX likes. [chrisr3d]
- [stix2 export] Making sure attributes have their Galaxy field before
  trying to parse it. [chrisr3d]
- [stix2 export] Copy paste issue. [chrisr3d]
- [stix2 export] Trying to make first_seen & last_seen fields are
  exported in an iso-formatted datetime format. [chrisr3d]
- [stix2 export] Avoiding issues with MISP events 'Event' field.
  [chrisr3d]
- [stix2 import] Added the missing ip address observable parsing
  function. [chrisr3d]

  - Should fix #6855
- [stix2 import] Avoid missing the to_ids flag when set to False.
  [chrisr3d]

  - attribute.get('to_ids') with 'to_ids' set to
    False will simply skip the field, and let then
    MISP set the flag to the default 'to_ids' value
    depending on the attribute type
  - With the test being `attribute.get('to_ids') is not None`
    we make sure even if 'to_ids' is False, we get
    the field as it is
- [stix1 import] Avoiding AttributeError exceptions when the STIX
  packages have no header. [chrisr3d]
- [worker] restart not working correctly with SELinux. [iglocska]

  - endless process spawn due to not being able to fetch the user's name
- [emailing] password resets and OTP didn't handle line breaks
  correctly. [iglocska]
- [elements:serverRuleElementPush] Recover freetext tags not known by
  the instance. [mokaddem]
- [decayings:add] Correct usage of the translation function. [mokaddem]
- [UI] Correctly display last login time. [Loïc Fortemps]

  Until now, we were showing the "one before last" login time, this fixes the issue
- [galaxyCluster:export] Only unset fields if they exists. [mokaddem]

  In some cases, galaxy clusters might not have targeting clusters
- [galaxyCluster:export] Only unset fields if they exists. [mokaddem]

  In some cases, galaxy clusters might not have targeting clusters

Other

v2.4.142 (2021-04-27)

New

- [correlation exclusions] now have an optional comment field.
  [iglocska]

  - explain why you exclude a value for easier maintenance
  - edit existing exclusions to add those comments after the fact
- [top correlations] Redirect to the attribute search when clicking a
  value. [iglocska]
- [Index builder] add simple postlink field. [iglocska]
- [Correlations] Added cached toplist. [iglocska]

  - stored via zset in redis
  - very fast, but needs to be generated
  - generation background processed
- [index top bar] added element to act as a text replacement field
  instead of a button. [iglocska]
- [correlations] added new background task for correlating individual
  values. [iglocska]
- [Correlations] refactor / rework. [iglocska]

  - moved to own controller and model
  - refactored several long incomprehensible functions

  - extracted reused tasks from functions and made them reusable
  - added a way to correlate individual values as opposed to attributes

  - Added top correlations index
- [UI] added stupid pagination links. [iglocska]

  - sometimes we want to paginate data not derrived from the usual backend but still have a first/last/next/previous link included
- [correlations] top correlations index view added. [iglocska]
- [Correlations] added dedicated controller/model/views. [iglocska]
- [servers:edit] Fetches available orgs and tags from remote server.
  [mokaddem]

  - Componentized views and made them responsive
  - Usage of picker for orgs and tags
  - For server pull rule, fetches available choices from remote server
- [galaxyCluster:wipe_default] New endpoint to wipe out all default
  clusters. [mokaddem]
- [Cache] search allows bulk lookups. [iglocska]

  - it is now possible to search for a list of values such as:

  {
      "value": ["1.1.1.1", "8.8.8.8", "8.8.4.4"]
  }

  - this will now return a dictionary with the key being the lookup value and the value being a list of hits and their metadata

  - passing a single value will revert to the old behaviour, returning a simple list with the hits and their metadata
- [doc] Add doc on how MISP uses git. [E. Cleopatra]
- [Dashboard] Adding user count evolution widget. [Jeroen Pinoy]
- [Dashboard] Add org count evolution widget. [Jeroen Pinoy]
- [doc] Add roadmap. [E. Cleopatra]
- [event:timeline] Fit visible window from provided start/end dates +
  help tooltip. [mokaddem]
- [servers:diagnostic] Tool to remove orphaned correlations. [mokaddem]
- [UI] Smarter events lock checking. [Jakub Onderka]
- [API] REST repose for jobs index. [Jakub Onderka]
- [docs] Added API_Doc. [mokaddem]
- [Console] New API shell to create API documentation from
  RestResponseComponent. [mokaddem]
- [Dashboard] Add usage data widget. [Jeroen Pinoy]
- [UI] User column selector. [Jakub Onderka]
- [UI] User can choose columns for event index. [Jakub Onderka]
- [chg] timestamp index field allows a new "x units ago" representation.
  [iglocska]

  - just pass "ago": 1 as a parameter to the field

Changes

Fix

- [attribute search] Don't use form tampering protection for searches.
  [iglocska]
- [top correlations] Divide the count by 2. [iglocska]

  - Each correlation has 2 entries in the DB (A->B and B->A)
  - this doesn't mean that we should count each of those entries, but rather divide by 2 to get the actual correlation count
- [default feeds] duplicate name resolved, fixes #6978. [iglocska]

  - as reported by @chrisinmtown
- [galaxy] logging - use SYSTEM as the default org name for logging.
  [iglocska]
- [galaxy] new logging to catch meta field errors assumed that the user
  object was available. [iglocska]

  - [narrator] It wasn't.
- [galaxy] update fails gracefully and skips over malformed meta fields
  in a cluster. [iglocska]
- [feeds:edit] Recover event_id if it exists Fix #7293 (second part)
  [mokaddem]
- [correlations] added fix for invalid function call. [iglocska]

  - introduced by the refactor, looking up Attribute object variables such as noncorrelatingTypes
- [correlations] Don't barf when trying to add data with no
  correlations. [iglocska]
- [correlation exclusions] controller comment fixed. [iglocska]
- [Correlations] controller - added missing components. [iglocska]
- [Correlations] fixed advanced correlations for ssdeep and separated
  into own function. [iglocska]
- [stix1 framing] Fixed CIQ Identity namespace. [chrisr3d]
- Add strict commit test function. [Luciano Righetti]
- Allow setting org_id=0 via cake console, add --force option to force
  settings. [Luciano Righetti]
- [UI] Event lock warning. [Jakub Onderka]
- [UI] Wrong org id for galaxy matrix stats. [Jakub Onderka]
- [misp.js] Support display on fretext values and removed useless
  functions. [mokaddem]
- [servers:edit] Support servers/add with the server/edit view.
  [mokaddem]
- [feeds:edit] Display additional filtering rules. [mokaddem]
- [elements:serverRuleElement] Push should not be allowed to set
  freetext orgs. [mokaddem]
- [elements:serverRuleElements] Avoid saving the space character as
  additional rule. [mokaddem]
- [feeds:edit] Log correct action. Fix #7347. [mokaddem]
- [elements:serverRuleElementPull] Typo. [mokaddem]
- [elements:serverRuleElementsPull] Correctly setup codemirror.
  [mokaddem]
- [server:edit] Usage of IDs or raw values on correct context.
  [mokaddem]

  - PUSH should use IDs
  - PULL should use raw values
- [test] Allow access from IPv6 addresses. [Jakub Onderka]
- [GHA] change in hostname, bump pymisp, fix vhost. [Raphaël Vinot]
- [feed:edit] Fixed bug preventing to recover feed data in the UI.
  [mokaddem]
- [doc] moreutils package added (required for sponge) [Alexandre
  Dulaunoy]

  Fix #7353
- [decaying:row_simulation] Removed buggy HTML title. [mokaddem]
- [decaying:row_simulation] Correctly pass event data to galaxy element.
  [mokaddem]
- [audit] Better path to cake version file. [Jakub Onderka]
- [decaying:row_simulation] Correctly pass event data to galaxy element.
  [mokaddem]
- [decaying:row_simulation] Removed buggy HTML title. [mokaddem]
- Fix remove attribute tag showing text/html content-type. [Luciano
  Righetti]
- [CSRF] issues resolved for the dashboards controller. [iglocska]
- [security] Sharing group misassociation on sync. [iglocska]

  - when an object has a sharing group associated on an event edit, the sharing group object is ignored and instead the passed local ID is reused
  - as reported by Jeroen Pinoy
- [doc] Small regression. [Steve Clement]
- Remove call to private method, call __alterAttributeCount() from
  Attribute::restore() method. [Luciano Righetti]
- [installer] Updated template to fix v7/8. [Steve Clement]
- [installer] Fix merge fup of template. [Steve Clement]
- [webroot:index] Make sure MISP works if cakephp is not installed via
  composer. [mokaddem]
- [internal] Organisation object for user is not included all time.
  [Jakub Onderka]
- [UI] Hide job retries since this column is always zero. [Jakub
  Onderka]
- [UI] Failed jobs are not considered as Queued. [Jakub Onderka]
- [xml] Object can be without attributes. [Jakub Onderka]
- [factories] links and timestamps fixed. [iglocska]

  - really annoying timestamp issue
  - as discovered during LS21
- [tools] Fixed misp-backup. [Steve Clement]
- [emailing] subject restored. [iglocska]

  - view template not having the subject var set defaulted the subject to null
- [UI] Event index filter nicer. [Jakub Onderka]
- [UI] Event index filter edit. [Jakub Onderka]
- [internal] Remove unused code. [Jakub Onderka]
- [doc] CentOS 7 needs to use Remi too. [Steve Clement]
- [installer] Use awk to print until EoF from match. [Steve Clement]
- [installer] globalVariables fix to ignore preceeding lines. [Steve
  Clement]
- [tools] now works on MacOS and considers gsed. [Steve Clement]
- [internal] ThreatLevel::list() function renamed. [iglocska]

  - causes issues under certain PHP versions as it's a reserved keyword

Other

v2.4.141 (2021-03-29)

New

- [cli] enable all tags for a taxonomy. [Jeroen Pinoy]
- [eventgraph:viewPicture] Allow access to saved picture from the
  eventgraph history. [mokaddem]
- [UI] Reworked galaxy quick view. [Jakub Onderka]
- [UI] Show threat level icons on event index. [Jakub Onderka]
- [freetext] Faster freetext parsing with more tests. [Jakub Onderka]
- [event loader] has a new extensionList parameter. [iglocska]

  - boolean, if set includes a list of extension events, metadata only
- [test] Alert email generating. [Jakub Onderka]
- [email] New setting `MISP.event_alert_metadata_only` [Jakub Onderka]
- [email] Command for testing generated alert email. [Jakub Onderka]
- [email] Allow to set email subject from template. [Jakub Onderka]
- [mail] Add reference for event alert emails. [Jakub Onderka]
- [mail] Move contact alert email to templates. [Jakub Onderka]
- [mail] HTML alert emails. [Jakub Onderka]
- [mail] Backend support for sending HTML emails. [Jakub Onderka]
- [shortcuts] Show help when pressing ? key. [Jakub Onderka]
- [internal] Security setting force_https. [Jakub Onderka]
- [authkeys] Copy key info when resetting key. [Jakub Onderka]
- [authkeys] Allowed IPs. [Jakub Onderka]
- [UI] Render galaxy cluster description as markdown. [Jakub Onderka]

Changes

Fix

- [attribute:restSearch] `includeCorrelations` Do not longer returns
  soft-deleted attributes. [mokaddem]
- [sharinggroup:captureSG] Correctly capture the roaming state.
  [mokaddem]

  Fix #7254
- [attribute] typo in place-port-of-original-embarkation fixed.
  [Alexandre Dulaunoy]
- [doc] Partial fix for misp-modules. [Steve Clement]
- [doc] Fixed a bash variable bug. [Steve Clement]
- [doc] MISP-core now working on RHEL 7.9. [Steve Clement]
- [doc] next stages of the RHEL7 install. [Steve Clement]
- [sync:local-tag] Local tags converted into global after sync for
  internal sync. [mokaddem]

  Fix #7253
- [attribute] typo in place-port-of-original-embarkation fixed.
  [Alexandre Dulaunoy]
- [attributes:restSearch] pop attribute timestamp filtering condition.
  [mokaddem]

  This avoid the condition to propagates to the event level.
  Fix #7096
- [command:admin] UpdateTaxonomies provides correct feedback Fix #7132.
  [mokaddem]
- [tags] More granularity for local and global add cluster buttons.
  [mokaddem]
- [tags] More granularity for local and global add tag buttons.
  [mokaddem]
- [attributes:addTag] Pass the event to check ACL. [mokaddem]
- [taxonomy] avoid MISP becoming unhappy when trying to enable tags for
  a non-existing taxonomy. [iglocska]
- [doc] rhel 7 install doc initial fixes. [Steve Clement]
- [selinux] allow log files rename. [Richard van den Berg]
- [db_schema] Cerebrates's comment default value. [mokaddem]

  Fix #7200, fix #7137
- [API] Fixes crash when a new indicator in existing event has a
  sighting. [Tom King]
- [Sync] Crash when attempting to sync with 'Pull Galaxy Clusters'
  enabled. [Tom King]
- [swp] /var/swap.img is not a safe place. [Steve Clement]
- [merge] Local tags should stay local vol. 2. [Jakub Onderka]
- [internal] Keep OidcAuth setting when modify setting value from UI.
  [Jakub Onderka]
- Remove broken refang. [Raphaël Vinot]
- [config.php] file permission after changes fixes #7229. [iglocska]

  - will revert to the permissions before the save
  - caused by the create -> rename cycle that backs up server settings on each change actually creating a new file instead of modifying it
- [sharing groups] uuid not logged when saving failed due to invalid
  variable lookup. [iglocska]
- [UI] signature allowedlist clarification. [iglocska]
- Fixes bug that stops country flag being displayed alongside the coutry
  in galaxy clusters. [Tom King]
- [refanging] Removed obnoxious regexes, fixes #7214. [iglocska]

  - refanging \\. and .. to . is a stupid idea
- [shibbauth] fixed invalid varname. [iglocska]
- [test] Repo is missing. [Jakub Onderka]
- [feed] Convert invalid key case. [Jakub Onderka]
- [test] Repo is missing. [Jakub Onderka]
- [internal] Remove unnecessary create call. [Jakub Onderka]
- [workers] Worker name when processing freetext. [Jakub Onderka]
- [merge] Local tags should stay local. [Jakub Onderka]
- [unsafe API keys] fixed. [iglocska]

  - if you really have to use them, they should work again

  - please don't use them, you are disclosing your APIkey via the URL
  - apache logs, proxy logs they will all have your APIkey
  - adding headers with your APIkey isn't so difficult
  - if a tool you use has no way of configuring headers, reach out to your vendor, they ought to do something about that
- [UI] indextable link generation on empty result set. [iglocska]

  - empty string instead of notice barfed back
- [email] Correctly check if user has PGP or S/MIME key. [Jakub Onderka]
- [email] Correct Content-Type header for alternative content. [Jakub
  Onderka]
- [email] Correctly set domain for email message ID. [Jakub Onderka]
- [internal] PHP warnings when pivoting. [Jakub Onderka]
- [internal] Warning when object has no attributes. [Jakub Onderka]
- [SG] allow saving sharing groups with empty releasabiltiy tags, fixes
  #7165. [iglocska]
- [sync] Warning when sync object without attributes. [Jakub Onderka]
- [UI] event matrix heatmap view correctly flattens the event.
  [iglocska]

  - object attributes were excluded
- [UI] fix broken checkbox layout in generic Form builder forms.
  [iglocska]
- [Freetext import] handle end of sentence periods and brackets better,
  fixes #7163. [iglocska]
- [UI] Module diagnostics view. [Jakub Onderka]
- [UI] event matrix heatmap view correctly flattens the event.
  [iglocska]

  - object attributes were excluded
- [UI] Add attribute checkboxes. [Jakub Onderka]
- [UI] Diagnostics box. [Jakub Onderka]
- [UI] Remove warning about old PHP a Python. [Jakub Onderka]
- [diagnostics] Typo in security audit message. [Jakub Onderka]
- [UI] fix broken checkbox layout in generic Form builder forms.
  [iglocska]
- [OIDC] Change algo how roles are assigned to users. [Jakub Onderka]
- [internal] Undefined index when importing from module. [Jakub Onderka]

Other

v2.4.140 (2021-03-03)

New

- [test] Password change. [Jakub Onderka]
- [server shell] list servers, fixes #7115. [iglocska]

  - simple human readable listing
  - kept the old weird JSON producing listServers intact
- [oidc] Readme. [Jakub Onderka]
- [security] Content-Security-Policy support. [Jakub Onderka]
- [CLI] check if updates are done yet or not. [iglocska]

  usage:

  - /var/www/MISP/app/Console/cake Admin updatesDone [blocking]
  - returns True or False based on whether it is done
  - When the blocking parameter is set, it will not return until all updates are done
- [api] When creating object, allow to mark tag as local. [Jakub
  Onderka]
- [type] new dkim and dkim-signature attribute type. [Alexandre
  Dulaunoy]
- [objectReference] Allow adding reference across extended events.
  [mokaddem]

  Fix #6255
- [UI] Event locks for background jobs and automatic tools. [Jakub
  Onderka]
- [UI] Show tag info in taxonomy view. [Jakub Onderka]
- [sync] Compressed requests support. [Jakub Onderka]
- [security] Security audit. [Jakub Onderka]
- [oidc] OpenID Connect authentication. [Jakub Onderka]
- [devshell] added a new shell for developer related tasks. [iglocska]

  - 1 task currently, cleanFeedDefault
    - runs some cleanup on the feed definition file to remove local IDs etc
- [object] Allows updating from an unknown object templates. [mokaddem]

Changes

Fix

- [csp] Incorrect variable name. [Jakub Onderka]
- [csp] Custom policies. [Jakub Onderka]
- [Sharing groups] capturing a sharing group correctly ignores the
  incoming data's active flag when editing. [iglocska]

  - based on PR #7101 by @lfortemps
- [sync] prevent local tags from being pulled. [Golbark]
- [email_otp] Trim value for increased UX. [Loïc Fortemps]
- [sharing groups] fixed regression with updating local sharing groups.
  [iglocska]
- [comments] updated for two recent changes in the code. [iglocska]
- [sharing groups] Allow users to see events they own, even if their
  organisation is not explicitly mentioned in the SG. [iglocska]

  - however, show a clear message that this is the case
  - in-line with the rest of the ACL
- [security] sharing group all org flag too lax. [iglocska]

  - the all org flag was used as a trigger to make the sharing group obejct itself viewable to all local organisations
  - even if the all org flag was set for an instance other than the local one

  - as reported by Jeroen Pinoy
- [tag index] remove sorting on count fields. [iglocska]

  - doesn't work anyway
- [galaxyCluster] Revoke relations on sync. [mokaddem]

  - Relationships are now re-build from scratch for the cluster being sync
  - This cancels any modification done locally (which should not have
  happened in the first place)
- [galaxyClusterRelations] Bump cluster's timestamp after performing
  CRUD on relations. [mokaddem]
- [pull] invalid internal vs external server lookup when deciding
  whether to pull local tags. [iglocska]
- [sharing group] saving fixed. [iglocska]

  invalid boolean operator when encoding the local org
- [email_otp] skip OTP for disabled users. [Loïc Fortemps]
- [internal] Empty object when getting event info for event report.
  [Jakub Onderka]
- [internal] Correctly save log. [Jakub Onderka]
- [Sharing group] refactored and fixed. [iglocska]

  - include own org in pulled sharing groups (to avoid implicit inclusion not being visible after a pull)
  - refactor the pulling method to be more maintainable
  - avoid pulling proposals/sightings on each event cherry pick
- [internal] Incorrect tag three components split. [Jakub Onderka]
- [UI] Fetch GalaxyElements for event index. [Jakub Onderka]
- [UI] Pagination for event reports in event view. [Jakub Onderka]
- [internal] Bad 7085. [Jakub Onderka]
- [internal] Bad merge that prevents language change. [Jakub Onderka]
- [sync] Undefined index when pushing sightings. [Jakub Onderka]
- [internal] perm_tag_editor can just create tags. [Jakub Onderka]
- [internal] Include cluster elements for user interface. [Jakub
  Onderka]
- [internal] Really disable password change. [Jakub Onderka]
- [sync] Fixed a critical issue causing sharing groups to lose
  orgs/instance information on sync when using non sync users on a pull.
  [iglocska]
- Ui  _ function does not exist, l10n function is __ [Patrizio Tufarolo]
- Syntax error in constructTaxonomyInfo() [Fredrik Soderblom]
- [server] Add application/x-pie-executable to the list of accepted
  mimetypes in testForBinExec. [Patrizio Tufarolo]
- [schema feed] remove non-required fields in feed format. [Alexandre
  Dulaunoy]
- [API] password reset was broken for admins. [iglocska]
- [tools] misp-wipe updated list of table to truncate. [mokaddem]
- [js] Use error callback for relevant ajax calls. [Jakub Onderka]
- [js] Remove async default value. [Jakub Onderka]
- [galaxy] GalaxyClusterRelation doesn't have Org and Orgc. [Jakub
  Onderka]
- [restsearch] fixed a bug introduced via the new page/limit filters.
  [iglocska]
- [caching] monkey-patching a client side MISP bug causing the caching
  to loop endlessly. [iglocska]

  - MISP caching can run into an endless loop if errors are returned for whatever reason
  - This patch handles the specific case when the remote MISP requests an attribute range for caching that has an offset beyond the highest ID (should never happen)

  - It's a dirty fix but should have nearly no impact on performance whilst resolving the issue
- [server] Caching a server ensures that the returned data is an actual
  UUID. [mokaddem]
- [ACL] opened up postTest to all roles. [Andras Iklody]
- [securityAudit] Display python version. [mokaddem]
- [dashboard] Saving an invalid JSON when importing templates shows an
  error. [mokaddem]
- [galaxy] Missing variable when editing relation. [Jakub Onderka]
- [attributes] full_group_by fix for statistics. Fix #7014. [mokaddem]
- [event] Fix retreiving selected referenced element data. [mokaddem]
- [event] Provide text for missing referenced elements. [mokaddem]

  - The event might not contain the referenced elements if they belong to
  an extended event
- [events:eventGraph] Make sure to include event_id for attribute nodes.
  [mokaddem]
- [post] Do not send emails to disabled user for new posts. [Jakub
  Onderka]
- [UI] Attribute create button nicer. [Jakub Onderka]
- [internal] Remove unused ServerTag. [Jakub Onderka]
- [internal] Remove unused layouts. [Jakub Onderka]
- [internal] Remove unused roboto font. [Jakub Onderka]
- [UI] Remove unnecessary CSS from default template. [Jakub Onderka]
- [restClient] Make sure to split value on strings. [mokaddem]

  Fix #7032
- [objectReference] Make sure to bump timestamp. [mokaddem]
- [objectReference] Make sure to save source_uuid field as well.
  [mokaddem]
- [Event] Correctly save references after sync. [mokaddem]
- [galaxy] Fix undefined variable when capturing clusters. [Jakub
  Onderka]
- [feed defaults] Removed some required properties in the validation
  schema. [mokaddem]

  - Propoerties like IDs are instance dependant and therefore are not
  necessary
- [dashboard] Saving an invalid JSON shows an error. [mokaddem]

  Fix #6975
- [feed defaults] removed a bunch of feeds and clarified the description
  of some, fixes #7006. [iglocska]
- [UI] Galaxy pagination. [Jakub Onderka]
- [feed] edit ignored changes to the header, fixes #6780. [iglocska]
- [UI] Showing date and time in user profile. [Jakub Onderka]
- [UI] Object template pagination. [Jakub Onderka]
- [feeds] feed edit ignored the headers field, ffixes #6780. [iglocska]
- Allow cluster authors to be an actual array. [Tom King]
- Allow 'hard' param in POSTed body for deleting a cluster, send back a
  proper message. [Tom King]

Other

v2.4.139 (2021-02-16)

New

- [widget] Eventstream widget and index widget UI added. [iglocska]

  - EventStream
    - add a lightweight event index to your dashboard
    - configure filters for the events you're interested in (tags, orgs, published)
    - set the number of events to display (limit)
    - set the list of fields it should display (id, orgc, info, tags, threat_level, analysis, date)

  - Index widget UI
    - uses the generic index builder
    - build simple index like UIs
- [event] Added supports of eventReport coming from modules. [mokaddem]
- [modules] Export module can specify event fetch options. [Jakub
  Onderka]

Changes

Fix

- [dashboard] removed training example left in the code. [iglocska]

  - restricted new module to only 3 user IDs
- [event index] changed the galaxy cluster field width. [iglocska]

  - no longer looks like it was sandwiched between two semis
- [UI] Escaping in row_attribute. [Jakub Onderka]
- [internal] Field name in HttpSocketExtended. [Jakub Onderka]
- [breakOnDuplicate] on event add fixed, fixes #6917. [iglocska]

  - add breakOnDuplicate on the event level as a flag
    - {"Event":{"breakOnDuplicate":1, "info": "foo", ...}}

  - correctly handle 2 equal objects added to the same event in memory
- [auto logout] disabled. [iglocska]

  - this crap just causes issues and is pretty pointless
- [event] `merge from` feature correctly saves object relations. Fix
  #6969. [mokaddem]
- [event] Includes eventReport when using the `merge from` feature.
  [mokaddem]
- [dashboard] Typo breakig the dashboards fixed. [iglocska]
- [eventreport] add fixed to avoid ID collisions. [iglocska]
- [STIX] fix typo in message. [Alexandre Dulaunoy]
- [events] Attach cluster from matrix in multiselect. Fix #6956.
  [mokaddem]
- [eventTimeline] Refrsh attribute index when dragging. Fix #6958.
  [mokaddem]
- [STIX] fix typo in message. [Alexandre Dulaunoy]
- [taxonomy] Hide unselectable tags by default. Fix #6912. [mokaddem]
- [event] Publishing to pub/sub queues includes all tags. [mokaddem]
- [internal] Bad variable. [Jakub Onderka]
- [UI] Undefined variables in authkeys view. [Jakub Onderka]
- [idTranslator] Distinguish between not found and unreachable. [Jakub
  Onderka]
- [UI] Broken checkboxes for role permissions. [Jakub Onderka]
- [internal] GalaxyCluster::getCluster also accepts ID. [Jakub Onderka]
- Correctly show hidden tags in tag-list. [marjatech]
- [UI] Attach correct count of enabled taxonomy tags. [Jakub Onderka]
- [UI] Remove right margin from form seen input. [Jakub Onderka]
- [feed] Feed name is required. [Jakub Onderka]
- [internal] idTranslator could show invalid results. [Jakub Onderka]
- [generic_picker] Improved perfs by adding a debounce for redrawing
  results. [mokaddem]
- [logs] aded eventgraph to log search. [iglocska]
- [UI] Undefined variables in authkeys view. [Jakub Onderka]
- [galaxyClusters:view_relation_tree] Fix inital draw of the tree.
  [mokaddem]

  - Declare variables before assigning value
- Elasticsearch complains when an IP is an empty string. [Tom King]
- [tag collections] typo causing tag collections to break completely
  fixed. [iglocska]
- [bro] export fixed. [iglocska]

  - invalid group by statement removed

Other

v2.4.138 (2021-02-08)

New

- [settings] Allow to use ThreatLevel.name for alert filter. [Jakub
  Onderka]
- [test] Update github actions build to Ubuntu 20.04. [Jakub Onderka]
- [internal] Cidr tool for faster checking CIDR ranges. [Jakub Onderka]
- [objectTemplate] Allow fetching the raw template stored on disk by
  UUID or name. [mokaddem]
- [PHP] version notification. [iglocska]

  - 8.0 is not supported, let users know in a more obvious way

Changes

Fix

- [zmq/kafka] attribute edits should include non exportable attributes.
  [iglocska]
- [UI] notice resolved on the feed index. [iglocska]
- [internal] Do not throw warning when user don't have collections.
  [Jakub Onderka]
- [galaxyCluster] Delete elements if field is empty. [mokaddem]
- [galaxyCluster] Integrated changes of improved index factory.
  [mokaddem]
- [CLI] Check user existence. [Jakub Onderka]
- [UI] passedArgs should be JSON encoded. [Jakub Onderka]
- [widget] Typo in MispSystemResourceWidget. [Jakub Onderka]
- [internal] First check if attribute value is valid composite, then run
  other checks. [Jakub Onderka]
- [internal] Bump CakePHP to 2.10.24. [Jakub Onderka]
- [internal] Bump PyMISP. [Jakub Onderka]
- [UI] Nicer forms. [Jakub Onderka]
- [internal] Fix some warnings. [Jakub Onderka]
- [logs:event] Added missing line breaks. [mokaddem]
- [log] Allow to filter logs by org name. [Jakub Onderka]
- [acl] Added missing ACL entry. [mokaddem]
- [objectTemplate:update] Typo instance variable. [mokaddem]
- [shadowAttributes:viewPicture] Allows shadow attribute's pictures to
  be displayed. [mokaddem]
- [attributes:viewPicture] Allow viewing pictures of deleted attributes.
  [mokaddem]
- [events:eventGraph] Deleted object reference are no longer shown in
  the graph. [mokaddem]

  - Fix #6487
- [UI] Allow to download attachments from attribute index. [Jakub
  Onderka]
- [internal] Remove compact method call that do nothing. [Jakub Onderka]
- [eventReport:getProxyElement] Prevent crash if viewing a report for an
  extended event. [mokaddem]

  - Make sure merging array happens in existing keys
- [server:recoveyQuery] Only add `unsigned` when applicable. Fix #6762.
  [mokaddem]

  - Correctly compare return value of strpos
- [UI] Show proper unit for diagnostics. [Jakub Onderka]
- [servers:rest] Speed up rest client and improved reactivity.
  [mokaddem]

  - Added debounce when typing
  - Only update query builder when its displayed
- [warninglists:index] Fixed URL for ID. [mokaddem]
- [UI] Remote event preview. [Jakub Onderka]
- [stix2 import] Fixed pattern parsing. [chrisr3d]

  - Stripping patterns to avoid issue with space
    characters at the beginning or at the end of the
    patterns
- [UI] hard-delete option missing for soft-deleted objects. [iglocska]
- [internal] timestmaping when adding clusters to attributes wasn't
  working. [iglocska]

  - added it as a quick fix, should be moved in the future to a more generic place
- [extended event] layout broken, fixes #6946. [iglocska]
- [internal] Capturing sightings for attributes. [Jakub Onderka]
- [kali] Fixed Kali installer, now only works on 2020.4 and higher.
  [Steve Clement]
- [breakOnDuplicate] invalid placement return, affects #6917. [iglocska]

  - as reported by @github-germ
- [UI] Allow to sort feeds by name. [Jakub Onderka]
- [eventReport:edit] Editing event via /events/edit should work as
  expected. [mokaddem]

  - Correct call to editReport
  - Force local ID to match provided UUID
- [dashboards] saving the dashboard state failed due to uninitialised
  model. [Andras Iklody]
- [events:eventTimeline] Correctly restore elements after changing
  context or group. [mokaddem]

  - Fix #6885
- [events:eventGraph] Makes additions and editions of nodes working as
  expected. [mokaddem]

  Fix #6877
- Bump PyMISP, make gh actions happy. [Raphaël Vinot]
- [eventReport:getProxyElement] Prevent crash if viewing a report for an
  extended event. [mokaddem]

  - Make sure merging array happens in existing keys
- [server:recoveyQuery] Only add `unsigned` when applicable. Fix #6762.
  [mokaddem]

  - Correctly compare return value of strpos
- [servers:rest] Speed up rest client and improved reactivity.
  [mokaddem]

  - Added debounce when typing
  - Only update query builder when its displayed
- [warninglists:index] Fixed URL for ID. [mokaddem]
- [diagnostics] complain about PHP >= 8.0. [iglocska]

Other

v2.4.137 (2021-01-21)

New

- [UI] Show event count in server popover for comparison. [Jakub
  Onderka]
- [object add] make add event / edit event breakOnDuplicate aware.
  [iglocska]

  - cull objects that would be duplicates
  - cache the fetching of existing objects to speed up the query

  - thanks to @github-germ for the suggested fixes to the duplicate checking to accomodate this patch
- [API] update command got new branch parameter. [iglocska]

  - instruct the update process to be prepended by a checkout of a given branch
  - passed via a URL parameter (/servers/update/branch:develop)
  OR
  - passed via a JSON object ({"branch": "develop"})
- [server] Compare server events overlap. [Jakub Onderka]
- [internal] New ability to get JSON data from event preview. [Jakub
  Onderka]
- [doc] Added doc about how to change the installer generator. [Steve
  Clement]
- [taxonomy] Importing taxonomy in machinetag format by REST API. [Jakub
  Onderka]
- [UI] Show link to event preview for ID translator. [Jakub Onderka]
- [idTranslator] Allow check event on different servers from event view.
  [Jakub Onderka]
- [UI] Show sharing groups in org view. [Jakub Onderka]
- [sync] Enable compression for server sync. [Jakub Onderka]
- [feed] Support brotli compression. [Jakub Onderka]
- [correlation] added system to exclude certain values from the
  correlation engine. [iglocska]

  - simply add values at /exclude_correlations
  - new values coming in will not correlate if they trip over the values listed there
  - to remove existing correlations run the cleaner tool on the above endpoint

  - values can be 1:1 matches, or substring searches (denoted with a leading, ending, or both '%')
    - https://www.google.com/%  will match anything starting with https://www.google.com/
    - %google.com% will match anything that contains google.com
- [UI] Allow to sort orgs by number of orgs. [Jakub Onderka]
- [sighting] New setting that will allow users to see host org
  sightings. [Jakub Onderka]
- [UI] Show tag description if tag belongs to taxonomy. [Jakub Onderka]
- [internal] New model method find('column') [Jakub Onderka]
- [security] Check org list when accessing distribution graph. [Jakub
  Onderka]
- [security] Test for hide_organisations_in_sharing_groups setting.
  [Jakub Onderka]
- [security] Setting to hide orgs form sharing group view. [Jakub
  Onderka]
- [internal] Allow to output directly TmpFileTool. [Jakub Onderka]
- [UI] Show number of unique IPs for key usage. [Jakub Onderka]
- [UI] Show last key usage in index table. [Jakub Onderka]
- [UI] Show information about key expiration in server list. [Jakub
  Onderka]
- [security] Cancel API session right after auth key is deleted. [Jakub
  Onderka]
- [security] Put information about key expiration into response header.
  [Jakub Onderka]
- [security] Allow to set key validity. [Jakub Onderka]
- [security] New setting Security.username_in_response_header. [Jakub
  Onderka]
- [test] Check when `MISP.authkey_keep_session` is true. [Jakub Onderka]
- [internal] Show auth key usage in key view page. [Jakub Onderka]
- [internal] Allow to log authkey usage in Redis. [Jakub Onderka]
- [rest] Allow to search sightings by event or attribute UUID. [Jakub
  Onderka]
- [UI] Download GPG public key from GPG homedir. [Jakub Onderka]
- [type] favicon-mmh3 is the murmur3 hash of a favicon as used in
  Shodan. [Alexandre Dulaunoy]
- [Statistics shell] Added new statistics shell. [iglocska]

  - (R)etrieval (o)f (m)etrics (m)atrix (e)xtended (f)or (s)tatistics

  - run it via /var/www/MISP/app/Console/cake Statistics rommelfs

Changes

Fix

- [helper:genericPicker] Adding object from pill selector - Prevents
  double encoding of the passed data. [mokaddem]
- [login] Correctly convert old password hash to blowfish. [Jakub
  Onderka]
- [login] Convert old password hash to blowfish. [Jakub Onderka]
- [update] fixed due to issues introduced with the branch flag.
  [iglocska]
- [security] Reflective XSS in the RestClient. [mokaddem]
- [security] XSS in the user homepage favourite button. [iglocska]

  - navigating to a url in MISP with the URL containing a javascript payload would cause the execution of reflected xss
  - automatically sanitised by modern browsers, but still confirmed via raw curl fetches
- [security] XSS via galaxy cluster element values for reference types
  could contain javascript links. [iglocska]

  - ref type elements are automatically converted to links. A user would have to click a javascript: link for it to trigger, it's still too risky to keep as is
  - only urls starting with http:// and https:// are converted from here on

  - As reported by Patrik Kontura from ESET
- [security] Stored XSS in the galaxy cluster view. [iglocska]

  - Galaxy cluster names were vulnerable to XSS injection

  - As reported by Patrik Kontura of ESET
- [security] Require password confirmations by default. [iglocska]

  - the setting is optional, but the default should be that it's required unless disabled

  - As reported by Patrix Kontura from ESET
- [UI] Nicer first and last seen form. [Jakub Onderka]
- [log] Correctly handle limit and page params. [Jakub Onderka]
- [internal] Group for getting sightings for tag. [Jakub Onderka]
- [taxonomy] Support unicode chars in tag names. [Jakub Onderka]
- [S/MIME] don't sign e-mails if no signing key is set. [iglocska]

  - fixes e-mails not going out on instances where no signing key was provided
- [server] Handle case when checking CLI version is not possible. [Jakub
  Onderka]
- [object] the optional blocking of duplicates fixed for objects
  including malware samples. [iglocska]

  - also looping the attributes through the pre-validation massaging ensures that attributes modified by it are correctly compared
- [objects] breakonduplicate fixed. [iglocska]
- [sighting] Order must contain group for some mysql servers. [Jakub
  Onderka]
- [UI] Make event paginator universal. [Jakub Onderka]
- [UI] Remove nonsense paginator options. [Jakub Onderka]
- [UI] Chosen autofocus. [Jakub Onderka]
- [internal] Remove unused method isOwnedByOrg. [Jakub Onderka]
- [internal] Remove duplicate array definition. [Jakub Onderka]
- [rest] Allow to edit roaming mode of sharing group. [Jakub Onderka]
- [dbSchema] Update to v65. [Jakub Onderka]
- MIssing dependency. [Raphaël Vinot]
- Call the security test suite properly. [Raphaël Vinot]
- Remove call to python script out of the virtenv. [Raphaël Vinot]
- [S/MIME] don't sign e-mails if no signing key is set. [iglocska]

  - fixes e-mails not going out on instances where no signing key was provided
- [inernal] Remove duplicates from server correlations. [Jakub Onderka]
- [internal] Attaching warninglist for feed event preview without
  attributes. [Jakub Onderka]
- [UI] Multiple popovers for cluster relations. [Jakub Onderka]
- [UI] Change role name for admin view and add title. [Jakub Onderka]
- [UI] Redirect after add role modal to index page. [Jakub Onderka]
- [UI] Cancelling search didn't work for index table. [Jakub Onderka]
- [UI] Add Object works again for all databases. [Jakub Onderka]
- [UI] Remove unnecessary padding from form. [Jakub Onderka]
- [UI] Correctly show contributors in event view. [Jakub Onderka]
- [UI] Fix attribte search in event view. [Jakub Onderka]
- [UI] Show error message when galaxy info couldn't be loaded. [Jakub
  Onderka]
- [sighting] Grouping sighting fetch for tags. [Jakub Onderka]
- [sighting] Order must contain group for some mysql servers. [Jakub
  Onderka]
- [UI] Move debug mode variable before setting database connection.
  [Jakub Onderka]
- [monitoring] Do not encode payload, it is string. [Jakub Onderka]
- [UI] Enable quick filter for auth keys. [Jakub Onderka]
- [UI] Auth Key index and view changes and fixes. [Jakub Onderka]
- [UI] Days to expire count. [Jakub Onderka]
- [security] Do not return hashed authentication key after creation.
  [Jakub Onderka]
- [internal] Check if setting value is scalar. [Jakub Onderka]
- [security] Auth key must be always random generated at server side.
  [Jakub Onderka]
- [security] Do not allow to use API key authenticated session to do non
  API calls. [Jakub Onderka]
- [internal] Remove unused variables. [Jakub Onderka]
- [internal] Remove unused $user siteadmin variable. [Jakub Onderka]
- [UI] Use generic style for taxonomy view. [Jakub Onderka]
- [UI] Autofocus generic picker. [Jakub Onderka]
- [UI] Replace GnuPG with PGP. [Jakub Onderka]
- [UI] Empty field for galaxy 'Forked From' and 'Forked By' [Jakub
  Onderka]
- [UI] Use correct font for Show all. [Jakub Onderka]
- [UI] Send request just when opening event detail windows. [Jakub
  Onderka]
- [eventReport] Smarter extractWithReplacements. [Jakub Onderka]
- [eventReport] Replace defanged values. [Jakub Onderka]
- [eventReport] Notice when galaxy value is not separated by ` - `
  [Jakub Onderka]
- [stix2 import] Checking if attack-pattern, course-of-action and
  vulnerability names are known galaxies before importing them as MISP
  object. [chrisr3d]
- [tags] truncate tag names that are too long. [Andras Iklody]

  Otherwise we run into issues on the DB level anyway. For the future, perhaps change the field length.
- [installer] Typo. [Steve Clement]
- [search] don't append the same quicksearch value more than once in the
  URL. [iglocska]
- [statistics] Local org flag fixed to show the correct count.
  [iglocska]
- [mistake in a comment fixed] [iglocska]
- [internal] sharing_group graph missing org_ids - throwing notices.
  [iglocska]
- [internal] further promises removed from the galaxy model. [iglocska]

  - easier than getting people to stop using EOL software
- [installer] type in php-bcmath package. [Steve Clement]
- [installer] forgot to add sfv. [Steve Clement]
- [internal] removed function promises in crud component. [iglocska]

  - to appease EOL php versions...
- [delegation] invalid user call. [iglocska]

Other

v2.4.136 (2020-12-16)

New

- [CLI] Import events with compressed file support. [Jakub Onderka]

  Useful for importing big files
- [UI] Find org images also by uuid and support SVG images. [Jakub
  Onderka]
- [UI] Make possible to filter users by active/disabled. [Jakub Onderka]
- [UI] Show number of events for sharing group. [Jakub Onderka]
- [test] View org page. [Jakub Onderka]
- [UI] Allow to search in sharing group list. [Jakub Onderka]
- [security] Test if user can see sharing groups. [Jakub Onderka]
- [factories] generic confirmation UI factory added. [iglocska]
- [Cerebrates] added Cerebrate sync functionality. [iglocska]

  - add/modify cerebrate links
  - preview cerebrate instanes for organisations
  - fetch organisations from cerebrate
    - ingests new organisations and updates existing ones

  - More to come in the future
- [Cerebrate] db update added. [iglocska]
- [view factories rework] [iglocska]

  indextable:
    - org lookup field cleaned up and made more resilient
    - remote status: status field for checking of the local vs remote state of objects added
    - pagination system updated to allow for ajax pagination
    - random named container added for the index table's scaffolding

  side menu:
    - added cerebrate options

  side panels:
    - new factory type added for side panel elements (for the usual 2:1 split views)
    - added logo element

  single views:
    - child reworked to use the accordion element
    - added side panel support
- [auth] Allow to enforce auth plugin authentication. [Jakub Onderka]
- [shibb] Test for organisation UUID HTTP header. [Jakub Onderka]
- [shibb] Allow to get organisation UUID from HTTP headers. [Jakub
  Onderka]
- [test] Test for ApacheShibbAuth. [Jakub Onderka]
- [test] Security test suite. [Jakub Onderka]
- [security] New setting to check `Sec-Fetch-Site` header. [Jakub
  Onderka]
- [security] Add new `Security.disable_browser_cache` option to disable
  saving data to browser cache. [Jakub Onderka]

Changes

Fix

- [UI] Contact form text. [Jakub Onderka]
- [distribution graph] Graph doesn't work for non sync users when event
  is shared to sharing group. [Jakub Onderka]
- [UI] Show correct sync org for sharing group view. [Jakub Onderka]
- [UI] Change order for sg view. [Jakub Onderka]
- [UI] Do not show authkey if advanced authkeys are enabled. [Jakub
  Onderka]
- [UI] For accorddion external link do not propagate click. [Jakub
  Onderka]
- [UI] Send email link should be visible just for admin view. [Jakub
  Onderka]
- [UI] User search keeps filter. [Jakub Onderka]
- [UI] Show correct menu for EventsController::importModule action.
  [Jakub Onderka]
- [UI] For import show correct active menu. [Jakub Onderka]
- [UI] For tags show actions just when user can permission to use them.
  [Jakub Onderka]
- [UI] For Taxonomies show actions just when user can permission to use
  them. [Jakub Onderka]
- [UI] Show correct menu for Contact Reporter page. [Jakub Onderka]
- [UI] Remove unused All button from galaxy index. [Jakub Onderka]
- [UI] Show feed cache buttons just to site admins. [Jakub Onderka]
- [UI] For fail when uploading stix, show unit for maximum size. [Jakub
  Onderka]
- [UI] Button border when adding thread port. [Jakub Onderka]
- [UI] Show REST client menu item just when user has perm_auth. [Jakub
  Onderka]
- [internal] Undefined variable $passedArgs. [Jakub Onderka]
- [internal] Undefined variables when GitHub is not reachable. [Jakub
  Onderka]
- [internal] Undefined variable me. [Jakub Onderka]
- [UI] Better error message for permission denied. [Jakub Onderka]
- [security] Do not leak org names when
  hide_organisation_index_from_users enabled. [Jakub Onderka]
- [UI] Nicer error message for CSRF. [Jakub Onderka]
- [internal] User should be able to see his org. [Jakub Onderka]
- [UI] Toggle doesn't work with absolute URLs. [Jakub Onderka]
- [UI] Confusing messages after object template is deleted. [Jakub
  Onderka]
- [UI] Do not mention that STIX 2 export require library. [Jakub
  Onderka]

  This information can be useful just for site administrators, but not for users
- [UI] Do not show REST client menu link when user don't have
  permission. [Jakub Onderka]
- [UI] Do not show taxonomy delete menu link when user don't have
  permission. [Jakub Onderka]
- [UI] Do not show proposals menu link when user don't have permission.
  [Jakub Onderka]
- [UI] Do not show extend this event button when user don't have
  permission to do that. [Jakub Onderka]
- [UI] Allow to access delegations index just when delegations are
  enabled. [Jakub Onderka]
- [UI] Show `Add Cluster` in menu just when user has permission to add
  cluster. [Jakub Onderka]
- [sighting] Make sure that correct columns are processed. [Jakub
  Onderka]
- [rest-client] Do not raise exception for not site admin. [Jakub
  Onderka]
- [UI] Link to role edit. [Jakub Onderka]
- [UI] Show delete and edit button for SG just when user has permission.
  [Jakub Onderka]
- [UI] Sort countries by name. [Jakub Onderka]
- [db_schema] added cerebrate. [iglocska]
- [baseurl] validation relaxed. [iglocska]

  - no more arbitrary junk blocking https://localhost
- [communities] search fixed, context no longer defaults to "pending"
  which is an unknown value. [iglocska]
- [authkey] fixed a bug causing recurring authkey lookups via model
  binding failing. [iglocska]

  - missing parameter caused the linking to be single use
- [community] removed invalid filter field causing notice errors.
  [iglocska]
- [custompagination tool] hardcoded modelname fixed. [iglocska]
- [doc] Location typo fixed. [Alexandre Dulaunoy]
- [pgp] Key info for older GPG versions. [Jakub Onderka]
- [security] XSS in authkey comment field. [Jakub Onderka]
- [sightings] Support mysql in sql_mode=only_full_group_by. [Jakub
  Onderka]
- [security] Remove hashed advanced keys from response. [Jakub Onderka]
- [bindmodel] added reset = false to the linking of users to authkeys.
  [Andras Iklody]

  - added reset = false in parameters (otherwise consecutive calls to the user model will not include the relation)
- [UI] Correctly handle truncated values for import. [Jakub Onderka]
- [UI] Favourite only for tags. [Jakub Onderka]
- [installer] fi was forgotten, #hotfix. [Steve Clement]
- [installer] sfv file was forgotten. [Steve Clement]
- [internal] Remove unused method from AppController. [Jakub Onderka]
- [csvExport] Prevent override when using `includeContext` parameter Fix
  #3774. [mokaddem]
- [internal] Redis unlink method for old Redis versions. [Jakub Onderka]
- [text export] cull duplicates after fetching the data. [iglocska]

  - pros: No more full group by exceptions
          Handles duplicate culling across internally paginated workloads

  - cons: The returned dataset's size will not always match the requested count as duplicates are culled
- [authkey] only link the model if the instance is already updated.
  [iglocska]
- [UI] user add. [iglocska]

  S/MIME label misaligned

Other

v2.4.135 (2020-11-24)

New

- [datamodels] added jarm-fingerprint type. [Kory Kyzar]
- [galaxyCluster:index] Added badge showing number of custom clusters.
  [mokaddem]
- [UI] Allow to sort attributes or objects by first and last seen.
  [Jakub Onderka]
- [diagnostic] Check extensions version. [Jakub Onderka]
- [internal] JSON stream convert. [Jakub Onderka]
- [eventReport] Report from event. [mokaddem]
- Github action. [Raphaël Vinot]
- [diagnostic] Show installed GnuPG version. [Jakub Onderka]
- [user] Setting `disable_user_add` to disable user creation by org
  admins. [Jakub Onderka]
- [user] Disabling password and login changes apply also for org admins.
  [Jakub Onderka]
- [UI] Add `disable_user_password_change` and
  `disable_user_login_change` setting. [Jakub Onderka]
- [user] Allow to disable user login change. [Jakub Onderka]
- [user] Allow to disable user password change. [Jakub Onderka]
- [authkey] generate authkeys automatically when creating users.
  [iglocska]

  - when using the new authkey system
- [standardised delete] view factory added. [iglocska]
- [advanced authkey] system. [iglocska]
- [CRUD component] backport from Cerebrate. [iglocska]
- [genericForm] system backport from Cerebrate. [iglocska]
- [indextable] scaffolding added along with a list of improvements.
  [iglocska]
- [advanced authkey] API key copy to the new system added to
  diagnostics. [iglocska]
- [CRUD] component port from Cerebrate, initial version. [iglocska]
- [indextable] factories added. [iglocska]
- [js] submit form in place. [iglocska]

  - for popup forms, have the option to display the result directly in the popover
- [generic templates] added with a single view for now (delete)
  [iglocska]
- [Authkey] system added. [iglocska]
- [SingleView factories] added. [iglocska]
- [accordion] element added. [iglocska]
- [advanced authkeys] toggle added. [iglocska]
- [API] Fast check object or attribute existence by HEAD method. [Jakub
  Onderka]
- [events] endpoint `runTaxonomyExclusivityCheck` for event elements.
  [mokaddem]
- [rest] Allow to return just metadata after creating or editing event.
  [Jakub Onderka]
- [API] Allow event existence check by HEAD method. [Jakub Onderka]
- [GalaxyCluster] Added soft and hard deletion. [mokaddem]
- [clusterBlocklist] Added initial blocklist similar to the event one.
  [mokaddem]
- [galaxyCluster:publish] Upon publishing, push the cluster to remote
  servers. [mokaddem]
- [server:pull_relevant_cluster] Added new cluster pull technique.
  [mokaddem]

  It fetches remote clusters based on cluster tags known locally
- [galaxyCluster:restSearch] Possibility to search for clusters
  contained in an Event. [mokaddem]
- [tag] Added 2 new columns to fetch tags from galaxies faster.
  [mokaddem]
- [galaxyCluster] Added `published` flag to clusters. [mokaddem]
- [clusterRelations:view] Added endpoint for rest query only. [mokaddem]
- [server] Added `pull_galaxy_cluster` option in the server config.
  [mokaddem]
- [events:view] Added Cluster relationship network graph. [mokaddem]
- [clusterRelations:edit] Added endpoint. [mokaddem]
- [clusterRelation] Early work on Galaxy Cluster Relations. [mokaddem]
- [galaxyClusters:updateCluster] Added draft version to align a forked
  cluster's elements to his parent. [mokaddem]
- [galaxyClusters:add] Added UI to create/edit GalaxyClusterElements.
  [mokaddem]
- [galaxyCluster] Initial import of Galaxy2.0 codebase - WiP. [mokaddem]

Changes

Fix

- [security] Make cluster's elements adhere to ACL. [mokaddem]
- Missing dep in actions. [Raphaël Vinot]
- [installer] Added missing checkout. [Steve Clement]
- [galaxy update] tag capture fixed. [iglocska]

  - set random colour and some other default values
- [galaxy update] force flag should be cast to boolean. [iglocska]
- [eventReport:reportFromEvent] Correctly apply filter conditions Fix
  #6631. [mokaddem]
- [tags] Pass user object to massaging function. [mokaddem]
- [event:index] Pass missing parameter. [mokaddem]
- [installer] if not installed as a user other then 'misp' we used to
  fail, now fixed. [Steve Clement]
- [internal] Do not try to fetch empty job. [Jakub Onderka]
- [tags] invalid function call for the tag massaging after adding a tag.
  [iglocska]
- [tags] Pass user object to massaging function. [mokaddem]
- [appController] Prevent notice for `perm_galaxy_editor`  if update is
  still running. [mokaddem]
- [logs] Add missing AuthKey model to log search. [Jakub Onderka]
- [authkey] There is no AuthKey.timestamp column. [Jakub Onderka]
- [UI] There is nothing like AuthKey.disabled. [Jakub Onderka]
- [UI] Auto prevent default for index table actions. [Jakub Onderka]
- [UI] Add label to delete auth key icon. [Jakub Onderka]
- [UI] Remove unused inbox controller and menu link. [Jakub Onderka]
- [server:sqlRecoveryQuery] Added support of unsigned int Fix #6618.
  [mokaddem]
- [galaxy:update] Correctly delete clusters when performing a force
  update. [mokaddem]
- [security] XSS in the template element index view - As reported by
  Rubin Azad. [mokaddem]
- [object] Send all required arguments. [mokaddem]
- [authkey] default value incorrect. [iglocska]
- [galaxy:update] Make sure the fake user has the perm_sync right.
  [mokaddem]
- [UI] Correct path to user profile from authkey view. [Jakub Onderka]
- [security] Proper check who can view new authkeys. [Jakub Onderka]
- [test] Do not pull PyMISP. [Jakub Onderka]
- [internal] MISP update without branch. [Jakub Onderka]
- [test] Run updates. [Jakub Onderka]
- [attribute:fetch_attributes] Respect group_by request. [mokaddem]
- [mispObject:save_object] Returns error in correct format. Fix #6598.
  [mokaddem]
- [acl] Added report_from_event entry in ACL. [mokaddem]
- Fix spelling of sightings_anonymise_as description. [Mat]
- Perms in travis, var in gh action. [Raphaël Vinot]
- Just make config writable by everyone, again. [Raphaël Vinot]
- Just make config writable by everyone. [Raphaël Vinot]
- [internal] Diagnostic data download. [Jakub Onderka]
- [internal] Server::update method. [Jakub Onderka]
- [internal] Initialize ZMQ just when necessary after setting change.
  [Jakub Onderka]
- [event index] search via attribute key allows for empty input now.
  [iglocska]
- [internal] Destroy session just when session is started. [Jakub
  Onderka]
- [index search] allow for list of values to be passed via the attribute
  key. [iglocska]
- [tag:search] Correctly pass user data. [mokaddem]
- [UI] Put back requesting API access  to user page. [Jakub Onderka]
- [security] Properly validate new auth key. [Jakub Onderka]
- [UI] Cerebrate -> MISP. [Jakub Onderka]
- [MYSQL.sql] added first/last seen. [iglocska]
- [MYSQL.sql] removed duplicate entry. [iglocska]
- [test] Update db_schema.json for auth_keys table. [Jakub Onderka]
- [test] Update database before generating new user. [Jakub Onderka]
- [MYSQL.sql] updated. [iglocska]

  - incorporated all changes from 40 -> 61
  - should solve the userinit issues
- [authkey] convert existing keys. [iglocska]

  - added functionality to convert old style API keys to the setting description
- [UI] various smaller fixes. [iglocska]
- [authkey] various improvements. [iglocska]

  - correct lookup of users by API key when no expiration is set
  - added authkey reset functions
- [rest client] implenented changes for advanced authkeys. [iglocska]

  - strip auth headers in the history
  - but not in the actual request
- [various fixes] to the authkeys controller. [iglocska]

  - invalid admin lookup fixed
  - restriction to individual users added when using a user view to access the authkey index
- [copy pasta] menues shown twice on user view fixed. [iglocska]
- [galaxyCluster] Improved compatibility detection. [mokaddem]
- [galaxyCluster] Bump timestamp after soft-deletion and restoration.
  [mokaddem]
- [RestClient] Catch exceptions and show error message to user. [Jakub
  Onderka]
- [galaxyCluster] Apply deleteAll on correct model. [mokaddem]
- [galaxyClusters:view_relations] No galaxy matrix in the picker.
  [mokaddem]
- [galaxyCluster] Allow forks with same name to appear in the picker.
  [mokaddem]
- [galaxyClusterController:edit] Default empty list to empty string.
  [mokaddem]
- [galaxies:export] typo. [mokaddem]
- [galaxyCluster] Fixed publishing cluster permissions. [mokaddem]
- [galaxyCluster:edit] Edit do not require distribution field.
  [mokaddem]
- [galaxies] Correctly highlight galaxy in index scope. [mokaddem]
- [galaxyClusters:index] Apply find on correct model for REST requests.
  [mokaddem]
- [galaxyClusterRelations:index] Added baseurl. [mokaddem]
- [servers:restClient] Keep HTTP body on template selection if it
  changed. [mokaddem]

  Making someone happy:
  oooooooooooooooo+++ssyyyysso++ooooooooooosssyyysoo
  oooooooooooooo+shmMNNNNNNNmmmdys+ooooooooyyyyysyhs
  oooooooooooo+yNMNMNNNNNNNNNNNNdhds/ooooooosooooooo
  oooooooooo+omMMMMMNNNNNNNNNNNNNmhdy/oooooooooooooo
  ooooooooo++NMMMMNMNNNNNNNNNNmmmmdhm/oooooooooooooo
  ooooooooo+yMMMMMMMMMNNNNNNNmmdmdmhN/oooooooooooooo
  ooooooooo+oNMMNNmNMMMMMMNNNmddmdmhN/oooooooooooooo
  oooooooooooodddhmys+.yyyhNNmdmNdNhh/oooooooooooooo
  oooooooooooss/y+syso+s---+smdNhomdy+oooooooooooooo
  ooooooooooooos:+oo+/-.....:hoos+Nmo+oooooooooooooo
  oooooooooooo+sysso/-.......-.ohmNd/ooooooooooooooo
  ooooooooooooo+yooo:-........-hNmh/+ooooooooooooooo
  oooooooooooooo/ho+-.......-:+dhs//oooooooooooooooo
  ooooooooooooooo+ys/::::/o++ooh:.:/+o+/+ooooooooooo
  oooooooooooooooo+ooyhydNyoshy+.`````:++o++oooooooo
  ooooooooooooooo+osssossyyhyo+-`````/:.``:y/+oooooo
  ooooooooooooo+oyooosssssso/-````../:-````+s/oooooo
  oooooooooooo++hosssssso+-```````::/:+hhyyyd:oooooo
  oooooooooooo/hossssso+:````````./oo+ymsdyym:oooooo
  ooooooooooo/ssoyysso/.```````.:+ho+smNmmmmN/+ooooo
  ooooooooooo/moshdyyso/`````:osydsoohodddhym/oooooo
  oooooooooo+yyossdhsooo-``.-ossshosd/:-..-sd/oooooo
  oooooooooo/msshdd++/:--//+++oo+sss++:.```oy+oooooo
  oooooooooo/mosssshhs+oo+/::-..``-/++--```m++oooooo
  oooooooooo/d++ooossdmhs++oooo++/:--:-.``:d/ooooooo
- [internal] Do not fetch unnecessary correlations for distribution
  graph. [Jakub Onderka]
- [object:deltaMerge] Stopped updating object's attributes when updating
  the FS/LS. [mokaddem]

  - Make sure to compare the correct date value of FS/LS and not their representation
- [eventReports] Handle exception for EventReportsController::index.
  [Jakub Onderka]
- [regression] invalid server loaded for connection test. [iglocska]
- [galaxyClusters] Fixing badly merged merge-conflict. [mokaddem]
- [internal] Properly set login times for custom auth. [Jakub Onderka]
- [UI] Join with ", " array meta values for event reports. [Jakub
  Onderka]
- [UI] Prepend URL with baseurl. [Jakub Onderka]
- [UI] Disable debounce slowdown for first event report render. [Jakub
  Onderka]
- [UI] Show 'Add Event Report' just when user can modify event. [Jakub
  Onderka]
- [internal] Do not start session for shell commands. [Jakub Onderka]
- [internal] Do not load all attributes and sightings when editing
  event. [Jakub Onderka]
- [server:restclient] Removed force url for codemirror hints. [mokaddem]
- [object:edit] Changes on fs/ls handling for object's attributes.
  [mokaddem]

  - Allow object's attributes to have fs/ls different from their object.
  - Object's attribute's timestamp is no longer refreshed when editing an object unless the attribute changed
  - Object's attribute's inherit their object fs/ls if unset
- [attribute] `only_full_group_by` fixed for `__getCDIRList`. Fix #6218.
  [mokaddem]
- [appmodel] Make sure parameter is a string before accessing string
  index. Fix #6544. [mokaddem]
- [logs:admin_index] Removed bad usage of PHP's compact function Fix
  #6543. [mokaddem]
- [tags:search] Apply correct conditions on corresponding models. Fix
  #6475. [mokaddem]
- [stix2 import] Fixed parsing of objects mapped into galaxies for
  external STIX. [chrisr3d]

  - Mapping dictionary was not loaded correctly
    while calling the ExternalStixParser class, and
    it is now fixed
  - For objects from external STIX content that
    should be mapped as galaxies (such as malware,
    threat actor, and so on), we do not only test
    the perfect match with one of the galaxy names
    in the mapping dictionary, we also test now if
    the galaxy name is contained in any of the
    known galaxy names of the dictionary
- [new tag index] added, left off in previous commit. [iglocska]
- [servers:rest] Querybuilder performance improved when loading a new
  endpoint. [mokaddem]
- [internal] `Undefined index: value` warning. [Jakub Onderka]
- [galaxyClusters] Removed print statement. [mokaddem]
- [galaxyCluster] Only fetch targeting relations if full requested.
  [mokaddem]
- [galaxyClusterRelation] id condition not ambiguous. [mokaddem]
- [galaxyClusterRelation] Make sure contain is an array. [mokaddem]
- [galaxyClusterRelation] Make sure to include sourceCluster for the ACL
  condition. [mokaddem]
- [galaxyClusterRelation] Make sure owner of source cluser can see
  org_only relations. [mokaddem]
- [galaxyCluster] Hide edit cluster for notallowed users. [mokaddem]
- [galaxyCluster] Recursive conditions on grandparent model. [mokaddem]
- [galaxyClusterRelations] Hide delete button for non-elligible users.
  [mokaddem]
- [galaxyClusterRelation] Hide linked clusters where applicable.
  [mokaddem]

  - For source cluster, hide the relation
  - For target cluster, show the relation but hide target data
- [galaxyCluster] Allow hard-deletion of default clusters. [mokaddem]
- [galaxyClusterBlocklist] Correct usage of the new blocklist component.
  [mokaddem]
- [event] Failed merge conflict. [mokaddem]
- [clusterRelations:edit] Make edition of relation possible Make sure to
  assign the source cluster id to the relation. [mokaddem]
- [clusterRelations:index] Correctly unset target cluster if unkown and
  uses correct index element. [mokaddem]
- [galaxies:export] Return application/json MIME type for all exports.
  [mokaddem]
- [misp.js] Addressed lgtm warnings. [mokaddem]
- [galaxyCluster] Make sure the value is not empty while saving.
  [mokaddem]
- [server:pull] Make sure to update the job progress only if we are
  running in a background job. [mokaddem]
- [server:pull] Makes pull works with jobs. [mokaddem]
- [galaxyCluster:updateRelationsForSync] Use correct model to get
  announceBaseUrl. [mokaddem]
- [galaxyCluster:captureCluster] Block any attempt to modify a not
  locked clusters if server is not internal. [mokaddem]
- [galaxyClusterRelation:editRelation] Removed typo. [mokaddem]

  Cluster returned by fetchIfAuthorized is not inside a list
- [galaxyCluster:saveRelation] Set `default` value if unset and allow
  saving unknown clusters if force flag set. [mokaddem]
- [galaxyCluster:fetchIfAuthorized] Adhere to $throwErrors if the ID is
  invalid. [mokaddem]
- [galaxyCluster:publish] Cluster parameter can be of any type.
  [mokaddem]
- [galaxyCluster:publishRouter] Cluster parameter can be of any type.
  [mokaddem]
- [appModel:db_changes] Added new entry. [mokaddem]
- [galaxyCluster:fetchGalaxyCluster] Make sure to fetch a fresh version
  of the sharinggroup with all its associated data. [mokaddem]
- [GalaxyCluster:fetchGalaxyCluster] Correctly attach all sharinggroup
  information. [mokaddem]
- [galaxyCluster] Make sure we correctly update cluster relations and
  few QoL fixes. [mokaddem]
- [clusterRelations:add] Correctly report validation errors. [mokaddem]
- [install:MySQL] Create `perm_galaxy` in roles table before updating
  rows. [mokaddem]
- [clusterRelations:add/edit] Avoid error variable override. [mokaddem]
- [clusterRelation:delete] Take first result if id matches. [mokaddem]
- [clusterRelation] Use correct linked model alias. [mokaddem]
- [galaxyCluster] Typo when accessing variables. [mokaddem]
- [ACLComponent] Put `pushClusters` into the correct section. Also
  removed useless condition. [mokaddem]
- [servers:push] Do not throw exception while pushing via rest query.
  [mokaddem]
- [galaxy:import] Set org and orgc to default MISP org. [mokaddem]
- [clusterRelations:view_relation_tree] Avoid id collision for cross-
  referencing clusters. [mokaddem]
- [galaxy:import] Correctly set distribution when importing from
  repository. [mokaddem]
- [clusterRelations:edit] Endpoint access data with/without model key.
  [mokaddem]
- [clusterRelation] Added entry in ACLComponent and improved rest error
  message. [mokaddem]
- [clusterRelations] Corrected conditions allowing the creation/update
  of relations. Plus, get rid of not-used relation's value. [mokaddem]
- [clusterRelation:add] Use the correct key to access cluster info.
  [mokaddem]
- [clusterRelations:add] Removed useless translation. [mokaddem]
- [clusterRelation:restSearch] Allow org to see their own relations if
  they are distribution=org_only. [mokaddem]
- [galaxyCluster] Typo in linked model. [mokaddem]
- [galaxyCluster:fetchClusters] Added missing conditions for
  clusterRelations. [mokaddem]
- [galaxyCluster:pull] Correctly capture the Orgc. [mokaddem]
- [galaxyClusterRelation:getRelations] Could not fetch relations with no
  full group by enabled. [mokaddem]
- [galaxyCluster:captureCluster] Make sure to capture the galaxy if
  unkown. [mokaddem]
- [clusterRelation:captureRelations] Default referenced galaxy id to 0
  if it's unkown. [mokaddem]
- [galaxyCluster:view_relation_tree] Tree links takes into account the
  avg numerical_value. [mokaddem]
- [galaxies:massageTags] Pass user to the model. [mokaddem]
- [clusterRelations:syncUUIDsAndIDs] Make sure to default referenced
  cluster id to 0 if unknown. [mokaddem]
- [galaxy:import] Use correct data path to retrieve galaxy id.
  [mokaddem]
- [galaxyCluster:edit] Fixed key name issues preventing clusters to be
  edited similar to the `add` endpoint. [mokaddem]
- [galaxyCluster:relations_graph] Fixed link id not used consistently.
  [mokaddem]
- [clusterRelations:catpure] More flexible tag capture. [mokaddem]
- [galaxy:import] Set the locked flag for the imported galaxyCluster.
  [mokaddem]
- [galaxyCluster] Make sure to sync id/uuid for the target relation.
  [mokaddem]
- [galaxyCluster:view_relation_tree] Fixed division by 0. [mokaddem]
- [galaxyClusters:relations_graph] Draw relation text only once +
  Physics tweaking. [mokaddem]
- [galaxyClusers:relations_graph] Draw nodes after links. [mokaddem]
- [galaxyCluster:CRUD] Fixed fields not being saved correctly and
  improved API feedback. [mokaddem]
- [clusterRelations:relation_tree] looping with function callback change
  the value of `this` [mokaddem]
- [server:pushGalaxyCluster] Correctly select UUIDs to be pushed.
  [mokaddem]
- [clusterRelations:view_relations] Avoid duplication of targetting
  relations. [mokaddem]
- [clusterRelations:view_relations] Correctly sync ID and UUID when
  adding a relation and repaired view. [mokaddem]
- [clusterRelations:relations_graph] Support of fallback `MISP`
  Organisation and improved tooltip layout. [mokaddem]
- [galaxy:quickViewMini] Prevent multiple `mouseover` listeners.
  [mokaddem]
- [cluster:add_relation] Correctly use the freetext relation if picked.
  [mokaddem]
- [clusters:edit] ClusterElementUI do not duplicate rows each time it's
  displayed. [mokaddem]
- [event:view] Prevent global variable overide. [mokaddem]
- [ClusterRelationsGraphTool] Inject Orgs and SharingGroup info for
  referencing nodes. [mokaddem]
- [events:view] Fixed cluster_relations filename and distribution info.
  [mokaddem]
- [clusterRelations:fork_tree] Prevent division by 0. [mokaddem]
- [galaxy] Few leftovers to be renamed. [mokaddem]
- [galaxy:fork_tree] Better handling of versions. [mokaddem]
- [galaxyCluster:view] Catch if cluster has no `extended_from`
  [mokaddem]
- [galaxy:editCluster] Correctly update galaxyElements. [mokaddem]
- [galaxy:fork_tree] Correctly print default value. [mokaddem]
- [galaxu:index] Corrected cluster base urls locations. [mokaddem]
- [genericIndexTable:extended_generic] Do not duplicate field if both
  `from` and `by` are used. [mokaddem]
- [galaxyCluster:attachToEventIndex] Usage of the correct function.
  [mokaddem]

Other

v2.4.134 (2020-11-02)

New

- [tag index] simple/advanced view. [iglocska]

  - simple view excludes eventtags / attributetags / sightings
  - helps with heavier instances

  - refactor of the index to the new generators
  - new elements for the generators added
- [UI] Add link to show related feeds attributes. [Jakub Onderka]
- [UI] Allow to set attachment scan settings from user interface. [Jakub
  Onderka]
- [widgets] button for link (#6489) [Loïc Fortemps]
- [statistics shell] year over year org growth added. [iglocska]
- [eventReports] Event auto-tagging from report. [mokaddem]
- [UI] Attachment scan diagnostic. [Jakub Onderka]
- [av] Allow to scan just by file hash. [Jakub Onderka]
- [av] Use misp-module for AV scanning. [Jakub Onderka]
- [av] Malware protection for uploaded files. [Jakub Onderka]
- [UI] Allow to disable hover enrichment. [Jakub Onderka]
- [sync] Show client certificate info in connection test. [Jakub
  Onderka]
- [eventReports] Creation of reports from URL using MISP-modules.
  [mokaddem]
- [eventReport] Added context replacements and suggestions. [mokaddem]
- [eventReports:markdownEditor] Text replacement with existing
  attributes. [mokaddem]
- [eventReports] Attributes suggestion replacement + UI - Draft.
  [mokaddem]

Changes

Fix

- [stix import] Avoiding issue with test_mechanisms with no rule value.
  [chrisr3d]
- [internal] Remove warning when modules are not reachable. [Jakub
  Onderka]
- [security] SSRF fixed in the rest client. [iglocska]

  - by using the full path parameter in the rest client, users could issue queries to any server
  - this becomes especially problematic when the MISP server is able to query other internal servers,
    as external users could trigger those

  - new server setting added that allows enabling the full path option, this is now disabled by default
  - new server setting added to add an override baseurl for the rest client, removing the need for the full
    path option in the first place (for example for the training VM with its port forwarding)

  - Thanks to Heitor Gouvêa for reporting this vulnerability
- [eventReport] Function call not adapted after module rework merge.
  [mokaddem]
- [ACL] Add missing controllers from EventReports. [Jakub Onderka]
- [internal] Warning when viewing feed info. [Jakub Onderka]
- [UI] Show error message if genericPopup ajax request fails. [Jakub
  Onderka]
- [eventReport:markdownEditor] Show full attribute value in print mode.
  Fix #6507. [mokaddem]
- [UI] More space in sighting graph for a lot of sightings numbers.
  [Jakub Onderka]
- [UI] Add missing line break. [Jakub Onderka]
- [UI] Remove forgotten removed variable. [Jakub Onderka]
- [UI] Show correct message when saving object after quick edit. [Jakub
  Onderka]
- [UI] Show error if multiSelectAction fails. [Jakub Onderka]
- [eventReport] Correctly tag event if requested + undefined variable.
  [mokaddem]
- #6354. [Nick]

  fix: #6354

  Need escape for quote in regex
- [av] Send to module also attribute UUID and value. [Jakub Onderka]
- [modules] Better error handling for connection problems. [Jakub
  Onderka]
- [module] Throw exception if response JSON is invalid. [Jakub Onderka]
- [UI] Remove unnecessary empty div from seen_field. [Jakub Onderka]
- [UI] Do not allow to add tags when showing event to merge. [Jakub
  Onderka]
- [UI] Fix strikethrough text decoration for deleted reference. [Jakub
  Onderka]
- [UI] Remove unnecessary form element from correlated events. [Jakub
  Onderka]
- [internal] Remove compressing by ZIP PHP extensions. [Jakub Onderka]
- [internal] Avoid warnings in global_menu. [Jakub Onderka]
- [resource-widget] Use redisInfo method for getting info. [Jakub
  Onderka]
- [tools] Variable names typo. [chrisr3d]
- [internal] Check Crypt_GPG version. [Jakub Onderka]
- [UI] Put back missing homepage star. [Jakub Onderka]
- [internal] Unused variable in Event::__generateCachedTagFilters.
  [Jakub Onderka]
- [internal] Remove unused file. [Jakub Onderka]
- [internal] Remove unused AppModel::checkVersionRequirements method.
  [Jakub Onderka]
- [travis] Retry poetry packages installation. [Jakub Onderka]
- [eventReports:markdownEditor] Better parsing of free text value.
  [mokaddem]

Other

v2.4.133 (2020-10-16)

New

- [UI] Use flag icons from Twemoji. [Jakub Onderka]
- [UI] Show organisation nationality flag. [Jakub Onderka]
- [attribute type] cpe Common Platform Enumeration attribute type added.
  [Alexandre Dulaunoy]
- [attribute] telfhash attribute type added - fix #6435. [Alexandre
  Dulaunoy]
- [GPG] Validate fetched GPG key. [Jakub Onderka]
- [UI] Add icons for threat levels. [Jakub Onderka]
- [internal] Allow to set warning checking for all attributes, not just
  IDS. [Jakub Onderka]
- [warninglist] Allow to check if IP in CIDR is part of another CIDR.
  [Jakub Onderka]
- [warninglist] Cache warninglist results. [Jakub Onderka]
- [build] Validate also feed metadata rules and settings JSON contents.
  [Jakub Onderka]
- [attribute-type] filename-pattern to describe a filename base on a
  pattern. [Alexandre Dulaunoy]

  Fix #403

  There is no specific validation on the field. This allows us to have a clear
  separation between filename and filename-pattern as many users were
  using filename for regexp. This also helps the creation of object
  template which requires a filename pattern.
- [evenReport] Support of extended event. [mokaddem]
- [eventReport:markdownEditor] Toggleable rendering of MISP Elements.
  [mokaddem]
- [eventReport:markdownEditor] Support to reference object attribute.
  [mokaddem]
- [markdownEditor] Added support of fullscreen mode. [mokaddem]
- [eventReport:markdownEditor] Added hints for tags. [mokaddem]
- [eventReport] Added support of tags. [mokaddem]
- [user agent] string changed for MISP -> MISP synchronisation.
  [iglocska]
- [UI] Truncate long values. [Jakub Onderka]
- [UI] Go directly to object reference when referenced object is on the
  same page. [Jakub Onderka]
- [workers] add kill all / force kill all buttons to the worker
  management, fixes #6329. [iglocska]
- [recovery] script added mock method among other changes. [iglocska]

  - also added proposals
  - add/accept/discard should be fully supported now
- [recovery] added event deletion recovery tool. [iglocska]
- [internal] added helper function to get tag id based on cluster id.
  [iglocska]
- [markdownEditor] Possibility to toggle rules on-the-fly. [mokaddem]
- [markdownViewer] Added light support of picture attachment parsing.
  [mokaddem]
- [markdownViewer] Support of hints in editor. [mokaddem]
- [markdownViewer] Added rule and renderer for special MISP elements.
  [mokaddem]

Changes

Fix

- [server] caching notice fixed. [iglocska]
- [UI] Do not show quick edit for deleted attributes and when user don't
  have permission. [Jakub Onderka]
- [UI] Show error for user if activateField request fail. [Jakub
  Onderka]
- [eventReport] Include just tags that belongs to requested event or its
  parent, not to other child. [Jakub Onderka]
- [eventReport] Properly validate UUID. [Jakub Onderka]
- [eventReport] Optimize loading by UUID. [Jakub Onderka]
- [eventReport] Template loading condition. [Jakub Onderka]
- [UI] Remove checkbox from objects. [Jakub Onderka]
- [UI] Correctly remove checked attributes after page reload. [Jakub
  Onderka]
- [internal] Missing variable. [Jakub Onderka]
- [internal] Remove unnecessary class initialization. [Jakub Onderka]
- [UI] Remove space after referecence link. [Jakub Onderka]
- [UI] Reset popover box after closing. [Jakub Onderka]
- [UI] Remove underline from icons. [Jakub Onderka]
- [validation] Correct validation for iban, bic, btc, dash and xmr
  attributes. [Jakub Onderka]
- [validation] Normalize mac-address and mac-eui-64 to lowercase. [Jakub
  Onderka]
- [validation] Do not accept floats where should be just integers.
  [Jakub Onderka]
- [correlations] Disable correlation for port part in hostname|port
  type. [Jakub Onderka]
- [stix1 framing] Added Custom objects namespace. [chrisr3d]
- [UI] Set title for atomic/extended switch. [Jakub Onderka]
- [UI] Put current language to HTML element. [Jakub Onderka]
- [UI] Element ID must be unique. [Jakub Onderka]
- [UI] Try to fix broken form quick edit submit with CTRL+ENTER. [Jakub
  Onderka]
- [UI] Provide description for pivot remove button. [Jakub Onderka]
- [UI] Provide description for search button. [Jakub Onderka]
- [UI] Remove unused parts from row_proposal template. [Jakub Onderka]
- [UI] Remove objectType is zero checks. [Jakub Onderka]
- [UI] Normalize quck add attribute for object with other forms. [Jakub
  Onderka]
- [UI] Change new object attribute information margin. [Jakub Onderka]
- [UI] objectAddFieldTr should not cover checkbox. [Jakub Onderka]
- [UI] Proposal to delete should be considered as proposal. [Jakub
  Onderka]
- [UI] Make proposal links visible. [Jakub Onderka]
- [UI] Nicer proposal HTML code. [Jakub Onderka]
- [UI] Base url for OrgImgHelper. [Jakub Onderka]
- [UI] Show warning if notification when creating new user could not be
  send. [Jakub Onderka]
- [UI] Provide proper description for S/MIME cert. [Jakub Onderka]
- [internal] Properly convert `hostname|port` when delimiter is `:`
  [Jakub Onderka]
- [validation] Convert vulnerability attribute to uppercase. [Jakub
  Onderka]
- [validation] Float validation. [Jakub Onderka]
- [mail] S/MIME certificate validation, fixes #6424. [Jakub Onderka]
- [freetext] Do not load event page twice when saving freetext. [Jakub
  Onderka]
- [UI] Add space after icon. [Jakub Onderka]
- [UI] Non breakable space between hidden value and icon. [Jakub
  Onderka]
- [UI] Remove not used organisation landing page. [Jakub Onderka]
- [internal] Remove unused $page variable. [Jakub Onderka]
- [UI] Do not hide some errors. [Jakub Onderka]
- [internal] Check if module has defined userConfig. [Jakub Onderka]
- [db_schema] Bumped schema with the changes. [mokaddem]
- [eventReports] Renamed function to make it more explicit and avoid
  function name override. [mokaddem]
- [ACLComponent] Added missing entry and removed invalid warnings.
  [mokaddem]
- [UI] Hover enrichment popover overflowing. [Jakub Onderka]
- [UI] Remove margin from long value pre. [Jakub Onderka]
- [internal] Array to string conversion when constructing request.
  [Jakub Onderka]
- [freetext] Convert CVE string to uppercase to follow attribute
  validation. [Jakub Onderka]
- [UI] Bigger margin for extend this event button. [Jakub Onderka]
- [UI] Clear input value when clicking cancel for attribute search.
  [Jakub Onderka]
- [UI] #attributesFilterField doesn't exists anymore. [Jakub Onderka]
- [UI] Show loading also for down attribute paginator. [Jakub Onderka]
- [UI] Remove unnecessary br from eventattribute template. [Jakub
  Onderka]
- [UI] Remove unused page argument for sighting form. [Jakub Onderka]
- [UI] Fix IDS toggle permission in attribute view. [Jakub Onderka]
- [UI] Return back sighting popover. [Jakub Onderka]
- [UI] Remove duplicate request for quick filter. [Jakub Onderka]
- [UI] Disable To IDS checkbox if user don't have persmission to modify
  event. [Jakub Onderka]
- [internal] Removed unused template. [Jakub Onderka]
- [UI] Use pointer cusros for template choice button. [Jakub Onderka]
- [decayingModelSimulation] Correctly extract part of atomic tags.
  [mokaddem]
- [tags:attachTagToObject] Respect case when searching tags. [mokaddem]
- [tags:attachTagsToObject] Respect case when attaching tags. Fix #6380.
  [mokaddem]
- [UI] Showing active menu item when viewing noticelist. [Jakub Onderka]
- [UI] Showing item in side menu for org admin. [Jakub Onderka]
- [UI] Check more menu ACLs. [Jakub Onderka]
- [UI] Do not show empty global menu item. [Jakub Onderka]
- [UI] User guide link. [Jakub Onderka]
- [warnings] enforceWarninglist works again. [Jakub Onderka]
- [warnings] Cache deletion. [Jakub Onderka]
- [warninglists] Include warning for merged events. [Jakub Onderka]
- [warnings] Attach warnings to feed and server event preview. [Jakub
  Onderka]
- [internal] IPv6 CIDR warninglist. [Jakub Onderka]
- [server:workerDiagostics] Default queue status to false. [mokaddem]
- [tag filters] fixed ridiculously long lists for tag filters.
  [iglocska]
- [CLI] missing ; [iglocska]
- [server] Do not limit TLD to 5 characters. Fix #6342. [Richard van den
  Berg]
- [internal] Variable should be defined all the time. [Jakub Onderka]
- [proposal] No return when org is not defined. [Jakub Onderka]
- [eventReports:markdownEditor] Force close the popover if parent
  element not found. [mokaddem]
- [eventReport] Do not try to fetch report after successful hard
  deletion. [mokaddem]
- [markdownEditor] Reset width in editor's split mode when swiching to
  fullscreen. [mokaddem]
- [eventReport:markdownEditor] render markdown once MISP elements have
  been fetched. [mokaddem]
- [eventReport] Improved variable name and do not crash if event is not
  extending another one. [mokaddem]
- [eventReports] Typo in variable name. [mokaddem]
- [markdownEditor] Layout glitch with resizeable helper and fullscreen.
  [mokaddem]
- [misp] Allow re-showing hidden popover after creation. [mokaddem]
- [eventReports:index] Fixed quicksearches. [mokaddem]
- [eventReport:markdowEditor] Make add galaxy-matrix shortcut works.
  [mokaddem]
- [server:push] Correctly return message when using API. [mokaddem]
- [event:push] Setup requests headers before sending request. [mokaddem]
- [server:push] Allow pushing events only having event reports.
  [mokaddem]
- [event:updateEventReportBeforeSync] Init httpSocket. [mokaddem]
- [tags:search] Make sure the predicate exists in the taxonomy.
  [mokaddem]
- [eventReport:markdownEditor] Improved colors of attributes and objects
  in printing view. [mokaddem]
- [eventReport:markdownEditor] Parse all tags in a line instead of the
  last one. [mokaddem]
- [eventReport:markdownEditor] Avoid override of legitimate tags if they
  don't have data linked to them. [mokaddem]
- [eventReport:markdownEditor] Prevent error while opening popover for
  unknown tags. [mokaddem]
- [doc] Document "cake Server pullAll" [Richard van den Berg]
- [attachment checker] invalid lookup. [iglocska]
- [missing attachment log] fixed issue with orgs not being logged.
  [iglocska]
- [attachment checks] output of logging cleaned up. [iglocska]
- [events] Added loading indicator when paginating on event's attribute
  table. [mokaddem]
- [hacky] readded org field to shadow attributes - just blank it out for
  old instances where the update failed to remove it a few years ago.
  [iglocska]
- [sync] better logging of error messages and handle the user ID not
  being set by background processes. [iglocska]
- [correlations] Properly delete feeds caches. [Jakub Onderka]
- [internal] Remove duplicates from cancelPopoverForm. [Jakub Onderka]
- [UI] Popup size. [Jakub Onderka]
- [decaying] 2-tag base_score ratio. Fix #6352. [mokaddem]
- [attribute] Typo in regex. Fix #6354. [mokaddem]
- [UI] Make attribute/object focus work again. [Jakub Onderka]
- [internal] Remove dead code from template. [Jakub Onderka]
- [internal] Undefined variable base_url for idTranslator. [Jakub
  Onderka]
- [UI] Show error for user if file for import is invalid. [Jakub
  Onderka]
- [UI] Hex and binary convertor. [Jakub Onderka]
- [UI] Show properly formatted attribute value after quick edit. [Jakub
  Onderka]
- [UI] Show proper menu when using even import module. [Jakub Onderka]
- [internal] Prepare for PHP8. [Jakub Onderka]
- [internal] Fix tests for missing ACL. [Jakub Onderka]
- [UI] Custom password reset link is absolute. [Jakub Onderka]
- [internal] Typo in perm name. [Jakub Onderka]
- [internal] Do not fetch more info than necessary. [Jakub Onderka]
- [eventReports] Use correct data path to access org_c. [mokaddem]
- [eventReport] Deleted report can be restored by non-admin users.
  [mokaddem]
- [ACL] Permissions when sending contact and alert emails. [Jakub
  Onderka]
- [internal] Conditions when object distribution is set to org only.
  [Jakub Onderka]
- [internal] Fetching objects with attachments. [Jakub Onderka]
- [internal] Remove duplicate check for published event when fetch
  objects. [Jakub Onderka]
- [internal] Remove duplicate conditions for object restSearch. [Jakub
  Onderka]
- [internal] Code style. [Jakub Onderka]
- [internal] Invalid conditions for sharing group when fetching objects.
  [Jakub Onderka]
- [internal] Bad merge. [Jakub Onderka]
- [server] Downgrade distribution of objects when pulling. [mokaddem]
- [recovery] various fixes. [iglocska]

  - to_ids fixed
  - background processing made optional
  - first/last seen format conversion altering the data's format for the recovery script fixed
  - added capture of object first/last seen to the recovery script
- [log:event_recovery] Delete blocklist entry for recovered event.
  [mokaddem]
- [objectReference] Do no reset timestamp to current time if already
  provided. [mokaddem]
- [log] Convert attribute's fs/ls into understood format. [mokaddem]
- [events:recover_event] Fixed URL. [mokaddem]
- [merge issue] resolved. [iglocska]
- [attributes] Restored action on tags in mass edit. [mokaddem]
- Added missing test mechanisms mapping mapping. [chrisr3d]
- [validation] make publish_timestamp on the event object more resilient
  to malformed empty values. [iglocska]
- [eventReport] Do not ignore `false` fields when editing. [mokaddem]
- [event] Delete event report when deleting event. [mokaddem]
- [eventReport] changed beforeFilter signature to avoid notice.
  [mokaddem]
- [eventReports] Add view variables before rendering. [mokaddem]
- [event] Use correct function name. [mokaddem]
- [markdownEditor] Make viewer works inside modal. [mokaddem]
- [markdownEditor] Post split bugs. [mokaddem]
- [markdownViewer] Fixed missing event_id. [mokaddem]
- [markdownViewer] Regenerate scroll map after resize + layout
  improvement. [mokaddem]
- [datetime] Failed merge. [mokaddem]
- [attribute tag culling] fixed. [iglocska]

  - no longer hides tags that should be included in the export

Other

v2.4.132 (2020-09-15)

Changes

- [version] bump. [iglocska]
- [queryversion] Bumped. [mokaddem]
- [bootstrap-datepicker] Updated to version 1.9.0. [mokaddem]
- [appmodel] New entry to create an upper bound for the unwanted action
  through login. [mokaddem]

  This will be used by recovery scripts
- [sightings] anonymise pushed sightings using new
  Sightings_anonymise_as setting. [Richard van den Berg]
- [events] Make sure the fetched form is hidden. [mokaddem]
- [events] Index table delete buttons switch to fetch then post.
  [mokaddem]
- [internal] Better error handling when pushing event to remote server.
  [Jakub Onderka]
- [internal] Ensure that UUID is always lowecase and real UUID. [Jakub
  Onderka]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]

Fix
~~~
- [users] Avoid POSTing forms not linked to the login page resulting in
  unwanted actions. [mokaddem]

  - As reported by Michael Kerscher
- [tag filters] fixed a bug introduced with the previous filter fix,
  resulting in multiple OR tags being ignored as a valid filter.
  [iglocska]
- [Server] only push events/sightings when selected. [Richard van den
  Berg]
- [cleanup] [iglocska]
- [cleanup] [iglocska]
- [string concat] fix. [iglocska]
- [cleanup] debug. [iglocska]
- [internal] Correctly handle positive tag filters for non site admins.
  [iglocska]

  - tag filters were ignored incorrectly when it was a positive lookup
- [internal] Nonsense index names. [Jakub Onderka]

Other
~~~~~
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem]
- Bumped db_schema. [Sami Mokaddem]
- Merge branch 'fix-login' into 2.4. [mokaddem]
- Merge pull request #6310 from RichieB2B/ncsc-nl/selective-push.
  [Andras Iklody]

  Only push events/sightings when selected for server
- Merge pull request #6308 from RichieB2B/ncsc-nl/anonymise-as. [Andras
  Iklody]

  Anonymise pushed sightings
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre
  Dulaunoy]
- Merge pull request #6286 from JakubOnderka/push-error-handling. [Jakub
  Onderka]

  chg: [internal] Better error handling when pushing event to remote se…
- Merge pull request #6272 from JakubOnderka/uuid-validation. [Jakub
  Onderka]


v2.4.131 (2020-09-08)
---------------------

New
~~~
- [types] pgp-public-key/pgp-private-key added. [iglocska]
- [internal] filter "type" added for the internal fetcher. [iglocska]

  - appends email as a type if email-src/email-dst are found
- [types] email added as a new type, affects #6281. [iglocska]
- [diagnostic] Check if database index is unique. [Jakub Onderka]
- [API] added count returnformat for the REST api, fixes #6233.
  [iglocska]

  - simply counts the number of attributes/events found (on each respective scope)
- [ACL] event blacklisting fully opened up to host org users. [iglocska]

  - also added a new special permission for the ACL system host_org_user - which will evaluate whether the user is in the org configured in the MISP.host_org_id directive

Changes

Fix

- [widgets] Adding images by default on the repository (#6298) [Loïc
  Fortemps]
- [validation] relaxed first/last/middle name validation. [iglocska]
- [objects] edit fails due to invalid URLs used fixed. [iglocska]
- [internal] fix to various CLI commands breaking on the IP field in the
  log table not having a default value, fixes #6263. [iglocska]
- [internal] Fetch related events for merged events just when necessary.
  [Jakub Onderka]
- [db_schema] Missing index for feeds.orgc_id. [Jakub Onderka]
- [UI] Blocklist mass delete. [Jakub Onderka]
- [UI] Event blocklist. [Jakub Onderka]
- Support IE with no template literal support. [Tom King]
- [internal] Respect ACL for event attribute search. [Jakub Onderka]
- [stix2 import] Quick fix on external indicator parsing. [chrisr3d]

  - Specifying the indicator version while testing
    if the object is an indicator to avoid issues
  - Also added a small warning message for debugging
    purposes when we face issues to parse the
    pattern types
- [stix2 import] Making sure we do not lose the event uuid. [chrisr3d]
- [stix2 import] Removed useless test in relationships parsing.
  [chrisr3d]
- [stix2 import] Fixed external patterns parsing. [chrisr3d]

  - Avoiding brackets to be imported with the type
    and value within attributes
  - Going with 55095910c
- [API] blocklist behaviour index via the API returns empty list.
  [iglocska]

  - fixed
- [stix2 import] Fixed external pattern types parsing. [chrisr3d]

  - Avoiding issues with patterns containing parts
    within brackets and separated by OR statements
    giving results like "[file" instead of "file"
- [cluster:index] Prevent highlighting non existing JSON. [mokaddem]
- [popovers] Prevent closing inexisting popovers. [mokaddem]
- [userSettings:set_home_page] Added missing view file. Fix #6245.
  [mokaddem]
- [serverShell:cacheFeeds] Correct usage of __n function. Fix #6238.
  [mokaddem]
- [appmodel] Create indexes after the column has been added. [mokaddem]
- [stix import] Handling potential key errors with test mechanism types.
  [chrisr3d]
- [otp] Allow to send encrypted OTP by mail. [Jakub Onderka]
- [stix import] Preventing external observables & ttps parsing to fail.
  [chrisr3d]

  - Testing if observables have properties before
    trying to parse observable properties
  - Catching exceptions when ttps cannot be parsed
  - Should fix #6250
- [internal] loading a missing proposal attachment leads to an
  exception. [iglocska]

  - should be silently logged and notice error sent
- [enrich event] Typo. [chrisr3d]
- [enrich event] Avoid freetext results to end up lost in the
  interstellar space of orphaned attributes with no event_id. [chrisr3d]
- [tag] Show correct count of tag attributes and events. [Jakub Onderka]
- [UI] Event attribute filters works again. [Jakub Onderka]
- [JS] Issue #6226 when adding object reference. [Jakub Onderka]
- [JS] broken URLs due to the baseurl refactor. [iglocska]

  - no need to prepend URLs taken from the forms themselves directly.
- [internal] Remove unused compositeTypes variable. [Jakub Onderka]

Other

v2.4.130 (2020-08-20)

New

- [internal] cache tags instead of loading them over and over via the
  event fetcher, fixes #6201. [iglocska]

  - should speed things up for exports of datasets that have a lot of recurring tags
  - moved the caching of some internals to the appmodel level to make it more generic
- [internal] Support autocrypt when sending e-mails. [Jakub Onderka]
- [internal] 'GnuPG.obscure_subject' option to not send unencrypted
  subject. [Jakub Onderka]
- [internal] Log if e-mail was send encrypted or not. [Jakub Onderka]
- [administration] lightweight slow query log analysis added. [iglocska]

  usage: /var/www/MISP/app/Console/cake Statistics analyse_slow_logs [path_to_slow_log]
- [widgets] Additional widgets for sharing statistics and layouts.
  [Golbark]
- Allow tag deletion for an event on update. [Tom King]
- Allow for attribute tag deletion via Event or Attribute edit. Clean
  and return the attribute tags on response from editing an attribute,
  update code to remove legacy. [Tom King]
- [UI] Show event preview when merging. [Jakub Onderka]
- [attribute] Add support for IDN domains. [Jakub Onderka]
- [opt] Added non interactive place holder. [Steve Clement]
- New: [freetext] Convert `[at]` to `@` and `hxtp` and `htxp` to `http`
  [Jakub Onderka]

  Fixes #4908 and #4805

Changes

Fix

- [internal] Syntax error in bootstrap.default.php. [Jakub Onderka]
- [invalid element reference] element filepath was incorrectly treated
  as a url. [iglocska]
- [UI] Show correct options in menu. [Jakub Onderka]
- [internal] Notice when adding tag to collection. [Jakub Onderka]
- [security] Check tag restriction for collection tags. [Jakub Onderka]
- [security] Check tag restriction for attribute tags. [Jakub Onderka]
- [security] Check tag restriction for event tags. [Jakub Onderka]
- [attachment] Do not fetch attachment when accepting deletion proposal.
  [Jakub Onderka]
- [UI] Showing image thumbnail. [Jakub Onderka]
- [test] Use two spaces to pass the test. [Jakub Onderka]
- [internal] Throw exception if invalid event for contact method is
  provided. [Jakub Onderka]
- [test] Set GnuPG.email variable. [Jakub Onderka]
- [internal] Fix undefined index notices. [Jakub Onderka]
- [test] GPG homedir permission. [Jakub Onderka]
- [internal] SendEmail exceptions message and logging. [Jakub Onderka]
- [internal] Do not leak IP address in Message-ID. [Jakub Onderka]
- [internal] Throw exception when invalid event id provided for contact
  email. [Jakub Onderka]
- [intrernal] Undefined index: Organisation notice. [Jakub Onderka]
- [cli] Show error when invalid user ID provided. [Jakub Onderka]
- [test] Install missing python3-redis package. [Jakub Onderka]
- [test] Show error and debug logs also after success test. [Jakub
  Onderka]
- [test] Start workers under www-data group. [Jakub Onderka]
- [doc]  Amended CentOS8 install doc. Removed ssdeep, not working
  anymore. [Steve Clement]
- [events:queryEnrichment] Recovers tag colour. [mokaddem]

  - Fix #6186
- [security] Check if user can access sharing group when uploading
  attachment. [Jakub Onderka]
- [UI] Bad merge for mass edit form. [Jakub Onderka]
- [proposals] Downloading proposal attachment. [Jakub Onderka]
- [ACL] Allow proposal author to discard it. [Jakub Onderka]
- [security] Respect ACL for freetext import. [Jakub Onderka]
- [security] Throw exception if invalid data provided. [Jakub Onderka]
- [ACL] Use common methods for ACL when editing object reference. [Jakub
  Onderka]
- [ACL] Unpublished private for object do not apply for site admin.
  [Jakub Onderka]
- [security] Sharing groups for objects respect permissions. [Jakub
  Onderka]
- [tags] Show just tags that user can really use. [Jakub Onderka]
- [security] Respect ACL for proposals. [Jakub Onderka]
- [proposals] Respect unpublished private event when loading proposals.
  [Jakub Onderka]
- [internal] Check `allow_disabling_correlation` before correlation
  toggle. [Jakub Onderka]
- [security] ACL check when loading ajax tags. [Jakub Onderka]
- [security] ACL check when adding or removing tags. [Jakub Onderka]
- [security] ACL check when editing multiple event attributes. [Jakub
  Onderka]
- [security] Respect ACL when event edit. [Jakub Onderka]
- [stix import] Better TTPs parsing for external STIX. [chrisr3d]
- [stix import] Fixed parameter determining if a ttp should be handled
  as attribute/object or as galaxy. [chrisr3d]
- [stix export] Adding Vulnerability objects created out of attributes
  to the list of leveraged ttps. [chrisr3d]
- [stix import] Same change for external indicator as we just did for
  external observables. [chrisr3d]

  - We also changed the code comments to make them clearer
- [stix import] Handling the case of multiple attributes returned from
  the parsing. [chrisr3d]

  - If we get a list of actual attributes, we then
    handle the MISP object case, otherwise it means
    it is simply a list of attribute values, and we
    add as many attributes as there are values
- [stix import] Splitted threat actors import parsing. [chrisr3d]

  - We now have specific a threat actors parsing for
    external STIX data, since the structure of the
    threat actor objects may not always be the same
  - Parsing threat actors from STIX documents
    produced with MISP remains the same
- [stix import] Using generic Exception instead of specific ones to
  handle the results of the attribute parsing. [chrisr3d]

  - A lot of different exception types may be raised
    while parsing external stix data
- [zmg] failing to publish to the ZMQ channel when MISP.org is invalid
  fixed, fixes #6174. [iglocska]

  - use the host org ID
  - if it's not set (should never happen), just take the lowest ID org
- [login] endless blackholeannoyance fixed via monkey-patch. [iglocska]
- [API] org blacklist copy pasta preventing additions of entries fixed.
  [iglocska]
- [api] minor fix to the blacklist responses. [iglocska]
- [API] blacklisting - don't throw 500 when no valid input is presented
  on the add interface. [iglocska]
- [feed] Make HttpSocket instance optional for local feeds. [Jakub
  Onderka]
- [ACLComponent] Updated permissions. [mokaddem]
- [attributes] Do not override unlockedActions anymore. [mokaddem]
- [attributes:massEditForm] Invalid conditions fixed and performances
  improvements. [mokaddem]
- [attributes:massEditForm] Check if event exists. [mokaddem]
- [users:login] Blackhole on login screen. [mokaddem]

  Fetch, fill and submit a fresh form on login avoiding blackholes due to
  expired form token
- [blacklists] fixed add event blacklist via API calls. [iglocska]
- [internal] older PHP still not happy with the return from a generator.
  [iglocska]
- [db_schema] Added feeds.orgc_id in the index. [mokaddem]

  Fix #5838
- [internal] make ancient PHP versions happy. [iglocska]
- [users:edit] Reset AUTHKey via interface. [mokaddem]

  Fix #6082
- [unicode] Temporarily escape 4 byte characters until we move the
  attribute value fields to mb4, fixes #5123. [iglocska]

  - fixes sync/feed issues related to 4 byte unicode characters
- [administration] added missing column. [iglocska]
- [administration] fixed var name. [iglocska]
- [object:edit] Updating an object to a new template acutally save the
  template version Fix #6083. [mokaddem]
- [pull] Check if url_params in pull filter is empty string. [Jakub
  Onderka]
- [UI] clearer sync error message for no sync privileges. [iglocska]
- [internal] Throw NotFoundException for non exists UUID. [Jakub
  Onderka]
- [UI] Missing echo for decay score table header. [Jakub Onderka]
- [internal] Feed controller cleanup. [Jakub Onderka]
- [UI] Remove PHP warnings from side_menu_link.ctp. [Jakub Onderka]
- [stix export] Fixed child-pid attributes export that used to make the
  process object export fail. [chrisr3d]
- [attribute:editableFields] Typo in variable name. [mokaddem]
- [attributes:edit] Correct error previsouly merged when importing code.
  [mokaddem]
- [stix import] Fixed the remaining failing object references.
  [chrisr3d]
- [stix import] Fixed references between file, pe & pe-section obects +
  moved mapping dict to the mapping script. [chrisr3d]
- [object:edit] Correctly set the SG of the added new attributes Fix
  #6025. [mokaddem]
- [objects:edit] Returns the latest state of the object if it were
  deleted. [mokaddem]
- [attribute] Allow editing attributes. [mokaddem]

  Added raw values fields in the `editableFields`
- [sync] drop the republishing of events when the modification is merely
  a timestamp bump. [iglocska]

  - due to an already fixed issue still lingering, invalid event edits keep getting synchronised between instances
  - these events still generate publish alerts erroneously

  - this fix compares the previous state of the event to the modification, if there are no material changes (attributes, objects, object relations, event tags added/updated) then the publishing is dropped.
- [stix import] Fixed port in ip-port objects import to lose src and dst
  context. [chrisr3d]
- [stix export] Fixed the slight difference between parsing x509
  fingerprint attributes and x509 objects. [chrisr3d]
- [stix export] Fixed x509 fingerprint attributes export & moved mapping
  dictionaries to the mapping script. [chrisr3d]

  - Only the x509-fingerprint-sha1 attribute was
    exported, and as a standard sha1 attribute,
    which was a loss of context, now the x509
    fingerprint attributes (md5, sha1 & sha256) are
    exported as expected within a x509 observable
  - Also moved the mapping dictionaries with the
    appropriate indent to the mapping script, where
    they should belong
- [stix export] Fixed pep8 & changed indentation for better readability.
  [chrisr3d]
- [attribute:edit] Prevent the edition of system reserved fields.
  [mokaddem]
- [feed:importFreeText] Make sure to update the timestamp when soft-
  deleting after delta-merge. [mokaddem]

  Fix #6013
- [events:index] Do not show events if org doesn't belong to the SG.
  [mokaddem]

  Event belonging to an organisation which is not
  included in the sharing group assigned to the event will not see the
  event on the index anymore.
  Fix #6033
  Fix #6107
- [feed] Accept more text content. Fix #5969. [mokaddem]
- [stix import] Importing single vulnerability attributes as
  vulnerability and not as text. [chrisr3d]
- [sync] internal sync now correctly syncs local tags. [iglocska]

  - also fixes a notice about a missing tag in the sync
- [galaxyClusters:view] Fixed full_group_by issue when viewing the
  galaxy matrix. [mokaddem]
- [UI] Show proper menu when editing event info. [Jakub Onderka]
- [attributes:massEdit] proposal option not by default. [Christophe
  Vandeplas]

  this way we do not change the default behavior which was changed in commit 9b33476eedd184bc46665aaae57533ddcf35e5f7
- [proposals] Delete proposals for object attributes. [Jakub Onderka]
- Minor typo. [Christophe Vandeplas]
- [installer] Installer was broken, now fixed. [Steve Clement]
- [bug] Check for non-existen directory fails if exists. [Steve Clement]
- [internal] Remove unused Event::setSimpleConditions method. [Jakub
  Onderka]
- [internal] Remove unused CidrComponent and CIDRTool classes. [Jakub
  Onderka]
- [correlations] Purge ssdeep table after attribute delete. [Jakub
  Onderka]
- [audit] Show all attribute changes in event history. [Jakub Onderka]
- [internal] Do not check event existence twice. [Jakub Onderka]
- [internal] Reduce number of regexp in refang table. [Jakub Onderka]
- [freetext] Handle IPv6 and punycode domains when import. [Jakub
  Onderka]
- [security] xss fix missing part of solution. [iglocska]

  - the previous fix to the xss in the homepage setter was lacking the controller changes due to a partial commit (#bf4610c947c7dc372c4078f363d2dff6ae0703a8)

    - as originally discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
    - persistence of the vulnerability after the lacking fix reported by DIEGO JURADO PALLARES from Ciberinteligencia
- [opendata export] Adding auth param in the python command only if not
  empty. [chrisr3d]

Other

v2.4.129 (2020-07-13)

New

- [diag] Check if ZIP extension is installed. [Jakub Onderka]
- [merge] functionality reworked. [iglocska]

  - handle objects, tags, etc via @chrisr3d's module result parsing
  - handle sharing groups correctly - as reported by Jakub Onderka
  - using standardised fetchers internally
  - API enabled (which will directly merge all contents of the source event into the target event)
- [event block rule system] added. [iglocska]

  - add simple tag filters to block events from being added.
  - it will not stop a manual creation of an event with subsequent adding of the tag in a later stage
  - it will however block synced events
- [statistics] shell added for the git codebase's contributor counters.
  [iglocska]

  - to be extended with other similar tasks

Changes

Fix

- [installer] Update to latest. [Steve Clement]
- [StixExport] suppress unlink warnings. [Richard van den Berg]
- [stix export] log stack trace on error, support 'AMBER NATO ALLIANCE'
  TLP tags. [Richard van den Berg]
- [misp_retention] Support objects, use lists for build_complex_query()
  [Richard van den Berg]
- [attributes] Possible duplicate attributes. [Jakub Onderka]
- [internal] Missing field for server model when editing event. [Jakub
  Onderka]
- [stix2 import] Fixed some object reference issues. [chrisr3d]

  - With the newest PyMISP version, the object
    references creation had to get some slight
    changes:
    - We add the referenced object in the event
      before the add the reference between the 2
      objects, when it is possible
    - ** has been removed while calling add_object
      since we are adding already verified MISP
      objects, and using ** was actually the reason
      why the references were not present in the
      objects when they had been created before the
      referenced object were added to the event
- [stix2 import] Fixed Observable object type checking, following the
  recent changes on the stix2 python library. [chrisr3d]
- [stix upload] Removed 'isset' already tested with 'empty' at the same
  place. [chrisr3d]
- [stix2 import] Avoid duplication of original-imported-file objects
  during the import process. [chrisr3d]

  - Duplication can happen when the result of the
    import process is an event that already exists
- [security] setting a favourite homepage was not CSRF protected.
  [iglocska]

  - a user could be lured into setting a MISP home-page outside of the MISP baseurl
  - switched the endpoint to be CSRF protection enabled

  - as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
- [opendata export] Fixed resource deletion query creation to avoid
  silent syntax errors. [chrisr3d]
- [stix] Store synonymsToTagNames.json file in tmp folder. [Jakub
  Onderka]
- [mail] Contacting only event creator. [Jakub Onderka]

  Fix sending e-mails in Contact Reporter for when 'Submit only to the person that created the event' is checked
- [mail] Contact reporter body. [Jakub Onderka]

  Do not send that GPG or Public key are sent as attachment, when user don't have them
- [proposals] re-edded the edit view for propsoals. [iglocska]
- [security] Remove ShadowAttributesController::{getProposalsByUuid,getP
  roposalsByUuidList} [Jakub Onderka]

  These methods are not used, but they let sync users to access proposals for any event.
- [security] Remove
  ShadowAttributesController::{fetchEditForm,editField} [Jakub Onderka]

  These methods are not used, but they allow to access attribute data without proper ACL checks.
- [MispObject] Do not unpublish synced events, fixes #4838. [Richard van
  den Berg]
- [UI] Attribute category select. [Jakub Onderka]
- [internal] Do not try to access bool as array. [Jakub Onderka]
- [stix2 import] Better markings parsing for both created with MISP and
  external STIX. [chrisr3d]
- [stix2 export] Fixed Markings export following the recent changes on
  ListProperty. [chrisr3d]
- [sharingGroup:captureSharingGroup] Fix failing capture in case of
  roaming mode. [mokaddem]

  - The server list check was incorrect
  - When capturing, roaming mode was always defaulted to false
  - The logs could not be written due to non-initialized class
- [acl] Added event block rule. [iglocska]
- [security] Check event ACL before allowing user to send event contact
  form. [Jakub Onderka]
- [stix2 export] Fixed first_seen/last_seen field parsing. [chrisr3d]
- [returnAttributes] remap small cleanup. [iglocska]

  - no need to set xml as returnformat, it's the default based on the injected params
- [security] deprecated function with lacking ACL removed. [iglocska]

  - replaced deprecated, sharing group unaware, broken function with one that follows the documentation of the deprecated endpoint
  - keeping it alive until we purge the deprecated ones in the move to MISP 3/next whatever

  - Thanks to Jakub Onderka for reporting it!
- [security] Insufficient ACL checks in the attachment downloader fixed
  - Thanks to Jakub Onderka for reporting it. [mokaddem]
- [tag:checkForOverride] Catch if tag didn't have a numerical value
  before the override. [mokaddem]
- [user:registration] Report field validations to the user. Fix #6072
  and #6073. [mokaddem]
- [stix2] Fixed conversion of object relations containing dots into
  custom object values. [chrisr3d]

  - Also includes changes to support the import of
    custom objects into MISP objects containing
    object relations with dots, to avoid issues or
    changes on the mapping
- [stix2] Fixed issue with custom object created from MISP object with
  underscore in the name. [chrisr3d]

  - Includes fix to export the objects into custom
    objects, and to import custom objects into MISP
    objects back
  - Should fix #6046
- [UI] Fetching from not enabled feed should be error. [Jakub Onderka]
- [feed] Incorrect call in Feed::__saveEvent. [Jakub Onderka]
- [internal] Do not create empty link for anonymized org sighting.
  [Jakub Onderka]
- [UI] Expanding attribute correlations on other pages. [Jakub Onderka]
- [stix2 export] Fixed datetime issue with the 'created' field of some
  stix objects. [chrisr3d]

  - Following some changes on the python stix2
    library, that caused an issue with the previous
    way we created the 'created' field
- [mail] Fix body of passwordReset/newUser emails. [Václav Bartoš]

  When MISP sends an email with new credentials, the body is generated from one of the configured templates - passwordResetText or newUserText. However, these two templates were swapped - the newUserText was used for password reset, while passwordResetText was used when new account is created.

  This commit fixes it.
- [internal] HTML code fix. [Jakub Onderka]

Other

v2.4.128 (2020-06-22)

New

- [correlations] Enable CIDR correlations for ip-src|port and ip-
  dst|port types. [Jakub Onderka]

Changes

Fix

- [stix2 import] Quick issues fixing. [chrisr3d]

  - Fixed issue that could happen sometimes during
    an external pattern parsing when we split the
    identifier of the pattern from the value.
    We now make sure the identifier is stripped, so
    we avoid issues with the mapping dictionaries
    that could not recognize it
  - Also displaying  a warning message when we have
    no attributes resulting from the parsing of an
    external pattern or observable object
- [stix2 import] Small update on the mapping to work with some external
  patterns seen recently. [chrisr3d]
- [stix2 import] Fixed some external observable objects import.
  [chrisr3d]
- [stix2 import] Fixed no longer existing variable in the mapping
  script. [chrisr3d]
- [stix2 import] Added the function to parse external email-address
  observable objects, that was missing. [chrisr3d]
- [UI] Typo. [Jakub Onderka]
- [stix2 import] Better way of parsing some attributes and objects.
  [chrisr3d]

  - For single attributes that could be part of an
    object and would lose some context if imported
    as single attribute without their object
    relation (mostly attributes of type 'text'),
    we decide to import them as object anyway to
    avoid the increase of context-less attributes
  - Also cleaner way to parse observable objects and
    patterns that will alwyas give single attributes
- [stix2 export] Typo in variable name. [chrisr3d]
- [stix2 export] Reverted the email object attribute 'from' export as
  observable object. [chrisr3d]

  - From-ref is always a single value, we cannot use
    a list of references
- [stix2 export] Fixed email object attributes export into pattern.
  [chrisr3d]
- [stix2 export] Avoiding issues with attributes with no Galaxy field.
  [chrisr3d]
- [stix2 export] Fixed x509 object export. [chrisr3d]

  - x509 fingerprint hashes parsing was pointing to
    a part of a mapping dict which does not exist
- [stix2 import] Fixed external pattern parsing for pe section
  attributes. [chrisr3d]

  - As an example, instead of storing the full
    pattern identifiers, like:
    "file:extensions.'windows-pebinary-ext'.section.name"
    we only store what is usefull (name) for the
    parsing part where we check the mapping dict
    to find the corresponding attribute type and
    object_relation
- [stix2 import] Importing external vulnerabilities as single attribute
  or object depending on the case. [chrisr3d]

  - In other words, we made available the import of
    vulnerabilities as single attributes when only
    a name is present in the STIX object
  - Was only importing vulnerability objects before,
    which does not change if there is more than only
    the name within the STIX vulnerability object
- [stix2 import] Removed unused variable that was used for debug
  purposes. [chrisr3d]
- [stix2 import] Cleaner autonomous system observable import. [chrisr3d]

  (for STIX documents generated with MISP)
- [stix2 import] Parsing timeline features on single attributes.
  [chrisr3d]

  - As it is parsed for imported objects
  - It adds timestamp, first_seen & last_seen values
    on single attributes accordingly
- [stix2 import] Fixed email reply-to single attribute import.
  [chrisr3d]
- [stix2 import] Fixed payload_bin import into single MISP attribute.
  [chrisr3d]
- [stix2 export] Fixed email-reply-to export in observable object.
  [chrisr3d]
- [stix2 export] Removed unused import. [chrisr3d]
- [stix2 import] Importing PyMISP from the submoduled library.
  [chrisr3d]

  - As it is in the currently used stix2 import
    script which is going to be replaced by this one
  - Avoids issues when the python library is not
    installed with pip
- [stix2 import] More generic network-traffic references parsing.
  [chrisr3d]

  - Also fixing some edge cases of reference parsing
    with the wrong mapping
    (network_traffic_references_mapping no longer exists)
- [stix2 import] Fixed single attributes import following changes on the
  export part. [chrisr3d]
- [stix2 export] Making sure we have the required name field set while
  exporting regkey values from a MISP regkey object to a STIX observed
  data. [chrisr3d]
- [stix2 export] Fixed regkey|value expor. [chrisr3d]

  - Revert to the initial mapping that has been
    changed to the wrong field: the value should be
    mapped to the data field and instead of name
- [stix2 export] Removed unused mapping dictionary fields. [chrisr3d]
- [stix2 export] Removed object attributes added in file patterns for
  test purposes. [chrisr3d]
- [stix2 export] Removed object attributes added for test purposes.
  [chrisr3d]
- [stix2 import] Writing import results as expected in the result file.
  [chrisr3d]
- [stix2 import] Fixed relationships parsing. [chrisr3d]

  - Using iterators is good for a single iteration,
    but not for more, including an if test
  - Using tuples instead is better and avoids then
    losing our relationships
- [stix1 import] Better parsing of malware instances within ttps.
  [chrisr3d]

  - In some cases when malware instances within ttps
    do not have a title but one or more name(s), we
    need to use them instead of the title
- [stix1 import] Fixed malware instance parsing. [chrisr3d]
- [stix2 import] Typo. [chrisr3d]
- [stix2 test] Typo. [chrisr3d]
- [stix2 import] Handling external STIX file pattern properly.
  [chrisr3d]

  - If there is no extension (case which has been
    fixed in the few last commit), we need to check
    if we have to create a MISP attribute or object
  - We then check if we exctracted one attribute
    from the pattern or more, and create respectively
    a MISP attribute or object
- [stix2 import] Fixed monkey issues... [chrisr3d]
- [stix2 import] Using the expected parameters to handle the file, pe &
  sections objects. [chrisr3d]
- [stix1 import] Some quick fixes on MISP objects parsing. [chrisr3d]

  - Better handling on MISP object name parsing
  - Importing properly MISP object uuid for course
    of action objects
- [stix2 import] Importing event uuid from report. [chrisr3d]

  - The event uuid is set when there is one report
- [stix2 import] Fixed timestamp parsing following the latest changes on
  STIX2 export. [chrisr3d]
- [stix2 import] Fixed timestamp parsing. [chrisr3d]

  - Fixed timestamp parsing of custom objects
- [stix2 import] Fixed attack-pattern & course-of-action object
  attributes parsing. [chrisr3d]

  - Avoids setting the ids flag to false when object
    attributes do not come from an observable object
- [stix2 import] Fixed attack-pattern external_references parsing.
  [chrisr3d]
- [stix2 export] Fixed attack-pattern object export. [chrisr3d]

  - Fixed the id attribute export
  - Supporting expport of the newest 'references'
    attribute added to the object template
- [stix2 import] Fixed file objects import. [chrisr3d]

  - As it has been updated for file objects export,
    we now better support potential multiple fields
    like filename, path and fullpath
  - Also handling properly the special case of a
    file object with an extension field
- [stix2 export] Fixed special case of file with a path property and a
  PE extension. [chrisr3d]

  - If a file object had a path property and a PE
    extension, the extension could be added to the
    wrong part of the observable object
  - We make sure here the extension is attached to
    the observable object related to the file, and
    not to the directory referenced by the file as
    its path
- [stix2 export] Fixed files objects export (patterns & observable
  object) [chrisr3d]

  - Better handling of the data field for attributes
    like malware-sample and attachment
  - Support of path & fullpath attributes export
  - Better handling of potential multiple attributes
    like filename, path and fullpath
- [stix2 export] Fixed artifact name export in pattern as custom
  property. [chrisr3d]
- [stix2 export] Fixed x509-fingerprint-sha1 single attribute export.
  [chrisr3d]
- [stix2 export] Fixed regkey|data attribute export. [chrisr3d]
- [stix2 import] Fixed regkey values observable objects parsing.
  [chrisr3d]
- [stix2 import] Fixed & cleaned network traffic objects. [chrisr3d]
- [stix2 export] Fixed reference typo in network traffic pattern.
  [chrisr3d]
- [stix2 import] Passing mapping variable name instead of the
  dictionary. [chrisr3d]

  - For all the generic parsing functions, we pass
    the mapping variable name and get the attribute
    afterwards instead of passing the dictionary
- [stix2 import] Fixed some observable and pattern parsing issues.
  [chrisr3d]

  - Quick custom property in pattern parsing fixed
  - Fixed file and network socket observable objects
    parsing
- [stix2 export] Fixed SocketExt properties exceptions catching.
  [chrisr3d]

  - address_family is a required property, thus we
    need to handle it separately
  - protocol_family is optional and thus easier to
    handle
- [stix2 import] Some patterns import fixed. [chrisr3d]

  - AS attribute in asn object is now imported with
    the 'AS' prefix
  - Importing properly attachment attributes in file
    objects
  - pe mapping enhanced
- [stix2 export] Fixed file & vulnerability patterns export. [chrisr3d]
- [stix2 import] Fixed malware sample import in file objects. [chrisr3d]
- [stix2 export] Fixed custom properties for vulnerability and attack
  pattern objects. [chrisr3d]

  - Dashes ('-') in object relations should be
    replaced by underscores as custom properties
    only accept underscores
- [stix2 export] Better file objects export and joining patterns from
  list instead of concatenating strings. [chrisr3d]
- [stix2 import] Better import for some objects. [chrisr3d]

  - Support of custom properties that are lists
  - Support of protocol attribute in network socket
    object
  - Support of group attribute in user account
    object
- [stix2 export] Better export for object attributes of vulnerability
  and attack pattern objects. [chrisr3d]

  - Need to use custom properties in some cases
- [stix2 import] Importing pe attributes from patterns within the pe
  object and not in the file object. [chrisr3d]
- [stix2 import] Fixed file pattern import. [chrisr3d]
- [stix2 import] Better network connection patterns parsing. [chrisr3d]
- [stix2 export] Fixed export of port attribute in network traffic
  patterns. [chrisr3d]
- [stix2 export] Fixed network traffic references in patterns.
  [chrisr3d]
- [stix2 import] Fixed network socket pattern values parsing. [chrisr3d]

  - We do not want to import the single quotes that
    are all around the pattern values
- [stix2 export] Exporting TLP tags as marking definition. [chrisr3d]

  - Marking definition in the case of TLP was
    missing and only the reference to the marking
    definition was exported, but not the actual
    marking definition object
- [stix2 import] Fixed MISP Object creation. [chrisr3d]

  - MISP Object creation function used for attack
    pattern & course of action objects, so they get
    the correct uuid
  - MISP Object creation trying to parse the first
    seen & last seen values without raising issues
    when the object parsed does not have any
- [stix2 export] Fixed file content ref for malware sample exports.
  [chrisr3d]
- [stix2 export] Fixed email attachment export. [chrisr3d]
- [stix2 export] Exporitng process attributes in patterns as intended.
  [chrisr3d]

  - Handling the child ref(s), parent ref, and image
    name values in process patterns
- [stix1 import] Parsing COA_Taken objects as MISP object. [chrisr3d]
- [stix1 export] Exporting category and value in STIX objects title and
  not the attribute/object id. [chrisr3d]
- [stix1 export] No longer exporting object IDs. [chrisr3d]

  - ThreatActors and TTPs titles only use categories
    and values of the attribute/object to define the
    title, and not the attribute/object id anymore
- [stix1 export] Various fixes. [chrisr3d]

  - Got rid of some variables and calling some
    functions directly to parse data withtout
    storing it
  - TTPs, Courses of action and Threat Actors are
    now referenced in related objects only when they
    come from attributes/objects in MISP and not
    when they come from galaxies
- [stix1 export] Tiny fixes. [chrisr3d]

  - Making sure adding an indicator type fails
    because of the mapping between attribute types
    and indicator types does not support a specific
    type, and not because of the indicator not
    accepting the type we want it to have
  - Making sure CAPEC IDs are always starting with
    'CAPEC' in the AttackPattern objects we create
- [stix1 export] Fixed email attachment related objects uuid. [chrisr3d]

  - Email message related objects representing the
    email attachments now have the correct uuid of
    the attachment attribute
  - Before, a random uuid was used, due to the file
    object losing its parent properties while being
    switched from a File object type to a related
    object type
- [stix1 export] Referencing COAs as RelatedCOAs. [chrisr3d]
- [stix1 export] Removed function no longer used. [chrisr3d]
- [stix1 export] Export only cluster values as name or title. [chrisr3d]

  - No longer exporting the Galaxy name within the
    name or title, since we have this information
    somewhere else and the name or title should
    only be the Galaxy cluster name value
- [stix import] Some strings are defined in a cleaner way. [chrisr3d]
- [stix2 import] Skipping adding Galaxy info in the Galaxy field and
  only importing it as tag. [chrisr3d]
- [ACL] unpublished_private global setting tightened to include
  correlations. [iglocska]

  - Thanks to Jakub Onderka for reporting and providing a fix to this!
- [security] missing ACL lookup on attribute correlations. [iglocska]

  - attribute correlation ACL checks are skipped when querying the attribute restsearch API revealing metadata about a correlating but unreachable attribute.

  - Thanks to Jakub Onderka for his tireless work and for reporting this!

Other

v2.4.127 (2020-06-16)

New

- [cli] Command for pulling from all remote servers. [Jakub Onderka]
- [Tag] Allow Tag's numerical_values to be overriden by userSettings.
  [mokaddem]
- [userSettings] New setting `default_restsearch_parameters` [mokaddem]

  It allows users to supply restSearch parameters that will be injected
  (and possibly overridden) into the restSearch filters.
- [type] git-commit-id. [Raphaël Vinot]
- [UI] Add event ID to page table. [Jakub Onderka]

  With more tabs, navigation between tabs with different events can be pain, when all of them has the same title.

Changes

Fix

- [UI] Double Discussion header when sending comment. [Jakub Onderka]
- [internal] object level restsearch issues resolved when querying via
  filters on the attribute scope, fixes #6016. [iglocska]

  - use subqueries instead of trying to query on the current scope
  - associated find queries don't work on habtm relationships
- [pull] Correct progress for pull job. [Jakub Onderka]
- [internal] Removing attributes from empty event. [Jakub Onderka]
- [feeds:saveFreetext] Soft-delete Attributes when performing a delta-
  merge. [mokaddem]
- [EventShell:enrichment] Improved reporting of error messages.
  [mokaddem]
- [users:change_pw] Return error message when trying to use the same
  password. Fix #5961. [mokaddem]
- [galaxy] Fetch all events for galaxy cluster. [Jakub Onderka]
- [UI] Show feed caching just for site admins. [Jakub Onderka]

  Without this patch, when user is not site admin, for all feeds is showed 'Not cached', that is not true. And it also generates a lot of warnings to debug log.
- [www] webserver user is www on OpenBSD. [Steve Clement]
- [attribute:fetchAttribute] Prevent notices if tags not set while
  computing decay. [mokaddem]
- [internal] Remove unused method. [Jakub Onderka]
- [UI] Module diagnostic colors. [Jakub Onderka]
- [attribute] Do not allow for IPv4 CIDR masklen bigger than 32. [Jakub
  Onderka]
- [internal] Notices in PHP 7.4 for login page. [Jakub Onderka]
- [UI] Bootstrap 2 doesn't support auto position for popover. [Jakub
  Onderka]
- [internal] Fix notice in PHP7.4 when loading events attrs by ajax.
  [Jakub Onderka]
- [internal] Branch setting don't have level value. [Jakub Onderka]
- [internal] Remove duplicate code that cause error in PHP 7.4. [Jakub
  Onderka]
- [internal] Check if user is logged before checking if he is site
  admin. [Jakub Onderka]
- [internal] Set notifications count and loggedInUserName just for
  logged users. [Jakub Onderka]
- [documentation] Typo with the CLI function name. Fix #5931. [Sami
  Mokaddem]
- [UI] Do not show Good-Bye when using custom logout. [Jakub Onderka]

  Becuse without this patch, Good-Bye is show when user successfully log in.
- [UI] Galaxy cluster links should be clickable. [Jakub Onderka]
- [whitelist] Correclty refresh the cached values. Fix #3772. [mokaddem]

Other

v2.4.126 (2020-05-18)

New

- [internal] Do not log auhtkeys. [Jakub Onderka]
- [tool] Generates communities webpage. [Christophe Vandeplas]
- [pubsub] Show info about processed messages. [Jakub Onderka]
- [UI] Make clear that the textarea under event is discussion. [Jakub
  Onderka]
- [sync] (for now) undocumented force pull added. [iglocska]

  - can only be triggered via the CLI for now
  - usage: /var/www/MISP/app/Console/cake Server pull [user_id] [server_id] [technique] [force]
    - the force flag has to be passed as 'force' to avoid accidentally triggering it

  - What it does:
    - pulls ignoring the timetamp differences
    - this means that even older states of events, attributes, objects are ingested
    - useful for when wanting to reset an event / all events to align with an upstream server
  - Caveats:
    - attributes added on the low side are maintained
    - tags added on the low side are maintained
    - keep in mind this WILL override attributes that are soft deleted
- [restsearch] object restsearch now has the metadata flag. [iglocska]

  - when set, no attributes are returned
- [API] added threat_level_id as a restSearch filter. [iglocska]
- [statistics] added contributing org count. [iglocska]

Changes

Fix

- [security] xss in the resolved attributes view. [iglocska]

  - thanks to Jakub Onderka for reporting it
- [UI] Always use capital UUID. [Jakub Onderka]
- [feed] Follow redirect when fetching manifest. [Jakub Onderka]
- Allow_disabling_correlation not taken into account. [Golbark]
- [ui] Always show full logo for related events box. [Jakub Onderka]
- [correlations] Ssdeep check all chunks. [Jakub Onderka]
- [bug] '' != "" especially when trying to eval vars. [Steve Clement]
- [kali] Some issues with function aliasing. [Steve Clement]
- [bash] Alias functions need a function and not a string... [Steve
  Clement]
- [kali] More fixes to make sure composer install correctly. [Steve
  Clement]
- [kali] More kali fixes. [Steve Clement]
- [installler] Little bug, code would never detect a VM... [Steve
  Clement]
- [kali] When it's ugly, it looks like this. [Steve Clement]
- [doc] mkdocs needs to be kept below a certain version. [Steve Clement]
- [kali] Kali installer fixes. [Steve Clement]
- [kali] Kali is now 2020.x need to fix. [Steve Clement]
- [opendata export] Using external_baseurl if set, before baseurl.
  [chrisr3d]

  - If external_baseurl is not set, baseurl is used
- [opendata export] Internalization of the error messages. [chrisr3d]
- [opendata export] Less confusing variable name for the parameter to
  only skip exporting the data and keep only the header. [chrisr3d]
- [stix2 export] Fixed CustomObject creation for MISP objects.
  [chrisr3d]
- [stix2 export] Fixed custom objects export from misp objects.
  [chrisr3d]
- [stix1 import] Fixed ttps list attribute name for STIX document
  created with MISP. [chrisr3d]
- [feed:edit] Do not override feed settings if not provided via the API.
  Fix #5896. [mokaddem]
- [indexTable:quickFulltextSearch] Encode additional characters enabling
  more search possibilities. Fix #5890. [mokaddem]
- [sightingdbs:model] Added default value for `timestamp`. Fix #5887.
  [mokaddem]
- [attribute:simpleAddMalwareSample] Typo in loading `Object` class. Fix
  #5864. [mokaddem]

  - Was not spotted before because the fixed line was if fact doing
  nothing as the class's key was already used
- [correlations] Do not check all attributes when cache is empty. [Jakub
  Onderka]
- [correlations] Correlate ShadowAttribute just if exists. [Jakub
  Onderka]
- [correlations] Do not correlate CIDR with CIDR. [Jakub Onderka]
- [attribute] modifyBeforeValidation fix for `domain|ip` type. [Jakub
  Onderka]
- [correlations] Return just unique values for CIDR list. [Jakub
  Onderka]
- [correlations] IPv6 CIDR correlations works. [Jakub Onderka]
- [correlations] Removed unnecessary Redis call. [Jakub Onderka]
- [correlations] Remove references to not exists type 'domain-ip' [Jakub
  Onderka]
- [diagnostic] Updated required version for the stix python library.
  [chrisr3d]
- [stix1 import] Fixed uuids parsing. [chrisr3d]

  - Using the built-in uuid parsing method to avoid
    potential issues when some uuids are provided
    without dashes, instead of getting is as a
    string, which fails when there is no dash
- [stix1 import] Fixed ttps list attribute name. [chrisr3d]
- [feed] Job progressbar fix. [Jakub Onderka]
- [feed] Optimise saving freetext feeds with a lot of attributes. [Jakub
  Onderka]
- [gitmodules] Using https instead of ssh to avoid permission denied
  error. [chrisr3d]
- [opendata export] No longer using the returnFormat field as the
  dataset resource format. [chrisr3d]

  - The resource format can be defined with a
    'format' field within the resource field in the
    setup filter
- [attributes:edit] Do not required the distribution anymore. [mokaddem]
- [attributes:add] Do not required the distribution anymore. [mokaddem]
- [registration] log entry action shortened to not cause issues.
  [iglocska]
- Fixes STIX2 export bugs when trying to use TLP Tags other than
  TLP_WHITE, resolve attempted dual registration of custom STIX objects.
  [Tom King]
- [JS] left off admin enforced check for the role permission. [iglocska]

  - to allow auth to be unchecked for site admins
- [object restsearch] fixed, no more trailing commas. [iglocska]
- [registration] acceptRegistration now accepts non User wrapped input.
  [iglocska]
- [users] accepting registration requests can throw a badly mapped
  exception. [iglocska]

  - changed to 400
- [object restsearch] fixed. [iglocska]

  Endless loop fixed
- [ACL] added objects/restSearch. [iglocska]
- [UI] Always use UUID with capital letter. [Jakub Onderka]
- [registrations] multi-delete fixed. [iglocska]
- [API] metadata filter description changed. [iglocska]
- [github] Release type no needed :) [Jakub Onderka]
- [json converter] fixed an issue if an expected key was not found.
  [iglocska]

  - was only accessible due to another bug, but it's more graceful either way
- [export] JSON export used the wrong handler for /objects/restSearch.
  [iglocska]
- [stix export] Bump minimum CybOX version to 2.1.0.21. [Richard van den
  Berg]
- [stix2 export] Fixed stix2 imports. [chrisr3d]

  - All the required features are imported and we no
    longer import them with *
- [installer] Embarassing typo no1, 7.3!=7.4. [Steve Clement]

Other

v2.4.125 (2020-04-30)

New

- [feed] Support for compressed feeds. [Jakub Onderka]
- Implementation of email-based OTP. [Golbark]
- [security] added policy for github. [iglocska]
- [doc] Initial copy for Ubuntu 20.04. [Steve Clement]
- [installer] updated template to prepare grounds for 20.04 (php7.4)
  [Steve Clement]
- [misp-wipe] Add option to enable notice and warninglists. [Richard van
  den Berg]
- [internal] cache the sharing group access lookups. [iglocska]

  - should reduce the number of queries drastically for events heavy on object/attribute level sharing groups
- [privacy] filter added for the authkeys in the admin section to make
  giving trainings easier. [iglocska]
- [feeds] index refactor and new features. [iglocska]

  - added the ability to select an orgc ID for CSV/freetext feeds
    - all events created from this feed will carry the selected orgc_id

  - Refactored the index fully
    - using the factories
    - better warnings against the dangerous new feed each pull setting
    - event index search added
    - several settings cleaned up / made more clear

  - auto reload of default feed configuration disabled, fixes #2542, fixes #5789
    - added a button / endpoint to handle that instead to allow for the deleted default feeds to stay deleted
- [IndexTable] improvements all around. [iglocska]

  - several new field types added (target event, caching)
  - several updated with new features and functionalities
  - tied into the new data path collector among other changes
- [UI Helper] DataPathCollector helper added. [iglocska]

  - helps the index factory fields retrieve data from the currently processed object based on a set of paths
- [tool] MISP to Slack messaging using ZMQ. [Christophe Vandeplas]
- [tool] MISP to Slack messaging using ZMQ. [Christophe Vandeplas]
- [database] New MySQL data source added for debugging. [iglocska]

  - MySQLObserver datasource added - prepends all queries with the requested controller/action and user ID for better debugging
- [dashboard] COVID active cases backported from widget collections.
  [iglocska]
- [community] added the COVID-19 MISP community to the list. [iglocska]
- [communities] self-registration links now exposed in the communities
  index. [iglocska]
- [registration] fall back to the e-mail domain if no org info is
  provided. [iglocska]

  - also, make the org info optional
- [inbox] stub controller. [iglocska]
- [inbox] system added. [iglocska]

  - user self-registration is the first use-case
  - if the feature is enabled, users can unauthenticated send a registration request to MISP
    - request includes information on desired org and some privileges (sync / org admin / publisher)
  - requests land in the inbox, admins can inspect the registration requests
    - they can accept/discard them individually or en masse
    - users will be notified of their credentials automatically
    - quick user creation if the user asks for an org that doesn't exist yet

Changes

Fix

- [internal] Just site admin can force when saving freetext. [Jakub
  Onderka]
- [installer] Bug where the wrong php deps would get installed. [Steve
  Clement]
- [installer] Fix a bug where the installer fails if apt update has
  never been run. [Steve Clement]
- [user settings] corrected field name. [iglocska]
- [internal] Edge case where due to an old invalid update script an
  instance could end up with the wrong key in user settings. [iglocska]

  - this should resolve the issue for affected users
  - no change for everyone else
- [otp] pre-auth action list only expanded if otp is enabled. [iglocska]
- [otp] enabling it requires e-mailing to be enabled. [iglocska]
- [ACL] a private function was missing the __ causing the ACL checker to
  return it as an unmapped accessible function. [iglocska]
- [internal] syslog shouldn't end with new line. [Jakub Onderka]

  Because then two lines are logged
- [internal] Remove unused code. [Jakub Onderka]
- Remove unused variable. [Jakub Onderka]
- [event] fixes missing correlations with combined types (#5832)
  [Christophe Vandeplas]

  * fix: [event] fixes missing correlations with combined types

  also some other missing variable bug
- [internal] Deleting multiple Redis keys. [Jakub Onderka]
- [UI] Proper object table header when includeRelatedTags. [Jakub
  Onderka]
- [doc] MISP expects lief 0.10.1. [Steve Clement]
- [cake] more new defaults as per
  https://github.com/MISP/MISP/issues/5803. [Steve Clement]
- [templates:add] Adding tag do not submit the form anymore. Fix #5826.
  [mokaddem]
- [Console:Server] Added `configLoad` task. Fix #5793. [mokaddem]
- [galaxyCluster:index] Restored search functionality. [mokaddem]
- [feed:add] Do not override `new_event_at_each_pull` value. Fix #5815.
  [mokaddem]
- [attribute:restSearch] Make sure to always pass all tags to Decaying's
  computation function. [mokaddem]
- [internal] HTML code in view_event_distribution_graph. [Jakub Onderka]
- Correct flash message when sending e-mail. [Jakub Onderka]
- [misp-wipe] bring wiping up to date with MYSQL.sql. [Richard van den
  Berg]
- [pagination] Fixed bottom pagination links on the bottom. [iglocska]
- [registrations] Users can now register using the API without a valid
  key, affects #5783. [iglocska]
- [attribute:edit] Prevent save for invalid sharing_groups ids.
  [mokaddem]
- [attribute:add] Prevent save for invalid sharing_groups ids.
  [mokaddem]
- [event:view] Restored disabled_correlation toggle. [mokaddem]
- [correlations] Update correlations on Attribute or Event
  `distribution` change. [mokaddem]
- [event:fetchEvent] Block viewing Objects/Attributes if the user does
  not belong to the sharing_group. [mokaddem]

  Even if these elements belong to the user. Similar explanation than for 7cd2175
- [event:fetchEvent] Block viewing the event if user does not belong to
  the sharing_group. [mokaddem]

  Even if the event belongs to the user. This scenario can happen if a
  remote sync is badly configured where the remote sync user have
  site_admin right, thus allowing the user to see the event even though
  he is not part of the SG
- [user:registration] Default undefined message to empty string.
  [mokaddem]
- [internal] Remove already removed git modules. [Jakub Onderka]
- [stix2 export] Fixed STIX JSON Encoder import. [chrisr3d]

  - With the latest update it is no longer part of
    stix2.base but stix2.v20.base by default, so we
    need to import it from stix2.base manually
- [feed index] Converted to static tags to skip erroneous add tag
  buttons. [iglocska]
- [ajaxTags] resolved not set searchURL string. [iglocska]
- [observer datasource] fixed for the QueryTool. [iglocska]
- [internal] Added a setting to skip positive attribute level filters on
  the event scope. [iglocska]

  - when running a large MISP community, it is bound to happen that your instance will be used as the back-end for internal tooling
  - often these tools are configured to fetch aggressively, often with heavy consequences on the server load
  - some filter that serves mostly edge-case lookups can mistakenly lead to heavy server load for no good reason

  We have identified attribute level positive filters on the event scope to be such a filter and made them optionally toggle-able
  via the MISP.attribute_fitlers_block_only flag. Turning the setting on will remove all event level filters such as "type" from
  being viable filter candidates unless used to block the inclusion of attribute types. Some examples:

  "type": {"OR": ["ip-dst", "ip-src", "hostname", "domain"]} would normally return ANY event that has at least one of the listed
  attribute types. This is the behaviour that can now be disabled.

  "type": {"NOT": ["iban", "cc-number"]} would normally remove any attributes with the given types from the list of returned
  events. This functionality is NOT affected by the toggle.
- [stix1 import] Fixed object name handling causing errors in some
  cases. [chrisr3d]

  - With a wrong object name, the correct function
    was not reached, reaching some unexpected errors
- [API] event index queries refactored. [iglocska]

  - fixed ID lookups to be more graceful (IN() instead of OR-d statements)
  - removed default sorting which is the default anyway but introduces a massive overhead
- [database] made MySQLObserver php < 7.2 compliant. [iglocska]
- [database] bruteforce check relaxed for datasource. [iglocska]
- [database] added missing file. [iglocska]
- [restresponse] invalid keyword for controllers blocked SQL data to be
  appended on demand. [iglocska]
- [tool] slackbot cosmetic change. [Christophe Vandeplas]
- [genericTable:rowDblclick] Made row selector more lax. [mokaddem]
- [decaying:base] MAke sure to return a tag event if it's not part of a
  taxonomy. [mokaddem]
- [stix1 export] Exporting all tags as Marking. [chrisr3d]

  - Not only for TLP tags
  - Not TLP tags are SimpleMarking and no longer
    journal entry as they were before
- [server:DBSchemaDiagnostic] Quote index column's name and added
  missing keyword. [mokaddem]
- [events:export-csv] Default to_ids to be 1. [mokaddem]
- [stix1 import] Avoiding Php notice because of the end function.
  [chrisr3d]

  - Same as 8f90f79
- [stix1 import] Updated the email message mapping to support the
  message-id attribute import. [chrisr3d]
- [UI] Added missing delete button for organisations, fixes #5773.
  [iglocska]
- [self-registration] added missing field. [iglocska]
- [user:email] Replaced query parameters by cake's named parameters.
  Hopefully fix #5745. [mokaddem]
- [user registration] reverted bug introduced in previous commit
  restricting the org choice to the suggested org if there was a match.
  [iglocska]
- [console:admin] getSetting can be used to retrieve all settings.
  [mokaddem]
- [user registration] minor bug fixes. [iglocska]
- [user registration] automatically convert selected orgs to local as
  described in the tool. [iglocska]
- [trialing commas] removed. [iglocska]
- [stix2 export] Avoiding the "end" function to return a notice.
  [chrisr3d]

  - It looks like depending on the Php version, the
    end function does not like to have the reference
    of an array. By delaying its call, we pass the
    actual array and the notice no longer appears
- [stix2 export] Fixed datetime fields format in custom objects.
  [chrisr3d]
- [widgets:trendingTags] Removes unused vars. fix #5761. [mokaddem]
- [API] fixes to set_filter_uuid. [iglocska]
- [search] Fixed the UUID / ID searches on the attribute scope, fixes
  #5636. [iglocska]
- [UI] API reset link fixed on the automation page, fixes #5749.
  [iglocska]

Other

v2.4.124 (2020-03-30)

New

- [attributes:massEdit] Possibility to create proposals instead of edit.
  [mokaddem]
- Add support for RHEL in the install script. [Golbark]
- [audit] Added user monitoring. [iglocska]

  - site admins can set the monitoring flag on a user if the feature is enabled on the instance
  - monitored users will have all requests logged along with POST bodies

  - keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
- [UI] indexTable new fields / some refactoring. [iglocska]
- [helper:scopedCSS] Moved implementation in a helper. [mokaddem]
- Country galaxy generator. [iglocska]
- [dashboard] multi line chart UI added. [iglocska]

Changes

Fix

- [sync] Added function to handle older MISP instances despite the new
  way of passing org filter options. [iglocska]
- [event:view] Show correct number of related events to be shown - Fix
  #5732. [mokaddem]
- [objecs:reviseObject] Pass forgotten template data - Fix #5733.
  [mokaddem]
- [event index] org filter correctly accepts array in addition to pipe
  delimited values. [iglocska]

  - fixes pull org filters
- [emailing] Added setting for default publish alert behaviour when
  creating new users. [iglocska]
- [installer] Updated installer checksums. [Steve Clement]
- [attribute:edit] Create chosen picker when modal is shown. [mokaddem]
- [eventGraph:picture] Take correct Attribute picture's name. [mokaddem]
- [widget:mutlieline] Take into account scrollY position. [mokaddem]
- [widgets:multiline] Racecondition executing `init` and fetching d3.js
  twice. [mokaddem]
- [pull] pull filters fixed. [iglocska]
- [widgets:multiline] Ensure that d3.js is loaded only once. [mokaddem]
- [widgets:SimpleList] Fit minimum vertical space. [mokaddem]
- [widgets:multiline] Correctly parse boolean text for `showAxis`
  [mokaddem]
- [galaxy:view] View altered galaxies/clusters buttton correctly
  redirect. [mokaddem]
- [php] compatibility with older versions. [iglocska]
- [servers:pull_rules] Allows sync parameter rules to be above 40 chars.
  [Sami Mokaddem]
- [message] user creation shouldn't include the "User notified of new
  credentials" part of the notification mesage if emailing is disabled.
  [iglocska]
- [install] Updated installer and checksums. [Steve Clement]
- [INSTALL] Properly run tests. [Raphaël Vinot]
- [suricata] fixed an invalid validation of https hostnames that blocked
  the attributes from being included in the exports. [iglocska]
- [dashboard] css conflict resolved. [iglocska]

  - in a really hacky way for now
- [side menu] Fixed Dashboard link from the side menu in the statistic
  view. [chrisr3d]
- [thread:view] Threads are no longer rendered for not related Event on
  rare occasion. [mokaddem]
- [user:login] Added support of `RFC822` for older PHP version.
  [mokaddem]
- [stix export] Fixed cybox object import. [chrisr3d]

Other

v2.4.123 (2020-03-10)

New

- [dashboard] added template delete functionality. [iglocska]
- [dashboard] persistence package. [iglocska]

  - export dashboard state
  - import dashboard state
  - save dashboard state
    - make it available to others on the instance on demand
    - admins can set a default password for users that don't have anything configured yet
    - load another template based on what the community has shared
  - added Whoami widget which was an outcome of the ESDC training
  - various improvements, new fields for genericElements, etc
- [workers] restart all dead workers. [iglocska]
- [widgets] Whoami widget added. [iglocska]
- [dashboard] various fixes / improvements. [iglocska]

  - simple list now accepts arrays for values
  - fixed margin issues
  - fixed empty sync test issues
- [dashboard] added a way to auto reload widgets. [iglocska]

  - has to be defined in the code of the widget
- [widget] World map widget added. [iglocska]
- [dashboard] Resource widget added. [iglocska]
- [favourite] glow orange when on the page that is already bookmarked.
  [iglocska]

  - thanks to @mokaddem (graphman) for the idea
- [dashboard] Added cachelifetimg setting as opposed to hard-coded
  value. [iglocska]
- [dashboard] Added server resource module and some fixes. [iglocska]
- [Dashboard] added hook to check for permissions on module load.
  [iglocska]

  - allows for modules to have role / host org restrictions
- [Dashboard] system. [iglocska]

  - Dashboard
    - modular similar to restSearch
    - build your own widgets
    - use a set of visualisation options (more coming!)
    - full access to internal functions for queries
    - auto discover core and 3rd party widgets
    - rearrange / configure widgets for each user individually
    - rearrange / resize widgets
    - settings can be configured by a site-admin on behalf of others
    - modules have a self-explain mode to guide users
    - caching mechanism for the modules / org

  - set homepage / user
  - various other fixes
- [API] object level restSearch added. [iglocska]

  still WiP

Changes

Fix

- [travis] ANTLR 4.8 works again. [Raphaël Vinot]
- [ACL] added deleteTemplate. [iglocska]
- [dashboards:edit] Prevent overriding the edited template with data
  stored in user-settings. [mokaddem]
- [dashboard:saveTemplate] Prevent array re-indexing causing issue with
  HTML select's option value. [mokaddem]
- [dashboard] grid scope fix. [iglocska]
- [sfv] Checksums wrong. [Steve Clement]
- [dashboard] several small fixes. [iglocska]

  - fixed issue of first few updates failing right after adding a self updating widget
  - don't try to reload a removed widget
  - fixed the internal random parametrised widget refresh to something more sane
- [user:resetAuthkey] Allows the function to be called. [mokaddem]
- [flashErrorMessage] Sanitized error message printed by session that
  should never contains user-made text. [mokaddem]

  - Better safe than sorry
- [user:edit] Prevent password change with the current password.
  [mokaddem]

  - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
- [user:edit] Correctly re-insert form data wipping password
  information. [mokaddem]
- [security] Fixed presistent xss in the sighting popover tool.
  [mokaddem]

  - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
- [user:resetauthkey] Method can only be accessed via POST request.
  [mokaddem]

  - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
- [security] Fix reflected xss via unsanitized URL parameters.
  [mokaddem]

  - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
- [settings] `require_password_confirmation` set to true by default.
  [mokaddem]
- [attribute:validation] Better validation of IPv6-[dst/src] and
  improved display. [mokaddem]

  fix #5682
- [logs] pagination settings are lost when flipping pages after a
  search. [iglocska]
- [widgets] worldmap fixed. [iglocska]
- [dashboards] fixed invalid recall of dashboard template. [iglocska]
- [ACL] added new function to ACL. [iglocska]
- [js] fixed invalid defaults passed from php. [iglocska]
- [cleanup] removed disabling the caching of dashboard widgets for debug
  purposes. [iglocska]
- [dashboard] Some widget visualisation fixes. [iglocska]
- [cleanup] [iglocska]
- [synctool] tests improved. [iglocska]
- [CLI] change authkey description fixed. [iglocska]
- [homepage] redirects fixed. [iglocska]
- [user settings] fixed unlocking of API routes. [iglocska]
- [dashboard] fixed an issue when adding a widget with an empty config.
  [iglocska]
- [API] Json converter fixed. [iglocska]
- [dashboard] fixed multiple adds failing. [iglocska]
- [dashboard] Fixed adding widgets losing their config settings.
  [iglocska]
- [dashboard] custom routing fixed. [iglocska]
- [i18n] Various edits and small __('') addeage. [Steve Clement]

Other

v2.4.122 (2020-02-26)

New

- [logging] Log user IPs on login. [iglocska]

  - feature is optional and needs to be enabled in the server settings
  - on successful login logs the associated user ID for a given IP (30 day retention)
  - also logs the IP for the associated user ID (indefinite retention)
  - added two command line tools to query
    - Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id]
    - Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip]
- [communities] Added Danish community and some fixes to the community
  system. [iglocska]

Changes

Fix

- Run python tests from python. [Raphaël Vinot]
- [CLI] allow for calling the update via the CLI without passing a
  process ID. [iglocska]
- Properly install PyMISP with poetry. [Raphaël Vinot]
- Missing dependency for poetry. [Raphaël Vinot]
- [correlations] fix to an issue where attribute edits could purge
  correlations. [iglocska]

  - bug introduced by a merge gone wrong
  - attribute edits that modify fields that do not affect the correlations (such as to_ids, comment, etc) would cause correlations to be purged
- [sync] allow for both the minimal and searchminimal keywords to be
  used on the event index. [iglocska]

  - until now due to a bug only searchminimal was used
  - sync negotiation uses minimal as the key
  - this should greatly speed up the negotiation phase
- [decaying:tool] Support strict sql mode while fetching available
  Object type. [mokaddem]
- [decaying] Attributes not having a DM associated will be defaulted as
  `not decayed` [mokaddem]
- [eventGraph] Request picture for valid attachement only. [mokaddem]
- [server:edit] Prevent undefined variable. [mokaddem]
- [custom auth] correctly use HTTP_ as the default header namespace.
  [iglocska]
- [installer] Some typos. [Steve Clement]
- Force schema columns lowercase to match expected. [Jason Kendall]
- [enveloping] Fixed typo and added actual event ID to the message
  saved. [iglocska]

  gremmar meestakes are anoying.
- [dash] Dashboard not working at the moment. [Steve Clement]
- [server:edit] Always echo internal instance notice. [mokaddem]
- [UI] Correct title for '+' button. [Jakub Onderka]
- [pubsub] Do not fetch setting for every push. [Jakub Onderka]
- [UI] UUID term should be uppercase. [Jakub Onderka]
- [internal] Remove unused function. [Jakub Onderka]

Other

v2.4.121 (2020-02-10)

New

- [config load task] Added a task that will reload the settings on any
  console shell execution, fixes #5498. [iglocska]

  - helps with background workers being forced to fetch new settings whenever they start a new job
- [objects] pass the /breakOnDuplicate:1 flag to the /objects/add
  endpoint to deduplicate. [iglocska]

  - returns an error if the object already exists
    - objects of the same template_uuid are compared
    - non deleted attributes only
    - type + category + value + object_relation tuple is compared
- [API] Enveloping improvements. [iglocska]

  - user controlled envelope settings to control memory estimation for attribute/event sizes
  - logging of potentially too large events for the current memory envelope
  - tuning of the default values
  - added a divider for the event:attribute conversion to account for objects / event level contextualisation / correlations
- [UI] Show thumbnails at List Attributes view. [Jakub Onderka]
- [internal] Attribute::isImage method. [Jakub Onderka]
- [sync] Add additional pull filters to the sync, fixes #5510.
  [iglocska]

  - uses the same format as the index filters

Changes

Fix

- [security] Correctly sanitize search string in Galaxy view. [mokaddem]

  - As reported by Dawid Czarnecki
- [object] object deduplication fixed. [iglocska]
- [UI] Disable autocomplete for authkey. [Jakub Onderka]

  To prevent saving it into browser cache
- [internal] Remove unused line. [Jakub Onderka]
- [indexes] Added SQL index for tag numerical_value. [mokaddem]
- [security] Further fixes to the bruteforce handling. [iglocska]

  - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged
    - as reported by Dawid Czarnecki
  - several tightenings of the checks to avoid potential foul play
- [security] discussion thread ACL issues fixed. [iglocska]

  - as reported by Dawid Czarnecki
- [security] brutefoce protection rules tightened. [iglocska]

  - as reported by Dawid Czarnecki
- [API] make param tag alias of tags for /events/restSearch. [Jeroen
  Pinoy]
- [kali] Fixed kali install script (#5586) [Steve Clement]

  fix: [kali] Fixed kali install script
- [tools] Removed Viper until working again, fixed #5582. [Steve
  Clement]
- [sum] Fixed checksums. [Steve Clement]
- [kali] Fixed kali install script. [Steve Clement]
- [sync] Pull filters ignored if no custom url params added, fixes
  #5594. [iglocska]
- [export] fixed the export page breaking for text exports, fixes #5563.
  [iglocska]
- [UI] Icons in network distribution graph. [Jakub Onderka]
- [internal] cleanup of unused line. [iglocska]
- [API] several fixes to the Bro API. [iglocska]

  - always use flatten:1 to also include object attributes
  - fix the generated full export to only include the header once
- [internal] fetcher logic fail fixed. [iglocska]
- A few feeds should use fixed events by default. [Raphaël Vinot]

  Related to https://github.com/MISP/MISP/issues/5544
- [API] taxonomies controller index call fixed for API calls. [iglocska]

  - no longer limiting at 60 elements
- [log] Proper format log message for reset auth key. [Jakub Onderka]

  In future, it will be also possible to filter auth keys in logs.
- [objects:edit] Added *_seen validation and error reporting. [mokaddem]
- [CLI] Die if setting name is not correct. [Jakub Onderka]
- [server:edit] Correctly escape `%` re-enabling server setting editing.
  [mokaddem]
- Proper logout when `CustomAuth_custom_logout` is set. [Jakub Onderka]
- `DefaultRoleId` is not implemented for ApacheShibbAuth. [Jakub
  Onderka]
- [UI] Remove double escaping. [Jakub Onderka]
- [ui:galaxy] Correctly display galaxy info. [mokaddem]
- [attribute:search] Unset filtering rules on *_seen if unset.
  [mokaddem]
- [internal] AttributesController::viewPicture can be used just for
  fetching images. [Jakub Onderka]
- [UI] small username helper changes. [iglocska]
- [internal] slight tuning to the attribute restsearch memory envelop
  size. [iglocska]
- [UI] Add space after ':' in error text. [Jakub Onderka]
- [serverShell] Stopped usage of reserver keyword. [Sami Mokaddem]

  Renamed function name to let PHP 5.x parse the shell script correctly
- [diagnostic:dbSchema] Updated schema with the Attribute.comment
  indexing change nad pretty-printed it. [mokaddem]

Other

v2.4.120 (2020-01-21)

New

- [shadowAttribute] first_seen and last_seen on shadowAttributes.
  [mokaddem]
- [timeline/*-seen] Initial import of the timeline code from the
  zoidberg branch. [mokaddem]
- [attribute type] kusto-query attribute type. [Alexandre Dulaunoy]

  Kusto query is the query language for the Kusto services in Azure used
  to search large dataset. It's used in Windows Defender ATP Hunting-Queries
  and also Azure Sentinel (Cloud-native SIEM).

  To fix #5475
- [generic index] added lambda function based requirements for actions.
  [iglocska]
- [diagnostic:DBIndexes] Added complete diagnostic for database indexes.
  [mokaddem]
- [diagnostic:DBIndex] Show table columns having indexes. [mokaddem]
- [UI] first implementation of the modal forms. [iglocska]

Changes

Fix

- [install] Update .sfv. [Steve Clement]
- [stix2] Fix stix2 for the Docs and Installer (#5526) [Steve Clement]

  fix: [stix2] Fix stix2 for the Docs and Installer
- [tools] re-generated INSTALL.sh fixed small issue in ubu. [Steve
  Clement]
- [stix] small fix to get around a current cti-python-stix2 glitch (to
  be undone) [Steve Clement]
- [form_seen] Filling *_seen field with no value remove the *_seen time.
  [mokaddem]
- [worker:diagnostic] Prevent failing if no worker are running.
  [mokaddem]
- [workers:diagnostic] Consider a queue to be healthy if one worker is
  running. [mokaddem]
- [adminSetting] Avoid trying to create new entries if previous save
  failed. [mokaddem]
- [update] fixed an issue blocking the updates from executing.
  [iglocska]

  - invalid check for the admin role - too early to check for _isSiteAdmin() at that point
- [stix 1&2 export] Checking is an error message is returned. [chrisr3d]
- [internal] upgrade issues fixed. [iglocska]
- [updateProgress] Display errors in between updates Return empty
  progress when the current progress can't be fetched. [mokaddem]
- [upgrade] removed test change. [iglocska]
- [upgrade] Added a safety net for launching superfluous updates.
  [iglocska]
- [update] typo fixed. [iglocska]
- [settings] purge previous setting, push new one. [iglocska]
- [UI] small fixes. [iglocska]
- [model:comment] Do not index the `comment` field anymore for
  shadowAttribute and Objects. [mokaddem]
- [Attribute:comment] Do not index the `comment` field anymore.
  [mokaddem]
- [db_schema] Bumped db schema to support *-seen and indexes. [mokaddem]
- [Object:DeltaMerge] Gracefully catch if *_seen field is not present in
  the pushed Object. [mokaddem]
- [update:index] Correctly log index addition errors. [mokaddem]
- [Object:quickAddAttribute] Correctly closes the popover after
  submission. [mokaddem]
- [update] Function name conflict introduced by the merge + UI
  Improvements. [mokaddem]
- [database] bumped db update number for fs/ls update. [mokaddem]
- [object:save] Inversed condition. copy/pasta fail... [mokaddem]
- [object:save] fail-safe if Object doesn't have fs/ls set. [mokaddem]
- [object:add] Catch exception if fs/ls doesn't exists. [mokaddem]
- [event:view] Icons color set to white when applicable. [mokaddem]
- [sql] updated MySQL.sql and modified comment column type. [mokaddem]
- [update] liveOff recognition and logs when updates are locked.
  [mokaddem]
- [timeline] Prevent collision for Object and Attribute having the same
  ID. [mokaddem]
- [object:setMetraFromAttribte] Pass Object reference instead of value.
  [mokaddem]
- [timeline] Removed illusion of editing timeline objects if you are not
  the owner. [mokaddem]
- [timeline] Prevent `Column not found` error if user has the `user`
  role. [mokaddem]
- [restResponse] Added support of *-seen fields. [mokaddem]
- [time_precision_tool] Support of IE. Usage of prototypes instead of a
  class. [mokaddem]
- [attribute:view] Correctly pick the matching form. [mokaddem]
- [attribute:*-seen] Force seconds to be integers and allows editForm
  for *-seen fields. [mokaddem]
- [timeline] correctly adapt time scale when expanding items. [mokaddem]
- [event:timeline] Error when trying to restore non-existing backup
  entries. [mokaddem]
- [object:quickEdit] fix input selector. [mokaddem]
- [object:quickEdit] Fixed response to be of JSON type and improved
  layout. [mokaddem]
- [object:quickAttributeAdd] Fixed response to be of JSON type and
  improved layout. [mokaddem]
- [Object:editObject] Removed Event unpublishing that induced a
  divergence of Event.timestamp. Chances are that it was causing ghost
  loggins and useless sync loops. [mokaddem]
- [attribute:quickEdit] Escalate the timestamp refresh to the Object.
  [mokaddem]
- [Attribute:editTag] Correctly escalate the timestamp refresh to the
  Object. [mokaddem]
- [Objects] editing refactored. [iglocska]

  - code made more readable
  - resolved an issue where objects could not be edited via the API without having the correct template
- [Discussion] threads cannot link to other events, fixes #5506.
  [iglocska]
- Incorrect directionality for oldest_timestamp comparisons. [Tom King]
- Make feeds a searchable scope in the logs, fixes #5501. [Andras
  Iklody]
- [PyMISP] Dummy creator. [Raphaël Vinot]
- Remove python 2 test suite. [Raphaël Vinot]
- [compat] The env variable SUDO_USER is a reserved variable (#5492)
  [Steve Clement]

  fix: [compat] The env variable SUDO_USER is a reserved variable
- [compat] The env variable SUDO_USER is a reserved variable. [Steve
  Clement]
- [module results handler] Setting attribute category/ies accordingly.
  [chrisr3d]

  - Depending on whether there is one or more type(s)
    and the category is not already set
- [module results view] No need to add "selected" [chrisr3d]
- [modules] Making sure the module format is set. [chrisr3d]

  - Making sure the module format is not empty is
    better than only making sure the variable is set
- [module results handler] Fixed wrong call. [chrisr3d]

  - $this->Attribute directly instead of
    $this->Event->Attribute
- [view:genericIndex] Fallback if `options` is not defined. [mokaddem]
- [STIX] import fixed. [iglocska]

  ________________   ___/-\___     ___/-\___     ___/-\___
       / /             ||  |---------|   |---------|   |---------|
      / /              ||   |       |     | | | | |     |   |   |
     / /             __||   | STIX  |     | | | | |     | | | | |
    / /   \\        I  ||   |       |     | | | | |     | | | | |
   (-------------------||   | | | | |     | | | | |     | | | | |
   ||               == ||   |_______|     |_______|     |_______|
   ||   TAXII       | =============================================
   ||          ____    |                                ____      |
  ( | o      / ____ \                                 / ____ \    |)
   ||      / / . . \ \                              / / . . \ \   |
  [ |_____| | .   . | |____________________________| | .   . | |__]
            | .   . |                                | .   . |
             \_____/                  -cfbd-          \_____/
- [diagnostic:DBIndexes] Typo keyname. [mokaddem]
- [internal] fixed newly introduced error with full_group_by directive
  when adding galaxies to tag collections. [iglocska]
- [internal] avoid loading outdated versions of galaxies. [iglocska]
- [diagnostic:DBSchema] Select tables schema with UPPER case. [mokaddem]
- [diagnostic:DBSchema] Force column `table_name` to be lower case.
  [mokaddem]
- [diagnostic:DBSchema] Improved UI with label. [mokaddem]
- [UI] adding attack-like galaxy clusters to tag collections was slow.
  [iglocska]

  - was generating a heatmap out of all event metadata each time for no good reason
- Don't show an empty error when there is no error. [Pierre-Jean
  Grenier]
- UpdateObjectTemplates with user ID 1. [Raphaël Vinot]
- [CLI] updateObjectTemplates handles fetching the user correctly now.
  [iglocska]
- [stix import] Storing methods names in the mapping dictionary so we do
  not store the methods themselves. [chrisr3d]
- [stix export] Storing methods names in the mapping dictionary so we do
  not store the methods themselves. [chrisr3d]
- [stix2 export] Storing methods names in the mapping dictionary so we
  do not store the methods themselves. [chrisr3d]
- [stix2 import] Storing methods names and calling them with getattr
  instead of storing the methods themselves. [chrisr3d]
- [stix2 import] Fixed import of observables with no marking attached.
  [chrisr3d]
- [tags] Fixed the taxonomy view incorrectly fetching mistyped tags over
  the actual taxonomy tags. [iglocska]
- [stix2 import] Avoid issues with relationships list when there is no
  relationship object in the stix file we want to import. [chrisr3d]
- [cleanup] removed wtf inducing debug message. [iglocska]
- [taxonomies] Fixed invalid tags being shown on the taxonomy index if
  mistyped versions exist. [iglocska]
- [event add view] Avoided setting the action variable. [chrisr3d]

  - That is available from the view side within $this->request->params
- (#5277) remove out of scope var causing weird behavior when adding an
  invalid attribute. [Will]
- [decaying:simulation] Allow ObjectAttributes to be simulated.
  [mokaddem]
- [API] include the local flag in tags when using restSearch. [iglocska]
- [add event view] Reuse of variable. [chrisr3d]
- [CLI] invalid variable used for server caching log entry. [iglocska]
- [internal] attribute restsearch - handle empty lines returned from the
  module better. [iglocska]

  - no more empty lines hopefully in some exports
- Removed useless spaces. [mokaddem]
- [decaying:basescoreComputation] Correctly support 2-tag and 3-tag.
  [mokaddem]
- [decaying:simulation] base_score popover override shows the correct
  one. Instead of always the first one. [mokaddem]
- [eventGraph] Typing do not trigger eventGraph action anymore. Fix
  #5442. [mokaddem]
- [eventGraph:addReference] Adding reference to unreferenced nodes do
  not link to the root unreferenced nodes anymore. [mokaddem]
- [event:view] Correctly display `Edit Event` when Editing instead of
  `Add Event` [mokaddem]
- [feed:previewEvent] Added `Fetch Event` button on the sidemenu.
  [mokaddem]
- [event:add] Restored extended event preview. [mokaddem]
- [event:publishRouter] Fixed parenthesis issue. [mokaddem]
- [event:view] Pivot form related event fixed. [mokaddem]
- Remove unusued config option. [Jakub Onderka]
- [internal] hard delete of attributes after a soft delete fixed.
  [iglocska]

Other

v2.4.119 (2019-12-02)

New

- [server:fixDBSchema] Preliminary work to fix database schema.
  [mokaddem]
- [refactor] Massive internal refactor and cleanup of deprecated APIs.
  [iglocska]

  - new centralised restSearch function in AppController as entry point via all controllers
  - new component handling restSearch related support functions, such as parameter mapping
  - hollowed out all deprecated export functions on the event/attribute controller
    - replaced with a new functionality that remaps them to restSearch
    - all functionality should be maintained with all additional advantages introduced with restsearch
  - additional cleanup (some unused functions removed)
- [internal] Log exact error for GPG diag in error log. [Jakub Onderka]
- [statistics] Added organisation activity over time. [mokaddem]
- [API] refactored deprecated APIs to use the legacy system. [iglocska]
- [legacy] handler added for Legacy APIs. [iglocska]

  - allows for a remap of the parameters and subsequent calls to modern functions
- [sync] Added sighting sync publish button to the event view.
  [iglocska]
- [doc] Support request template (#5420) [Steve Clement]

  new: [doc] Support request template
- [doc] Support request template. [Steve Clement]
- [deprecation] Added a new library to handle deprecations. [iglocska]

  - send X-Deprecation-Warning via the API
  - set new Warning flash messages via the UI
  - counting the use of these functionalities / API endpoint and / user
    - added a diagnsitic tool to view the outcome of the collection
    - sharing of these collections with the MISP-Project will be optionally available in the future

  - two modes of operation:
    - hard deprecation (functions certainly to be removed, reported to the users via API/UI)
    - soft deprecation (gauging interest for the continued use of these functions)
- [sql diagnostics] Started work on a system to automatically generate
  scripts to fix issues. [iglocska]

  - currently somewhat limited
  - requires additional input to generate correct queries, needs an update for the default schemas
  - generated, but not exposed for now
- [sync] view remote user tool added to the server index. [iglocska]

  - should help with debugging what user is being used
- [API] Added attribute_timestamp flag to attributes/restSearch.
  [iglocska]

  Explanation of the 4 timestamp filters:
  timestamp: Filters on attribute AND event timestamp
  event_timestamp: Filters on event timestamp
  attribute_timestamp: Filters on attribute timestamp
  publish_timestamp: Filters on event.publish_timestamp
- [UI] formInfo element added to the form generator. [iglocska]
- [API] SQL dump now includes two modes. [iglocska]

  - sql_dump:1 - append the SQL dump to the response
  - sql_dump:2 - only return the SQL dump in the response
- [API] Cleaner API debugging via the API. [iglocska]

  - passing sql:1 as a url parameter will try to add the sql_dump key to the response if SQL debugging is enabled
  - allows for the easier debugging of for example search queries

Changes

Fix

- [diagnostic:DBSchema] Aligned schema to a clean non-tampered instance.
  [mokaddem]
- [internal] When capturing an object, avoid throwig notice errors if no
  attributes are set, fixes #5439. [iglocska]
- [internal] fixed the hacky removal of passwords on returned user
  objects for /users/edit. [iglocska]

  - this commit gets 1*
- Deleted useless comments. [mokaddem]
- [diagnostic:DBSchema] Removed query execution and soften the warning
  message. [mokaddem]
- [diagnostic:fixDBSchema] Typo. [mokaddem]
- [API] fix to a double negation fail in the tagging. [iglocska]
- [API] Better error reporting for attaching tags to events/attributes.
  [iglocska]
- [API] /users/edit modifications. [iglocska]

  - remove sanitised password when directly posting back a user object
  - more graceful error handling if something goes critically wrong
- [user API] users/edit now avoids having to set confirm_password when
  setting a password via the API. [iglocska]
- [internal] taxonomy exclusive flag now handles the key not existing in
  the JSON format. [iglocska]
- [internal] sighting restSearch. [iglocska]

  - some small fixes
- [ACL] added restsearch on the appcontroller. [iglocska]
- [stix2 export] Fixed pattern mapping for stix2 pattern objects.
  [chrisr3d]
- [internal] potential fix to uninitialised AdminSetting model errors
  when calling changeSetting() in the upgrade process. [iglocska]
- [API] Don't strip empty usersettings from users/view. [iglocska]
- [API] users/edit fixed. [iglocska]
- [internal] fixed weird user massage code. [iglocska]

  - I have no idea what I was thinking there...
- [internal] Remove unused function. [Jakub Onderka]
- [internal] Remove unused ShadowAttributesController method. [Jakub
  Onderka]
- [internal] potential fix to the sighting_timestamp missing issue when
  syncing with older instances. [iglocska]
- [UI] includeSightingdb flag not set correctly in the event attribute
  index. [iglocska]
- [tag] do not show actions column for non-admins. [Christophe
  Vandeplas]
- [security] tightened checks for restricting users from tagging data
  they shouldn't be allowed to tag. [iglocska]

  As reported by Christophe Vandeplas
- [REST] Python has no 'Null' type, it is called 'None' [Steve Clement]
- [ACL] added /events/publishSightings. [iglocska]
- [sync] Set org_id to 0 on proposal push if the sighting is anonymised.
  [iglocska]

  - correctly prevents the remote side from misattributing the sighting to the sync user's org
- [sync] Some minor changes to the sighting push. [iglocska]

  - correctly handle anonymisation
  - only push sightings, not rest of the event (decide on sender side)
  - handle receiving sanitised sightings
- [UI] duplicate entries in the attribute correlation column on the
  event view, fixes #5421. [iglocska]
- [doc] composer update missing. [Steve Clement]
- [ACL] added missing function. [Andras Iklody]
- [user view] server issues fixed. [iglocska]
- [API] bro deprecation message was premature. [iglocska]

  - needs to be added to restsearch first
- [deprecation] Added missing component. [iglocska]
- [attribute:massEdit] Allow removal of non exportable tags. Fix #5408.
  [mokaddem]
- [stix2 export] Adding attribute type or object name in the custom
  object id. [chrisr3d]

  - Should fix #5410
- [API] fixed notice errors for compact() in PHP 7.3+ [iglocska]
- [stix2 export] Exporting stix2-pattern objects as pattern. [chrisr3d]

  ... Instead of failing and being exported as custom object
- [indextable] Fixed the link field. [iglocska]
- [stix2 import] Avoids importing an object_relation value for single
  attributes. [chrisr3d]
- [stix2 import] Importing stix2-pattern object only if the pattern
  parsing failed. [chrisr3d]

  - Also adding the uuid of the stix2-pattern object
  - It avoids patterns to be exported twice if we
    export the misp event created from the import
    afterwards
- [internal] site admins should not have to be host org users to see
  server correlations. [iglocska]
- [API] adding objects now has better validation errors. [iglocska]

  - instead of silently dropping attributes in certain cases
- [tagging] Events will be unpublished when a local tag is removed
  #5363. [iglocska]
- [attribute:massTagging] Check for POST data in `post` code path. Fix
  #5359. [mokaddem]
- [temporary] Dirty fix for the diagnostic page failing on MySQL < 5.6.
  [iglocska]
- [UI] Removed console.log call for debugging purposes. [chrisr3d]
- [UI] With the correct field name, it works better ;-) [chrisr3d]

  - threat_level_id is the name of the field, and
    now the hover description works :D
- [UI] Passing the distribution, threat level & analysis description for
  the edit event view. [chrisr3d]
- Just an indent fix for the eyes. [chrisr3d]
- [internal] Removed duplicate loading of configuration. [iglocska]

  - lazy-loading the event model after an on-the-fly config change would purge the change otherwise
  - config already loaded in bootstrap anyway
- [UI] Cosmetic changes on the add event form. [chrisr3d]
- [internal] better error messages for attaching a tag failing.
  [iglocska]
- [UI] Fixed sharing group & threat level field names in add event view.
  [chrisr3d]
- [internal] Attribute/Event connectors for attribute_timestamp added.
  [iglocska]
- [UI] formInfo fixed. [iglocska]
- [internal] Load MISP version just once in AppController. [Jakub
  Onderka]
- [internal] tag attacher could run into a situation where an invalid
  tag's creation failure is not caught. [iglocska]

  - returns puzzling error messages

Other

v2.4.118 (2019-11-08)

New

- [attribute:restSearch] Support of Orgc and GalaxyElement meta
  searches. [mokaddem]
- [event:restSearch] Support of Orgc meta searches. [mokaddem]
- [event:restSearch] Initial work for GalaxyElement searches. [mokaddem]
- [SightingDB] Added integration with SightingDB. [iglocska]

  - Added configuration tool
  - Added lookups from the event view
  - Added includeSightingdb flag for the restSearch searches
  - Added SightingDB search tool
  - Added SightingDB connection test tool
- [UI] Added the index filter component. [iglocska]
- [UI] Added new/improved index and form builder generators - Added form
  Builder generator - Added new fields to the index table generator -
  updated some existing fields for the index table generator. [iglocska]
- [tags] Preminilary support of exclusive tags based on taxonomy data.
  [mokaddem]
- [cli] server connectivity test. [Jan Skalny]
- [servers:DBDiagnostic] Improved indexTable and added new DB schema
  diagnostic (WiP) [mokaddem]

Changes

Fix

- [attributes:restSearch] Fixed typo. [mokaddem]
- [UI] Automatic logout. [Jakub Onderka]
- [UI] Server diagnostics download link. [Jakub Onderka]
- [releaseUpdateLock] Fixed error message to reflect the reality.
  [mokaddem]
- [proxy] Skip_proxy was broken up until now, fixes #5324. [iglocska]

  - was simply ignored, added the hook for it for the sync tool
- [Tagging] Fixed the user/org restrictions not being adhered to when
  tagging. [iglocska]
- [Tag:exclusive] Code clean up. [mokaddem]
- MIssing quotes in test cases setup. [Raphaël Vinot]

  Fix https://github.com/MISP/PyMISP/issues/484
- [UI] Proposal attachment downloading. [Jakub Onderka]
- [stix2 import] Importing directory patterns from external stix.
  [chrisr3d]
- Bumped latest stix2 python version + Updated expected version in the
  diagnostic. [chrisr3d]
- [internal] Remove dead code from AttributesController. [Jakub Onderka]
- [UI] Show image attachment for previewing event. [Jakub Onderka]
- [stix2 import] Fixed registry-key pattern mapping. [chrisr3d]
- Do not test users settings on travis. [Raphaël Vinot]
- Revert PyMISP bump. [Raphaël Vinot]
- Buggy bump of PyMISP. [Raphaël Vinot]
- [stix diagnostic] Updated the latest stix2 version. [chrisr3d]
- [user] Include user settings in /users/view. [iglocska]
- [internal] Load Regexp just when they are requested. [Jakub Onderka]
- [stix export] Making stix json download return json instead of xml.
  [chrisr3d]
- [UI] Remove double id attribute. [Jakub Onderka]
- [UI] Remove unused code from Communities view template. [Jakub
  Onderka]
- [UI] Removed unused JS from galaxy view. [Jakub Onderka]
- [UI] Input is not pair element. [Jakub Onderka]
- [stix2 import] Better pattern parsing for values containing an '='
  [chrisr3d]
- [stix2 import] Avoid errors with report object refs not actually
  present in the bundle. [chrisr3d]
- [stix2 import] Removed unused variable in dictionary loop. [chrisr3d]
- [live:notice UI] Fixed baseurl variable. [mokaddem]
- [live:notice UI] Fixed baseurl variable. [mokaddem]
- [updateProgress] Fixed return message to better handle translation.
  [mokaddem]
- [update] Apply restriction of only 1 running process for only the
  `update` workers. [mokaddem]
- [update] Fixed bad merge and added more comments. [mokaddem]
- [update] Correctly sets liveOff and do not consider MySQL index
  addition as an error anymore. [mokaddem]
- [update] Init class before using it.. [mokaddem]
- [update] do not longer start update job if no update available.
  [mokaddem]
- [update] Switched to default usage of worker for the update.
  [mokaddem]
- [update] Started changing worker place in the update process.
  [mokaddem]

Other

v2.4.117 (2019-10-10)

New

- [user settings] Added restrictions for certain settings. [iglocska]

  - based on role permissions
  - enforce the checks on set/delete
  - add it to the UI elements
  - /users/view /admin/users/view now include the user settings in a simplified format
- [API] Added rate limiting option to the API. [iglocska]

  - / role setting
  - can be enabled/disabled and if enabled a limit can be set
  - limit counter / 15 minutes starting from the first query
  - x-headers inform the user about their limit/remaining queries/reset in seconds
- [internal] New AppModel::logException method. [Jakub Onderka]
- [ca_path] added setting in setting manager. [iglocska]
- [internal] Allow to use custom CA. [Jakub Onderka]
- [user settings] Finalised first revision. [iglocska]

  More to come in the future
- [index table] added json field. [iglocska]
- [User settings] Added user settings system. [iglocska]

  - set settings / user
  - settings can be set by user themselves or their org admin / site admin
  - added first setting: publish_alert_filter
  - accepts boolean branched filter options
    - supports deep logical trees
    - OR/NOT/AND
    - currently supports filtering on tags and the creator organisation
- [internal] Redis diagnostic. [Jakub Onderka]
- [UI] Added JSON as valid index table field. [iglocska]
- [API] Netfilter added as new export format. [iglocska]

Changes

Fix

- [PyMISP] Travis tests. [Raphaël Vinot]
- [internal] missing org object for users/view. [iglocska]
- [internal] Remove closing PHP tag. [Jakub Onderka]
- [UI] Showing whitespaces for 'text' field. [Jakub Onderka]
- Check if variables are defined. [Pierre-Jean Grenier]
- [iternal] Remove unused method EventShell::__recursiveEcho. [Jakub
  Onderka]
- [eventGraph] Fixed UI issue with duplicated ID (attributes and
  objects) Fix #5181. [mokaddem]
- [API] rate limit should only run on the API. [iglocska]
- [missing] component added. [iglocska]
- [UI] Show advanced and SG input when page is reload. [Jakub Onderka]
- [AttributesController] Fix issues related to undefined variables.
  [Pierre-Jean Grenier]
- [hover enrichment] Fixed variable name that caused issues with hover
  enrichment for more than 1 module called on 1 single attribute.
  [chrisr3d]
- [stix export] Typo. [chrisr3d]
- [internal] Set attribute restsearch page to 1 if limit is set without
  setting the page number. [iglocska]
- [UI] Linebreak between global/public tag add buttons on the attribute
  list fixed. [iglocska]

  - was driving me nuts
- [UI] Removed unused JS variable. [Jakub Onderka]
- [API] massive performance boost for large events with many
  correlations. [iglocska]

  - the logic of the JSON converter was heavy and unnecesary
- [UI] Do not show Advanced extraction when not possible. [Jakub
  Onderka]
- [sightings] Fix undefined variable with REST search. [Pierre-Jean
  Grenier]
- [internal] massive performance boost when loading events with a lot of
  objects. [iglocska]
- [internal] user_count variable is already number. [Jakub Onderka]
- [internal] Correct error handling for invalid taxonomies. [Jakub
  Onderka]
- Undefined variable when no feed was enable. [Pierre-Jean Grenier]
- [feed] fix REST problems. [Pierre-Jean Grenier]
- [feed] array from NULL is not NULL. [Pierre-Jean Grenier]
- [UI] Error handling for submitPopoverForm function. [Jakub Onderka]
- [performance] Small speed boost to the publishing process. [iglocska]

  - don't fetch the event's first degree relations when preparing to publish it
- [performance] notifications lookup on each UI page load was slow.
  [iglocska]

  - introduced a major bottleneck on large instances
  - massively reduced the load times for pages that warranted none
- [performance] notifications lookup on each UI page load was slow.
  [iglocska]

  - introduced a major bottleneck on large instances
  - massively reduced the load times for pages that warranted none
- [mysql.sql] typo resolved. [iglocska]
- [user_settings] added timestamp field. [iglocska]
- [internal] removed debug calls. [iglocska]
- [debug] Removed internal breakpoint that was left in. [iglocska]
- [correlation] Skip correlation on tasks that modify an attribute in a
  way that wouldn't warrant a recorrelation, fixes #5204. [iglocska]

  - Only recorrelate attribute if:
    - attribute is new
    - attribute already exists and value, disable_correlation, type is updated
- [API] proposals overriding attributes wasn't always working as
  expected, fixes #4032. [iglocska]

  - until now it was bound to the to_ids setting (badly) which caused nothing but headache
  - moved the new configuration to instead use the non-permissive nature of the given export formats

  - non-permissive export: if the proposal block is enabled, override attributes
  - permissive export types: ignore the proposals

  The reasoning is simple: we use the permissive export types for types that can express additional structures such as proposals, IDS flags, publish flags etc (meaning the MISP JSON/XML formats for example)
- [user setting] Left off missing changes to the controller. [iglocska]
- [logging] paranoid log entry not logging request body via the API.
  [iglocska]
- [UI] Double side menu fixed. [iglocska]
- [internal] Proposals block attributes setting broken when to_ids is an
  array. [iglocska]
- [stix 1/2 export] Catching potential exceptions and returning it as
  result in restSearch. [chrisr3d]
- [UI] GnuPG diagnostic message. [Jakub Onderka]
- [UI] Notices margin. [Jakub Onderka]
- [UI] MISP logo is in center at login page. [Jakub Onderka]
- [shell] Update updateWarningLists from CLI. [Jakub Onderka]
- [UI] Remove duplicate condition in footer.ctp. [Jakub Onderka]
- [stix 1/2 import] Making the publish checkbox work as expected.
  [chrisr3d]

  - Publishing as exxpected when the option is
    checked AND the user has the right to publish
- [stix 1/2 import] Avoid adding the original stix file in the event if
  the option is not checked. [chrisr3d]
- [stix 1/2 import] Adding misp event json data within the 'Event' field
  if it is not already in. [chrisr3d]
- [internal] paranoid log body didn't contain full body for API calls.
  [iglocska]
- [stix 1/2 restSearch] Deleting temporary files in case of an error in
  the python side. [chrisr3d]
- [stix2 export] Catching errors that could happen with custom tags.
  [chrisr3d]
- [stix import] Avoiding error with no hashes in pe objects. [chrisr3d]
- [stix test] Updated STIX1 test files with the most recent fixes on the
  export script. [chrisr3d]
- [stix export] Fixed dictionary key used to check pe sections to parse.
  [chrisr3d]
- [stix test] Fixed stix2 test file generated with changes on the script
  and the misp event test file. [chrisr3d]
- [stix test] Fixed relationship type between a file and a pe object.
  [chrisr3d]
- [stix2 export] Make Relationship objects happy with relationship
  types. [chrisr3d]
- [internal] Clear also cake core and model caches. [Jakub Onderka]
- [UI] Loading of local tags fixed via the UI, fixes #5197. [iglocska]

  - over-zealous ACL removed local tags for non sync users
  - UI only functionality, no need for the restriction at al
- [rest client] Fix overflow in the JSON parsed rest response view.
  [iglocska]
- [rest client] Add delete as a valid http method. [iglocska]
- [API] Added DELETE http method to the rest client and fixed the JSON
  response of the API info. [iglocska]
- [API] remove weird line breaks from the API descriptions. [iglocska]
- [diagnostic] Fixed stix python libraries requirements. [chrisr3d]
- [index view] Fixed index table in the case where row_element is not
  set. [chrisr3d]
- [ui] pass static_tags_only to the feed view. [iglocska]
- [sfv] Fix checksums. [Steve Clement]
- [community access requests] fixed serveral issues, fixes #5194.
  [iglocska]

  - added missing view to preview the request
  - don't throw errors when possible, instead show what should have been sent
- [UI] If a server add with a newly created external organisation fails,
  set the external organisation as the currently selected option after
  the validation fail redirect, fixes #5182. [iglocska]
- [tools] Updated installer SUMS (#5177) [Steve Clement]

  fix: [tools] Updated installer SUMS
- [tools] Updated installer SUMS. [Steve Clement]
- [sync] Single event fetch via the side menu would trigger a full pull.
  [iglocska]
- [UI] Annoying race condition fixed causing redirects to the login,
  fixes #5172. [iglocska]
- [diagnostic] Updated expected stix2 library version. [chrisr3d]
- [import modules] Avoiding issues with empty module parameter.
  [chrisr3d]
- [stix2 import] Fixed Galaxy description parsing. [chrisr3d]
- [stix2 import] Fixed vulnerability object import. [chrisr3d]

  - Better vulnerability object attributes parsing
  - Including mapping dict for direct call of the
    parsing function depending on the STIX object
    type (indicator, observable or vulnerability)

Other

v2.4.116 (2019-09-16)

New

- [sync] Added sync priority system to prioritise the order of instances
  to push to. [iglocska]
- [CLI] Added cleanup tool to purge all events related to a feed.
  [iglocska]

  - Simply run /var/www/MISP/app/Console/cake Admin purgeFeedEvents [user_id] [feed_id]
  - works for CSV/Freetext feeds
- [stix2 export] Parsing relationships between objects. [chrisr3d]

  - Which includes of course relationships between
    objects and objects, and the ones between
    objects and attributes
- [API] verbose output for /servers/update. [iglocska]
- [event:view] Added support of decay score. [mokaddem]
- [decaying:rest] Filtering out of decayed attributes. [mokaddem]
- [decaying] Partial API support - WiP. [mokaddem]
- [restResponse] Added entries in Attribute/RestSearch for decaying
  model support. [mokaddem]
- [decaying] Added models import and export feature. [mokaddem]
- [restSearch] restSearch module for ATT&CK Sightings. [chrisr3d]

  - Returning ATTA&CK Sightings in json format for
    events and attributes with mitre-attack-pattern
    galaxies attached
  - For further details on the ATT&CK Sightings,
    please visit https://attack.mitre.org/resources/sightings/
  - Also thanks to @johnwunder for the clarification
    on the output format
- [auth key fail logging throttle] Throttle the auth key failed log
  entries to 1 / hour / key. [iglocska]

Changes

Fix

- [stix2] Fixed custom objects parsing when an attribute is multiple.
  [chrisr3d]

  - Avoids loss of attributes that are multiple,
    during the export, by returning them in a list
  - Supporting import of of custom values that are
    in a list, as single multiple attributes
- [internal] Added a code branch to check if saddarray is available - if
  yes, use it. [iglocska]

  - for the warninglist model's cacheWarninglistEntries function
- [UI] Allow to skip pagination in IndexTable. [Jakub Onderka]
- [internal] warninglist missing Redis::sAddArray() fixed. [Andras
  Iklody]
- [prio] changePriority function responses fixed. [iglocska]
- [API] hard delete passable via different methods to /attributes/delete
  than just ordered URL parameters. [iglocska]
- [internal] Fix post check for attribute delete function via the API.
  [iglocska]
- [server prio] Don't block the reordering even when the requested move
  is invalid. [iglocska]

  - helps with fixing misaligned server lists
- [server prio] reprioritise should be more lenient if there's a messed
  up priority order as the starting point. [iglocska]

  - should still return false for the rearranging, but should re-set the priority list based on the current positions
- [UI] Attribute search sort by date fixed. [iglocska]
- [ACL] priority change for servers tied into the ACL. [iglocska]
- [server prio] Automatically put new servers to lowest prio instead of
  highest. [iglocska]
- [UI] Fix typo in community view. [Jakub Onderka]
- [decaying:base_score] Create temporary false tags when they are
  defined in their taxonomy but not created yet. [mokaddem]
- [decaying:base_score] Single taxonomy appear in the correct namespace.
  [mokaddem]
- [decaying:base_score] Round base_score config up to 4 digits.
  [mokaddem]
- [decaying] `.json` view in `decaying/view` [mokaddem]
- [decaying:import] Force somes fields to be present while importing a
  decaying model. [mokaddem]
- [UI] removed obsolete logo preview tool from org add/edit. [iglocska]
- [stix2 export] Avoids passing variable already contained in another
  variable passed at the same time. [chrisr3d]
- [stix2 export] Removed some useless processing. [chrisr3d]
- [decaying] fixed `const` error. [mokaddem]
- [decaying] Correctly add database indexes. [mokaddem]
- [regression] removed readded invalid acl entry. [Andras Iklody]
- [ACL] removed two unused functions. [iglocska]
- [API] Empty strings should be embedded in an array for the JSON
  output. [iglocska]
- [decaying:simulation] Make sure every sightings have a rounded
  timestamp. [mokaddem]
- [decaying] typo 4. [mokaddem]
- [decaying] typo 3. [mokaddem]
- [event] typo 2. [mokaddem]
- [event] typo. [mokaddem]
- [decaying:tool] Replaced `title` function into `text` [mokaddem]
- [decaying:import] imported models from directory are correctly saved
  as default. [mokaddem]
- [decaying:import] Correctly remove id, uuid and preserve the import
  data. [mokaddem]
- [event:view] Toggle boolean buttons. [mokaddem]
- [acl:decaying] Fixed ACL permissions. [mokaddem]
- [decaying:add] Name should be input rather than textarea. [mokaddem]
- [decaying:add] Formula field should be a select. [mokaddem]
- [event:fetch] DO not duplicate scores for object's attributes anymore.
  [mokaddem]
- [decaying:tool] Enabled icon is correctly displayed in the model
  table. [mokaddem]
- [appModel] SQL query syntax fixed. [mokaddem]
- [decaying] UI - Interface errors and sanitization. [mokaddem]
- [decaying:base_score_config] basescore computation steps works again -
  WiP. [mokaddem]
- [appmodel] Added db_change number for the decaying update. [mokaddem]
- [Sightings] Plugin.Sightings_policy=Event Owner now shows sightings
  that belong to the creating org. [mokaddem]
- [decaying] Include EventTags for score computation in `event/view`
  [mokaddem]
- [Tags] Correctly records `numerical_value` when enabling a taxonomy
  for the first time. [mokaddem]
- [decaying:tool] Correctly update the state of the enable/disable
  button after editing. [mokaddem]
- [decaying:tool] Prevent Object types overriding attribute types.
  [mokaddem]
- [decayingMapping:tool] Returns all allowed mapping if type list is
  empty. [mokaddem]
- [decaying:tool] Set `isEditable` parameter after editing a model.
  [mokaddem]
- [decaying] Set default value and pre-checks. [mokaddem]
- [decaying:basescore_config] Fixed CSS for large tags. [mokaddem]
- [decaying:tool] UI - Basescore does not override table anymore.
  [mokaddem]
- [decaying:simulation] Sorting result is displayed properly. [mokaddem]
- [decaying:simulation] Support of object_attribute in the simulation
  graph. [mokaddem]
- [decaying:tool] Attribute type table searching regression fixed.
  [mokaddem]
- [decaying] Adjust score if the attribute was modified after the last
  sighting. [mokaddem]
- [decaying] Fixes on UI, Basescore overflow and unauthorized edition.
  [mokaddem]
- [decaying:acl] Various ACL fixes. [mokaddem]
- [decaying:.json] Restored working behavior of `.json` views.
  [mokaddem]
- [decaying:tool] Correctly record type mapping if assigned during model
  creation. [mokaddem]
- [decaying] Do not access existing keys anymore. [mokaddem]
- [decaying:tool] Correctly save formula changes. [mokaddem]
- [decaying] attribute_types count fix. [mokaddem]
- [decaying:tool] Quick fix for mapping attribute type to models.
  [mokaddem]
- [decayingModel] Correctly skip tags if taxonomomy has not been
  configured. [mokaddem]
- [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain
  a numerical value. [mokaddem]
- [taxonomy:update] numerical_value gets updated correctly. [mokaddem]
- [taxonomy] Keep taxonomy predicates. [mokaddem]
- [decayingTool] Selection for checkboxes are correctly handled.
  [mokaddem]
- [decaying] Allow translation on errors. [mokaddem]
- [decayingTool] Prevent drawing illegal parameters. [mokaddem]
- [customauth] default setting for use_header_namespace should adhere to
  what is displayed (true) [iglocska]

  - as requested by the MELiCERTES consortium for CSP
- [feed] When fetching feeds, accept also text/plain in HTTP. [Jakub
  Onderka]
- Require exact monolog version 1.24. [Jakub Onderka]
- [internal] blackhole function default fixed. [iglocska]
- [audit] Correct title in audit log when admin edit user. [Jakub
  Onderka]
- [ACL] Added resetremoteauthkey to the ACL system. [iglocska]
- [sync] Post test fixed for sync users. [iglocska]
- [stix import] Fixed ttps malware from external stix files parsing.
  [chrisr3d]
- [stix import] Additional test if leveraged ttps are not None to avoid
  issues. [chrisr3d]
- [stix export] Typo on course of action galaxy type. [chrisr3d]
- [stix export] Making the validator happy with capec ids. [chrisr3d]
- [stix export] Avoiding custom vocabularies for an easier parsing of
  the result file. [chrisr3d]
- [stix export] Specifying tool name for mitre-tool galaxies. [chrisr3d]
- [stix export] Exporting tool type. [chrisr3d]

  - Type is what we call galaxy name, for instance
    Tool, Enterprise Attack - Tool, etc.
- [stix export] Exporting malware type. [chrisr3d]

  - Type is what we call galaxy name, for instance
    Stealer, Malware, Ransomware, etc.
- [stix import] Separation between vulnerability objects & attributes.
  [chrisr3d]
- [stix import] Keeping attack pattern, vulnerability & weakness objects
  uuid. [chrisr3d]
- [stix import] Listing ttps uuids instead of the full ttp ids.
  [chrisr3d]

  - Easier to compare directly uuids in related ttps
- [stix import] Fixed some typos. [chrisr3d]

Other

v2.4.115 (2019-09-09)

Changes

- [version] bump. [iglocska]
- Install crypt_gpg by composer. [Jakub Onderka]
- Allow to load Crypt_GPG from composer. [Jakub Onderka]
- [user] Remove unused private method. [Jakub Onderka]
- [user] Use machine readable format for fetching PGP keys. [Jakub
  Onderka]
- [feed] Error handling for saveFreetextFeedData. [Jakub Onderka]
- [feed] Handle exceptions for ServerShell::enqueueFeedCache. [Jakub
  Onderka]
- [feed] Throw exception if feed filter rules is not valid JSON. [Jakub
  Onderka]
- [feed] Better error handling for cacheFeedInitiator method. [Jakub
  Onderka]
- [feed] More accurate progress logging for downloadFromFeed. [Jakub
  Onderka]
- [feed] Better exception logging. [Jakub Onderka]
- [feed] New method Feed::jobProgress. [Jakub Onderka]
- [feed] New private method Feed::isFeedLocal. [Jakub Onderka]
- [feed] Use Feed::feedGetUri in Feed::getFreetextFeed. [Jakub Onderka]
- [feed] Feed::getNewEventUuids always return array with 'add' and
  'edit' fields. [Jakub Onderka]
- [feed] Proper error handling for fetching feed cache. [Jakub Onderka]
- [feed] New method Feed::feedGetUri to deduplicate code. [Jakub
  Onderka]
- [feed] Proper error handling for fetching feed events. [Jakub Onderka]
- [feed] Deduplicate preparing filter rules. [Jakub Onderka]
- [feed] Proper error handling for fetching freetext feed. [Jakub
  Onderka]
- [feed] Follow redirects by internal HttpSocket functionality. [Jakub
  Onderka]
- [feed] Proper error handling for fetching feed manifest. [Jakub
  Onderka]
- [stix2] Bumped latest STIX2 python library changes. [chrisr3d]

Fix
~~~
- [UI] Removed duplicate button title in userIndexTable.ctp. [Jakub
  Onderka]
- Throw exception when GnuGP homedir is not set. [Jakub Onderka]
- [UI] GPG keys are fetched from CIRCL keyserver. [Jakub Onderka]
- [UI] Fetching GPG keys. [Jakub Onderka]

  This error was introduced in 600e54051694ca4d479a9e2c82db45fe19a46a6c
- [stix2 import] Fixed hash patterns import for external STIX files.
  [chrisr3d]
- [security] Fix to a vulnerability related to the server index.
  [iglocska]

  - along with various support tools
  - more information coming soon
- [internal] orgs restricted to a domain displayed incorrectly.
  [iglocska]

  - afterfind messes up the keys by reusing the same var for an inner loop
- [feed] Fetching event manifest. [Jakub Onderka]
- [sync] Fixed major performance blocker. [iglocska]

  - fix based on the insights of @RichieB2B, the hero we need, not the one we deserve
  - added orgc_uuid to the minimal event index
  - added handlers for it on the pull side
  - when pulling from old instances the new functionality is skipped, resulting in the behaviour we had pre-patch
  - both sides of the sync are encouraged to update, especially if the slow pulls are causing issues
- [feed] Use own solution how to redirect when fetching feeds. [Jakub
  Onderka]
- [feed] shell_exec don't throw Exception. [Jakub Onderka]
- [UI] Remove rest of unused code. [Jakub Onderka]

  Inner code was removed in 3f03ceb22974352648e5163ee4b19eb94bc21106
- [server] on-demand action does not redirect to the updateProgress page
  anywmore. [mokaddem]
- [stix2 import] Dealing with the case of named pipe attribute being
  imported from custom object. [chrisr3d]
- [stix2 export] Avoid fails with named pipe export as custom object.
  [chrisr3d]
- [export] Add a proper filename to the event restsearch API's output to
  make downloading events a bit more convenient, fixes #4905. [iglocska]
- [authentication] prepend the baseurl to the login/logout redirects -
  fixes #3871. [iglocska]

Other
~~~~~
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #5119 from JakubOnderka/patch-24. [Sami Mokaddem]

  fix: [UI] Removed duplicate button title in userIndexTable.ctp
- Merge pull request #5120 from JakubOnderka/gpg-composer. [Andras
  Iklody]

  Install Crypt_GPG by composer
- Merge pull request #5103 from JakubOnderka/circl-key-server-
  description. [Alexandre Dulaunoy]

  fix: [UI] GPG keys are fetched from CIRCL keyserver
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
- Merge pull request #5117 from JakubOnderka/patch-23. [Andras Iklody]

  fix: [UI] Fetching GPG keys
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #5116 from JakubOnderka/patch-22. [Andras Iklody]

  chg: [user] Remove unused private method
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge pull request #5115 from RichieB2B/ncsc-nl/speedup-pull. [Andras
  Iklody]

  Speedup pull
- Log reason for event download failure. [Richard van den Berg]
- Log all errors from server pull. [Richard van den Berg]
- Loose a find when adding existing event. [Richard van den Berg]
- Merge pull request #5112 from JakubOnderka/fix-feed-get-manifest.
  [Andras Iklody]

  fix: [feed] Fetching event manifest
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
- Merge pull request #5101 from JakubOnderka/patch-20. [Andras Iklody]

  chg: [user] Use machine readable format for fetching PGP keys
- Merge pull request #5052 from JakubOnderka/error-handling. [Andras
  Iklody]

  Better error handling for fetching feeds
- Merge pull request #5102 from JakubOnderka/patch-21. [Andras Iklody]

  fix: [UI] Remove rest of unused code
- Add: [stix import] Importing pipe objects as named pipe attribute.
  [chrisr3d]
- Add: [stix export] Exporting named pipe attributes. [chrisr3d]
- Merge pull request #5084 from RichieB2B/patch-6. [Andras Iklody]

  Fix Declaration of RestResponseComponent warning
- Fix Declaration of RestResponseComponent warning. [Richie B2B]


v2.4.114 (2019-08-30)
---------------------

New
~~~
- [API] Added event delegations to the list of API enabled functions.
  [iglocska]

  - last minute feature creep
- [requestAccess] Made the requestAccess endpoint more API friendly and
  some UI improvements. [iglocska]

  - better handling of empty parameters
  - added the mock functionality to both API and UI, this will generate the e-mail to be sent and return it with no actual sending happening
  - defaulting to mock if emailing is disabled
  - fixed some minor bugs
- [communities] Added version and did some cleanup on the e-mail sent in
  a request. [iglocska]
- [communities] Descriptions added to the request form along with the
  anonymise checkbox. [iglocska]
- [communities] Include information about the server used to issue the
  request. [iglocska]
- [community] Added the first revision of the community metadata.
  [iglocska]
- [communities] Added support for requesting access for known
  communities. [iglocska]

  - site admins can list the misp-project maintained community list
  - request access to any of the communities
- [Internal] Index generator refactor. [iglocska]

  - loads of new features added
  - bunch of helpers updated
  - mainly a back/forward port from the frozen feed-rework branch with some custom changes
- [delegations] Added delegation index, fixes #5023. [iglocska]

  /event_delegations/index

  accepts context as a parameter with the following possible values:
  - pending: all delegations awaiting my organisation's review (default)
  - issued: all delegations issued by my organisation

  parameters can be passed via key:value parameters or via json objects
- [diagnostics] Added SQL table size tool. [iglocska]

  - along with various other small fixes
  - increased recommended memory size additionally

Changes

Fix

- [API] Messages fixed for event delegations. [iglocska]
- [API] event delegation inverted invalid IF branch. [iglocska]
- [internal] return true from the external email sender if no mocking is
  happening instead of the full email. [iglocska]
- [API] Set gpgkey to '' instead of array() if user has no pgp key set.
  [iglocska]
- [feed] Remove unused variables. [Jakub Onderka]
- [ui] Missing space and dot at export page. [Jakub Onderka]
- [invalid link] fixed. [iglocska]
- [API] Added gpgkey as a valid parameter for requestAccess in the API
  description. [iglocska]
- [UI] Fixed the annoying link underlines under action buttons.
  [iglocska]
- More issues with PostgreSQL. [Bechkalo Evgeny]

  - fixed error during update Job date_modified field (SQLSTATE[22008]:
  Datetime field overflow: 7 ERROR:  date/time field value out of range)
  - fixed error during fetching events while updating from feeds (
  SQLSTATE[42P01]: Undefined table: 7 ERROR: missing FROM-clause entry for
  table events)
  - fixed Feed edit view with wrong boolean forms (combobox instead
  checkbox)
- [invalid url] fixed. [iglocska]
- [communtiies] Added correct responses to the community request
  interface. [iglocska]
- [menu] Added community index to the top menu. [iglocska]
- SQL-error during obtaining dbSpaceUsage. [Bechkalo Evgeny]

  Fixed SQL-error in PostgreSQL for viewing Diagnostics Page
  Added check for datasource, added PostgreSQL handling (without
  reclaimable memory).
- Contact reporter via API. [Pierre-Jean Grenier]
- [ui] Show proper error message for ForbiddenException again. [Jakub
  Onderka]
- [appController] Fixed updateProgress redirection link. Fix #5068.
  [mokaddem]
- [cleanup] removed unused functions. [iglocska]
- [API] Fixed output of the attribute histogram. [iglocska]

  - no more STIX-ish barf inducing numeric string keys for dictionaries
- Fix 'contain' param in app/Model/Attribute.php:fetchAttributes()
  [Pierre-Jean Grenier]

  When we specified eg. 'contain': array('Event'), the merge done by the function was incorrect, and only kept more restrictive stuff,
  while we wanted to get all the keys related to the Event.
- Default to 0 when no distribution is specified. [Pierre-Jean Grenier]

  The current behavior conducted to set distribution to -1 in the returned json, and raise an 'Undefined index' notice
- [ACL] allow users to see delegations. [iglocska]
- [contact reporter] Rules somewhat relaxed. [iglocska]
- [UI] Correct class name in View/Elements/Feeds/View/row_attribute.ctp.
  [Jakub Onderka]
- [feed] Preview feed event don't have id. [Jakub Onderka]
- [feed] Prevent MITM for feeds that support HTTPS. [Jakub Onderka]
- [ui] Link to REST client at Automation page. [Jakub Onderka]
- [UI] Info message should not be error. [Jakub Onderka]
- [contact reporter] Various fixes, fixes #5040. [iglocska]

  - don't offer contacting a reporter of an event that doesn't have users on the platform
  - fixes to various bugs that broke this feature in the first place
  - Massive potential performance blocker removed from contacting individual reporters
- [UI] Multi select on the event index fixed, fixes #5047. [iglocska]
- [UI] Multi select and deletion of events fixed, #5046. [iglocska]
- [Tags] Correctly records `numerical_value` when enabling a taxonomy
  for the first time. [mokaddem]
- [ui] Show proper error message for ForbiddenException. [Jakub Onderka]
- [object:merge] Fix #5041, Duplicated value gets unique UUID and
  relaxed javascript equality check. [mokaddem]
- [updateProgress] Usage of correct FontAwesome class. [mokaddem]
- [sightings] Remove unused method. [Jakub Onderka]
- [organisations] Trim the domain restrictions both on load and on save,
  fixes #5034. [iglocska]
- [admin] Invalid domain restriction check for site admins, fixes #5035.
  [iglocska]
- Fix messages when we try to delete an attribute. [Pierre-Jean Grenier]
- [API] Made delegateEvent API friendly, fixes #5026. [iglocska]
- [API] delegate events by UUID, fixes #5024. [iglocska]
- Replace not exists MethodNotFoundException with NotFoundException.
  [Jakub Onderka]
- [tests] Some changes were not commited. [Raphaël Vinot]
- [UI] Fixed tag buttons not being in-line on the event view's attribute
  list. [iglocska]
- [warninglist] Entries cache is properly deleted. [Jakub Onderka]
- Import modules using 'misp_standard' format can be called via REST
  API. [Pierre-Jean Grenier]
- [ACL] Fixed read only users not being able to list the sightings,
  fixes #5022. [iglocska]

Other

v2.4.113 (2019-08-16)

New

- [API] get a single server setting via
  /servers/getSetting/[setting_name], fixes #4964. [iglocska]
- [API] Allow posting freetext data for ingestion via the event uuid
  instead of ID, fixes #4995. [iglocska]
- [internal / API] new component added to handle repeatable code across
  all controllers (toolbox controller) [iglocska]

  - added UUID -> ID lookup function and integrated it across several functions
  - fixes #4990
  - fixes #4999
  - fixes #4993
  - fixes #4991
  - fixes #4989
  - fixes #4987
- [session handling] Session handling fixes. [iglocska]

  - changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions
  - timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
- [sync] Added a protection from receiving empty published events from
  other instances. [iglocska]

  - a temporary solution to some older, bugged instances emitting them
- [debug] Added an on-demand sync debug to assist some debug sessions.
  [iglocska]

  - very primitives, simply concatenates events to be pushed into a file
- Reminder to run gen_misp_types_categories when model changes.
  [Christophe Vandeplas]
- [API] Attribute add rework - WIP. [iglocska]

  - handle attribute creation in a unified manner via captureAttributes
- [internal] Default field list added for attributes. [iglocska]

  - let's try to standardised on things we output instead of doing it manually. It's a first step

Changes

Fix

- [PyMISP] Bump, missing change. [Raphaël Vinot]
- [internal] Feed lookup by UUID removed as feeds don't actually have
  UUIDs, fixes #4998. [iglocska]
- [ToolboxComponent] fixed model name lookup by moving to Model->alias
  over Model->name, fixes #5003. [iglocska]
- [internal] Breaking bug with the feed edit fixed. [iglocska]
- [API] invalid object reference fixed in objects/view, fixes #5003.
  [iglocska]

  - the Copy Pasta God(tm) strikes again
- [API] get organisation by uuid for sightings/listSightings, fixes
  #4992. [iglocska]
- [API] Misp object delete's uuid lookup fixed. [iglocska]
- [API] removed testing exception. [iglocska]
- [API] Swapped error messages' content from "don't" to "do not" to
  avoid weird sanitisation artifacts coming from the exception handler.
  [iglocska]
- [API] error message. [iglocska]
- [API] Attribute edit fixed. [iglocska]
- Fix error messages. [Pierre-Jean Grenier]
- [API] /galaxies/view by uuid added, fixes #4993. [iglocska]
- [API] sightings restSearch now accepts uuids as org_id, fixes #4992.
  [iglocska]
- [API] Delete sightings by UUID, fixes #4987. [iglocska]
- [API] /objects/view should accept UUID as a parameter instead of just
  ID, fixes #4991. [iglocska]
- [API] Delete organisations by UUID, fixes #4989. [iglocska]
- [API] Access event proposals by uuid via
  shadow_attributes/index/[uuid], fixes #4988. [iglocska]
- [API] Adding an event without the info field set should never work,
  fixes #4984. [iglocska]
- [sharing groups] Fix the behaviour of roaming mode sharing groups,
  fixes #4983. [iglocska]

  - creating sharing groups without roaming mode and without any sharing group servers should automatically add the own server
  - adapt the new roaming mode behaviour from a few months ago on push: No explicit roaming mode set means no push, even if no servers are added
- [Sharing groups] Various fixes to align the reported local instance
  URL as the external_baseurl if set, as opposed to always using the
  baseurl, fixes #4982. [iglocska]
- [stix export] Dealing with course of action and threat actor objects
  the same way as for ttps. [chrisr3d]
- [sync] Sync object builder tool fixed. [iglocska]

  - was picking the wrong org as the owner of the remote side
- [warning-list] Split value just if type is malware-sample or contains
  `|` char. [Jakub Onderka]
- [stix export] No longer referencing all ttps from galaxies for each
  indicator. [chrisr3d]

  - Will save it later for galaxies at attribute level
- [stix export] Dealing with threat actors from attributes. [chrisr3d]

  - Using the recently added functions
- [API] /events/delete now accepts UUID as parameter. [iglocska]
- [stix export] Reusing uuid variable already defined. [chrisr3d]
- [sessions] Several minor fixes to the session handling. [iglocska]

  - cookieTimeout setting fixed
  - moved the session massaging into a separate function
  - added some translation calls for some of the setting errors involved
- [sync] Fixed an invalid massaging of object attributes before a sync.
  [iglocska]

  - on a push, object attributes were not correctly filtered out based on distribution settings
- [enrichment] Handling correctly comments at objects level. [chrisr3d]

  - Objects level comments were displayed but not
    handled at the end, they are now displayed,
    users can modify them as comments at attributes
    level, and they are handled then with the saved
    results
- [stix export] STIX objects id standardization. [chrisr3d]
- [internal] Double lookup during the pull resolved. [iglocska]
- [tools] Fixes gen types categories script. [Christophe Vandeplas]
- [stix export] Replaced try statements with if conditions for more
  readability. [chrisr3d]

  - It is better we are aware something fails
    unexpectedly instead of being caught by a try
    catch statement
- [stix export] Dictionary name typo. [chrisr3d]
- [stix export] Better tags handling. [chrisr3d]

  - Avoid passing event level tags everywhere
  - Using class variable for the tlp markings
- [stix export] Avoiding creation of some objects before we are sure
  they will be used. [chrisr3d]
- [API] /servers/restartWorkers response fixed for API users, fixes
  #4966. [iglocska]
- [API] Further fixes to /attributes/add. [iglocska]
- [API] Fixes to the new attribute add. [iglocska]
- [API] fixed an incorrect fix to the object references add function
  from earlier today, fixes #4866. [iglocska]
- [API] Posting on taxonomies/update returns an exception if taxonomies
  have no numerical_value set, fixes #4899. [iglocska]
- [API] the returned data when adding object references doesn't include
  the object_uuid, fixes #4866. [iglocska]
- [UI] Empty objects threw a notice on the event view. [iglocska]
- [API] Consistency in returned attribute fields when modifying it.
  [iglocska]
- [UI] tag index invalid tag name copy fixed. [iglocska]
- [API] Object edit clusterfudge fixed. [iglocska]
- [objects] Fix various issues with objects/edit. [iglocska]

  - value1 and value2 should not be included in the repsonse, fixes #4944
  - fixed input being misunderstood in certain situations
- [UI] Handle settings being removed from config.php more gracefully in
  the UI. [iglocska]
- [UI] Row description in View Warninglists. [Jakub Onderka]
- [PyMISP] Test cases are working again. [Raphaël Vinot]
- [UI] Event index tag display default setting fixed. [iglocska]

  - Resolving the fix that really wasn't...
- [internal] testBoolFalse logic error fixed. [iglocska]

Other

v2.4.112 (2019-08-02)

New

- [sync] Event index cleaned up, total count of listd events added as
  X-Result-Count header. [iglocska]
- [sync] Previewing a remote instance now passes pagination rules in the
  request instead of fetching the full data-set and paginating in
  memory. [iglocska]

  - fixes issues with empty preview pages
  - massive performance boost
  - requires the remote side to be the same version or newer
- [API] new parameters added to attributes/restSearch to include
  additional context, fixes #4935, fixes #4940, affects MISP/PyMISP#415.
  [iglocska]

  - includeSightings: include sightings for all attributes returned
  - includeCorrelations: include the correlations to other attributes (includes a light-weight event object with each attribute)
- [CLI] Added cleanCaches command. [iglocska]
- [API] Disable background processing on-demand via URL parameters.
  [iglocska]
- [setting] Disable DB logging completely, fixes #4921. [iglocska]

  - Not recommended, but for certain use-cases it might be desirable
- [API] Some more context for includeContext, fixes #4935. [iglocska]
- [API] includeContext now includes the additional event fields in the
  attributes/restSearch results (in JSON format) [iglocska]
- [API] Allow adding tags via /attributes/add directly. [iglocska]
- [alerting] Block the alerting of events based on the date field as an
  alternative to the timestamp, fixes #4937. [iglocska]

Changes

Fix

- [pymisp / querystring] versions bumped. [iglocska]
- [enrichment] Getting objects description from the view. [chrisr3d]
- [enrichment view] Passing description & template information about
  objects. [chrisr3d]
- [UI] enable buttons to add local galaxy clusters for host org users,
  fixes #4925. [iglocska]
- [local tags] Host org non admin users should be able to tag data owned
  by others, partially fixes #4925. [iglocska]
- [API] csv export incorrect handling of include context parameter if it
  was pushed and set to 0. [iglocska]
- [GalaxyCluster] relaxed the matching of cluster names to tags, fixes
  #4154. [iglocska]
- [enrichment] Encrypting attribute data if encrypt field is set.
  [chrisr3d]
- [webroot] Catching encrypt fields from the enrichment view. [chrisr3d]
- [enrichment view] Keeping encrypt field in attributes. [chrisr3d]
- [CSV] headerless flag fixed, fixes #2761. [iglocska]
- [UI] Fix to the related tags not being shown in the UI due to a local
  tag related exception. [iglocska]
- [API] Exception on /sharingGroups/removeOrg fixed, fixes #4884.
  [iglocska]
- [stix import] Fixed observable id fetching. [chrisr3d]

  - Avoid issues with observable composition ids
- [API] /attriutes/index fixed for non admin users. [iglocska]
- [sync] Fixed local tag sync filter events not being synced on a push
  as expected. [iglocska]
- [stix export] Fixed some code + using mapping dictionaries. [chrisr3d]

  - Using another file for mapping dictionaries, as
    we already do for all the other stix scripts
- [stix export] Reordered import list for more clarity. [chrisr3d]

  - Helps finding all the imports since their are in
    alphabetical order, avoiding any miss of STIX or
    Cybox object while adding/updating some
- [API] Freetext import now correctly handles the response of non-
  background processed tasks. [iglocska]
- [rest client] Potential fix to the skip ssl validation flag not
  working on wrong CN name. [iglocska]
- [rest client] Potential fix to the SSL validation skip not working.
  [iglocska]
- [UI] tag style on the index now correctly adheres to the default if
  not set. [iglocska]
- [UI] tags in minimal view can throw notice errors on the event index.
  [iglocska]
- [UI] Notice errors when the local tag on a viewed tag is not set,
  partially fixes #4938. [iglocska]
- Error during creating and deleting Attributes on PostgreSQL. [Bechkalo
  Evgeny]
- MariaDB error for quoting tablename. [Bechkalo Evgeny]
- Some PostgreSQL issues. [Bechkalo Evgeny]

  Closes: #3066, #3067
  Fixes issues:
  - wrong boolean and smallint conversion;
  - postgresql table and field naming (field 1_event_id is wrong name for
  field for example);
  - postgresql grouping (you cannot select columns without grouping them);
  - wrong checkbox rendering without keyword.
- [UI] notice errors thrown by tags in the event view. [iglocska]
- [proposals] POST on shadow_attributes/edit/{attribute_id}
  inconsistent, fixes #4857. [iglocska]
- [API] taxonomy/addTag now correctly responds if queried via the API
  instead of redirecting, fixes #4865. [iglocska]
- [API] sightings/listSightings should also support JSON parameters,
  fixes #4875. [iglocska]
- [API] Organisation edit now also accepts UUID instead of ID via the
  URL param, fixes #4896. [iglocska]
- [API] Fixed an edge case when the attribute historgram throws a notice
  error. [iglocska]

  - no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition

  - fixes #4880
- [API] Adding attributes via the freetext importer using the API
  resulted in several issues. [iglocska]

  - adhereToWarninglists was not correctly adhered to
  - the response didn't reflect what was saved, only what was pushed to be saved (excluding removals by warnintlists, several attributes added by adding more than one valid type, etc)

  fixes #4881
- [sharing groups] Add sharing group returns a list instead of a sharing
  group object, fixes #4882. [iglocska]
- [API] Exception on POST sharingGroups/addOrg, fixes #4884. [iglocska]
- [settings] Fixed the text for the block_old_event_alert_age setting,
  fixes #4909. [iglocska]
- [proposals] shadow_attributes/index default behavior modified to show
  all proposals by default, fixes #4936. [iglocska]
- [proposals] Fixed automatic setting of the category when adding
  proposals, fixes #4868. [iglocska]
- [API] Empty 'restricted to domains' returns string instead of array,
  fixes #4928. [iglocska]
- [UI] Rest client form validation disabled. [iglocska]

  - it was trying to validate using the Server model validation rules, which is obviously incorrect
- [UI] Tags were not shortened correctly on the event index since the
  refactor, fixes #4932. [iglocska]
- [servers] Adding a server now requires the name to be set, partially
  fixes #4889. [iglocska]
- [API] Server deletion now responds correctly via the API. [iglocska]
- [security] Fix to stored XSS. [mokaddem]

  - as reported by David Heise
- Removed unnecessary uuid rewriting in objects. [chrisr3d]

  - uuid is defined when the object is created
- Fixed direction of the relationship between files, PEs and their
  sections. [chrisr3d]

  - The file object includes a PE, and the PE
    includes sections, not the other way round
  - Backward compatibility with the events created
    with 'included-in' at the relationship_type
    between those objects
- Views invalid marker content fixed (#4820) [Steve Clement]

  fix: Views invalid marker content fixed
- Views invalid marker content fixed. [4ekin]

  Views fixed to avoid errors during POT file generating:

  Invalid marker content in
  /var/www/MISP/app/View/Elements/Events/View/related_event.ctp:23
  * __(
  sprintf('This related event contains %s unique
  correlation(s)',h($relatedEventCorrelationCount[$related['id']])))

  Invalid marker content in
  /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:102
  * __(
  Inflector::humanize($field))

  Invalid marker content in
  /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:108
  * __(
  Inflector::humanize($field))

  Invalid marker content in
  /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:126
  * __(
  Inflector::humanize($field))

  Invalid marker content in
  /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:132
  * __(
  Inflector::humanize($field))
- Load Galaxy mappings for misp2stix2 seperately from Objects. [Tom
  King]
- [travis] STIX modules. [Raphaël Vinot]
- [travis] resque stuff. [Raphaël Vinot]
- [travis] Fix composer things. [Raphaël Vinot]
- [Travis] Update the installation. [Raphaël Vinot]
- [travis] Installation (redis & co) [Raphaël Vinot]
- [event:view] Ensure sync users do not get local tags through ajax.
  [mokaddem]
- [tag_collection:index] Download configuration button is back.
  [mokaddem]
- [massageTag] Fallback on global tag if local parameter not set.
  [mokaddem]

  (Tag collections tags do not contain a local parameter)
- [tag_collection:index] Admin no longer have access to local tag if
  they are disabled. [mokaddem]
- [tag_collection:index] Correctly assign `isAclTagger` [mokaddem]
- [tagCollection:view] Do not show `add LOCAL galaxy` button anymore.
  [mokaddem]
- [tag:local] Allow users (with correct authorization) to detach tags.
  [mokaddem]
- Typo when the validation fails on an object. [Raphaël Vinot]

  Fix #4903
- [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain
  a numerical value. [mokaddem]
- [taxonomy:update] numerical_value gets updated correctly. [mokaddem]
- [travis] Remove legacy tests. [Raphaël Vinot]
- [kali] Kali was not in the support map (#4887) [Steve Clement]

  fix: [kali] Kali was not in the support map
- [kali] Kali was not in the support map. [Steve Clement]
- [galaxy:view] Adapt fontAwesome namespace based on the icon.
  [mokaddem]
- [CLI] Response after a CLI pull threw notice error. [Andras Iklody]

  Proposal pull now returns int instead of a list of proposals, meaning that count($data) was trying to count an int.
- [debug] Remove debug call. [Raphaël Vinot]

Other

v2.4.111 (2019-07-14)

New

- [attribute-type] community-id added. [Alexandre Dulaunoy]

  Community-id is a new attribute type to describe a flow hashing algorithm allowing
  the consumers of output from multiple traffic monitors to link each system's
  flow records more easily.
- [API] Proposal sync rework done. [iglocska]
- [proposal sync rework] WIP. [iglocska]
- [doc] "Hidden" NetBSD install (core works) (#4847) [Steve Clement]

  new: [doc] "Hidden" NetBSD install (core works)
- [doc] Hidden NetBSD install (core works) [Steve Clement]

Changes

Fix

- [internal] Explicit conditions to avoid ambiguous lookups. [iglocska]
- [UI] Fixed galaxy add buttons on event index. [iglocska]
- [bug] RestClient notice error fixed. [iglocska]
- [objects] delete now accepts delete HTTP method. [iglocska]
- [install] Do not modify testlive_comprehensive.py (#4864) [Steve
  Clement]

  fix: [install] Do not modify testlive_comprehensive.py
- [install] Do not modify testlive_comprehensive.py. [Raphaël Vinot]
- [hover enrichement] Fixed index in attribute. [chrisr3d]

  - Depending on the format of attribute passed to
    the function
- [utils] Added missing util "sponge" via moreutils (#4861) [Steve
  Clement]

  fix: [utils] Added missing util "sponge" via moreutils
- [utils] Added missing util "sponge" via moreutils. [Steve Clement]
- [proposal] sync fix stage 1. [iglocska]

  - added new capture function
  - reworked the proposal index
- [sync] Proposal pull restricted to 14 days. [iglocska]

  - no need to pull ancient proposals each time
- [api fix] Deletes broken due to invalid boolean. [iglocska]

  - /facepalm
- [API] delete http requests properly accepted by some /delete
  endpoints. [iglocska]
- [galaxy:add] Prevent bug when submitting empty galaxy. [mokaddem]
- [sync] Fixed a bug breaking the sync. [iglocska]

Other

v2.4.110 (2019-07-08)

New

- [tags]  Local tags feature added. [iglocska]

  - Create tags locally if you are a host org user that allows in-place tagging for sync / export filtering
  - Events are NOT modified using these tags
  - Local tags always get stripped before syncing
  - Local tags allow host org users to violate the ownership model of MISP
  - galaxies, attack matries also included

  - some sync fixes
- [correlation graph] Toggle physics on/off. [iglocska]

  .,/#&&@@@@@@@@&%(*.
                                                           #@@@@%*..,..,.,,.,,.,.,.,,,,..,*#@@@@(
                                                    .&@@%,,.,,.,,,*#%&&&%#(/**,,**/(%&&&%(/,.......(@@@,
                                                %@@(,,,,,,(&&%*..........  ...*,*..,.........../&,....,%@@,
                                            &@&,,,,,*&&(....  .*....*..//.../../(...*.*(...%..........#&(....*@@/
                                        ,@@,,,.,#......#..#*..(#..(*./,..,...*(...*.,.*..........#/#.....%&,..,/@@.
                                     /@%,,,,(&(.....#/,...#../.(#...,/.,,../,..*(...*...%,.........,*...#./....#&,.,,@@.
                                  .@&,.,,%&....,,....(*,.../.(,..(...,..,..*#..,,..,..,...*,....../#...,..(//.....,&/..,&@.
                                %@,,,,#&...,,/./**....(,,..(,.//..,*..............................,.....././(.,..*...,&/,,,@&
                              @%,,.(&,../(*..(#../#....(*. /....................................../,..*.*..//,,..,/.....,&...%@
                           .@(..,&&,......%,,/..../(..(................................................/(..(.,.*.....**....%#,,*@,
                          @(,,*&%*.........*((....*#.......................................................(*.,,.......*,#...*&..,@*
                        @#,,/&%,.(*..........#,/.............................................................../...*..*(.......*&.,*@,
                      #@,.,&&*.#&/(.,...............................................................................,...(...,.,,.*%..*@
                     @*,,%@/......#*(................................................................................./. (./.#.....#%..%@
                   &@,,/..........#,../................................................................................,.#.........&*,,@*
                  @/,,&@,............/(..................................................................................#............*&../@
                 @*,/&&.................................................................................................................&,..@
               (@,,(&(...................................................................................................................%%..@(
              (&,,#&*.....................................................................................................................,%../%
             #@,,%&........................................................*/,...../(*......................................................&..*@
            /&,,%&....................................................,                  **..................................................&..,@
           *@,,%&..................................................,     . . ..       .  .  *,................................................&..*@
           @*,#%,................................................*   ..                       (................................................&.,*%
          @/,*#*...............................................*%/,,,***,...,,.  ..............,&..............................................,&..&(
         %&,,%@...............................................%**,..,,,,,,,......,. ........   ,,%#............................................./(,.@
         @*,(%................................................*,..*(*.*,,...*,/..*,.. ... .,.*... ...............................................&*..@
        &(,,#,...............................(/**,,,.,,(.*/,%&&%#*/#(....,* .,...... */. ..,/**/(##% *,,.,,.( .   .(..............................&..##
        @*,%#................................*.... .(/..... %,,.,,*.,**.,,,,,,*((*,..... .(. . . .. ,.,,,..,. .....,..............................#(..@
       ,,/,................................*.  ...........#,*.,/*.,,,,,,,,,,,...,*.......  .(. .  *              %...............................&..*#
       @/,##.................#*..,*,,,,..(/,,,*.,***/,,,,/*/*.,,,,,,,,,,,//***,,,**...... ..   ./.%.,*.(*,,,..,.,/,..,***/*#...*%(...............%(..@
      .@*.#*..........,,,,,*,%....,/,**/...,//(/...*/((,.,/&%((/***/*//**///////********,,,,......./%(..........      . .,,,,.....#*.. ...,.........%..%/
      #(*//..........%,.,,,,.%........... . ...............*/****,*,,,,**,,,,,,,,,,,,,..,,.........(,,,,,*,,,*,,,.........     ....( ...../.........&.,.@
      @/,(/........%%,.,,*,(%/*/*...,.,,*,..............,,.,/%%%###%%##%####(#%####%%(/((###(//(%((..................,   .  ....,%%((((//(&.......#/..@
      @/,((..........%......#*...........,..............,.../,//****/***/**,,*/,,/(*,*,,........**.(.,.................*...........&     .*.........,%..@
      @/,#/..........(,,.,,,(*.........../..............,.../,/*/((((//*//*,*#***,./,/,,,........*./...................*...........%....../..........%..%.
      @/,#*..........#......*/...........*..................*.**/,.,*(//**/,..,..,...*,,,..,*,...*.(...................*...........%   .../..........&..(,
     .@(*#,..........%......//...........,.,......,,*,**....*./**(,##,(//*/,/%&&&%%&//,,,..,//,.,*.(...../,,,,.........*.,.,.,.....& .. ../..........&../,
      @(*#,..........#...(,,&/.....,%##(,*.......,,/*,(.,..,*./*/(*/**(/*,/,///***,.*/,,,..,../.,*./.....*/..(........./,*,*#......&,../..*..........&..(,
      @(*#/..........#..*...%/...,.*,..#,,.......,,,..#,,.,,*./*/(*//*(//,(**//,,,,.*/,.,.,*../../,/...../(..(.........(.,..(.,....#. ..*.,,.........%..%
      @/*/*..........#..,...%*...,.*,..#.,.......,*,..(.,,..*,**(#*((/(//,/********,*/*,,,.*..*.,/,(.,...*(..(.........(.,..(......#... *.*,.........%..@
      &//*,..........%..*...&,...../...(,,......,,*...(.,,,,,.///(*/////(*(,/*/***,,*/*.,.,*..*.,*./.,...*(../.........#,,..(......#.   /./..........#..@
      *%/,#..........%..,...%,...........,.......,*...#.,,,./.**((*//*(//*(,/*/**,*,//*,,..,..*.,/,(...,.*#../,........#. .,......./.   /.*.........**..@
       @/,(,.........%..    %....,..,....,,......,*...(,,,,/.,/,./*/(,(((/%#*,(///*//((,...*..*.,*,,#.,,,//  ,.........#...........#.   . ,.........&..%/
       @(/,/....,.........,*..,.........,,.....,.,.,,*,,,*//***,,,,,,**,***,****//(((##%%#######(#(#(..,.***,,,........#............./...    ..,*...%..@
       ,@/,#,...,..,.,**,,,..,,,.,,.....,.,.,...,,/***/,,//(/////////**///(////**,,,,,,**,,,,......./.*,,**,,,,........#.............*,,,*,,,..**..#*.,%
        @/**/...............................,,,,,,,,,,,*&&%%%###%%%%%%%%%&&&&&&%%##((/////***,*,,,,*/#%(&%###%%%%%&&&&&&%########((//**,...........%..@
         @/,/...........,%...............................**,,,,,,,*******//((###%%%&&&&@@@@@@@@@@@@@@%...............................,,,,,,,*/*.**.*&
         /,#.....,*.,%&&%...........,.,..,*.....*,&/......*.*,/....&(#%......,.....*. ,.....,,,............../*........ .............../,..#*,..%..@
          @/*,/..,*@*...../(...........%*(,*%....,/#../#....*%( /.....(*.....,*,....(,......../.,......(,......#(.....#...#...........,.....//...&..%,
           @/,**.*(....(,%./%.........*%,#.,&.....,(..&.....*%.##.....((.....,/.....*/........(........(,......#(....../../........../.......((.**.*&
           (@/,(*..%#....,.,&........................................................................................................#*....../.,%..@
            #%/,(,..**/,..*%..*....................................................................................................,..#,.**(#..#..@
             @%/*#*.,....%*.#*%,,...................................................................................................%.........%.,@
              /,(/...,%.%./.*@*,................../&//...................................................,#*................../#*....&*./..%.,@
               &&/,(%..,./.(&....,/,..............,#(/,/. ,..............................................(*,,.,,...............,*..&..*../.,#.,@
                /&/,*%..,%,....*.(&*%............##.,...*&., ,....................................../.#...,,.../................%,..../&,.*,.,@
                 ,@/**%*......,&(...&.#................*&..,(,./(,*.............................*..%./*.....#*,............*......,%.*,..&.,/%
                   @(/*#&..*/@.......%#(%............,/&...,(*#..(#./#.................,*.,.%,, .( ....,*.................,#...,.....(..#,.@*
                    #&/**&%......,,(&/..*.,................,%..../%(,..........///,#(.,*.....(.#,.,....#(...............%.*..%.....(..%,,,@
                      @(/*(&*...*&.((...../%/..................,/(.............*......./##,...(,..#*.....................,#.,..%.*..,/,,@*
                       #@//*#@..##%..../.%...%....................,............(/.../..(*..,../...................#/.....#..%...,..%..*@
                         @&(**%@,.,/.,.(*...//...................................%&(................................& &,..*..%,..%,,.@
                           @&(*/#&(..((..,.#/....../.*.*.......................................................%.,...%*..%/....%...@.
                             @&(//(&@...%#/.......#/%..*.( /,..........................................*,,...../*%*,...#..../(.,.@.
                               &@(///%&/...........,/#.....*/##(.....................................,*,........(.%%#,/...%,.,*@
                                 /@#((/(%&*.....*/..((%...*/#...,*((#&.  ,,*///*..............(*.../*.,.*,......&......%#.,,@%
                                    &@((//#%&*...#(**#.../,/...*#*/../,,.*.*...(*,,..((....../,.....,,./........(...%/,,,#@
                                       @@(((((%%&,....../,/...,.**/..*,*..,,,(/..,,.,.,......(,.....(,..(, ...../%*.,,(@*
                                          #@%////#%%&*....#.,(.,#*,..*,...*,./*.....#(........(,....(.......(%/,,,,&@.
                                             .&@#////(#%%&(.....*&&*/*(...*,,..*./,...(...............,/%/,,,,,%@#
                                                  #@@/*////(#%%&&/.........,*(#*..(,/*.........,*#%//,,*,,*@@(
                                                       /@@@(/(////((((###%&&&&%%%%%%%%&%%##(/*******/&@@(
                                                              ,%@@@@%#((//////******/////(/#%@@@@%,
                                                                            .,***/***,.
- [UI] Filter the object template index using the quick search.
  [iglocska]
- [API] On-demand inclusion of attribute relations via the event view
  endpoint. [iglocska]

  - new URL param, includeGranularCorrelations:1 added

                                   |\    /|
                                ___| \,,/_/
                             ---__/ \/    \
                            __--/     (D)  \
                            _ -/    (_      \
                           // /       \_ / ==\
     __-------_____--___--/           / \_ O o)
    /                                 /   \==/
   /                                 /
  ||          )                   \_/\
  ||         /              _      /  |
  | |      /--______      ___\    /\  :
  | /   __-  - _/   ------    |  |   \ \
   |   -  -   /                | |     \ )
   |  |   -  |                 | )     | |
    | |    | |                 | |    | |
    | |    < |                 | |   |_/
    < |    /__\                <  \
    /__\                       /___\
- [stix import] Parsing observable compositions from external STIX
  files. [chrisr3d]
- [security] Made certain settings modifiable via the CLI only.
  [iglocska]

  - some settings are too risky to be exposed, even to site admins, so made them CLI accessible only
- [server settings] Added option to disable the write collision safe
  rotating config.php handler. [iglocska]

Changes

Fix

- [stix2 export] Fixed user account pattern creation. [chrisr3d]
- [stix2 export] Fixed user account observable extension. [chrisr3d]
- [galaxies] several minor issues fixed in the UI. [iglocska]
- [CLI] admin->setDatabaseVersion fixed. [iglocska]
- [discussions] Fix to a potential black-hole inducing issue. [iglocska]

  - this totally won't do anything
- [tmpdir] fixed invalid file path. [iglocska]
- [UI] Fixed erroneous tag add buttons from the index. [iglocska]
- [internal] upload sample had a hard coded tmp path that would fail to
  the php fallback if MISP is not installed in /var/www/MISP. [iglocska]
- [stix2 import] Quick variable simplification. [chrisr3d]
- [stix2 import] Reusing functions to simplify the code & avoid
  duplicates. [chrisr3d]
- [stix2 import] Fixed network socket values from pattern. [chrisr3d]
- [stix import] Fixed backward compatibility of an exception. [chrisr3d]
- [eventGraph] Correctly pick the first-matching requiredOneOff to
  generate the object's label. [mokaddem]
- [enrichment] Avoiding issues with failing references. [chrisr3d]

  - In our case of handling module results, we don't
    especially want the results parsing to stop
    because of a missing/failing reference, we just
    want to skip it
- [events] Create massive dummy events. [mokaddem]
- [enrichment] Fixed meta-category fetching. [chrisr3d]

  - Due to the javascript part, we need to set a
    'meta_category' field, which we then translate
    to the expected 'meta-category' field, but which
    is not required when enrichment is called from
    the event level
- [installer] Variable regression (#4829) [Steve Clement]

  fix: [installer] Variable regression
- [installer] Variable regression. [Steve Clement]
- [doc] Fixed systemd unit (#4827) [Steve Clement]

  fix: [doc] Fixed systemd unit
- [doc] Fixed systemd unit. [Steve Clement]
- [installer] Update to correct checksums. [Steve Clement]
- [installer] Installer had some bugs for os-detection. [Steve Clement]
- [doc] Added missing misp-modules centos (#4825) [Steve Clement]

  fix: [doc] Added missing misp-modules centos
- [doc] Added missing misp-modules centos. [Steve Clement]
- [modules] Added full attribute to full event enrichment's module
  query. [iglocska]
- [stix2 import] Fixed socket extension parsing + reusing code.
  [chrisr3d]

  - Reusing the function defined to avoid duplicates
    for network socket objects generated via the
    MISP to STIX2 export
- [stix2 import] Replacing unnecessary defaultdict by dict. [chrisr3d]
- [stix2 import] Reusing function & avoiding duplicates. [chrisr3d]
- [stix2 export] Making stix2-validator happy with email additional
  header fields. [chrisr3d]
- [stix2 export] Making stix2-validator happpy with registry key
  patterns. [chrisr3d]
- [internal] processing freetext data without background workers fixed.
  [iglocska]
- [enrichment view] Testing if event metadata elements exist before
  displaying them. [chrisr3d]
- [enrichment] Applying regular expressions to values before displaying
  them. [chrisr3d]

  - So when the DB is queried to find if object
    attributes with those values already exist,
    we do not miss some stored values
- [enrichment] Strengthened query conditions to find existing object
  attributes. [chrisr3d]
- [enrichment view] Displaying Tags only if not empty (error otherwise)
  [chrisr3d]
- [enrichment] Added missing variable. [chrisr3d]
- Returning tags & galaxies from module results. [chrisr3d]
- [enrichment view] Fixed attributes display wwwwwwwwwww. [chrisr3d]

  - Making attribute value display accept to be on
    multilines to let more space for uuids to be on
    1 line
  - This makes the global display lighter with long
    attribute values, because they were displayed on
    only 1 line, making uuids displayed on 3 or 4
    lines, making the complete view height way bigger
    than expected
- [enrichment view] Displaying forgotten header when there is no object
  in module results. [chrisr3d]
- [enrichment] Setting importComment value before going to the view.
  [chrisr3d]

  - Saving a variable & will avoid issues when reusing
    the view for import modules
- [enrichment] Json format of validation errors. [chrisr3d]
- [enrichment view] Fixed mispositioned closing tags. [chrisr3d]
- [enrichment] Fixed tags classes names following the latest changes on
  the module results view. [chrisr3d]
- [enrichment view] Using some MISP event view parts. [chrisr3d]

  - Using the same design as objects and attributes as in
    the MISP event view
- [enrichment] Fixed change on types & categories. [chrisr3d]

  ... that should be applied on attributes level and
  not on object attributes level
- [enrichment] Removing traces of some variables related to the freetext
  import. [chrisr3d]
- [enrichment] Removed possibility to display freetext result in the new
  module results view. [chrisr3d]
- [hover enrichment] Displaying information of empty results when
  needed. [chrisr3d]
- [enrichment] Displaying reference saving errors in the job status.
  [chrisr3d]

  - Finaly using the dedicated list to display
    validation errors for references
- [enrichment] Better references handling. [chrisr3d]

  - References are all handled at the end, after the
    attributes and objects are all saved (or skipped
    when needed).
  - Since we no longer have any data in '$failed',
    we simply skip every reference related to uuids
    present in this list.
  - '$recovered_uuids' is the list used to handle
    uuids of resolved attributes/objects already
    in the event.
  - We also skip references already present in the
    event (i.e same source, same target and same
    relationship type).
- [enrichment] Better resolved objects handling. [chrisr3d]

  - We handle the initial object independently from
    all the other objects.
  - We make sure Object attributes are not already
    in the event (i.e the object is not already in
    the event) before saving it
  - Some other cases handled a better way to make
    sure we skip saving object attributes or
    references when they should not be, or to skip
    what should be skipped.
- [enrichment] Redefinition of the '$failed' array. [chrisr3d]

  - Used as list and not as dict
  - Used to keep a list of failing attribute & objects
  - Attributes already present in the event are no
    longer saved in this list, and their uuid is saved
    in the '$recovered_uuids' list which is used to
    redirect the resolved attribute / object uuid to
    the same already present attribute / object
- [enrichment] Fixed inflector typo. [chrisr3d]
- [enrichment] Simplified tests if not empty. [chrisr3d]

  - In those specific cases, we can simply skip
    testing if something is set or equals 0, '' or
    false, since it is all implied in 'empty'
- [enrichment view] Quick change, using variable. [chrisr3d]

  ... Instead of going twice through the dictionary
  keys to fetch the same value
- [enrichment] Displaying error value in the job status instead of the
  json format. [chrisr3d]
- Removed test variables. [chrisr3d]

  - Also pardon my French
- [enrichment] Typo on Object references field relationship_type.
  [chrisr3d]
- [enrichment] Fixed missing object_relation field. [chrisr3d]

  ... for object attributes fetched from module
  results form
- [enrichment view] Quick display fix. [chrisr3d]

  - Making sure the submit button is always at the
    bottom of the page
  - Fixed missing closing tags
- [freetext import] Deleted not used variable. [chrisr3d]
- [cleanup] Fixed indentations. [chrisr3d]
- [enrichment] Fixed handleModuleResults input variable name. [chrisr3d]
- [enrichment] Fixed missing merge conflict. [chrisr3d]
- [enrichment] Set sharing group id to 0 when distribution is not
  'Sharing Group' [chrisr3d]

  - Also setting some return data & fields
- [enrichment view] Added missing form fields + button typo. [chrisr3d]

  - Those form inputs are the ones that are used in
    the javascript part to submit results
- [enrichment view] Fixed Object sharing group field location.
  [chrisr3d]
- [enrichment view] Trying to avoid submit button to be somewhere not
  intended. [chrisr3d]
- [enrichment] Avoiding errors on distribution and sharing group data.
  [chrisr3d]

  - Making sure we do have a value for distribution
    and sharing group
  - Avoid translating distribution levels into their
    human meaning because the output process capturing
    data from the form will anyway use the numeric
    values. Readable values are btw displayed in the
    form for users confort
  - Also sanitized data displayed
- [enrichment] Testing if an object has attributes before looping over
  them. [chrisr3d]
- [stix2 export] Making stix2-validator happy about mac addresses.
  [chrisr3d]
- [stix2 export] Fixed TLP marking definition objects creation.
  [chrisr3d]
- [stix2 export] Fixed registry-key keys and values parsing for
  patterns. [chrisr3d]

  - There was an issue with back slashes that made
    sometime indicators creation fail
  - Also switched from concatenation to join
- Libonig2 -> libonig4 (ubuntu bionic) [Raphaël Vinot]
- [stix2 export] Making reusable subfunctions. [chrisr3d]

  - Useful for the next functions to come using the
    same pieces of code
- [stix2 export] Defining pattern with join intead of concatenation.
  [chrisr3d]

  - Started splitting functions with sub-functions
    for a reuse
- [stix2 export] Improved network socket object creation. [chrisr3d]
- [stix2 export] Fixed credential objects mapping to avoid missing
  required stix fields. [chrisr3d]
- [stix import] Fixed stix_edh library import error catching. [chrisr3d]
- [row_attribute] feed correlation popover not being displayed for feed
  type other than MISP format. [mokaddem]
- [relatedEvent:view] catch if number of correlation cannot be found.
  [mokaddem]
- [event:addTag] User can add multiple tag collection at once.
  [mokaddem]
- [stix2 import] Fixed wrong function used. [chrisr3d]
- [installer] Currently misp-packer fails on waiting for user inpu…
  (#4788) [Steve Clement]

  fix: [installer] Currently misp-packer fails on waiting for user inpu…
- [installer] Currently misp-packer fails on waiting for user input
  during upgrade. [Steve Clement]
- [data-massaging] Removed massaging for float type attributes.
  [iglocska]

  - it not only stripped anything but floats as expected, but additionally also rounded the value
- [js] fixes #4678 and javascript errors. [Christophe Vandeplas]
- [API] Simple worker management added. [iglocska]

  - /servers/startWorker/[queue]
  - /servers/stopWorker/[pid]
  - /servers/getWorkers
- [object:proposeValidTemplate] Support only_full_group_by sql mode. Fix
  #4746. [mokaddem]
- [UI] Enrichment hover should also work after sorting / changing the
  event attribute context, etc. [iglocska]
- [stix import] Fixed address objects parsing. [chrisr3d]
- [shell] ask_o () needed some quotes, regenerated installer. (#4750)
  [Steve Clement]

  fix: [shell] ask_o () needed some quotes, regenerated installer.
- [shell] ask_o () needed some quotes, regenerated installer. [Steve
  Clement]
- [stix import] Better handling of missing python libraries. [chrisr3d]
- [security] Fixed an RCE vulnerability with user controled entries
  being fed to file_exists. [iglocska]

  - phar protocol paths for php file instructions can lead to RCE via meta-data deserialization
  - mitigated by the functionalities enabling this being only accessible to site admins

  - Reported by Dawid Czarnecki
- [ajaxTypes] copy pasta fixed. [iglocska]

Other

v2.4.109 (2019-06-13)

New

- [eventblacklist] Added search filters. [iglocska]

  - We really need a DISP - development information sharing platform
- [eventBlacklist] Added support of bulk deletion of entries. Fix.
  [mokaddem]
- [statistics:galaxyMatrix] Added filtering capabilities. [mokaddem]
- [object:fromAttribute] Started dev on merging selected attributes into
  an object - WiP. [mokaddem]
- [API] added new restSearch filter - date. [iglocska]

  - deprecated to and from
  - date works similarly to timestamp, accepted syntax options:
    - time ranges in the shorthand format (7d or 24h, etc)
    - timestamps
    - fallback parsing for other formats (2019-01-01, "fortnight ago", etc)
    - date ranges using lists [14d, 7d]
- [cleanup] Added admin tool to remove all published empty events.
  [iglocska]

  - part of the solution to the empty event sync issue introduced in 2.4.107
  - skips the event blacklisting
- [sync] Block pulled events from being saved if they contain no
  attributes/objects. [iglocska]
- [emailing] Server admins can get a threshold for per org e-mail
  alerts, fixes #4714. [iglocska]

Changes

Fix

- [installer] added missing python zmq lib. [Christophe Vandeplas]
- [installer] Commit: https://github.com/MISP/MISP/commit/1716ca7da9d671
  a5e103069d4b74c867a17b1020 regressed the installer to an earlier
  version. [Steve Clement]
- [UI] weird blue button fixed. [iglocska]
- [galaxyMatrix] Handle case if deprecated galaxy does not exists.
  [mokaddem]
- [galaxyMatrix] Catch error if no element in column. [mokaddem]
- [event:galaxyMatrix] Apply ACL on the galaxy matrix scores (event
  view) [mokaddem]
- [galaxyMatrix:export] Removed multiple bugs providing inconsistent
  result. [mokaddem]
- [Attribute:restSearch] Prevent failing if file empty. [mokaddem]
- [galaxyMatrix] fixed layout for other views. [mokaddem]
- [attributes] Correctly pass the user object and renamed delete
  function. [mokaddem]
- Few typos. [mokaddem]
- [object:fromAttributes] SYNC support for older instances (duplicate
  attributes and their contexts) [mokaddem]
- [sync] Correctly capture the attributes from a groupment into an
  object during the sync. [mokaddem]
- [attribute:editAttribute] synchronisation support when attributes got
  merged into an object. [mokaddem]
- [object:fromAttributes] Catch if `requiredType` is empty. [mokaddem]
- [object:fromAttributes] Correctly skip non valid attributes.
  [mokaddem]
- [galaxy:add] Fix #4733 (adding galaxies on attribute) [mokaddem]
- [security] Org admins could reset credentials for site admins.
  [iglocska]

  - org admins have the inherent ability to reset passwords for all of their org's users
  - this however could be abused if for some reason the host org of an instance would create org admins
    - the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
  - the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
  - only org admins of the same organisation as the site admin could abuse this

  - as reported by Raymond Schippers
- [sync] Push all bug with empty events fixed. [iglocska]
- [permissions] Fixed the default sync/user/publisher permissions to
  include perm_tagger and perm_tag_editor(sync only) [iglocska]
- [CSRF] END THIS NIGHTMARE. [iglocska]
- [CSRF] Potential fix for the CSRF issues via tag/galaxy additions.
  [iglocska]
- [session] Fix to automatic session destruction in previous attempt to
  fix the overflow of API sessions. [iglocska]
- [API] Destroy the session at the end of the execution. [iglocska]
- [sync] Temporary fix for empty events showing up in syncs when pulling
  from a new instance via an outdated one. [iglocska]

Other

v2.4.108 (2019-06-04)

New

- [Sync] Add a tool to create MISP sync configuration JSONs and to
  ingest them, fixes #4696. [iglocska]

  - sync user can log into remote instance, extract config JSON
  - paste it into own instance as site admin to add MISP sync connection
- [API] AND for tag filters in restSeach added. [iglocska]
- [API] Added object_relation as a filter for both the event/attribute
  restSearch functions. [iglocska]
- [paranoid logging] Added POST/PUT body logging on demand. [iglocska]
- [logging] Added paranoid logging mode. [iglocska]

  - will log ANY query's (UI/API):
    - http method
    - requested URL

  - optionally disable DB logging for paranoid log entries
- [logging] Added verbose logging to the server sync test throwing an
  unexpected error. [iglocska]

Changes

Fix

- [UI] Event lock concatinating quoted empty strings. [iglocska]
- [UI] Double sanitisation of org view fixed, fixes #4704. [iglocska]
- [sync] Further fixes to the deleted flag changes breakig things.
  [iglocska]
- [authkey] Fixed The authkey variable (Viper should work again) (#4694)
  [Steve Clement]

  fix: [authkey] Fixed The authkey variable (Viper should work again)
- [authkey] Fixed The authkey variable (Viper should work again next
  run) fix: [doc] Upated RHEL formatting and added $RUN_MYSQL (scl
  enable foo) variable. [Steve Clement]
- [sync] Critical bug fixed that blocked attributes from being included
  in a push. [iglocska]

  - due to the change to the deleted flag that was not reflected in the way we prepare events for the synchronisation
- [sync] Fixed an issue that dropped the remote org. [iglocska]
- [UI] Add the create server sync description menu to the server list.
  [iglocska]
- [sync] whitelist fields that can be added via the JSON config.
  [iglocska]
- [UI] Invalid redirect fixed. [iglocska]
- [organisation:view] Fixed spinner when viewing events from an org.
  [mokaddem]
- [API] Weird responses from JSON objects fixed when data returned is
  empty. [iglocska]
- [API]  Wrong JSON output when /events/index returns empty result,
  fixes #4690. [iglocska]
- [UI] Org index filter fixed. [iglocska]
- [stix2 import] Fixed external domain & x509 patterns import.
  [chrisr3d]
- [freetext import] Fixed shadow attribute import. [chrisr3d]
- [feed] Feodo  tracker blocklist URL replaced. [Sascha Rommelfangen]
- [submodule version check] fixed. [iglocska]
- [event:view] Correctly support the new `deleted` parameter behavior.
  [mokaddem]
- Fix: [restSearche] Correctly interpret the `deleted` parameter on
  `event` and `attribute` scope. -- Pair programming with @iglocksa.
  [mokaddem]
- [UI] Fixed checklocks polluting the top bar. [iglocska]
- [upgrade process] For the recovery script, also take "failed" upgrades
  into account. [iglocska]

  - not all update script errors are actual failures, some insertions of table rows that already exist to resolve potential previous update issues would otherwise not be flagged
- On-Demand Action missed side menu fixed. [4ekin]
- [API] Allow more flexibility on the return content types. [iglocska]

  - also set RPZ as txt
- [enrichment:popover] Correctly fadeout when clicking on the close
  button. [mokaddem]
- [eventGraph] Patch to support new font-awesome 5.8. [mokaddem]
- [STIX] STIX upload fixed for API use. [iglocska]
- [installer] Piping large shell scripts to bash needs more testin…
  (#4644) [Steve Clement]

  fix: [installer] Piping large shell scripts to bash needs more testin…
- [galaxy:add] Consider both model names when doing a mass cluster
  addition. [mokaddem]
- [installer] Piping large shell scripts to bash needs more testing and
  should not be used, for a very long time. [Steve Clement]
- [installer] Checksum checker had a bug (#4632) [Steve Clement]

  fix: [installer] Checksum checker had a bug
- [installer] Checksum checker had a bug. [Steve Clement]
- [stix import] Fixed email attachments parsing. [chrisr3d]

  - Being less restrictive and supporting email
    attachments that are referencing objects not
    under the related object fields of the email,
    but referencing another object at the same level
    as the email, within the STIX incident
  - Also parsing potential references even when the
    STIX file is coming from MISP export
- [stix import] Supporting multi attachment attributes for the email
  object. [chrisr3d]

  - As specified in the object template
- [Logs] Event history missing proposal entries and deletions.
  [iglocska]

Other

v2.4.107 (2019-05-13)

New

- [installer] Added rhash and an sfv file for the installer chg:
  [installer] Updated installer to latest. [Steve Clement]
- [ATT&CK] Added new export system for restsearch for ATT&CK. [iglocska]

  - Return the ATT&CK matrix data as HTML via the API
  - Directly viewable via the REST client

  - Greetings from the ATT&CK workshop @ Eurocontrol
- [API] Added includeWarninglistHits to the attribute search API.
  [iglocska]
- [API] Added includeWarninglistHits as a possible filter for the event
  level restsearch. [iglocska]
- [installer] First scaffolding of an OS detector. [Steve Clement]
- [update] Injected update-related files/changes from zoidberg.
  [mokaddem]
- [yara] Added diagnostics. [iglocska]
- [object:add] UI to propose to merge into similar objects - WiP.
  [mokaddem]

Changes

Fix

- [genericPicker] allow tagging when the ATT&CK Matrix has been opened.
  [mokaddem]
- [object:revise] Removed useless ACL conditions; was failing for users
  not being admin. [mokaddem]
- [installer] Identify VMware machinery. [Steve Clement]
- [doc] CentOS specific cake commands do not exist anymore. [Steve
  Clement]
- [sql] SQL Syntax error fix. [Steve Clement]
- [age based publish blocking] Fixed and using the timestamp. [iglocska]
- [docs] Added attackGalaxy as a valid option for the restsearch APIs.
  [iglocska]
- [bug] getPythonVersion undefined, pull in where it is defined. (#4615)
  [Steve Clement]

  fix: [bug] getPythonVersion undefined, pull in where it is defined.
- [bug] getPythonVersion undefined, pull in where it is defined. [Steve
  Clement]
- [API] Some fixes for the restsearch -> attack export. [iglocska]
- [installer] Installer Checksums out-of-sync. [Steve Clement]
- [doc] Let the user know he wants to be the "webserver" user (#4603)
  [Steve Clement]

  fix: [doc] Let the user know he wants to be the "webserver" user
- [doc] Let the user know he wants to be the "webserver" user. [Steve
  Clement]
- [dashboard] netstat is needed for dashboard (#4598) [Steve Clement]

  fix: [dashboard] netstat is needed for dashboard
- [dashboard] netstat is needed for dashboard. [Steve Clement]
- PyMISP install was failing on Travis. [Raphaël Vinot]
- [AdminShell] Yet another tyope :( (#4590) [Steve Clement]

  fix: [AdminShell] Yet another tyope :(
- [AdminShell] Yet another tyope :( [Steve Clement]
- [AdminShell] Fixed typo (#4589) [Steve Clement]

  fix: [AdminShell] Fixed typo
- [AdminShell] Fixed typo. [Steve Clement]
- [AdminShell] Added apache user. [Steve Clement]
- [AdminShell] Misplaced the debug message. [Steve Clement]
- [stix export] Fixed email attachment export. [chrisr3d]

  - Fixed condition trying to reach the case where
    we have an attachment attribute in the object,
    which was never true because of a wrong key
    testing
  - Fixed the email attachment related file object
    creation initiation
- [galaxy clusters] Choosing them via the UI was dog slow. [iglocska]

  - now it's just plain slow
- [update] Disabled background processing until it's fixed. [iglocska]
- [AdminShell] very dirt fix to get updateObjectTemplates working
  (#4585) [Steve Clement]

  fix: [AdminShell] very dirt fix to get updateObjectTemplates working
- [AdminShell] very dirt fix to get updateObjectTemplates working from
  the CLI. [Steve Clement]
- [UI] Notice errors fixed in the discussion threads. [iglocska]
- [bug] Fixed a bug in the update process that caused updates to fail
  due to an invalid value assigned as default for org_id. [iglocska]
- [security] Fix persistent xss due to invalid sanitisation of image
  names in titles. [iglocska]

  - triggered by expanding a screenshot

  - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
- [security] Fix persistent xss via link type attributes containing
  javascript:// links. [iglocska]

  - low impact as it requires user interaction to trigger

  - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
- [security] Fix persistent xss via discussion links via javascript://
  links. [iglocska]

  - low impact as it requires user interaction to trigger

  - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
- [AdminShell] CentOS/RHEL use 'apache' by default (#4580) [Steve
  Clement]

  fix: [AdminShell] CentOS/RHEL use 'apache' by default
- [AdminShell] CentOS/RHEL use 'apache' by default. [Steve Clement]
- [doc] Remove CentOS 7 from xINSTALL list. (#4579) [Steve Clement]

  fix: [doc] Remove CentOS 7 from xINSTALL list.
- [doc] Remove CentOS 7 from xINSTALL list. [Steve Clement]
- [export] Yara Export variable typo fix. Use getPythonVersion. (#4578)
  [Steve Clement]

  fix: [export] Yara Export variable typo fix. Use getPythonVersion.
- [export] Yara Export variable typo fix. Use getPythonVersion. [Steve
  Clement]
- [object:revise] Force field to be `value1`, preventing bug in some
  cases. [mokaddem]
- [cluster:galaxyMatrix] Increased coverage of attack matrix. [mokaddem]

  Now consider the following new links for the pivot tag:
  Attributes -> Events
  Events -> Attributes
- [installer] Fixed installer misp-modules permissions. (#4558) [Steve
  Clement]

  fix: [installer] Fixed installer misp-modules permissions.
- [doc] misp-modules failed to install because of a Permission issue.
  (#4557) [Steve Clement]

  fix: [doc] misp-modules failed to install because of a Permission issue.
- [install] Fixed the endless loop in viper db update (#4555) [Steve
  Clement]

  fix: [install] Fixed the endless loop in viper db update
- [i18n] Added yara/yara-export. [Steve Clement]
- Fixed i18n strings in Event controller, model and view. [4ekin]
- Typos in controllers. [4ekin]
- [installer] Fixed installer misp-modules permissions. [Steve Clement]
- [doc] misp-modules failed to install because of a Permission issue.
  [Steve Clement]
- [install] Fixed the endless loop in viper db update. [Steve Clement]
- [required taxonomies] not firing via regular publishing only via
  publish (no email), fixes #4546. [iglocska]
- [UI] Sightings could not be added by read only users, even if they had
  sighting rights. [iglocska]
- [updateSubmodule] Simplified calculation of time difference.
  [mokaddem]
- [object:edit] Removed faulty line. [mokaddem]
- [object:revise] Reverted correct `endif` position - WiP. [mokaddem]
- [diagnostic:submodules] [Sami Mokaddem]

  Time difference is correctly calculated. Should solve #4538
- [enrichment] typo causing enrichments to redirect to the event view
  fixed. [iglocska]
- [UI] removed <small> tags embedded in translated text. [iglocska]
- [freetext] Also trim out no-break spaces. [iglocska]

  ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
  ░░░░░░░░███████████████░░░░░░░░░░
  ░░░░░░███████████████████░░░░░░░░
  ░░░░░███░░░░░░░░░░░░░░████░░░░░░░
  ░░░░██░░░░░░░░░░░░░░░░░░░███░░░░░
  ░░░██░░░░░░░░░░░░░░░░░░░░░███░░░░
  ░░██░░███████░░░░░░██████░░██░░░░
  ░██░░██─────██░░░░██────██░░██░░░
  ░██░░█▄▄▄▄▄▄▄██░░░█▄▄▄▄▄▄██░░██░░
  ░██░░████─────█░░░████────█░░░██░
  ░██░░█────────█░░░█───────█░░░██░
  ██░░░██──────██░░░██─────██░░░░██
  ██░░░░████████░░░░░███████░░░░░██
  █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
  █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
  █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
  █░░░░░███████████████░░░░░░░░░░░█
  █░░░████░░░░░░░░░░░░░░░░░░░░░░░░█
  █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
  █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
  ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██
  ░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░█░
  ░░███░░░░░░░░░░░░░░░░░░░░░░░░░██░
  ░░░░██░░░░░░░░░░░░░░░░░░░░░░░██░░

Other

v2.4.106 (2019-04-25)

New

- [tools] Added local forward in case we run under a VM. [Steve Clement]
- [tools] Added (official) checksums for the Installer. [Steve Clement]
- [row_attribute] Added `title` containing the `event.info` data for the
  attribute. [mokaddem]
- [tools] A developer tool to test Pull Requests. [Steve Clement]
- [thumbnail] Thumbnail are now saved on the disk, greatly improving
  performance when viewing an event. [mokaddem]
- [API] Update JSON exposed to the API. [iglocska]
- [CLI] Update all JSON structures in one shot. [iglocska]
- [refanging] Attributes automatically refanged in beforeValidate, fixes
  #4442. [iglocska]
- [CLI] Worker management added. [iglocska]

  - Added a more exhaustive worker management CLI script package
    - list workers
    - start a worker
    - restart a worker
    - kill a worker
- [CLI] reset / set a user's API key via the CLI. [iglocska]
- [CLI] Change password with the --override_password_change (or -o) flag
  to avoid forcing a password reset. [iglocska]
- [diagnostic:submodule] Added output message after update - WiP.
  [mokaddem]
- [CLI] Set default role via the CLI. [iglocska]
- WIP LinOTP authentication. [Andreas Rammhold]
- [UI] refactor of the asset loading. [iglocska]
- [tags] refactor of the tag picker. [iglocska]

  - massive performance boost
  - re-introduction of the custom tags
- [CLI] Added restartworkers and update MISP. [iglocska]
- [feeds] Feed/Server cache search added. [iglocska]

  - /feeds/searchCaches added
- [UI] First version of the generic index list system. [iglocska]
- [Attribute] Added possibility to view and resize images. Added php-gd
  dependency! [mokaddem]
- [eventindex] clicking on sightings count redirect to the event with
  `sighting only` filter activated. [mokaddem]
- [eventFiltering] Added support of sighting filtering. [mokaddem]

Changes

Fix

- [doc] Fixed symlink for kali. [Steve Clement]
- [object:edit] attachment field when empty. [mokaddem]
- [Sightings] ACL fixed. [iglocska]
- [event:querybuilder] Force QB wrapper to fit the rules. [mokaddem]
- [event:EventFilteringTool] Using ``toggleBoolFilter`` button does not
  reset the rules. Fix #4418. [mokaddem]
- [JS] Correctly handle event locks. [iglocska]
- [sightings] Users with sighting permissions should be able to add
  sightings even if they don't have event write access. [iglocska]
- [cleanup] Fixed indentation. [chrisr3d]
- [UI] Event lock warnings missing due to missing ctp file. [iglocska]
- [performance] Manually inject index hints for the value lookup.
  [iglocska]

  - Disgusting fix for old versions of MySQL
  - I need a shower after this
- [API] Invalid negative lookup fixed. [iglocska]
- [debug] Removed breakpoint. [iglocska]
- [tools] Correct iptables command. [Steve Clement]
- [tools] fix iptables typo. [Steve Clement]
- Fixed wrong link to feed event from event attribute hit. [4ekin]
- I18n fixed in some views. [4ekin]
- [tools] Somehow there are issues with groups and sudo  :( [Steve
  Clement]
- [doc] Fixed broken RHEL8 BETA link. [Steve Clement]
- [stats:galaxyMatrix] No longer trim the end of the cluster name.
  [mokaddem]
- [UI] Minor font-awesome switch related issues fixed. [iglocska]
- [UI] Modifying push/pull rules fails via the server edit. [iglocska]
- [export] Fixed broken bro export, fixes #4050. [iglocska]
- [stix2 export] Fixed labels duplication while exporting multiple
  events from MISP. [chrisr3d]
- [stix restSearch] Fixed output json format in case of empty results.
  [chrisr3d]
- [stix restSearch[ Quick file extension clarification. [chrisr3d]

  - Depending on the format (.stix or .stix2)
  - Impacting temporary files, it is thus for
    debugging purpose in case of error
- [restClient] nationality is not a integer anymore. [mokaddem]
- [statistics] Don't show types with no values. [iglocska]
- [taxonomies] non initialised variable throwing notices fixed.
  [iglocska]
- [CLI] Worker start script reverted. [iglocska]

  - new script moved to start_dynamic.sh
  - stuck workers could not be restarted
- [UI] Jobs index removed old style tabs. [iglocska]
- Fix: [ACL] HELLO @RichieB2B! fixed invalid capitalisation in the
  queryACL. [iglocska]
- [updates] I can't boolean. [iglocska]
- [merge] issue. [iglocska]
- [refanging] Removed invalid pattern. [iglocska]
- [bug] Typo causing "\" to be stripped from attributes where it
  shouldn't be stripped. [iglocska]
- [advanced extraction] Fixed invalid double encryption of the malware
  samples. [iglocska]
- [User] Fixed missing files for distribution_network (events index)
  [mokaddem]
- [bug] Fixed broken multi-attribute tagger. [iglocska]
- [acl] added route. [mokaddem]
- [diagnostic] Fixed required stix2 version to the latest one.
  [chrisr3d]
- [acl] added missing entry. [Andras Iklody]

  This message was sent from my Blackberry.
- [feeds] Stop the reset of the attribute count after a feed pull is
  completed, fixes #4414. [iglocska]
- [distributionGraph] Fix fa icon. [mokaddem]
- [UI] First recorded change fixed to not be copy pasta of the last
  change's timestamp. [iglocska]
- [API] role_id is not required when POSTing users if a default role is
  set on the instance. [iglocska]
- Missing test files in PyMISP. [Raphaël Vinot]
- [UI] Reverted some breaking changes. [iglocska]
- [API] Correctly embed attributes and the event metadata in the object
  via /objects/view/[ID] [iglocska]
- [API] /objects/view should return dictionary not list. [iglocska]
- [JS] fixed a JS breaking bug. [iglocska]
- Allow x-frames in apache configs. [iwitz]
- [UI] Changed the querystring loading for css/js. [iglocska]
- TODO i18n strings in Attribute Model and updated default.pot. [4ekin]
- Fixed i18n strings in Views. [4ekin]
- Fixed i18n strings in Controllers. [4ekin]
- [enrichment view] Fixed distribution display at attribute level.
  [chrisr3d]
- [UI] Performance boost for the tag selector. [iglocska]
- [UI] Check if user is logged in switched to on-demand JSON version.
  [iglocska]
- [Training] Further fixes. [iglocska]
- [Training] typos fixed. [iglocska]
- [Training] Fixed user password reset remotely. [iglocska]
- [Training] Minor fixes. [iglocska]
- [Training] org name vs id mixup fixed. [iglocska]
- [Training] Further tuning. [iglocska]
- [Training] Further error handling. [iglocska]
- [Training] added more debugging. [iglocska]
- [Training] host org fixed. [iglocska]
- [Training] Org ID for sync users fixed. [iglocska]
- [Training] small fixes. [iglocska]
- [Training] Fix to the setup script. [iglocska]
- [feed] Added missing feed search view. [iglocska]
- Missing libonig on travis with PHP nightly. [Raphaël Vinot]
- [API] Feed index shouldn't adhere to pagination defaults of the UI,
  fixes MISP/misp-book#149. [iglocska]
- [UI] Colours for feed index buttons fixed. [iglocska]
- [ACL] Added ACL for the new cache searches. [iglocska]
- [UI] Missing sync / feed pull/push buttons re-added. [iglocska]
- [restClient:querybuilder] Fixed a bug where multiple rules where not
  added correctly and show API info box. [mokaddem]
- [RestClient:queryBuilder] Distribution level in the query builder. Fix
  #4280. [mokaddem]
- [Accessibility] Added titles to the role index icons, affects #4258.
  [iglocska]
- [thumbnail] picture preview was not showing up all the time.
  [mokaddem]
- [picturePreview] Don't show the fullscreen button if php-gd is not
  installed. [mokaddem]
- [ACL] Whitelisted `viewPicture` [mokaddem]
- [viewField] Reversed condition (initially set for testing) [mokaddem]
- [enrichment view] Making sure the document is ready before calling any
  javascript. [chrisr3d]
- [enrichment] Set potentially missing category, ids & distribution
  values before going to the view. [chrisr3d]

  - Set the default values in the controller's side instead of the view's side
- [enrichment view] Fixed typo. [chrisr3d]

Other

v2.4.105 (2019-03-28)

New

- [diagnostic] Fetch submodules git status. [mokaddem]
- [export] Replaced the old non-cached export page. [iglocska]

  - uses restsearch
  - similar UI to the cached exports
- [UI] FA5 update finalised. [iglocska]

  - includes helpers to untangle the branded icon mess
- [UI] disable threat level from the UI based on a server setting, fixes
  #4359. [iglocska]

  - bye shitty deprecated field
- [UI] Move to FA 5. [iglocska]

Changes

Fix

- [security] Fix to a reflected XSS in the default layout template.
  [iglocska]

  - as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity
- [stix import] Fixed issues with additional namespaces. [chrisr3d]

  - Using a list where any additional namespace can
    be added
  - Catching any missing additional namespace with
    the return code '4' raised in case of namespace
    not found error
- I18n fixed in Views and updated default.pot. [4ekin]

  Updated default.pot file according Views and Controllers changes
  Updated Views with i18n issues
- [enrichment view] Avoid displaying empty fields. [chrisr3d]
- Fixed i18n string representation and android logo. [4ekin]

  Fixed i18n string representation in views:
  * Diagnostics
  * Files
  * Tabs
  Fixed android icon dissapear in workers tab.
- Fixed i18n string representation in Server Controller and Model.
  [4ekin]
- [stix export] Fixed tlp markings that were obscurly set to a wrong
  value in some cases. [chrisr3d]

  - Setting incident handling object correctly
  - Avoid using distribution levels to set tlp color
- [sync] Adding a new server caused the pull/push rules to be
  incorrectly set to an empty string over '[]' causing sync issues,
  fixes #4369. [iglocska]

  - this fix resolves the issue - new servers added should be fine
  - it also retroactively fixes broken server connections
- [enrichment view] Fixed typo. [chrisr3d]
- [enrichment] Fixed results handling function name typo. [chrisr3d]
- [ACL Component] Added new function (for new modules format) in the
  list. [chrisr3d]
- [bug] Fixed a bug that caused attributes not to save via the UI.
  [iglocska]
- [UI] Inconsistend pluralisation fixed, fixes #4360. [iglocska]
- [UI] Remvoed broken edit org button for admins, fixes #4358.
  [iglocska]
- Fixed i18n string representation in Views. [4ekin]

  Fix for a plenty of Views with incorrect localizations (only English
  text shown)
- Fixed i18n string representation in Controllers. [4ekin]

  Fixed i18n string representation (flash and exception messages) in
  controllers:
  * OrganisationController
  * RolesController
  * TaxonomiesController
- [API] fixed adding malware-samples unencrypted with the encrypt key
  set, fixes #4355. [iglocska]

Other

v2.4.104 (2019-03-21)

New

- [cluster] Display heatmap on the Att&ck Matrix for all tagged data.
  fix #4344. [mokaddem]
- [tagging] Stop pre-populating forms for tagging / attaching of
  galaxies. [iglocska]

  - avoids any potential CSRF issues, the form is fetched just in time for the submission
- [galaxyMatrix] Added possibility to pick a galaxy to view it's
  statistic. [mokaddem]
- [Required taxonomies] [iglocska]

  - Flip taxonomies into required mode to ensure that events cannot be published without at least one tag from each required taxonomy to be set
- [REST client] Added history/bookmarks. [iglocska]
- [DistributionGraph] Added pie chart on sharing group. fix #4101.
  [mokaddem]
- [galaxies] Allow deleting full galaxies. [iglocska]
- [exercises] Added a new setup script for configuring exercise
  infrastructures rapidly. [iglocska]

  - assumes a hub MISP and a set of training MISPs for different participating teams
  - This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
  - each instance has to have the same API key for the site admin (the idea is to clone training VMs)

  - configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances
  - Just copy /var/www/MISP/app/Console/Command/training.default.json to /var/www/MISP/app/Console/Command/training.json and configure it to get started
- [Feeds] New overlap tool finished. [iglocska]

  - compare a feed against a combination of feeds/servers to find if you can cover the contents with a combination of other cached feeds
- [Feeds] Implementation of the feed coverage tool (WIP) [iglocska]
- [API] Add pagination related parameters to event index, fixes #4270.
  [iglocska]

Changes

Fix

- [tools] Fixed empty variable check function. [Steve Clement]
- [stix2 export] Fixed comma typo. [chrisr3d]
- [stix2 export] Support of previous versions of python that are more
  restrictive with arguments syntax. [chrisr3d]
- [exports] Fixed copy pasta fail breaking the cached exports.
  [iglocska]
- [enrichment] Set distributions & sgs for all the possible views.
  [chrisr3d]
- [enrichment] Fixed variable name typo. [chrisr3d]
- [freetext] Stop parsing dates as phone numbers. [iglocska]
- [bro] typo fixed that caused an exception, fixes #4343. [iglocska]
- Added missing view. [mokaddem]
- [taxonomies] Counts fixed. [iglocska]
- [ACL] fixed. [iglocska]
- [Galaxy:update] Cast GalaxyElement into a String Ensuring the correct
  type before the insertion. [mokaddem]
- [ACL] Fixed ACL. [iglocska]
- [rest client] Made the links more obvious. [iglocska]
- [enrichment] Fixed $event variable handling + monkey typo. [chrisr3d]
- [diagnostics] search field removed from worker tab. [iglocska]
- [Training] Some clarifications. [iglocska]
- [Training] Function extraction fail. [iglocska]

  - Shame. Shame. Shame.
- [Training] Invalid user input capture fixed. [iglocska]
- [distributionNetwork] Added a threshold on the number of organisation
  that can be displayed a time. Will need some more love later on.
  [mokaddem]
- [ACL] Whitelisted `genDistributionGraph` [mokaddem]
- [disitributionNetwork] Empty cached org on redraw. [mokaddem]
- [distributionGraph] Transform associative array into regular array.
  [mokaddem]
- [distributionGraph-network] fixed sharing group singleton. [mokaddem]
- [distributionGraph:network] Only use sharing group part of the event.
  [mokaddem]
- [distributionGraph] Org's name with spaces can be focused. [mokaddem]
- [training] Added created sync users to the reporting. [iglocska]
- [enrichment] Added missing data field in attribute in case of
  attachement type attribute. [chrisr3d]
- [eventFiltering] quickfilter on value does not filter on wrong
  category anymore. [mokaddem]
- [Training] Interesting link. [iglocska]

  - Someone just told us about fmylife.com - if this day continues like this I might have to post there about the development
- [training] Inverse conditional fixed. [iglocska]
- [Training] Duplicate user add handling. [iglocska]
- [Training] Handle sync connections failing to be saved better.
  [iglocska]
- [training] Small fix. [iglocska]
- [training] fixes to the org creation. [iglocska]
- News View add, index and Controller (flash messages i18n bug. [4ekin]
- Admin User index, view, edit i18n bug fix: User view i18n bug. [4ekin]
- Attributes index wrong ditribution field fix: Logs search bug i18n
  fix: Organisations index bug i18n. [4ekin]
- Merge issue chg: Russian translation. [4ekin]
- [Training] Cause I'm a lumberjack and I'm ok. [iglocska]
- [Training] AAARGH. [iglocska]
- [training] Further work on the script. [iglocska]
- [training] Allow for self signed certs. [iglocska]
- [training] Siplified key management. [iglocska]
- [Training] Further fixes. [iglocska]
- [training script] Added some resilience to prior partial executions.
  [iglocska]
- [training] Fixes based on failed executions. [iglocska]
- [training script] Case sensitivty fixed. [iglocska]
- [training script] verbose mode added. [iglocska]
- [training script] Minor fixes. [iglocska]
- [training] training setup script now correctly handles settings.
  [iglocska]
- [UI] Removed input field from form where it's not applicable.
  [iglocska]
- [API] resetting the authkey didn't respond with the new key before,
  making automation difficult. [iglocska]
- [object references] Fixed an issue with the reference type not being
  loaded correctly. [iglocska]
- ['rest client'] Python script generator fixed. [iglocska]
- [export] cached exports for bro were broken. [iglocska]

  - bro still hasn't been migrated to restsearch
  - the exception for this in the caching algorithm called the wrong function
- [tools] misp-restore works a little better... still WiP. [Steve
  Clement]
- [i18n] Stray file removed. [Steve Clement]
- [UI] Missing org logos added to statistics -> organisations page,
  fixes #4271. [iglocska]
- More filter element i18n bug. [4ekin]
- Events index filter button i18n bug. [4ekin]

Other

v2.4.103 (2019-03-04)

New

- Added ldapEmailField example and exaplanation. [iwitz]
- Add ldapEmailField config option. [iwitz]

  The ldapEmailField option can be used to specify different fields in which email addresses of Kerberos-authenticated users can be found. If this option is not used, it defaults to the 'mail' field, which makes it compatible with old configurations.
- [API] exposed change_pw function to the API, fixes #4256. [iglocska]
- [installer] Added tests. [Steve Clement]
- [cli] Added getWorkers to cake Admin Shell. It returns a JSON with the
  status of the current workers. [Steve Clement]
- Add tests after install. [Raphaël Vinot]
- [eventview] Shows number of object in the event. [mokaddem]
- [UI] Rework of the attribute index toolbar on the event view.
  [iglocska]
- [UI] Added quickfilter for the server settings. [iglocska]

  - no more **** around trying to find the right settings!
- [UI] Further work on the server settings UI. [iglocska]

  - overview reworked
  - some minor adjustements
- [UI] Reworked the sharing group add/edit tool. [iglocska]
- [UI] rework of the server settings. [iglocska]
- [UI] Updated the server preview index to follow the new tab UI
  standards. [iglocska]
- [UI] Refactored the feed preview index UI to the new tab system.
  [iglocska]
- [Feed preview UI] Added quick filter to the MISP feed preview.
  [iglocska]
- [UI] Added javascript to support the index filtering. [iglocska]
- [UI] Tied the index filter system into all indeces. [iglocska]

  - WIP: Event view
- [UI] Added new system to template index filters. [iglocska]
- [setting] Use the new setting to set the urls to the current instance
  on sharing groups when pushing the info via the API. [iglocska]
- [setting] Added new setting to set external baseurl. [iglocska]

  - idea is to decouple the baseurl (used to prepend links) from the announce baseurl (for sharing groups / emailing)
- [Rest client] Download results as file. [iglocska]
- [API] restsearch returns more information about the export system used
  via headers. [iglocska]
- [eventFiltering] Added support of toIDS. [mokaddem]
- [eventFiltering] Added support of server and feed hits filtering.
  [mokaddem]
- [eventView] Attribute filtering tool - WIP. [mokaddem]
- Add pre-pagination result count to headers. [Hannah Ward]

  Fixes #4161
- [galaxies] Added support of `kill_chain_order` in galaxies. [mokaddem]
- [matrix] Replaced the Att&ck matrix by a generic matrix viewer,
  allowing custom matrix to be displayed. Also added the external id to
  the chosen input. [mokaddem]
- Add CORS settings for external integration. [Hannah Ward]
- [UI] Moved the global menu to the new system. [iglocska]
- [UI] Added templates for the new global menu system. [iglocska]
- [installer] Added progress bar and spinner. [Steve Clement]
- [installer] Added function to build the installer. [Steve Clement]
- [installer] Generic support functions. [Steve Clement]
- [installer] Initial scaffolding and notice about upcoming installer
  scripts. [Steve Clement]
- [UI] Finished refactor of the side menu. [iglocska]
- [UI] side menu post link element added. [iglocska]
- [CLI] verbose mode added to runUpdates. [iglocska]
- [Tag API] New tag search api to search for tags. [iglocska]

  - simply pass the value you want to search for. Use % for wildcards
  - case insensitive
  - taxonomy and galaxy metadata returned with tag
- [CLI] execute all db updates to bring MISP up to date with any
  changes. [iglocska]

  - mimics logging in via the UI
- [UI] Further refactoring to use the modern meta table UI. [iglocska]
- [UI] metaview refactor. [iglocska]

  - event view uses the new parametrised system
  - massive reduction of weird custom UI stuff to prepare MISP for a move to bootstrap 4
  - should fix the dodgy UI issues that @rommelfs was experiencing on his Playmobil laptop
- [API] Log search API now allows for last style time ranges using the
  created field. [iglocska]
- [UI] Added change tracking sparkline to the event view. [iglocska]
- [tools] Experimental tool to upgrade MISP via GitHub. [Steve Clement]

Changes

Fix

- [API] hacky fix to capitalisation issues between the old /events/index
  camelcased parameters and the newer lowercased one, fixes #3855.
  [iglocska]
- [grammar] Pluralisation fixed for the freetext import results, fixes
  #4021. [iglocska]

  - Sunday last minute commit aced
- [installer] Tests should now run correctly chg: [m2m] Added more
  functions to faup. [Steve Clement]
- [API] Allow adding objects without having the correct template via the
  API fixed. [iglocska]
- [installer] Installer will never execute due to misplaced ; [Steve
  Clement]
- [installer] Minor install fix. [Steve Clement]
- [installer] Various fixes of missing dependencies. [Steve Clement]
- [vulnerability] Fixes a vulnerability where a user can view sightings
  that they should not be eligible for. [iglocska]

  - requires access to the event that has received the sighting
  - affects instances with restrictive sighting settings (event only / sighting reported only)

  - as reported by Tyler McLellan of CanCyber.org
- RunTests method was totally broken. [Raphaël Vinot]
- [UI] Contributors - file left off. [iglocska]
- [UI] Contributor list fixed. [iglocska]
- [feed] Feed pulls don't update the timestamp of the event. [iglocska]

  - affects freetext feeds
  - this blocks the further propagation of the modifications
- [ACL] added toggleToIDS. [iglocska]
- [generic_picker] fix #4219 (Adding ObjectReference) [mokaddem]
- [docs] added object template update CLI command to the automation
  page. [iglocska]
- [API] Attribute edit error response fixes, #4221. [iglocska]
- [UI] show object UUID via the UI. [iglocska]
- [performance] Massive performance bug resolved for taxonomy tag
  selector. [iglocska]
- [UI] Fixed exclamation point for critical alerts in server settings.
  [chrisr3d]
- Typo parameter. [mokaddem]
- [UI] Fixed issues with the eventattribute tabs, fixes #4211.
  [iglocska]
- [UI] Worker tab missing in diagnostic tool. [iglocska]
- [UI] Invalid requirements passed to scaffolding system in regards to
  the show attribute context button. [iglocska]
- [UI] Another switch to FA. [iglocska]
- [UI] Switched to FA for the warning icons on the attribute values.
  [iglocska]
- [correlation UI] Fixed an issue where the cache contained correlations
  to a feed/server that is no longer in the DB. [iglocska]
- [enrichment] UI errors fixed when no modules are enabled. [iglocska]

  - also fixed the weird indentation
- [UI] Don't show the filter bar in the server settings where it
  wouldn't do any good. [iglocska]
- [UI] Fix add object menu item. [iglocska]

  - make the scaffolding system aware of the possibility that "this" might get passed along to javascript
- [UI] Side menu missing the update warninglists button. [iglocska]
- [UI] Alignment issue resolved on the user view. [iglocska]
- [UI] Fixed a bug in the UI that caused the event filtering to break.
  [iglocska]
- [UI] Pass the server ID to the view for the menu's consistency.
  [iglocska]
- [DB] removed not null constraint of the kill chain order field, fixing
  4198. [iglocska]
- Object could not be added with no full group by enabled, fixes #4195.
  [iglocska]
- [installer] unary operator... chg: [installer] dirty notes in pre-
  flight check function. [Steve Clement]
- [installer] small fix to check if dmidecode is present. [Steve
  Clement]
- Fixed list regex menu option, fixes #4197. [iglocska]
- [UI] New thread button fixed. [iglocska]
- [UI] Terms and conditions &amp; removed from button. [iglocska]
- [UI] Add sharing group button removed if no permissions present.
  [iglocska]
- [UI] trash icon was black on black on event multi delete. [iglocska]
- [stix2 import] Fixed marking parsing to avoid trying to add None.
  [chrisr3d]
- [UI] side menu truncated settings in the global actions scope.
  [iglocska]
- [SMIME] Formating issues resolved. [iglocska]
- [API] Invalid URL parameter suggested in rest client templates for the
  attribute edit endpoint, fixes #4159. [iglocska]
- [UI] Logout fixed. [iglocska]
- [eventview] too many arguments. [mokaddem]
- [massEdit] UI bug in the synonyms. [mokaddem]
- [distributionGraph] restaured filtering capabilities. [mokaddem]

  Broken since the new event filtering tool
- [eventFiltering] Removed debug commands. [mokaddem]
- Do not increment count after DB query. [Hannah Ward]
- Expose x-result-count to CORS. [Hannah Ward]
- [matrix_score] get values regardless of the galaxy. [mokaddem]
- [UI] UI monkey cannot z-index. [iglocska]
- Re-add CORS headers on REST Response. [Hannah Ward]
- [galaxy] prevent drawing view when galaxy_cluster does not exist.
  [mokaddem]
- [merge] added forgotten file... [mokaddem]
- [doc] gitchangelo from pip now works un Python 3.7 as expected chg:
  [doc] Tried to have a more or less clean new Changelog in docs. [Steve
  Clement]
- [installer] Variable typo for Base URL chg: [installer] Renamed
  installCoredDeps. [Steve Clement]
- [installer] Various changes to where we output messages. [Steve
  Clement]
- [installer] More kali fixes and some ubuntu tweaks. [Steve Clement]
- [installer] Kali was missing maec. [Steve Clement]
- [installer] Kali still had bugs. Most fixed. [Steve Clement]
- [installer] Various fixes for depency installs. [Steve Clement]
- [installer] Options setting now works. [Steve Clement]
- [kali] Various kali fixes to make it install in unattended mode fix:
  [installer] Various fixes to the installer. [Steve Clement]
- [kali] On kali, some times apt is locked, we need to consider that.
  [Steve Clement]
- [installer] Viper is stuborn. [Steve Clement]
- [installer] Updated main installer fix: [doc] Viper can be installed
  with Python3.7. [Steve Clement]
- [installer] fix typo. [Steve Clement]
- [installer] -ne (== NOT EQUAL != NOT EXIST Grr...) [Steve Clement]
- [installer] Added apt update for Kali, fixed some ifs' [Steve Clement]
- [installer] fix typo. [Steve Clement]
- [UI] post links broken in the side menu. [iglocska]
- [UI] removed org would throw notice errors if they are still contained
  in a sharing group. [iglocska]

  - a situation that should not occur without tampering that is normal on a dev instance anyway, but just in case
- [UI] Fixed extended by field. [iglocska]
- Rhel7 diagnostics page detection. [iwitz]
- Working directory in update function. [iwitz]

  fixes a path problem mentioned in issue #3528
- [UI] Fixed menu linking for change_pw action. [iglocska]
- [CS] tab fixes. [iglocska]
- [CS] indentation fix. [iglocska]
- [UI] Potential fix for the weird popover behaviour. [iglocska]
- [UI] restored user menu when viewing a user's profile as admin.
  [iglocska]
- Typo in tag ID query. [Hannah Ward]
- [Feeds API] blackholes due to invalid csrf check relaxation call.
  [iglocska]
- Bugfix of event info not shown when MISP.showorgalternate is on.
  [Christophe Vandeplas]
- [UI] Trailing \ removed from org names on the event index. [iglocska]
- [API] Galaxies still present as Tag in JSON export fixes #4133.
  [Christophe Vandeplas]
- [style] consistent space indentation. [Christophe Vandeplas]
- [ACL] tags/search added to the ACL. [iglocska]
- Do not use obsolete rc.local init file. [iwitz]
- [stix import] Fixed detection of observable_composition objects.
  [chrisr3d]

  - Was sometimes passing the text even if no observable
    composition object was actually defined, because an
    observable object can have the observable_composition
    attribute even when it has no actual value
- [stix 1&2 import] Using local version of PyMISP & MISP Objects.
  [chrisr3d]

  - So the PyMISP part will not depend on the version
    installed with pip anymore
  - Need also to specify the MISP Objects path because
    it is not available from PyMISP subdirectories
- Lief installation. [iwitz]

  * unnecessary steps removed
  * irrelevant comment removed
  * instructions updated to compile lief for python 3.6 instead of 2.7
  * install lief in the folder where the other dependencies are so that it is detected by the diagnostics page
- Grammar. [iwitz]
- [API] Events add/edit return correct error code on failure. [iglocska]
- [stix export] Support of deprecated python versions. [chrisr3d]
- [UI] org view with domain restrictions had a layout breaking long key.
  [iglocska]
- [restsearch] download as a first parameter should default to json.
  [iglocska]
- [UI] event view UUIDs capitalised. [iglocska]
- [UI] title of org images fixed. [iglocska]
- [ui] Safari.... [iglocska]
- [UI] lol. [iglocska]
- [UI] UI experts at work. [iglocska]
- [UI] small fix. [iglocska]
- [ui] small fix. [iglocska]
- [ui] small fix. [iglocska]
- Disable stix test with PyMISP on travis. [Raphaël Vinot]
- [generic_picker] fix #4083. When picking, force exact match (instead
  of `contains`) [mokaddem]
- [ui] small ui fix. [iglocska]
- [stix2 export] Fixed attribute counting on restSearch. [chrisr3d]
- [php min version] Bumped to 7. [iglocska]

  - not enforced yet

Other

v2.4.102 (2019-02-01)

New

- [kali] Added debug function and breakpoints. [Steve Clement]
- [doc] Initial MISP with Letsencrypt doc. [Steve Clement]
- [installer] Initial bash installer functions. [Steve Clement]
- [doc] moved kali script to generic debian installer script. [Steve
  Clement]
- [CLI] Server settings refactored, fixes #4074. [iglocska]

  - moved most of the codebase to the model
  - streamlining of the setting change
  - hooked the callback system into the CLI version of the setter
- [sighting] Searching for attributes allows to add sightings on the
  attribute id or value. [mokaddem]
- [objectReference] Usage of the generic_picker for improved UX.
  [mokaddem]
- [dependencies] Added CryptGPG and a dependency thereof to the INSTALL
  dir. [iglocska]

  - workaround for the pear.php.net pwnage
- [Tag collections] Export/import tag collections added. [iglocska]

Changes

Fix

- [restsearch] CSV special parameters added to the URL parameters.
  [iglocska]
- [stix 1&2 export] Switched attachment parameter to make it work.
  [chrisr3d]

  - When using the url to query restSearch, withAttachements
    is the correct parameter to use instead of includeAttachements
    which works btw well with the rest Client anyway
- [eventGraph] Adding relation via the graph correctly pick the correct
  element in the confirm modal. [mokaddem]
- [proposal] Repaired deletion proposal (db save) [mokaddem]
- [proposal] Repaired deletion proposal. [mokaddem]
- [stix 1&2 export] Using the restSearch API instead of the old download
  one. [chrisr3d]
- [kali] updated composer chksum. [Steve Clement]
- [installer] Fixed a bug when run on kali. [Steve Clement]
- [stix export] Monkey typo. [chrisr3d]
- [stix export] Fixed malware samples (within file objects) parsing.
  [chrisr3d]

  - Depending if there is the attachment or not
- [deprecated stix export] fixed, parameters weren't correctly taken
  into account. [iglocska]

  - affects /events/stix
- [API] Use restresponse to view an added event via /events/add.
  [iglocska]
- [Tagging] MITRE galaxies fixing function. [Christophe Vandeplas]

  This function still needs to be called from an upgrade script.
- [redirect on login] Fixed an issue where ajax queries would store
  their URL in the redirect URL field. [iglocska]
- Check also event.org_id when validating event ownership in order to
  fetch attributes. [Patrizio Tufarolo]

  Fixes #1918
- [Tagging] Tagging an element with multiple tag collection works as
  expected. [mokaddem]

  Previously, it would only add the latest tag collection
- [sighting] Bug adding sightings on every attributes. [mokaddem]

  When trying to add a sighting to a value via the REST API,
  if a value was given to the key `values` instead of an array,
  the Model function `addSighting` would *crash* and skip the condition on
  the value, consequently adding a sighting on every attributes.
- [UI] Popover gets closed correctly if button clicked twice. reuse
  generated popover id instead of one-side generation. [mokaddem]
- [tagging] attachTagToObject wasn't updating the timestamp of the
  target object. [iglocska]
- [description] setSetting CLI command description fixed. [iglocska]
- [api] attirbutes/restSearch forced json format by mistake, fixes
  #4064. [iglocska]
- [redirect] Correctly redirect to the requested URL after a login,
  fixes #4005, fixes #1301. [iglocska]
- [events ui] fix to the event view pagination reseting sorting, fixes
  #4058. [iglocska]
- [sightings] Re-added advanced sightings to the search results.
  [iglocska]
- [Model] Fixed includeAttachments parameters for stix 1&2 export.
  [chrisr3d]
- [internal] Fetching galaxies broken into atomic queries to avoid
  massive parameter lists. [iglocska]
- [automation] Clarification of the different timestamp parameters.
  [iglocska]

  - we missed describing the input formats
- [API] removed invalid parameter lookup. [iglocska]
- [API] Fixed the handling of AND-ed and OR-ed URL parameters.
  [iglocska]
- [Model] Added disable_correlation flag to the attributes of the
  original imported file object. [chrisr3d]
- [stix import] Updated one condition test to avoid failing with Custom
  Objects. [chrisr3d]
- [stix import] Removed unexpected print. [chrisr3d]
- [stix import] Quick variable cleanup. [chrisr3d]
- [stix import] Importing data frfom malware-sample single attributes.
  [chrisr3d]
- [stix import] Importing malware-sample attributes and their data
  fields within File objects. [chrisr3d]
- [stix import] Fixed syntax typo issue. [chrisr3d]
- [stix export] Exporting malware-sample value within the corresponding
  observable. [chrisr3d]

  - In case the malware-sample values are not the
    same as the filename & md5 ones in the object
- [attribute] Prevent undefined index on tag filtering. [mokaddem]

  As tags are popped from the attribute scope first, they will not be
  available in the event scope.
- [restsearch] Added returnformat to URL parameters. [iglocska]

  - attributes/restSearch was additionally missing the published filter
- [interna] deprecated text() function's tag filter fixed. [iglocska]
- [filters] Negative tag filters ignored event tags on the attriute
  search. [iglocska]

  - as reported by @hel10wor1d
- [copy-pasta] Oops. [iglocska]
- [stix] Missing data fields added to object malware samples. [iglocska]
- [stix export] Syntax quick fix. [chrisr3d]
- [ObjectReference] Making everyone happier. [mokaddem]
- Mass edit and AttackMatrix work again on objectAttributes. [mokaddem]
- [stix export] Avoid loss of filename and md5 values in File object.
  [chrisr3d]

  - We take them from malware-sample value if they do not exist
- [stix export] Faster & Shorter attributes dictionary creation
  function. [chrisr3d]
- [stix export] Removed not used additional param of the artifact object
  creation function. [chrisr3d]
- [stix export] Exporting data from malware-sample attributes in file
  objects. [chrisr3d]

  - Observable composition for the file object
  - Data in malware-sample attribute is exported as Artifact Object
  - The rest of the file rermains unchanged and exported as File
- [performance] query tweak to fool old crappy versions of mysql.
  [iglocska]
- [sighting] prevent ID collision in the UI. Sighting canvas is now
  correctly positioned regardless of the id. [mokaddem]
- [doc] The kali script should work again now. [Steve Clement]
- [stix import] Passing observable title to avoid None value on
  attachment attributes imported. [chrisr3d]
- [stix import] Fixed id fetching. [chrisr3d]
- [server correlation] Fixed broken correlation link on the event level.
  [iglocska]
- [UI] annoying empty event warning removed when filtering event
  attributes. [iglocska]
- [attribute warnings] financial warnings not showing up in the warnings
  tab. [iglocska]
- [gitmodules] updated. [iglocska]
- [stix2] added attachment inclusion to the download from stix2 UI
  element. [iglocska]
- [freetext import] Handle cases where a value can be both a hash and a
  btc address better. [iglocska]
- [performance] Potential performance fix for older MySQL versions using
  the wrong index as key during fetchAttributes() [iglocska]

  - observer a server prioritising the deleted flag index when filtering attributes, leading to a massive performance loss
  - hacky solution to make deleted and object_id (during flattening) indeces unusable
- [stix2 export] Fixed event labels fecthing. [chrisr3d]
- [stix2 import] Importing TLP Marking definition objects only.
  [chrisr3d]

  - Following the changes on export script
- [stix2 export] Faster tags handling function. [chrisr3d]

  - Compressed the function, removing some useless
    lines / variables
- [stix2 export] Exporting only TLP tags as MarkingDefinition.
  [chrisr3d]

  - The other tags are (as before a recent change)
    exported as labels

Other

v2.4.101 (2019-01-20)

New

- [feeds] Opened up feed inspection to host org users and added servers
  to overlap matrix. [iglocska]
- [remote caching] First release version of the remote caching.
  [iglocska]
- [server caching] Initial version WIP. [iglocska]
- [UI] PopoverConfirm now support shortcut (<ENTER>/<CTRL>+<ENTER> to
  submit and <ESC> to Cancel) [mokaddem]
- [attackMatrix] Added support of chosen in the ATT&CK Matrix.
  [mokaddem]
- [addObject] adding objects is done via the generic_picker. [mokaddem]
- [galaxy] Added bulk galaxy tagging. [mokaddem]
- [UI] generic_picker - WIP. [mokaddem]
- [cache export] Added the includeEventUuid flag to the output.
  [iglocska]
- [publishing] Unpublish function added. [iglocska]

  - users were jumping through hoops to unpublish an event
- [UI] disable attribute correlation during creation / modification.
  [iglocska]
- [config backup] Added logging and a second protective measure.
  [iglocska]

  - if the current config.php is hosed, don't start the backup process and overwrite the backup
- [galaxies] adding galaxies no longer needs a full refresh of the page.
  [iglocska]

  - use the new ajax function to get the galaxy information returned
- [galaxies] added new function to show galaxies in ajax queries.
  [iglocska]
- [tag collections] Add default tag collection per instance. [iglocska]
- [tag collections] First feature complete minimal version of the tag
  collection system. [iglocska]
- [tag collections] Added missing views. [iglocska]
- [tag collections] Renamed tagCollectionElement to tagCollectionTag.
  [iglocska]
- [tag collections] WIP. [iglocska]
- [WIP] tag collections WIP. [iglocska]
- [tag_collections] Added db upgrade. [iglocska]
- [Tag collections] Added boilerplate models. [iglocska]

Changes

Fix

- [caching] Some minor fixes. [iglocska]
- [ACL] ACL updated. [iglocska]
- [AttackMatrix] Stopped comparing string with integer. [mokaddem]
- [generic_picker] avoid having option's name as an array key.
  [mokaddem]
- [generic_picker] hide div if `empty` is selected. [mokaddem]
- [tags] picking all tags removed galaxies in the picker. [mokaddem]
- [tag collections] Adding tags to tag collections fixed. [iglocska]
- [ACL] small ACL fix. [iglocska]
- [Tag collections] Fix case of several tag IDs being passed. [iglocska]
- [ACL] Restrict tag collection modification to tag editors. [iglocska]
- Added some more escaping. [mokaddem]
- [UI] prevent failing if generic_picker is not in a popover. [mokaddem]
- [JS] switch to local variable. [mokaddem]
- [App] Bump queryVersion. [mokaddem]
- [attackMatrix] do not throw an error for an edge case where the user
  did not have full permission. [mokaddem]
- [tagCollection] typo in variable name preventing addition of tag for
  non-admin users. [mokaddem]
- [massageTag] variable name collision causing tags to disappear.
  [mokaddem]
- [tagCollection] galaxies can be removed from tag collections.
  [mokaddem]
- [MassEdit] Prevent undefined clusters/tags if unset + enforce
  attribute perms. [mokaddem]
- [UI] generic_picker prevented nested redrawing. [mokaddem]
- [Unpublish] variable not set when not in event context (i.e.
  revise_object) [mokaddem]
- [internal] EventID filter now accepts uuid and ID correctly.
  [iglocska]
- [UI] notice error fixed for tag filters in attributes/search.
  [iglocska]
- [internal] Fixed uuid/id lookups not working on the attribute level.
  [iglocska]
- [UI] mismatched button class usage for discussions. [iglocska]

  - this was driving me nuts.
- [doc] Updated Kali scripts. [Steve Clement]
- [stix2 import] Fixed copy paste monkey 'self' missing error.
  [chrisr3d]
- Avoid ignoring stix2 scripts. [chrisr3d]
- [stix2 import] Fixed default event & attribute distribution values.
  [chrisr3d]
- [stix import] Fixed default event & attribute distribution values.
  [chrisr3d]
- [attribute search] Restore pivoting from attribute tag to the
  attribute search results. [iglocska]

  - contrary to the pre-API-refactor versions, inherited event tags are also taken into account
- [attribute search] Trigger the result screen instead of the search
  form if the tags parameter is provided via the URL in a GET request.
  [iglocska]
- [API] correctly handle custom delimiters in the filter builder.
  [iglocska]
- [stix2 import] Fixed imported galaxyCluster uuids. [chrisr3d]

  - Which are actually collection_uuids
- [stix2 export] Fixed GalaxyCluster uuid fetching. [chrisr3d]

  - Which is actually collection_uuid
- [stix2 import] Using a STIX2 object attribute instead of its
  dictionary format. [chrisr3d]
- [stix2 export] Fixed MISP tags parsing. [chrisr3d]

  - To support composite predicates
  - Also changed variable names to match with
    the actual tag part names
- [stix2 export] Fixed wrong variable name. [chrisr3d]
- [stix2 export] Parsing relationships at the end of the event.
  [chrisr3d]

  - Minor change only impacting the order of the STIX Objects
  - But cleaner code (relationship parsing code in a function)
- [event] attributes quick tagging. [mokaddem]

  scope used to be singular (attribute instead of attributes), it is know set accordingly
- Fixes javascript issue #3952. [Christophe Vandeplas]
- [eventView] restored bulk tagging feature. [mokaddem]

  Since the introduction of the tag collection, bulk tagging of items in
  the event view stopped working (Behavior of tag's view changed to use scoping instead
  of calculated variables in the tag's Controller)
- [stix2 export] Cleaned up the link attributes parsing. [chrisr3d]

  - Removed useless class attribute
  - Cleaned up the parsing code itself
- [stix2 import] Avoid error on fetching relationship by uuid.
  [chrisr3d]

  - Fixes an issue that did not put (for instance)
    Galaxies on attribute level within the attribute
    because of the uuid fetching error
- [stix2 import] Better parsing of external single attributes.
  [chrisr3d]

  - To parse relationships concerned by the attribute,
    at the same time, if needed
- [timeout setting] Fixed invalid cooke timeout name. [iglocska]
- [tag collections] Fixed hook to reload galaxies. [iglocska]
- [ACL] Added ajax function to ACL. [iglocska]
- Bumped cti-python-stix2 latest version. [chrisr3d]
- [api] editing organisation attributes, other than name. [Jan Skalny]
- [galaxies] Some minor fixes with the ajaxification. [iglocska]
- [galaxies] added new view that wasn't finished for the previous commit
  (stil WIP) [iglocska]
- [over-sanitisation] cleared up over-sanitised message in the events
  controller. [iglocska]
- [ACL] Added missing function. [iglocska]
- [tag collections] Fixed several bugs linking to the wrong tag
  collection when attaching them to an event/attribute. [iglocska]
- [tag collections] Fixed an issue where if a collection was added that
  already had all tags attached from before, the process would get stuck
  with no feedback to the user. [iglocska]
- [taxonomies] Tag list empty fixed. [iglocska]
- [data model] added the fix to the org_id field in the tag table to the
  mysql.sql file. [iglocska]
- [data model] fixed a bug that caused org_id fields to be tinyint(1)
  for org_ids on tags. [iglocska]
- [tag collections] fixed galaxies not showing up. [iglocska]
- [added missing controller] tag collections controller. [iglocska]
- [model linking] Made tag collection tag dependent of tag. [iglocska]
- [db update] Fixed update script for tag collection tags. [iglocska]
- [cleanup] removed tagCollectionElement. [iglocska]
- [js] Various fixes with adding/removing tags. [iglocska]

Other

v2.4.100 (2018-12-31)

New

- [restClient] Added support of URL param in the querybuilder widget.
  [mokaddem]
- [restClient] Transform query to json, more descriptions and layout
  changes. [mokaddem]

  - Added a lightweight query parser to construct the JSON body from the query builder
  - Added more help text on API fields
  - Added help hoover on API fields (when applicable)
  - Added `optgroup` in template select
  - Slight CSS modification on the overall page
  - Changed behavior of template fetching (template existance is checked locally, do not wait before pulling the API info HTML)
- [rest client] added first draft of querybuilder widget. [mokaddem]
- [attributes] Add cdhash attribute, 40+ digit hash, default Payload
  delivery, ids=1 (#3965) [Daniel Roethlisberger]
- [eventview] value quickedit are triggered by clicking a button And no
  longer using double-click. [Sami Mokaddem]

Changes

Fix

- [cleanup] Fixed a few issues. [iglocska]

  - unnecesary access to controller from component fixed (load component instead)
  - confusion between private and public variables resolved
  - some minor fixes for rules
- [restClient] form submission is working again. was blackholed due to
  form tampering. [Sami Mokaddem]
- [ui] prevent glitchy popover by increasing item size. [Sami Mokaddem]
- [object references] Editing an event failed to save new object
  references. [iglocska]
- [expansion] Hover broken after pagination fixed. [iglocska]
- [stix2 export] Fixed number_of_sections field in STIX PE extenstion.
  [chrisr3d]

  - Avoiding issues when the section referenced in the
    MISP pe object is actually not in the event
- [stix2 export] Added required field pe_type in STIX PE extension.
  [chrisr3d]
- [stix2 export] Fixed GalaxyCluster UUID fetching. [chrisr3d]

  - Supporting the latest changes on UUID field name
    for Galaxy clusters
  - Still supporting the previous UUID field name in
    the case of a terminal execution, with a former
    version of Galaxy clusters
- [stix2 export] Some fixes on 'Attribute' ObjectReference key + missing
  self argument. [chrisr3d]
- [stix2 export] Removed not used function. [chrisr3d]
- [stix2 export] Added interoperability parameter to all created STIX
  objects. [chrisr3d]

  - In order to avoid crashes on MISP data generated via the STIX import
- [stix2 export] Fixed GalaxyCluster uuids key fetching. [chrisr3d]
- [tools] Fixes missing sort in the PyMISP describeTypes generation
  (#3966) [Christophe Vandeplas]
- [publishing] Fixed several bugs in the background job responsible for
  publishing events. [iglocska]
- [stix2 export] Fixed field name Attribute for ObjectReference
  checking. [chrisr3d]
- [stix 1&2 export] Checking if a referenced pe-section is indeed in the
  event before trying to parse it. [chrisr3d]
- [correlations] Invalid orgc loaded in the attribute level
  correlations, fixes #3948. [iglocska]
- Make IE11 compliant by adding startsWith polyfill. [Tom King]
- Make IE11 compliant by removing default param value from ES2015. [Tom
  King]
- Make IE11 compliant by removing default param value from ES2015. [Tom
  King]
- [CLI] usage output fixed for the server shell tasks. [iglocska]
- [sync] Fixed an incorrectly formatted event index output when
  minimal:1 is passed, breaking the sync pull. [iglocska]

  - ffs
- [server preview] fixed sharing groups linking to the equivalent ID
  sharing group on the local instance. [iglocska]
- [api] Fixed event index to include sharing group metadata. [iglocska]
- [Restresponse] fixed XML converter. [iglocska]
- [compatibility] reverted IE11 breaking change in misp.js, fixes #3939.
  [iglocska]
- [feeds] Fixed an issue that caused a misp format feed fetch to fail
  intermittently. [iglocska]
- [upload_analysis_file] Prevent object creation on non-existing events.
  [Sami Mokaddem]
- [eventGraph] Object's label gets set correctly Add both requiredOneOf
  and required (forgotten one) fields in the Object's label. [Sami
  Mokaddem]
- [sync] Issue with events not updating on a pull. [iglocska]

  - overzealous protection removed
  - Conditions blocking an event edit via a pull now rely on the locking mechanism, relaxed via an internal sync link
- [UI] hover size fixed and scroll bar added. [iglocska]

  - part of the keep @rommelfs happy project
- [stix import] Fixed parsing of Custom objects. [chrisr3d]
- [stix 1&2 import] Fixed version attribute of the original filename.
  [chrisr3d]
- [doc] Updated install guide to include the latest changes on STIX2
  python library. [chrisr3d]
- [stix2 import] Allowing import of STIX 2.0 documents that have non v4
  UUIDs. [chrisr3d]

  - Some further operations may be done on those UUIDs later
  - Atm, we (at least) avoid loading errors from the stix2 python library
- [API] Attribute tags could be added by 3rd parties via the API.
  [iglocska]

  - fixed
- [objecttemplates] fixes issue #3921. [Christophe Vandeplas]
- [API] tags/attachTagToObject wasn't unpublishing events correctly.
  [iglocska]
- [attachement] prevent creation of empty event. [Sami Mokaddem]
- [restSearch] Using the correct python version to call STIX scripts.
  [chrisr3d]

  - Using the correct python defined in virtual env,
    if available, and the default global python3
    otherwise

Other

v2.4.99 (2018-12-06)

New

- [usability] Object templates view also accepts uuid as input vector.
  [iglocska]
- [UI] Added warning for users not to edit events as site admins.
  [iglocska]
- [CLI] Documentation updated. [iglocska]
- [Rest] Added system for GET requests in the templating system.
  [iglocska]
- [ReST] Added statistics. [iglocska]

Changes

Fix

- [stix import] Fixed missing event fields import. [chrisr3d]

  - Such as event info, event date and so on
- [STIX2] fixed stix2 to use the internal original file capture.
  [iglocska]
- [internal] Fixed the original file capture tool. [iglocska]
- [UI] Fixed event edit warning. [iglocska]
- [stix import] Fixed indicators parsing. [chrisr3d]

  - For stix1 generated with MISP
- [stix import] Made sure the header description value fetching test is
  working is all cases. [chrisr3d]
- [internal] Handle the upload of original versions of ingested files
  via a helper function instead of leaving it to external tools.
  [iglocska]
- [model] Network activity category: add x509-fingerprint-md5 and
  x509-fingerprint-sha256. [co59]
- [stix import] Fixed header description value fetching. [chrisr3d]

  - Again yes, but with the correct test now
- [UI] Fixed crappy old style flash mesage on events/add that has been
  an eye sore for ages. [iglocska]
- [stix2 import] Fixed pattern parsing for a specific case. [chrisr3d]
- [CLI] Added bruteforce protection cleaning. [iglocska]
- [API] previous commit fixed. [iglocska]
- [internal] When editing an object to add new attributes, correctly set
  the default distribution if nothing is set. [iglocska]
- [API] object edit fixed to return the object in the correct format.
  [iglocska]
- [API] when adding an object, the response should have the correct
  format. [iglocska]
- [internal] if no attribute distribution is found in the event edits,
  set the default instead of defaulting to 0. [iglocska]
- [i18n] Added __() where needed. fix: [doc] Typo in field. [Steve
  Clement]
- [freetext] fix notice on freetext import. [Sascha Rommelfangen]
- [stix2 import] Function name typo. [chrisr3d]
- [stix2 import] Handling cases where we have no galaxy. [chrisr3d]
- Fixed elements returned by the url object parsing function. [chrisr3d]

  - Was raising an unexpected exception in a special
    case, which was skipping the entire object,
    because of a missing element to return
- [merge conflict] resolved, [iglocska]

  - as notified by @a1ext

Other

v2.4.98 (2018-11-26)

New

- [server settings] Added automatic backup system for the server
  settings. [iglocska]
- [UI] Explain what caching vs fetching feeds means. [iglocska]

  via hover column header
- [API] Various enhancements and fixes to the APIs. [iglocska]

  - Added result count to restsearch API via the x-result-count header
  - Added the includeProposals parameter to the attribute level restsearch
  - Readability of events controller improved
  - Fixed a bug blocking malware samples from being added using /events/add when the encrypt=1 flag was set for raw sample inclusion
- [users/mails] Added possibility to send a mail to all users of the
  same organisation. [mokaddem]
- [users/mails] add confirmation popup before sending mails. [mokaddem]
- [freetext] Added BTC recognition, fixes #3864. [iglocska]
- Various fixes to the reporting of validation errors for saving
  attributes. [iglocska]

  - view the failed/succeeded saves in batch imports, fixes #3866
  - fixed a bug that inserted junk into the flash messages, fixes #3863
  - fixed a bug that removed all but the last entry in a failed batch import #3865
- [search] Rework of the UI attribute search complete. [iglocska]
- [attribute search] Rework of the UI version of the search to unify the
  functionalities with the event view. [iglocska]
- [stix2 import] Starting importing external pattern. [chrisr3d]

  - Starting with File objects
  - Also modified functions to make them reusable
- [enrichment] separate caches for hover and persistent hover results.
  [iglocska]
- [enrichment] clickable popup changes. [iglocska]

  - new persistent flag passed to misp modules to differentiate it from hovering
  - various UI changes
- [feeds] Changed default feed target to fixed event. [iglocska]

  - major cause of death by overcorrelating
- [doc] Added symlink to generic folder and added note what generic
  means/is. [Steve Clement]
- [doc] Added Tsurugi Linux install script. [Steve Clement]
- [search/sighting] Possiblity to quickly add sightings on ID or VALUE
  when searching. [mokaddem]
- [search] Added possibility to directly sight an attribute after a
  search. [mokaddem]
- [stix import] Marking parsing at attribute level. [chrisr3d]

  - Made marking parsing function reusable for
    event & attribute levels
- [statistics] Added local org and user/org counts. [iglocska]

Changes

Fix

- [ACL] ACL updated. [iglocska]
- Fixed header description value fetching. [chrisr3d]
- [sync] Fixed a blocking bug preventing a full push from working with
  sharing group events. [iglocska]
- [mactime] Some minor fixes. [iglocska]
- [CS] CS brought up to date. [iglocska]
- Error in mactime object. [aksha]
- [CS] coding standards script re-run. [iglocska]
- [mispObject] fixed disable_correlation saving & display issue. [Sami
  Mokaddem]

  Before this fix, MISP was not saving any modification related to disable_correlation.
  Moreover, the value of disable_correlation was always set to the one specified in the object's template
  regardless of its actual value.
- Fixes variable initialization inconsistency in Server push.
  [Christophe Vandeplas]

  Fixes issues like: Warning (2): count(): Parameter must be an array or an object that implements Countable in [/var/www/MISP/app/Model/Server.php, line 2353]
- [UI] clarification of the istance owner organisation field on the
  servers/add view. [iglocska]
- [CSV] Fixed some defaults for the CSV export. [iglocska]
- [API] Fix non exportable tags being included in the attribute level
  restsearch. [iglocska]
- [API templates] Clarification about the serversettings API. [iglocska]
- Test for old school CSV download. [Raphaël Vinot]
- [install] Added pip3 installation before the venv installation.
  [Andras Iklody]
- [instructions] Added missing virtualenv dependency. [Andras Iklody]
- [tools] misp-restore.sh incorrectly validating 'BackupFile' from the
  command line. [Chris Ford]
- [API] CSV ignore flag restored to old behaviour. [iglocska]

  - if not set, only return published events / to_ids flagged events by default
  - setting ignore:0 will result in the default behaviour
  - setting ignore:1 will result in unpublished events and non to_ids attributes being filtered out
  - fixed a bug that broke the CSV api if ignore:0 was passed
- [sync] Fixed an issue preventing sharing group distributed data from
  being pushed. [iglocska]
- [objects] Fixes issue #3874. [iglocska]

  - shouldn't be allowed in the first place
- [admin/email] replaced hardcoded url into baseurl. [mokaddem]
- [users/emails] submission fix + cleaned code + comments. [mokaddem]
- [stix import] Fixed uuid fetching. [chrisr3d]
- [missing files] added missing templates. [iglocska]
- [attribute search] Fixed invalid JS calls introduced as part of the
  rework (WiP) [iglocska]
- [api] Invalid handling of empty parameters in the built in parameter
  builder. [iglocska]
- [tags] showAttributeTag function now correctly culls galaxy tags.
  [iglocska]
- [stix import] Fixed Tags import. [chrisr3d]
- [stix export] Fixed dictionary update which requires lists and not
  tuples. [chrisr3d]
- [CLI] Fixed the CLI feed fetcher. [iglocska]

  - use "all" to fetch all feeds
- [sharing groups] Fixed several sharing group issues preventing proper
  editing of events with SGs. [iglocska]

  - include the uuid and modified time in the sharing group
  - fix the incorrectly embedded organisation object
- [API] better handling of trying to edit an attribute without
  permissions to do so. [iglocska]
- [stix2 import] Fixed relationship target uuid. [chrisr3d]
- [cleanup] Updated function names to differentiate observable parsing
  from the next updates on pattern parsing. [chrisr3d]
- [API] throw a proper error when trying to edit an event without access
  to doing so. [iglocska]
- [enrichment] linebreak woes. [iglocska]
- [enrichment] Adding proper linebreaks, cut 2. [iglocska]
- [cleanup] removed junk. [iglocska]
- [cleanup] Cleaned up STIX 1&2 export scripts. [chrisr3d]
- [stix2 import] Taking Relationship objects target_ref as uuid.
  [chrisr3d]

  - Better than using the Relationship id that is not
    going to be  represented in MISP
  - We directly have the uuid of the object that will
    receive an Object Reference
- Fixes attribute popup UI issues with expansion. [Christophe Vandeplas]
- [stix2 import] Excluding patterns with any of some linking words.
  [chrisr3d]

  - Since those patterns contain linking words we do
    not know how to map, we do not even try to parse
    them and only stix2-patterns will be created
    from them
- [stix 1&2 export] Making initiation lists immutable. [chrisr3d]

  - Lists only used for mapping should be immutable
    since they are not modified. Thus declaring as
    tuples is more appropriate
- [doc] Typo in index for Tsurugi Linux. [Steve Clement]
- [stix2 import] Better selection of objects to parse in object_refs.
  [chrisr3d]

  - It is not nececssary to call parsing functions on
    reports in object_refs because they are already
    parsed through the loop iterating through reports
- [stix2 import] Using Report attributes instead of dictionary keys.
  [chrisr3d]

  - Also improved the loop iterating through reports
- [stix2 import] Try-catching Report objects creator reference.
  [chrisr3d]
- #3774 [restResponse] added missing `includeEventTags` entry.
  [mokaddem]
- [doc] Added note about WSGI issues on Ubuntu 16.04 chg: [doc]
  Changelog.md updated to latest. [Steve Clement]
- [doc] Included git repo of gitchangelog due to Python 3.7 bug fix not
  yet in release: https://github.com/vaab/gitchangelog/issues/107.
  [Steve Clement]
- Travis build. [Raphaël Vinot]
- [acl] bumped ACLComponent. [mokaddem]
- [stix export] Fixed function header missing self attribute. [chrisr3d]
- [stix import] Using standard error instead of standard output for
  missing types in mappings. [chrisr3d]
- [stix import] Related objects parsing. [chrisr3d]

  - Not only for observables as before, but also for
    observable objects in indicators
- [stix import] Using subclasses + Support of STIX coming from multiple
  MISP events. [chrisr3d]

  - Using subclasses here allowed us to simplify some
    variables declarations and to reuse some functions
  - STIX coming from multiple MISP events refers to
    STIX files created via the MISP to STIX export
    that can include multiple MISP events

Other

v2.4.97 (2018-10-29)

New

- [sighting/api] xml output format + improved error feedback. [Sami
  Mokaddem]
- [sighting/api] trying to follow the new API architecture. JSON export
  is broken but CSV is working. WIP... [Sami Mokaddem]
- [Sightings/API] Added possiblity to get sightings based on a
  timerange/source/... [Sami Mokaddem]
- [docs] Added new sub-sections in seperate files that are shared
  between install guides. new: [docs] ethX.md to bring back eth0 new:
  [docs] mail to misp install debian flavored guide new: [docs] ssdeep
  install debian flavored guide new: [docs] viper install debian
  flavored guide new: [docs] sudo/etckeeper install debian flavored
  guide new: [docs] misp dashboard install debian flavored guide. [Steve
  Clement]
- [docs] Added 3 generic documentation files, one where the MISP install
  is completed, A specific centos/etc... one because, well, CentOS.. and
  the generic recommended actions section that kept repeating in all
  guides. chg: [docs] Implemented the above 3 files in all the guides.
  Plus some format changes. [Steve Clement]
- [docs] Added generic notice about community contributed doc
  maintenance. [Steve Clement]
- [galaxy] Several changes. [iglocska]

  - moved the current uuid field on cluster level to a new "collection_uuid" field to better represent the actual purpose
  - added new uuid field that actually captures the cluster's uuid
  - upgrade script is multi-execution safe
  - added /galaxy_clusters/view to the API
  - /galaxy_clusters/view can now be queried via the uuid instead of just the ID
- [docs] Added globalVariables files to be included by all Install
  Guides chg: [tools] Updated dependencies on docs creator chg: [docs]
  Some minor changes to Ubuntu Install guide and added
  VariableglobalVariables chg: [docs] Updated mkdocs.yml with new
  dependencies. [Steve Clement]
- [docs] Added eXperimental RHEL7.6 (BETA) Install Doc. [Steve Clement]
- [tools] Added tool to create MISP INSTALL Docs and push to gh-page,
  plus it fetche latest Changelog.txt. [Steve Clement]
- [docs] Added intial mkdocs directory. [Steve Clement]
- [API] Added CSV as return format for event index. [iglocska]
- [API description] Describe how to run diagnostics on MISP via the API.
  [iglocska]
- [upgrade] Preparing the data for recovery after the object reference
  sync fix. [iglocska]

  - update the timestamps of all events / objcts that are affected and are locked = 0
- [API] Added a way to use the API to throw values at the warninglist
  for quick evaluations of the values. [iglocska]
- [logging] Log why an event could not be pulled. [iglocska]
- [API documentation] Added some missing API templates. [iglocska]
- [API] Added the log index/search to the API. [iglocska]

  - described in the templates / rest client page
- [related tags] View the related tags of attributes on the event view
  (via a toggle) [iglocska]

  ,,.,,+zznzzzzzzzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMxMxMMWMMMWMMz*ii****iiiiiiiii**iiii,....
  ,,.,,#zzzzzzzzzzzzzzzzzzzzzzzznxMMMMMWMMMMMMMMMMMMMMMMMMxMxMMMWWWWWWWWx+*iii*iiiiiiiii*iiiii,,,..
  ,,,,,#zzzzzzzzzzzzzzzzzzzzzzznMWWMMMMMMMMMMMMMMMMMMMMMMMWWMxnnzxxMWWWWMn*iiiiiiiiiiiiiiiiiii..,..
  ,,,,,#znzzzzzzzzzzzzzzzzzzzznMMMMMMWWWWMMMMMMMMMMMMMMMMWWWMMMxnxxxxMMMMW#*iiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzzzznMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMWxMMMMMMxxxxnxxz*iiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWMWWWWMWMMMxxxni*iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMWWMWMMWWWMMMni*iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzzzxWMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMWMMMMMMWMWWMMMMMz*iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznzzznMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMMMMMMMMWn*iiiiiiiiiiii*i,.,.,
  ,,.,,#zzzzzzzzzzzzzzznzzzxMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWWMMMMMWWM+*iiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzznzzznzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMWWWWWWWWWWWWWMMWWn*iiiiiiiiii*i,.,.,
  ,,.,,#zzzzzzzzzzznzzzznzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMMWWWWMMWWWWWMMMM**iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzznMMMMMMMMMMMMMWMMMMMWMMMMMMMMMMMMMMWWWWWMMMMMMMMWWWWWMWM#iiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWMMMMMMMWWWWMzi*iiiiiiii*i,.,.,
  ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMMMWMnzxMMMMMMMMMMMMMWWWWWWWWWWWWMMMMMMMWWWWni*iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzWMMMMMMMMMMMMMMMnnzznxMWMMMMMMMMMMWWWWWWWWWWWWWWWWWMMWWMn**iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMWMMMMzz#+#znxMWMMMMMMMMMMMMMWWWWWWWWWWWWWMWWMn**iiiiiiii*i,.,,,
  ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMxz#*i**+zznMMMMMMMMMMMMMMMWWWWWWWMWWWWWWWx**iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMWWMMn#*iii*i*+znxMWMMMMMMMMMMMMWWWWWMMMMMMMMMM+*iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzznMWMMMMMMMMMMMMn#*iiii*i*i+#znMMWWMMMMMWMWMMWWWMMMMMMMMWWx+iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMx#i*iii**iiii*#znxMWMMMMMMMMMMMWWMMMMWWWWWWniiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznzMMMMMMMMMMMMxn+ii**i**iiii*i*zznMMMMMMMMMMMMMMMMMxMWWWMMx*iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznnMMMMMMMMMMMMxz*ii*iiiiiiiii:;*+znMWMMMMMMMMMMMMMMMMMWWWMx**iiiiiiii*i,.,,.
  ,,.,,#zzzzzzzzzzzzzzzznMMMMMMMMMMMMMn+ii*iiiii**;;:.:i*zznxMMMMMMMMMMMMMMWWWWWWni*ii**iiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzxMMMMMMMMMMMMMn*ii*iii*i;:,.,..,.,;+znxxMMMMMMMMMMMMMMWWWziiii**iiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMxzi*ii*ii*;,,,,,,,,,,,,:i*i#znnnxMWWMMMMMMMWn*iii*iiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMz*i*i*i*;:,.,,,,,,,,,,,,.,,,;i*#zznxMMMMMMWWM+iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iii*i*i:.,.,,,.,.,,,,,,,,,,,,,,;i#znxMMMMMWM+iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iiiiii:.,,.,,.......,,,,..,,,,,,,,iznxMMMMWM*iiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznMMMMMMMMMMMMx#ii*ii:.,,,,,,..........,.....,,,,,,:*#MMMMWxi*iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzMMMMMMMMMMMMn+i*i;:,.,,,......,.............,....,,;xMMMWniiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznzzMMMMMMMMMWMn+iiii;,,,,,,.,..........,....,.,...,,,,.zMMMMxiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznznMMMMMMMMMMnz*iiii:,,,,,,,,,,,,................,,,...zMMMMzi*iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznznMMMMMMMMMxzz**ii;..,,,.,,,,,,.................,,,...nMMMM#**iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznzzMMMMMMMWxzzz+iii:.,,,,.,,,,,....,............,,,,..,nMMWx*iiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznznMMMMMMMWnzzzn+i*,...,,..,,,.,..,.,...,........,,,.,;MWMM+iiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzzzzzii*++++z+;,,,.,,,,,,,,,...,.....,...;MWMxii**iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzznzzzzznnnzzzn#i,,,.,...................,MWM#iii*iiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzxMMMMMMMMzz+#znzznznMWWMMWMx#i:,,,,,,,,,,,,,,.,,..,,:MMx*iiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzxMMMMMMMxzz**#znMMnnxxxxxMWWWMnz;,,,,,.,.,,,,,,,,,,,,MMziiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzMMMMxMMMnzz*ii#nWWWWMWWnMMMWWWWWn*,,;i;i;**+#zzz+i,,,Mx*iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzMMMMMMMxzzzi*;,+xWWMnxMnx+xMWWMWWn,.,znMMMxxMMMMxni:*Mziiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzznxnxMMMMxznziii.,:+nxiinn*.iMMMWMM+,,.*WWWWWWM#:,:#z##M*iiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzznzznxzMWMMMxznziii,..,+#n:,:,,,izzMM#;,,,+WWWWWzxn+i,:zzzMi**iiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzznzznnzxMMMMxzz#ii;,,,,:**++i::,:::zx;,,,,#MM#zxxMznWx#+izxiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzxnzMWMMMnzzz*i:.,,,,,,,i;i;,,.,*n,,,,,+#+::#n*,#xni,,zniiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzxnzMMMMWnzzz**;..,,,.,..,;,,,,,;n,.,,:*;,:::,,,:*,.,,n#i*iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzznxzMWMMMnzzz**i,..,,.,,,,,,,,,,+#,...,i,.,;**++*:.,,:x***iiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzznzznnxWWMxnzzzz+*i,,,,,.,,,,,,,,,:z;,,..,:..,,,,::.,..,;xi*iiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzznxxxzzzzzz+ii,...,.,,,,,,.,,+zi.,,.,,.,,.,,..,,,,,++iiiiiiiiiiiiiiii*i,.,,.
  ,,.,,#zzzzzzzzzzzzzzzzzznMzzzznz#ii:.,.,..,,,,,,,izn:,..,.,,..,...,,.,,,#*iiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzznxzzzzzz#ii;.,.,..,,,,.,:zzz,,..,,,,.,...,,,,,,:+*iiiiiiiiiiiiiiii*i,.,,.
  ,,.,,#zzzzzzzzzzzzzzzznzxxzzzznzz*i;..,,,.,,,,..;zz*..,.,,,,........,.,**iiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzznzxMnzzznzz*ii,.,,,,,,,,,,ii:,,,,,,,,,,,,,,.,,.,;+*iiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzxMzzzzzzz**i,,.,..,,,,,;*:*,,,.,,...,,,,,,.,,,**iiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzzzzzMMnnzzzzz*ii:.,,,,,,..,#nnn#+,,,,,..,,....,.,i+i*iiiiiiiiiiiiiiiii*i,.,,.
  ,,.,,#zzzzzzzzzzzznzznnzMMnxzzzzz**i;.,,,,.,,.,zxWWWxi,,,:*,,,..,.,,,#**iiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzzznM+WMxxzzzzz***;..,,,,,,..;xWWWWn+**#;,,,,.,,,.i#*iiiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzznW#zWMxnnzzzz*iii,.,,,,,,,,,+nWMWWWMx+,,,,,.,,,,++i*iiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzznMM,zWMMnnzzz#*ii*;.,,,,,,::iznxMMWWWWn#;,,.,,,,*#**iiiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzzzzMWz,zMMMxxznn#*ii*i::;i++#zznxWxxxWWWxxxzi,.,,,,#+iiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzznMWW#,#MMMMMnznz*ii**izzzzzzxMMWWnxM@WMMMMzzi,.,,+*+iiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzznMWWW#,*xMMMMnznz*iiii+MnnnnnxMWWWxxMxMxMxxxnz*,,,*+*iiii**iiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzzzMWWWW#;;zMMMMMnnz#*i*#MWxxxxxMWMxMMxMxMWWWWxMzn;.i:#*iiii**iiiiiiiiiiiiiii*i,.,..
  ,,,,,#zzzzzznnzxWWWWW#:;+MMMMMxzzz#*zzxWMWMWxMWWMMWWMMWWWWMxxMn:,*:#iiiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,#zzzzzzzzxWWWWWWz::inMMMMMxznzzzzznxMMMxxxMMxxxzxMWWWMMWWx:ii+*iiiiiiiiiiiiiiiiiiiiii*i,.,..
  ....,#zzzzzzznWWWWWWWz;,;+MMMMMMxzzzzzzzzznz#**i;::,,:;#nxxWMM+;*;+*iiiiiiiiiiiiiiiiiiiiii*i,.,..
  ...,,#zzzzzznMWWWWWWWni,,*nWMMMMMxnzzzzzzzz#i*i,,,,:,,,,:+#z##i#+#*iiiiiiiiiiiiiiiiiiiiiii*i,.,..
  ...,,#zzznnnxWWWWWWWWx*,.i+MMMMMMMMxxnzz#+****i,i**#z+;,:*iiii*zz+*iiiiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,,,,#nzzzxMMWWWWWWWWW*;.:*#WMMMMMMMMxz+**iiiii;*++####:;i****zz#*iiiiiiiiiiiiiiiiiiiiiiii*i,.,,.
  ,,,,,#zznMWxWWWWWWWWWWz;,.;*nWMMMMMMMMnz#ii:.....,,,,,,,,ii*+zzz*ii**iiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,,,,#nxWWMxWWWWWWWWWWW;:,,*+xMMMMMMMMMxnz*:.,,,,,..,,,,,,i#nnx+i*i*iiiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,,,,zWWWWMxWWWWWWWWWWW*;,.,*+MMMMMMWMMWMx#*:,,,,....,,,,:#nMM#+*ii*iiiiiiiiiiiiiiiiiiiiii*i,.,..
  ,,,,,xWWWWxWWWWWWWWWWWWx::,,:;+MMMMMMWMWMMnz+:....,,.,,,,+MWMM*#z+*iiiiiiii**iiiiiiiiiiiii*i,.,..
  ,,,,,xWWWMxWWWWWWWWWWWWW+:,,,;:+MMMMMMMMMMMxnz*;,,:,,,i+#xM++W#+nz#iii*iiiiiiiiiiiiiiiiiii*i,.,..
  ,,,,,xWWWMMWWWWWWWWWWWWWx,,..,;,*xWMMMMMMMWMWxnn####+##nxx#,+Wx*nznz:i**iiiiiiiiiiiiiiiiii*i,.,..
  ,,.,,xWWWxMWWWWWWWWWWWWWWi.,,,,:,*#MMMMMMMMMMWMMxxxxxxxMnn,.zWM#;zzMn;*i*iiiiiiiiiiiiiiiii*i,.,..
  ,..,,xWWWxWWWWWWWWWWWWWWWx,,,,,,:,;+MMWMMMMWWWWWWWMMMMMxn:..nWWni+nzMn#niii**iiiiiiiiiiiii*i,.,..
  ,..,,xWWMxWWWWWWWWWWWWWWWWi,,,,.,:,,;xWMMMMMMMMMMMMMMxnni...xMWxz;znnMxxM#;i*i**iiiiiiiiii*i,.,..
  ,..,,xWWMMWWWWWWWWWWWWWWWWz.,,...::,,;zWMMMMMMMMMMMMnzzi,,,,MMMMx*innxMxxWx+iiii**iiiiiiii*i,.,..
  ,..,,xWWMMWWWWWWWWWWWWWWWWM:,,...,:,,,,+xWMMMMMMMMxnnzi,.,,,MMMMMzinxMxMxxMMM#;i**iiiiiiii*i,.,..
  ,..,,xWWxWWWWWWWWWWWWWWWWWW*.,.,.,,:,,.,i+xWWMMMMxnnni,,,,,.WMMMMMz#nMMxMMMMMWxi;i*iiii*ii*i,,,..
  ,..,,xWWxWWWWWWWWWWWWWWWWWWz.,,,,.,,:,,,,::#@WMMxnnn;..,,.,:WMWMMMMznxWxxWMMMMMM#;iiiiiiii*i,,,..
  ,..,.nWMMWWWWWWWWWWWWWWWWWWM,.,,,...,,..,.,.iMWMxnz:.,.,,.,;WMWMMMMnzxMMxMMMMMMWMxi;i*iii*ii..,..
  ,..,,nWWMMWWWWWWWWWWWWWWWWWWi,,,....,.,,.,,,,:nxxz:,.,,,...iWMWMMMWMznMMMxMMMMMMMMMzi;i**iii..,.,
  ,..,,xWWWMMWWWWWWWWWWWWWWWWW#:.....,....,.,,..:#+,..,,,....:WWMMMMMMxnnMMMxWMMMMMMMWM#;;*i*i,.,..
  ,..,,xWWWWWMMWWWWWWWWWWWWWWWxi:..,.......,,,,..;;,...,,...,,@WMMMMMMMxzxMMxxMMWMMMMMMWx+;iii,,,..
  ,..,,xWWWWWWMMMWWWWWWWWWWWWWM*i,,,,......,,,,,;MWx+,..,,,..,@WMMMMMMMMnzxxnMMMMMMMMMMMWWx+ii,,,,.
  ,..,,xWWWWWWWMxWWWWWWWWWWWWWW+*;,,,,.....,,.,,xWWW@n:.,,,,.,WWMMMMMMMMMnnnMMMMMMMMMMMMWMWMxz,,,..
  ,..,,xWWWWWWWWMxWWWWWWWWWWWWWzi*;,,,,.....,,,nWMMMWWM:.,,,..MWMMMWMMMMMMnMMMMMMMMMMMMMMMMMMx,.,.,
  ,..,,xWWWWWWWWMxWWWWWWWWWWWWWMiii;,,.,,...,.zWWWWWWWWn,.....zWMMMMMMMMMMMxMMMMMMMMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWMWWWWWWWWWWWWWWWiii*;,,,,,,.,z@WWWWWWWWW*,..,,zWMMMMMMMMMMMMnMMMMMMMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWMWWWWWWWWWWWWWWW@+,;ii:,,.,,,zWWWWWWWWWWWM:.,,,#WMMMMMMMMMMMMxnMMWMMMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWz,.;i*:...,ixWWWWWWWWWMMW+,,,.+WMMMMMMMMMMMMMxxMWWMMMMMMMMMMMx,,,..
  ,..,.xWWWWWWWWWWWWWWWWWWWWWWWWM,,,iii,,,;i+WWWWWWWWW#+xx;,,.+WWMMMMMMMMMMMWMxxMMMMMMMMMMMMMx,,,,,
  ,..,.xWWWMWWWWWWWWWWWWWWWWWWWWW;.,:iii,:ii*xWWWWWWWW+i*Mz,.,*WWMMMMMMMMMMMMWMxnMMMMMMMMMMMMx,,,..
  ,..,.xWWWMWWWWWWWWWWWWWWWWWWWWWz.,.;i*iiiiinWWWWWWWW*i*+z*.,iWWMMMMMMMMMMMMMMMxxMMMMMMMMMMMx,,,..
  ,..,.xWWWMMWWWWWWWWWWWWWWWWWWWWx,,,.i***;:i#WWWWWWWMi*ii*zi,;WWMMMMMMMMMMMMMMMMxMMMMMMMMMMMx,,,,.
  ,..,,xWWWWMMWWWWWWWWWWWWWWWWWWWW;,,.:*ii,,i+WWWWWWWM::iiiizi:WWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW+,,,.,i,,,;*WWWWWWWx:.:iii*z*MWMMMMMMMMMMMMMMMMMWMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWn,,,,...,,:*MWWWWWWn:..;ii**xWWMMMMMMMMMMMMMMMMWWMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWW:.,.,,,.,,iMWWWWWWz,.,,i*i*nWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW@*..,,,..,,ixWWWWWWz..,.,i*inWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,,.
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWn,.,,,,,,,;n@WWWWWn..,,,:*izWWMMMMMMMMMMMMMMWWWWMMMMMMMMMMx,,,..
  ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWM:.,,,....:xWWWWWWM,,,,,.:izMWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,..
  ,..,,nMWWWWWWWWWWWWWWWWWWWWWMWWWWM#*********MWWWWWWW+*******nMWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..
  ,..,,nMWWMMMMMMMMMMMMMMMMWWMMMMMWMMMWWMMMWWMMMMMMMMMMMMWWMWWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,..

Changes

Fix

- [API] minor fixes to the sightings api. [iglocska]

  - fixed duplicate sighting tags in XML output
  - added attribute value to the sighting
- [sighting/api] added missing sighting source parameter. [Sami
  Mokaddem]
- [ACL] bumped queryACL. [Sami Mokaddem]
- [sightings/api] now support json output format. [Sami Mokaddem]
- [bug] Fixed bug with stacking login screens ontop of an event view.
  [iglocska]
- Aws would error if asked to del non-existing. [Hannah Ward]
- [stix import] Avoided import of empty header description. [chrisr3d]
- [galaxy] added collection uuid capture. [iglocska]
- [view] Added uuids to galaxy cluster view. [iglocska]
- [stix export] Avoided putting Incident object as attribute everywhere.
  [chrisr3d]

  - Incident is now a class attribute
  - It also let us make the function parsing some
    not really common attribute types lighter by
    putting a conditionnal statement in another
    function
- [stix export] Made 'header_comment' a list so we don't overwrite the
  value. [chrisr3d]

  - There should only be one attribute matching the
    condition per event, but it is juste to be sure
- [thumbnail] Thumbnail visualisation broken on proposals, fixes #3793.
  [iglocska]
- [server] Allow certificates to be uploaded with other extensions
  besides .pem, fixes #3797. [iglocska]
- [stix import] Importing uuids for objects from external sources.
  [chrisr3d]
- [stix import] Importing uuids for STIX files generated via MISP.
  [chrisr3d]
- [stix import] Improved uuid fetching. [chrisr3d]
- [stix import] Better event & attribute distribution parsing.
  [chrisr3d]
- [stix import] Supporting DHS stix files with ais marking. [chrisr3d]
- [stix import] Fixed import of File Objects as single attribute.
  [chrisr3d]
- [stix framing] Fixed Related Package(s) xml field typo. [chrisr3d]
- [stix export] Fixed xml package string replacement. [chrisr3d]
- [stix2 import] Avoiding errors when the imported file name is not
  specified. [chrisr3d]
- [routes] Added route for .csv parsing. [iglocska]
- #3769 Att&ck matrix now render multiple kill_chain by column. [Sami
  Mokaddem]
- Check if the format is xml or application/xml on __sendResponse. [Tom
  King]
- [cleanup] Removed debug from the bug fixing session. [iglocska]
- [internal] Sharing group capturing fixed, fixes #3573. [iglocska]

  - As reported by @eCrimeLabs
- [internal] Unneeded model initialisation for
  getDefaultAttachments_dir() [iglocska]
- [stix2 import] Fixed GalaxyCluster description. [chrisr3d]

  - Since description is optionnal in some STIX 2.0
    objects, we test if the field is there before
    trying to use its value
- [stix2 import] Fixed MISP event info field when importing STIX2
  without report object. [chrisr3d]
- [stix2 import] Fixed json dict monkey syntax error. [chrisr3d]
- [internal] getPythonVersion woes. [iglocska]
- [internal] Fix of wonky model function calls across the application
  for getting default attachment directories. [iglocska]
- [Galaxy] Various fixes to blocking issues with the galaxy update
  system, fixes #3773. [iglocska]
- [API] Handle multiple event IDs being queries or not using the event
  ID filter when generating the CSV output file names. [iglocska]
- [internal] Fixes to invalid model function calls. [iglocska]
- [tools] small typo in she-bang line. [Steve Clement]
- [stix2 import] Made NetworkTraffic objects import include all the
  possible cases. [chrisr3d]

  - We were potentially missing some DomainName
    or IP Address objects data, when it is not
    a reference of the NetworkTraffic object.
  - Now we look if we still have some of these
    objects that did not have been parsed, and
    in that case, parse them.
- [stix2 import] Quick change on event loading. [chrisr3d]

  - Specifying the encoding within the file opening
  - Allows to get rid of 1 'encode()' call
- [stix2 import] Better parsing for objects that can be imported as
  either ip-port or network-socket. [chrisr3d]
- [stix2 import] Supporting STIX 2 files with no report object.
  [chrisr3d]
- [stix2 import] Moved the remaining parsing functions from the mapping
  script to the main script. [chrisr3d]

  - Fixing at the same time some AttributeName errors
- [stix2 export] Fixed enumeration errors handling. [chrisr3d]

  - More specific exception types
  - Removed useless try/catch statement
- [stix2 export] Fixed attributes data parsing. [chrisr3d]

  - With json format, base64 & encode/decode
    operations are no longer needed since the base64
    string is already displayed in data
- [stix2 import] Fixed process import. [chrisr3d]

  Fixing import for cases like:
  - single process without parent or child
  - where processes are not referenced as expected
- [stix2 import] Fixed monkey coder issue. [chrisr3d]
- [stix2 import] Added missing uuid fields to attributes and objects
  imported. [chrisr3d]
- [stix2 import] Quick clean-up. [chrisr3d]

  - Using MISPObject class & attributes instead of
    adding a MISP object dealing with a dictionary
  - Using STIX objects attributes instead of
    ditionary keys
  - Removed useless 'continue' statement
- [stix2 import] Parsing file objects in a more generic way between
  classes. [chrisr3d]
- [stix2 import] Moved file object parsing function into the subclass.
  [chrisr3d]

  - Because it is only called by functions of this subclass
- [stix2 import] Removed useless function. [chrisr3d]
- [search] Multiple lines didn't correctly get parsed as separate values
  in the attribute search. [iglocska]
- [workers] manage workers by default defaulted to false (should be
  true) [iglocska]
- [API] Further fixes to the query builder. [iglocska]
- Travis import/export. [Raphaël Vinot]
- [API] Further fixes to the tag handling. [iglocska]
- [API] Handle filters with no valid tags set as filter patterns
  correctly. [iglocska]

Other

v2.4.96 (2018-10-09)

New

- [ReST client] generate python output too. [iglocska]

  - also, nicer toggle!
- [API] Added cache export to export list. [iglocska]
- [ReST Client] added curl output to make everyone's lives a bit easier.
  [iglocska]
- [API] Added returnFormat descriptions in a programmatic way to the API
  info. [iglocska]
- [API] Added a new export that simply hashes all values with a
  requested hash format. [iglocska]
- [API] rework of the searchall/quickFilter parameters. [iglocska]

  Now it correctly works as intended on both attribute and event contexts
- [API] documentation added for the new APIs. [iglocska]
- [export] Further changes required for the reworked export added.
  [iglocska]
- [exports] New export system using restsearch. [iglocska]
- [search] download functionalities added to the search. [iglocska]
- [search] view changes added for the search. [iglocska]
- [search] Search refactored completely to use restsearch. Still needs
  some minor changes. [iglocska]
- [internal] restsearch's bulk code moved to the model for attributes.
  [iglocska]
- [api] CSV export using thin overlay over restsearch. [iglocska]
- [API] attributes/restSearch has received CSV as a new export format.
  [iglocska]

  - added hook to modify parameters based on the export's internal settings
- [API] restsearch's internals moved to event model and reworked.
  [iglocska]

  - better chunking and parameter handling
- [API] events/restSearch reworked, added CSV export. [iglocska]
- [API] CSV export tool completely reworked. [iglocska]
- [API] Improvements to the fetcher. [iglocska]

  - cache several objects that were loaded over and over before on bulk exports
  - includeGranularCorrelations internal flag added to include/exclude correlations from the export for certain types
  - some cleanup
- [internal] Added caching to the sharing group organisations.
  [iglocska]
- [internal] Organisation internal caching added. [iglocska]
- [internal] GalaxyCluster internal caching added. [iglocska]
- [API] added sendFile function to rest response component. [iglocska]
- [API] events/restsearch rework - chunked export for performance gains.
  [iglocska]
- [API] enable/disable warninglists by name substrings instead of IDs,
  fixes #3706. [iglocska]

  - {"name": ["alexa", "iana"], "enabled": 1}
- [freetext] Freetext ingestion is now delegated to the background
  processing. [iglocska]

  - no setup needed
  - data to be ingested dropped to file, background worker ingests and processes the file
- [freetext import] Added detection for AS. [iglocska]
- [Complex type tool] Detection of [1] style refanging. [iglocska]
- [API] Rework of the restSearch APIs. [iglocska]

  - peformance tuning
    - removed some redundant looping
    - internal memory profiling for attributes/restSearch
    - saving the intermediary results to file instead of keeping it all in memory to reduce the memory footprint
  - added the searchall parameter
  - fixed the ignore parameter
  - added the event_timestamp parameter
  - added manual pagination to the attribute level restsearch (limit, page)
- [API] Added API description for the warninglist toggleEnable API.
  [iglocska]
- [API] Toggle the warninglists on/off in a convenient API. [iglocska]

  - via /warninglists/toggleEnable
- [blacklisting] pass parameters via named parameters to filter the
  index. [iglocska]

  - /eventBlacklists/index/event_uuid:[my_event_uuid]
- [API] Correctly handle objects in flat exports and exposed text export
  to event level search. [iglocska]
- [Galaxy] Delete individual clusters. [iglocska]

  - added an API and UI option to delete individual clusters
- [variable tags] Added the ability to load and display variable tags.
  [iglocska]

  - as requested by Siemens
- [API] Added the includeEventTags parameter to the
  /attributes/restSearch API. [iglocska]

  - appends all event level tags to each attribute
- [stix import] Adding object describing the original STIX 1.X / 2.X
  used for import. [chrisr3d]

  - Depending if the variable passed to those scripts
    are not None, then it is the name of the original
    file used to import data
- [API] Added possibility to include the original file while importing
  STIX data. [chrisr3d]
- [API] Tied the RPZ export into the restsearch APIs. [iglocska]

  - also, made the export modules aware of the exhaustive parameter list
- [API] Updated the RPZ export to follow the new API patterns.
  [iglocska]

Changes

Fix

- [sanitisation] Sanitise curl query. [iglocska]
- [stix2 import] Fixed to_ids flag in imported objects. [chrisr3d]
- [API] Fixed broken check for overriding IDS flags via proposals, fixes
  #3748. [iglocska]
- [stix2 export] Fixed process objects export. [chrisr3d]
- [stix2 export] Fixed function call typo. [chrisr3d]
- [Auth] Correctly handle users accounts getting deleted whilst the
  users are logged in. [iglocska]

  - deauthed users would end up in a forced loop having to read the news creating a new blank user with each page refresh
- [stix import] Updated external files import to include related
  indicators. [chrisr3d]
- [stix import] Fixed custom objects import from external files.
  [chrisr3d]
- [Objects] Adding an object would not unpublish the event. [iglocska]
- [stix2 export] Avoiding export of the object related to the original
  file used for import. [chrisr3d]
- [stix export] Avoiding export of the object related to the original
  file used for import. [chrisr3d]
- [stix import] Fixed original imported file Object name. [chrisr3d]
- Sort CSV file before comparing: we do not care what the order of the
  attributes is. [Raphaël Vinot]
- [CSV] boolean fields should be set to 1/0 instead of true/false.
  [iglocska]
- [freetext] tag field not working fixed. [iglocska]
- [stix2 export] Handled case where we have only link attributes to be
  imported. [chrisr3d]
- [restSearch] Avoiding useless stix python script calls on empty files.
  [chrisr3d]
- [stix2] invalid path to script dir. [iglocska]
- [restSearch] Ignoring square brackets around STIX2 objects returned by
  the python script. [chrisr3d]

  Because they are already provided by the framing script
- [stix export] Shortcut passing directly the 'Event' key of an event to
  the parsing functions. [chrisr3d]
- [stix2 export] Avoiding identity object duplication. [chrisr3d]

  - Fixed orgs list, adding each org seen as it was
    intended but forgotten until now
- [restSearch] Fixed return format for STIX formats. [chrisr3d]
- [restSearch] Added STIX 1 & 2 in valid formats. [chrisr3d]

  - Also fixed indentation of the validFormats array
- [restSearch] Fixed failed merge. [chrisr3d]
- [stix2 export] Stopped passing ORGs already parsed as argument of the
  python script. [chrisr3d]
- [restSearch] Changed how data is handled eeeeeeeeeee. [chrisr3d]

  - Criteria was number of events and is now number
    of attributes
  - Writing data in a file until the limit number of
    attributes is reached, then writing in the next
    file and looping again until all data is written
  - Then for each file, calling the python script to
    parse MISP events and translate them into STIX
  - Writing parsed STIX data into 1 file used to
    return the result
- [stix2 export] Fixed event dictionary reading. [chrisr3d]
- [stix2 export] Refactored MISP event format used to improve
  performances. [chrisr3d]

  - For big events, loading json file and parsing it
    as json format is much faster than loading it as
    PyMISP objects
- [stix2 export] Clearer string concatenation in scripts & directories
  names definitions. [chrisr3d]

  - Reuse of variable name instead of string concatening
- [restSearch] Refactored MISP event format used to improve
  performances. [chrisr3d]

  - For big events, loading json file and parsing it
    as json format is much faster than loading it as
    PyMISP objects
- [stix1 export] Fixed baseurl & orgname fetching from scripts
  arguments. [chrisr3d]

  - Replacing empty arguments by default values
- [stix1 export] Including the latest changes on the python script.
  [chrisr3d]
- [stix2 export] Using class variables to define baseurl & orgname.
  [chrisr3d]
- [restSearch] Prettifying stix packages with indents. [chrisr3d]

  - As it is in stix export function from Model/Event.php
- [cleanup] Fixed indentation in restSearch. [chrisr3d]
- Added variable to have attribute with no ids flag from fetchEvent.
  [chrisr3d]
- [restSearch] Fixed variables & indent. [chrisr3d]
- [ACL] Added exportSearch to the ACL. [iglocska]
- [api] Sharing group organisations not iterated if they don't exist.
  [iglocska]
- Headers are case-sentitive, do not strtoupper. [Hannah Ward]
- [distributionGraph] changed condition to support one missing edge
  case. [Sami Mokaddem]
- [distributionGraph] Fixed for loop to be less browser dependent. [Sami
  Mokaddem]
- [internal] Moved validFormats array into a global for the event model.
  [iglocska]
- [ReST] increased ReST client execution time to 300s. [iglocska]
- [Feed] If no data is returned from a freetext feed a notice was
  generated. [iglocska]

  - added more graceful handling
- [log] user zmq logging was always getting the first user instead of
  the actual one. [iglocska]
- Travis tests failing, take 2. [Raphaël Vinot]
- Travis tests failing. [Raphaël Vinot]
- [graph] Made the correlation graph aware of the new correlation
  loading. [iglocska]
- [internal] Organisation caching fixed for the event load. [iglocska]
- [api] close the file after reading it. [iglocska]
- [API documentation] Added missing filters to the restSearch API.
  [iglocska]
- [API] sgReferenceOnly should work via the API too. [iglocska]
- [API] handle empty value fields when running a quick search.
  [iglocska]
- [API] Fixed the quickfilter parameter. [iglocska]
- [cleanup] Some cleanup and fixes to invalid exception invocations.
  [iglocska]
- [eventGraph] Adapted fa icon to match the current installed fa
  package. [Sami Mokaddem]
- [eventGraph] prevents bug if object has no attributes. [Sami Mokaddem]
- [stix2 export] Fixed Indicator & ObservedData arguments to avoid
  syntax error with version < 3.5 of python. [chrisr3d]
- [stix2 export] Fixed string truncation. [chrisr3d]
- [API] handle to_ids better in the restSearch APIs. [iglocska]

  - invalid default settings for text/suricata exports on the event scope fixed
  - 'exclude' re-introduced as a valid value
- [API] handle invalid export module calls gracefully. [iglocska]
- [stix2 export] Fixed unintended syntax error. [chrisr3d]
- [Event] Prevents bug if object has no attributes. [Sami Mokaddem]

  While using the event quick filter, prevents accessing a non existing index
  if the object has no attributes.
- [stix framing] Fixed orgname in stix framing. [chrisr3d]
- [stix framing] Removed monkey printing. [chrisr3d]
- [stix framing] Redefined stix separator. [chrisr3d]

  - Avoid writing 'related package' xml key after
    each python script call
  - Those keys are now defined as separator and
    coming from the framing script
- [stix export] Switched xml 'related packages' writing into the framing
  script. [chrisr3d]

  - Instead of doing it in the php side after the
    framing script is called
- [stix framing] Fixed xml separator. [chrisr3d]
- [API] toggle warninglists now correctly handles name lists as
  parameters instead of just single values, fixes #3706. [iglocska]
- [enrichment] Made the payload of the API enriching an event with a
  list of modules a bit more lax. [iglocska]
- [galaxy UI] clicking on metadata collapsed the galaxy quick view.
  [iglocska]
- [Rest client] fixed invalid serialisation of some fields. [iglocska]
- [cleanup] Fixed missing merge save. [chrisr3d]
- [import modules] Avoiding issues with userConfig when module is
  csvimport. [chrisr3d]

  - If users tick the checkbox to specify there is a
    header in the csv file to import, there should
    not be an error with empty userConfig header
- [stix1 framing] Including RichieB2B's patch. [chrisr3d]
- [stix1 export] Fixed missing change on the framing script call.
  [chrisr3d]
- [stix2 export] Fixed syntax in stix2 function. [chrisr3d]
- [stix2 export] Fixed monkey issue in org uuid to return (in order to
  avoid duplication) [chrisr3d]
- [stix2 export] Added missing view for stix2 json download. [chrisr3d]
- [stix2 export] Fixed event fetching. [chrisr3d]
- [API] Fixed an invalid lookup in the openioc export. [iglocska]
- [API] added catcher for include_event_uuid via /attributes/restSearch.
  [iglocska]

  - affects #3695
- [stix2 export] Variable typo. [chrisr3d]
- [API] malware samples not encoded with withAttachments=1 on the event
  level restSearch. [iglocska]
- [stix2 export] Cleaned up MISP objects parsing. [chrisr3d]

  - Replaced multiple if statements in a for loop by
    a dictionary mapping
- [stix2 export] Removed list of MISP types no longer used. [chrisr3d]
- [stix2 export] Cleaned up MISP attributes parsing. [chrisr3d]

  - Replaced multiple if statements in a for loop by
    a dictionary mapping
- [API] CSV export snafu fixed. [iglocska]

  - perhaps not ignoring the filter parameters and getting the full dataset visible to the current user is a helpful idea
- [API] Added rpz to restsearch API description. [iglocska]

  - also added text to events/restSearch
- [internal] Fixed an issue that prevented all to ids attributes from
  being fetched on the event view. [iglocska]
- [UI] Glaaxy quick view collapse toggle didn't correctly replace the +
  with a - when expanded, fixes #3678. [iglocska]
- [API] Fixed the handling of the to_ids flag. [iglocska]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [ACL] Appease Travis (admin only function explicitly named) [iglocska]
- [db] Fixed an invalid DB field. [iglocska]
- [stix2 import] Using stix2 library attributes to load and parse STIX
  data. [chrisr3d]
- [stix2 import] Fixed issue with self attribute used before
  declaration. [chrisr3d]
- [stix2 import] Changed 1 function name to a more relevant one.
  [chrisr3d]
- [sync] Invalid model call in the server pull using the update
  technique. [iglocska]
- [diagnostic] Updated cybox reauired default version. [chrisr3d]

  - Since the very latest version is now installed
    on every new machine generated, we can consider
    it as default version
- [stix2 import] Cleaned up duplicate function & Fixed external STIX
  files parsing. [chrisr3d]

  - External STIX files parsing improvement to come
- [stix2 import] Fixed mapping between STIX objects and galaxies fields.
  [chrisr3d]
- [stix2 export] Fixed fields exported from galaxies. [chrisr3d]

  Better mapping regarding the relevance of each field
- [stix2 import] Removed no longer used function. [chrisr3d]
- [cleanup] Loading mapping dictionary only when needed. [chrisr3d]
- [API] various fixes to the timestamp handling. [iglocska]
- [Cortex] Unset cortex content-type header when doing a GET request.
  [iglocska]
- [merge issue] resolved merge issue. [iglocska]
- [API] fixed an invalid dissection of the tag parameter if the
  parameter is not set. [iglocska]
- [cleanup] Cleanup of removed upgrade scripts. [iglocska]
- [upgrade] replay potentially missed updates. [iglocska]
- [sync] Fixed some issues throwing notices when pulling. [iglocska]
- [sync] Fix pull not working caused by the refactor. [0xiso]
- [sync] Fix pull not working. [0xiso]
- [doc] Add an option to checkout submodules recursively. [0xiso]
- Making python 3.5 happy with exception type ImportError. [chrisr3d]
- [stix import] Fixed object_relation field key for the format of the
  original imported file. [chrisr3d]

  - Following the latest changes on the object
- [Sighting] Fixed sighting creation. [chrisr3d]
- [stix1 import] Updated file parsing. [chrisr3d]

  - Including import of single attribute for the
    latest supported STIX file object
  - Including parsing of the STIX file object field
    'full_path' which can be found in any of the
    different STIX object describing files
- [stix import] Avoiding encoding errors on reading file. [chrisr3d]
- [stix import] Quick fix on the new MISP object (for original files
  imported) attributes. [chrisr3d]

  - Following the changes on the object itself
- [API] Quick fix on a dict key to fetch the name of the stix file
  imported. [chrisr3d]
- [stix import] Importing the original file binary using the data field
  in attribute instead of value field. [chrisr3d]
- [stix import] using the decoded binary of the original file imported
  as attachment. [chrisr3d]
- [RPZ] flatten attributes for the RPZ export. [iglocska]
- [API] downloading events in XML format via the UI returns JSON.
  [iglocska]
- [Feeds] Don't try to find caches for feeds that don't have caching
  enabled. [iglocska]
- [REST client] baseurl can now be set optionally in the url. [iglocska]
- [Feeds] I CAN'T MATH. [iglocska]
- [feeds] Feed caching generates a lot of notices. [iglocska]

Other

v2.4.95 (2018-09-06)

New

- [API] set default behaviour to require to_ids and published set to 1
  to be included in exports. [iglocska]

  - doesn't affect MISP json and xml formats
- [automation description] Added legacy mode toggle. [iglocska]
- [UI] Added an enrichment on-demand pop-up for hover modules.
  [iglocska]
- [REST client] Templating system added to the rest client. [iglocska]
- [REST client] added the api enumeration to the rest client view.
  [iglocska]
- [API] Restresponse component function added to enumerate available
  APIs for the REST client. [iglocska]

  - also, added API descriptions for the restsearch functionalities
- [ACL] Added soft validation for available API enumeration. [iglocska]
- [API] evnet level restsearch switched to new modular conversion
  system. [iglocska]
- [API] fixed two cases where the new filter parameter builder was being
  naughty. [iglocska]

  - copy-pasta fail induced skipping of parameters with only NOT parameters fixed
  - OR/AND/NOT formatted parameters with singular values (such as '{"OR": "foo"}' now handled correctly
- [API] XML export now exports both event and attribute level data.
  [iglocska]

  - relying on the old XMLConverterTool for event level conversions
- [API] OpenIOC export library correctly handles both events and
  attributes as their payload. [iglocska]

  - fixed annoying line breaks in the output
- [API] NIDS exports now correctly support event and attribute level
  exports. [iglocska]

  - also, suricata/snort rules now include both the event and the attribute tags in the metadata
- [API] JSON export library updated to support both attribute and event
  level conversions. [iglocska]

  - relies on the old JSON library for event level conversions
- [REST client] Allow skipping SSL validation. [iglocska]
- [REST client] Resolve urls and show API description if applicable.
  [iglocska]
- [API] Added the libraries for the JSON, XML and Text exports.
  [iglocska]
- [internal] SQL debug API tool added. [iglocska]

  - just pass /sql:1 to any query via the API to see a dump of all queries
  - Response isn't very clean, JSON pushed infront of whatever the output is
  - requires debug mode = 2
- [API] rework of the attribute level restsearch. [iglocska]

  - optmisation, use of external converters
  - one api to rule them all concept / controller
- [API] Made the NIDS export compatible with the new API. [iglocska]
- [API] Added the new XML converter. [iglocska]
- [api] Added new open IOC export system. [iglocska]
- [api] first revision of the attribute export. [iglocska]
- [API] reworked the attribute level restsearch. [iglocska]

  - use the new filter parameters
  - use the new condition building mechanism

  - no more pre-filtering
- [rest client] parsers for JSON/HTML return added. [iglocska]
- [rest client] parser helper css/js added. [iglocska]
- [API] CSV export tool added. [iglocska]
- [API] WIP work in progress - moving CSV export to standardised
  converter format. [iglocska]
- [API] Added publish filter to restsearch. [iglocska]
- [API] further rework of the restsearch api. [iglocska]

  - move to the new popping filter system
- [API] rework of the event level restSearch (WIP) [iglocska]
- [internal] Further work on the filtering. [iglocska]
- [internal] Rework of the filter handling internally. [iglocska]
- [internal] Added internal functions to interpret parameters in various
  formats / coming from various sources. [iglocska]
- [internal] Added new internal functions to be used by all export APIs
  in the future. [iglocska]

  - authenticate user via URL params if not already authenticated (to support legacy APIs)
  - harvest parameters in a standardised way for filtering all export APIs
- [API] new centralised parameter system for APIs. [iglocska]
- [refactor] CSV api refactor. [iglocska]

  - performance gains
  - first step in unifying all APIs
  - moved the CSV data lookup into fetchattributes
  - internal pagination is now more clever with a watchdog flag that can prevent unneeded executions by whatever calls fetchattributes
- [API] exposed the server related functionalities to the API.
  [iglocska]

  - server index
  - server push
  - server pull

  - improved logging / error reporting of the sync functionalities
- [i18n] Added German Translation (12%) upd: [i18n] Czech 4%, French
  19%, Danish 48%, Italian 42%, Korean 3%, Portuguese 6% [Steve Clement]
- [performance] disable the checking of expired sessions for automatic
  logouts. [Andras Iklody]
- Add install instructions. [Hannah Ward]
- Add download functionality. [Hannah Ward]
- Add upload/download for attachments. [Hannah Ward]
- Add S3 client class. [Hannah Ward]
- [tool] Generator for types/categories in all the places of MISP.
  [Christophe Vandeplas]
- [feature] Built in REST client added to test / interact with the API
  directly from MISP. [iglocska]

  - no more shitty chrome extensions that crash during trainings, rejoice!

Changes

Fix

- [documentation] added missing legacy automation page view. [iglocska]
- [description] Typo in serverSetting fixed, fixes #3612. [iglocska]
- [API] using "download" as a returnformat via the URL breaks the
  restSearch API. [iglocska]

  - we have to keep it as a legacy option and map it to json
- [API] Fixed the broken CSV export. [iglocska]
- [stix2 export] Fixed timestamp to datetime conversion for
  'date_sighting', using utc format. [chrisr3d]
- [stix2 import] Fixed Sighting import format. [chrisr3d]
- Create temp folder if it doesn't exist in EventsController::export()
  [Xavier Mehrenberger]
- [stix2 import] Fixed some time-based attribute fields previously
  wrongly imported from STIX object fields. [chrisr3d]
- [stix2 import] Keeping uuids from STIX objects imported as attributes.
  [chrisr3d]
- [REST client] Fixed the order of execution for the various JS
  functions when changing template. [iglocska]
- [REST client] Correctly detect camelised parameters as single values
  instead of lists. [iglocska]
- [REST client] resolved issues with the URL builder for the REST
  queries causing double "/"s after the baseurl. [iglocska]
- [internal] Invalid export format detection now throws an exception
  instead of dying ungracefully. [iglocska]
- [internal] AppController minor fix. [iglocska]

  - fix bug of invalid forcing of JSON export type in certain conditions
- [API] invalid pass by reference parameter not passed as a variable.
  [iglocska]

  - fixes "Cannot pass parameter 1 by reference" bug
- [ACL] getApiInfo added to acl. [iglocska]
- [internal] Org to org_id conversion correctly handled by restSearch
  filters. [iglocska]
- [ACL] exclude afterfilter from the api checks. [iglocska]
- [internal] Whitelist model initialisation copy paste fail. [iglocska]
- [api] Added missing files. [iglocska]
- [REST client] Fixed the url parser for the client not handling named
  params. [iglocska]
- [api] added attributes controller wip changes. [iglocska]
- [internal] removed old restsearch on the attribute level. [iglocska]
- [REST client] Fixed issues with multiple values in the same header.
  [iglocska]
- [merge conflict] added merge conflict resolution. [iglocska]
- [internal] Handle tags passed via parameters not encapsulated in an
  array. [iglocska]
- [API consistency] restsearch on an attribute level should return the
  same format when hits were found and not. [iglocska]
- ['UI bug fixed'] adding an attribute could result in an exception
  after a successful addition. [iglocska]
- [REST client] fix to the JSON prettyfication. [iglocska]
- [internal] Block attributes by tag using the event level restsearch
  API. [iglocska]
- [internal] Changed the type filter function hook. [iglocska]
- [CS] Updated recent changes. [iglocska]
- CSV test. [Raphaël Vinot]
- [internal] Properly detect buggy parameters passed in the "last"
  format. [Raphaël Vinot]
- Improve testing. [Raphaël Vinot]
- Dirty install of python 3.6 on travis. [Raphaël Vinot]
- [internal] Fix to the parameter parsing of the CSV path. [iglocska]
- [API] Class name fixed. [iglocska]
- [internal] uuid filter fixed. [iglocska]

  - copypastafail
- [internal] resolveTimeDelta fixes. [iglocska]

  - handle seconds
  - return the current time as a filter if nothing is matched
- [internal] Fixed incorrect file added in previous commit. [iglocska]
- [internal] publish_timestamp was ignored by the new restsearch.
  [iglocska]
- [internal] resolveTimeDelta() check relaxed to allow for stringified
  timestmaps and floats. [iglocska]
- [internal] removed attribute.timestmap from the event level timestamp
  filters. [iglocska]
- [API] allow other returnFormats besides download to work for
  restsearch. [iglocska]
- [internal] looplimit lowered to 50k for fetchAttributes. [iglocska]

  - maybe we should base this number off the available memory somehow...
- [internal] Fixed an incorrect parameter lookup for the from/to
  timefilter parser. [iglocska]
- [API] copy pasta error in parameter harvester. [iglocska]
- [cleanup] Fixed an assignment in a comparison. [iglocska]
- [stix2 export] Reverted a previous change on timestamps. [chrisr3d]

  - Following the STIX 2.0 requirements
  - Including the latest changes on PyMISP
  - Solution adopted before any other one is found
    (for instance when 2.1 version is released)
- [stix] Timestamps patched. [chrisr3d]

  - Including the latest patches on PyMISP object
    timestamps
  - Some other quick timestamps import cleaned up
- [cleanup] Cleaned up STIX incident creation. [chrisr3d]
- [stix2 export] Fixed some timeline related fields. [chrisr3d]

  - for instance 'valid_from' should not be related
    to timestamp
  - Added the 'created' field in report as well,
    using the event date
- [Taxonomies] Taxonomy update broken if no expanded values are provided
  on the predicate or entry level. [iglocska]
- Old python crap. [Raphaël Vinot]
- [stix2 import] Importing regkey & regkey|value as attribute and not
  regkey object. [chrisr3d]
- [stix1 export] Stripping registry keys and values to avoid spaces.
  [chrisr3d]
- [feeds] Custom headers / authorization broken on csv/freetext feeds,
  fixes #3581. [iglocska]
- [cleanup] Reduced credential objects parsing complexity. [chrisr3d]
- [cleanup] Made Exceptions happy specifying types. [chrisr3d]
- [cleanup] Cleaned up Course of Action parsing. [chrisr3d]
- [cleanup] Made exceptions happy + cleaned up if statement. [chrisr3d]
- [cleanup] Reduced complexity of the email objects parsing. [chrisr3d]
- [cleanup] Cleaned up Exception handling. [chrisr3d]
- [cleanup] Minor cleanup on custom objects parsing functions.
  [chrisr3d]
- [cleanup] Reduced the main function complexity. [chrisr3d]
- [cleanup] Cleaned up libraries import. [chrisr3d]
- [cleanup] Reduced complexity in PE objects parsing. [chrisr3d]
- [cleanup] Cleaned up libraries import. [chrisr3d]
- [i18n] Variables are in no need to be translated, it will break stuff,
  horribly. upd: [i18n] Update default.pot again. [Steve Clement]
- [statistics] Solve the issue with the unfiltered total counters in the
  user and org statistics. [iglocska]
- ['UI bug fixed'] adding an attribute could result in an exception
  after a successful addition. [Andras Iklody]
- [statistics] fixed an issue where the org statistics didn't correctly
  apply the local filters. [iglocska]

  - both local and external just showed the sum totals instead of the individual pools
- [instructions] remove suggestion to check out last tagged version on
  install. [Andras Iklody]
- Use configured attachments_dir instead of app/files/ in
  ShadowAttributesController.php. [Xavier Mehrenberger]
- [typo] in S3 impementation. [Andras Iklody]

  - Thanks @FloatingGhost for noticing
  - I hope your love for PHP will never cease to grow!
- Add PHP SDK install instructions. [Hannah Ward]
- [API] Allow rapid changes to attributes (>1 per second) [iglocska]
- [encryption] broken S/MIME encryption. [iglocska]

  - as reported and pinpointed by @3c7
  - blind fix, awaits confirmation
- [usersStat] allow fetching json of statistics/users. [Sami Mokaddem]
- [cleanup] Improvement of some for loops. [chrisr3d]
- [stix2 import] Fixed uuid of single ip attributes. [chrisr3d]
- [cleanup] Cleaned up duplication of code from the previous commit.
  [chrisr3d]
- [cleanup] Cleaning up objects parsing. [chrisr3d]
- [UI] fixed missing sighting sparklines. [iglocska]
- [bug] fixed a typo preventing the attack matrix from working.
  [iglocska]
- [rest client] corrected the calculation of the rest client duration.
  [iglocska]

  - I can't maff gud
- [API] Some API rearrange issues fixed in events/add. [iglocska]

Other

v2.4.94 (2018-08-09)

New

- [PGP] Added fingerprint to /users/verifyGPG. [iglocska]
- [internal] Streamlining of the push process. [iglocska]

  - rework of the internals
  - cleaner separation of concerns into more specialised functions
- [internal] Simplication of the push functionality. [iglocska]
- [API] rework of the attribute fetcher. [iglocska]

  - correctly handles attribute tags
  - performance improvements due to rework of the internal pagination
  - fixes to issues with too many hits on a tag search causing queries that are too long
- [internal] subQueryGenerator changes. [iglocska]

  - fixed some issues that made it non-usable before
  - added possibility to run negations (NOT IN)
- [internal] Added helper functions for tag lookups. [iglocska]
- [CLI] Get the API key of a given user using the CLI. [iglocska]

  - simply run /var/www/MISP/app/Console/cake Admin getAuthkey [user_email]
- Added table for user settings. [iglocska]
- [eventGraph] added jpeg export. [Sami Mokaddem]
- [eventGraph] added network preview feature. [Sami Mokaddem]
- [eventGraph] SharingGraph: added skeleton of Model/Controller for
  saving and sharing the network among organisations (+ javascript
  interaction functions) [Sami Mokaddem]
- [eventGraph] DOT Language export. [Sami Mokaddem]
- [eventGraph] Skeleton of network history + capability to add custom
  row button in actionTable. [Sami Mokaddem]
- [eventGraph] Briefly validate imported file + fix node position on
  drag. [Sami Mokaddem]
- [eventGraph] Possibility to import/export (json) event graph. [Sami
  Mokaddem]
- [js_helpers] empty cells and 2 widgets. [Sami Mokaddem]
- [Statistics] Added a new tab to the statistics showing the
  user/organisation additions over the past month/year. [iglocska]
- Add install docs. [Hannah Ward]
- Add ability to log to elasticsearch. [Hannah Ward]
- Add elasticsearch settings. [Hannah Ward]
- [API] Check for malformed JSON requests. [iglocska]
- [attackMatrix] possibility to pick multiple galaxy to attach to the
  event in at the event-level. [Sami Mokaddem]
- [attackMatrix] contextual menu when clicking on a cell in the event
  ATT&CK matrix. [Sami Mokaddem]
- [CLI] Added update commands for Taxonomies, Warning Lists, Notice
  Lists and Object Templates. [Steve Clement]
- [sync] Improvements to the pull mechanism. [iglocska]

  - moved the blacklist event skipping to the negotiation phase
  - no longer need to pull and then discard events that have been blacklisted
  - solves issues with slow syncs when a lot of deletions were involved

  - also, moved the sync negotiation + event retrieval to UUID based lookups instead of ID
- [internal] Added convenience function to get estimated row count for a
  table. [iglocska]
- [API] Updated the timestmap handling in the restSearch APIs to use the
  new smart-system. [iglocska]
- [internal] setTimestampConditions unified and improved. [iglocska]

  - no more separate codepath for setPublishTimestampConditions
  - accept shorthand time descriptions (1d, 5h, etc)
  - always accept single values or arrays with start/end times
- [galaxies] Force update galaxies and update improvements in general.
  [iglocska]

  - passing /1 to the galaxy update function now forces updates on all clusters
  - performance improvements
- [data model] Added support for monero - new type xmr. [iglocska]

  - soft validation
  - secondary validation with warnings for malformed addresses
  - supporting epic facial hair styles
- [edit strategy API] To support a smoother integration with the Hive,
  new API that describes what the edit strategy is for an event.
  [iglocska]

  - GET on /events/getEditStrategy/[id]
    - where id can be either a local ID or a UUID

  - returns a JSON dictionary with the following fields:
    - strategy: edit | extend (edit if it's an own event, extend otherwise)
    - extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields)

  - The algorithms implementing this should prioritise as such:

  1. Check if user can edit the event (strategy == edit) - if yes, edit
  2. If no, check if extensions exist - if yes, edit one of those
  3. If no, create a new extension to the original event
- [sync] Added flag to avoid using the proxy. [iglocska]

  - in some cases you have internal sync between instances in which case going through the proxy is silly
- [Session handling] Force certain session values to fix existing issues
  with misconfigured instances. [iglocska]
- [Session handling] Added checkAgent toggle. [iglocska]
- [API] Added unsafe URL parameter to authenticate users. [iglocska]

  - for legacy tools that cannot pass headers in HTTP requests for some insane reason
  - Needs to be enabled by a site admin - default is that it is disabled
  - MISP's diagnostic tool WILL complain if this is ever enabled

Changes

Fix

- [stix1 import] Fixed journal entries parsing fails. [chrisr3d]
- [stix1 import] Copy/paste error fixed. [chrisr3d]
- [cleanup] Some more minor clean up. [chrisr3d]
- [stix1 export] MISP objects parsing improvement. [chrisr3d]
- [sync] Fixed an issue blocking the syncing of edits, fixes #3537.
  [iglocska]
- [pgp] left of changes for the pgp printout. [iglocska]
- [cleanup] Fixed libraries import copy/paste issues. [chrisr3d]
- [stix2 import] Fixed quote error in a dictionary key. [chrisr3d]
- [stix2 import] Fixed some STIX objects parsing, reading them as dict
  in order to avoid error on popping elements. [chrisr3d]
- [stix2 import] Avoided try/catch-ing the loading function so we get
  the error if it fails. [chrisr3d]
- [stix2 import] Removed obsolete parsing function & try/catch for
  custom objects. [chrisr3d]

  - With the 'allow_custom' parameter set to True,
    the parsing function works even with custom
    objects
- [bug] Fixed e-mailing bug introduced during the refactoring.
  [iglocska]
- [bug] Fixed several server settings related issues caused by the
  refactor. [iglocska]
- [sync] typos fixed. [Andras Iklody]
- [sync] Fixed buggy connection test. [iglocska]

  - refactor revealed that the sync user access on the remote was never correctly determined
  - fallback method that has since been removed for 2+ year old instances was always used due to the above issue
- [internal] tightened authkey validation. [iglocska]
- [cleanup] Invalid assignment in conditional cleaned up. [iglocska]
- [cleanup] Cleaned up SMIME certificate validation. [iglocska]

  - merged the two functionalities we've had for it
- [stix2 import] Importing attribute tags from labels. [chrisr3d]
- [stix2 export] Added attribute tags in stix labels. [chrisr3d]
- [stix2 export] Avoiding issues with empty data field in attributes.
  [chrisr3d]
- [internal] removed massive duplicate lookup function. [iglocska]
- [cleanup] removed empty if statement. [iglocska]
- [internal] streamlining the worker removal logging. [iglocska]
- [cleanup] Removed duplicate code. [iglocska]
- [cleanup] Cleaned up exceptions types. [chrisr3d]
- [cleanup] Cleaned up exceptions types, unnecessary else after return
  and multiple statements in single line. [chrisr3d]
- [cleanup] Quick cleanup. [chrisr3d]
- [cleanup] Cleaned up exceptions types, typechecks and other minor
  items. [chrisr3d]
- [cleanup] Cleaned up libraries imports. [chrisr3d]
- [cleanup] cleaned up the setup of httpsockets in the Server.php file.
  [iglocska]
- [internal] removed duplicate logging code. [iglocska]
- [cleanup] removed unneeded concat. [iglocska]
- [internal] cleanup of some junk. [iglocska]
- [internal] serveral unreachable breaks removed. [iglocska]
- [internal] removed unreachable break. [iglocska]
- [internal] Fixed invalid assignment. [iglocska]
- [bug] Fixed cryptic ##COMMA## in error message. [iglocska]
- [tests] CSV export. [Alexandre Dulaunoy]
- [galaxies] Fixed same value across two namespaces causing issues.
  [iglocska]
- [csv] escaped all string fields to fix some oddities. [iglocska]
- [upgrade] fixed incorrect upgrade scripts. [iglocska]
- [stix1 export] Removed try catch statements used before depending on
  the python version. [chrisr3d]

  - Useless now because of python3 forced
- [stix1 export] Fixed missing namespace schema location + various code
  cleaning on framing. [chrisr3d]
- [stix1 export] Removed not used libraries import on framing.
  [chrisr3d]
- [stix2 import] Importing Galaxy Cluster uuid. [chrisr3d]
- [stix2 import] Fixed missing field info, forgotten in the latest
  changes. [chrisr3d]
- [stix2 import] Skipping relationships atm to avoid errors. [chrisr3d]

  - Relationships parsing to come later
- [cleanup] Cleanup of accidental inclusion of a feature in progress.
  [iglocska]
- [API] don't allow the same event tag to be added multiple times via an
  /events/add call, fixes #3507. [iglocska]
- [data model] Preparation for some taxonomy improvements. [iglocska]
- [stix1 export] Fixed indentation. [chrisr3d]
- [stix2 import] Improved file reading in loading function. [chrisr3d]
- [stix2 export] Fixed missing variable assignment. [chrisr3d]
- [install] Changed the install instructions to use CLI commands...
  [Andras Iklody]

  ...instead of updating config.php. The latter can be dangerous if typos pop-up.
- [API] set attribute distribution if it isn't set in the capture
  attribute call. [iglocska]

  - should have worked via the beforevalidate() but it didn't
  - ah well
- [delegation] Attribute tags and objects were not transfered during
  delegation, fixes #3495. [iglocska]

  - The delegation system hasn't been updated since the introduction to the new systems
  - new objects being transferred: objects, attribute tags, object references
- [stix2 import] Fixed relationship import. [chrisr3d]

  - Skipping it at the moment
  - Will have to rebuild a large part of the import
    functions to include relationships after the export
    part is reworked completely
- [stix2 import] Fixed vulnerability import, following the last changes
  on export part. [chrisr3d]
- [stix2 export] Fixed vulnerability export. [chrisr3d]

  - depending on the origin of the object exported:
    attribute/object or galaxy
- [bug] Fixed an invalid count() call on the taxonomies index.
  [iglocska]
- [i18n] Made PO importable into crowdin. [Steve Clement]
- [stix2 export] Fixed relationships mapping typo. [chrisr3d]
- [stix2 export] Watching if a cluster uuid has already been added to be
  exported instead of a galaxy uuid. [chrisr3d]
- [stix2 export] Allowed custom properties for all
  Indicators/ObservedData from MISP objects export. [chrisr3d]
- [stix2 export] Fixed regkey|value attribute export. [chrisr3d]
- [stix2 export] Exporting not mapped attributes of regkey objects as
  custom properties. [chrisr3d]
- [API] Attribute edit via uuid fails as non site admin, fixes #3487.
  [iglocska]
- [AppModel] re-apply the eventGraph SQL query. [Sami Mokaddem]
- [AppModel] added missing comma in SQL update query. [Sami Mokaddem]
- [doc] added sudo verification to guide. [Steve Clement]
- [doc] added sudo verification to guides. [Steve Clement]
- [eventGraph] export now works on firefox. [Sami Mokaddem]
- [i18n] Indentation. [Steve Clement]
- [i18n] added missing %s. [Steve Clement]
- [i18n] added missing echo. [Steve Clement]
- [i18n] Typos and __('Fixes') [Steve Clement]
- [stix2 export] Fixed failing condition on filename|hash composite
  attribute. [chrisr3d]
- [eventGraph] removed 'import' label from the contextual header button.
  [Sami Mokaddem]
- [actionTable] correctly delete row based on id or position + correctly
  handle row_action options. [Sami Mokaddem]
- [mispJS] updated submitDeletion to match the new eventGraph history
  name. [Sami Mokaddem]
- [eventGraph] fix validation and Model class name. [Sami Mokaddem]
- [eventGraph] fixed conditions about determining if loaded graph is the
  latest version. [Sami Mokaddem]
- [eventGraph] catch empty node selection if no underlying node is
  there. [Sami Mokaddem]
- [eventGraph] Object get correct color when exporting in DOT Language.
  [Sami Mokaddem]
- [eventGraph] typo in eventId compatibility validation. [Sami Mokaddem]
- [eventGraph] swapped function call to hide expanded objectAttribute.
  [Sami Mokaddem]
- [eventGraph] canvas menu (right-click) is shown at the correct
  position. [Sami Mokaddem]
- [stix2 import] Fixed custom properties parsing following the last
  changes on x509 object export. [chrisr3d]
- [python3] Updated script to python3 only. [iglocska]
- [python3] Missed python3 call instead of python. [iglocska]
- [i18n] Added default language. [iglocska]
- One final indentation re-align. [Hannah Ward]
- Make indentation line up. [Hannah Ward]
- Use spaces entirely. [Hannah Ward]
- Indentation on ES client. [Hannah Ward]
- [stix2 export] Fixed malware-sample data export as pattern. [chrisr3d]
- [update] checkout the last checked in version of composer.json before
  attempting a pull. [iglocska]
- [zmq] Fixed execution of the ZMQ start/stop commands still being
  python 2. [iglocska]
- Because people use old python. [Raphaël Vinot]

  Should fix #3475
- [kali] Fix RAW URL. [Steve Clement]
- [freetext] parser was detecting any number as a phone number, fixes
  #3469. [iglocska]

  - new requirement: must start with + or contain a -
- [settings] Make travis happy. [iglocska]
- [settings] Attempted fix to appease Travis. [iglocska]
- [CLI] mixup corrected. [Andras Iklody]
- [settings] Default setting for the attachments directory fixed.
  [iglocska]
- Export events csv with CR (fix #3458) [kalyparker]

  Export using automation functionnality for ids does not clean the special char like CRLF.
  When there is a carriage return in the event info, the csv is broken.
- [attackMatrix] pressing ESC dismiss the matrix popup. [Sami Mokaddem]
- [sti2 import] Fixed pe-extension parsing. [chrisr3d]
- [stix2 import] Including import of custom properties for pe & pe-
  section objects. [chrisr3d]
- [stix2 export] Fixed file object references with its contained data
  object. [chrisr3d]
- [stix2 export] Fixed File PE Binary extension. [chrisr3d]
- [sti2 import] Fixed import of some attributes that can contain data.
  [chrisr3d]
- [stix2 import] Removed try catch on adding attribute to event.
  [chrisr3d]
- [UI] Fixed the sighting buttons being (non-functionally) available to
  read only users. [iglocska]
- [API] Removed unused optional field from the organisation API
  descriptions. [iglocska]
- [feed] Invalid lookup when editing events via MISP feeds throws notice
  error, fixes #3366. [iglocska]
- [stix2 export] Fixed parsing of some attributes which can contain
  data. [chrisr3d]
- Fix: [stix2 export] Removed ip @ type parsing function duplication.
  [chrisr3d]
- [CLI] Update noticelists correctly passes the user data. [Andras
  Iklody]
- [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
- [performance] Changed regex clean all function to work in a chunked
  fashion. [iglocska]
- [cleanup] Removed duplicate line, fixes #3448. [iglocska]
- [python version] changed generate_file_objects.py's execution to
  python3. [iglocska]
- [cleanup] Reverted lax baseurl validation. [iglocska]
- [sync] pull giving some weird messages when an event is blocked by
  blacklists. [iglocska]

  - don't warn about failed pulls when the reason is a local blocking of the event.

  - future improvements: remove the blocked events during the negotiation phase
- [adminTools] undeclared variable removal. [Steve Clement]
- [stix2 import] Fixed email object import (screenshot & eml attributes)
  [chrisr3d]

  - Same comments as previous commit for export
  - Also moved parsing functions in subject into the
    main script to avoid importing python libraries
    in the dictionaries script
- [stix2 export] Fixed email object export (screenshot & eml attributes)
  [chrisr3d]

  - Both of these attributes should not be exported
    as part the email body
  - Thus: custom property
- [stix2 import] Improved network socket observable object parsing loop.
  [chrisr3d]
- [stix2 import] Removed print. [chrisr3d]
- [stix2 import] Fixed Custom Object type parsing. [chrisr3d]

  - Unlike usual STIX2 objects, Custom Objects do not
    have their own type. They are dict and have thus
    no callable attributes
- [stix2 export] Fixed custom object type. [chrisr3d]

  - Custom Object type cannot accept capital letters
- [stix2 import] Fixed pattern parsing following the lastupdate on
  pattern export. [chrisr3d]
- [stix2 export] Fixed pattern apostrophes typo. [chrisr3d]
- [stix2 export] Fixed export of email attachment, eml & screenshot.
  [chrisr3d]
- Decode redis in ZMQ. [Steve Clement]
- [zmq] Backwards compatbility with python 3.4. [Steve Clement]
- [cleanup] removed obsolete code. [iglocska]
- [galaxies] Force galaxy update now correctly updates the galaxy
  itself, not just the contents. [iglocska]
- [bug] Fixed route to /regexp/admin_index. [iglocska]
- [galaxy] Further fixes with the saving of the galaxy update data.
  [iglocska]
- [bug] Removed unused field from galaxy update. [iglocska]
- [UI] added galaxy force update to the side menu. [iglocska]
- Compatibility with python 3.4. [Raphaël Vinot]
- Set shebangs, cleanup. [Raphaël Vinot]
- [stix2 import] Removed shitty looping test. [chrisr3d]
- [stix2 import] Fixed asn object pattern keys. [chrisr3d]
- [stix2 import] Fixed stix2 'parse' function (from library) parameters.
  [chrisr3d]
- [stix2 import] if statement typo. [chrisr3d]
- [API] Fixed object view API. [iglocska]
- [UI] fixed typo causing exceptions in the att&ck add function, fixes
  #3426. [iglocska]
- [bug] Potential fix for SQL return size limit reached when fetching a
  list of attributes. [iglocska]
- [stix2 export] Fixed parameter called while mapping object names.
  [chrisr3d]
- [Session handling] Make sure that the autoregenerate setting changes
  are actually saved. [iglocska]
- [update] recursively init and update submodules. [Andras Iklody]
- [attackMatrix] Better popup position for small screen. [Sami Mokaddem]

  Dynamically change popup position and placement for smaller screen,
  forcing that each cell have a minimum width and that the window is
  scrollable to reveal the remaining of the popup.
- [attackMatrix] No longer set the modal position to fixed when the
  viewport is small. [Sami Mokaddem]

  Under a viewport of 1400px, the modal's position is set to absolute
  alowing the user to use the scrollbar for navigation.
- [stix2 import] Fixed object name while importing file with pe &
  sections. [chrisr3d]
- [stix2 export] Fixed observable object of File with PE extension.
  [chrisr3d]
- [stix2 export] Quick fix of issues on files related to PEs. [chrisr3d]
- [CSRF] Don't run the CSRF form protection on the attribute search.
  [iglocska]

Other

v2.4.93 (2018-06-27)

New

- [attackMatrix] Skeleton of multiple galaxy picking. [Sami Mokaddem]
- [stix2 export] Starting exporting PE binary files. [chrisr3d]

  --> file, pe & pe-section objects linked with
  references
- [CLI] Added CLI tool to downgrade DB version. [iglocska]
- [i18n] Added tools to switch between languages via the server
  settings. [iglocska]
- [attackMatrix] Also consider attack galaxy at event level in the
  heatmap fix: [attackMatrix] Typo in ATT&CK + division by 0 in
  gradiendTool. [Sami Mokaddem]
- [attackMatrix] added instance UUID in rest response. [Sami Mokaddem]
- [attackMatrix] statistic about attack tags used in the instance chg:
  [attackMatrix] moved functions in to model and matrix view into
  elements. [Sami Mokaddem]
- [attackMatrix] Possibility to highlight cell matching the typeahead
  field's value. [Sami Mokaddem]
- [AttackMatrix] added Mobile/Pre-Attack Matrix support, UI improvements
  and code refacto. [Sami Mokaddem]
- [GalaxyPicking] Choose the galaxy namespace first before showing
  related galaxies. [Sami Mokaddem]
- [attackMatrix] Ability to attach Mitre att&ck galaxy from the matrix.
  [Sami Mokaddem]
- [attackMatrix] legend scale of the heatmap with dynamic updates. [Sami
  Mokaddem]
- [attackMatrix] force kill chaine header order. [Sami Mokaddem]
- [attackMatrix] addition of heatmap on tiles depending on occurence of
  the tag. [Sami Mokaddem]
- Initial skeleton of Mitre attack matrix. [Sami Mokaddem]
- [internal] Added convenience method to find the ID of an SG via it's
  UUID. [iglocska]
- [functionality] Kick user out if the session is expired instead of
  only doing it on a page load. [iglocska]
- [UI/UX] Event lock initial version. [iglocska]

  - Show if another user is editing the event you're viewing (same org only)
- Add email field autofocus on login page. [Dawid Czarnecki]
- Added event lock functionality. [iglocska]
- Added event lock table. [iglocska]

  - also added missing permission for ZMQ publisher role
- Add schema for feed-metadata. [Raphaël Vinot]

Changes

Fix

- [stix1 import] Fixed Monkey typo. [chrisr3d]
- [stix1 import] Fixed missing self call. [chrisr3d]
- [bug] Typo in the event before validate hook. [Andras Iklody]

  As pointed out by @To-om
- [sync] Fix to the attribute level filters not being applied correctly
  on a full push. [iglocska]

  - Found during the investigation of #3378
- [stix1 export] Fixed MISP objects export. [chrisr3d]

  - handle the case when there is no pe & pe-section
    objects
  - 'resolve_objects2parse' should then be optional
    considering this case
- Bump query_version and updated queryACL. [Sami Mokaddem]
- [attackMatrix] only return the result for the last attached galaxy.
  [Sami Mokaddem]

  If a galaxy is already attached, just skip the message.
  (The return value is a string, we don't want to compare the string value for
  each galaxy to be attached)
- [attackMatrix] Multiple galaxy attach operations are now support at
  attribute level. [Sami Mokaddem]

  Previsouly, only 1 INSERT INTO command was executed, the others were
  UPDATE commands
- [UI] fixed Event lock breaking the restoration of soft deleted
  attributes. [iglocska]
- Correlation popup format. [iglocska]
- Left off view file. [iglocska]
- [UI] Fixed a bug with galaxies not being addable. [iglocska]
- Fixed an issue where tags couldn't be added anymore since the last
  commit. [iglocska]
- [API] tag capture fixed on newly created objects via the API, fixes
  MISP/PyMISP#236. [iglocska]
- [stix diagnostic] Returning the correct 'success' value in case of
  error with maec. [chrisr3d]
- [security] Brute force protection can be bypased with a PUT request.
  [iglocska]

  - fixes an issue where brute forcing the login would work by using PUT requests
  - as reported by Silver Saks from CCDCOE
- [stix1 export] Fixed pe & pe-section export when the header is not
  distinct from the other sections. [chrisr3d]
- Fixed a bug where users couldn't add galaxies after
  paginating/filtering on event attributes. [iglocska]
- Fixed broken correlation toggle on the event view. [iglocska]
- [stix1 import] Fixed indent that imported some objects split.
  [chrisr3d]
- [sync] pull not working due to invalid lookup against galaxies.
  [iglocska]
- [error messages] made some of the error messages a bit more uniform.
  [iglocska]
- [upgrade] Made an older upgrade script more friendly towards MySQL.
  [iglocska]
- [galaxies] Fixed query causing MYSQL errors due to group by not
  containing a silently loaded field. [iglocska]
- Don't require API users to acept the terms / change password to get
  going. [iglocska]

  - to get the API key they need to log in anyway via the interface
- Use common code-path for user init via the login page and the CLI.
  [iglocska]

  - also, be consistent with initial settings
- [setup] Brought MYSQL.sql up to date, fixes #3357, fixes #3358.
  [iglocska]
- [stix1 import] Started fixing to_ids flags for imported
  attributes/objects. [chrisr3d]
- [Cortex] fixed Cortex auth issue. [Andras Iklody]
- [attackMatrix] prevent trowing an error if mitre attack galaxy is not
  there. [Sami Mokaddem]
- [attackMatrix] added aggressive sanitization (just to be sure) [Sami
  Mokaddem]
- [attackMatrix] added missing entries in ACL component. [Sami Mokaddem]
- [attackMatrix] Prevent hovering listener to overwrite each other.
  [Sami Mokaddem]
- [attackMatrix] prevent multiple listener on matrix widgets. [Sami
  Mokaddem]
- [attackMatrix] cluster ATT&CK Tactic is shown in Mitre namespace only.
  [Sami Mokaddem]
- [AttackMatrix] picking Att&ck tactic correctly redirect on the matrix.
  [Sami Mokaddem]
- [eventView] Hide galaxy tags after search. [Sami Mokaddem]
- [travis] update to the latest version of requests. [Alexandre
  Dulaunoy]
- [Docs] some install guide clarifications. [Andras Iklody]
- [bug] fixed version comparison for old vs new db versions. [iglocska]
- [UI] Event lock message update eating flash messages fixed. [iglocska]
- [SG/sync] fixed an issue where if a sync user was not allowed to
  modify a sharing group, it also couldn't create events with said SG
  attached. [iglocska]

  - correctly capture the sharing group, without still being able to modify it, but to extract the ID and link it to the event to be created
- [stix2 export] Fixed attribute value type issue with AS numbers.
  [chrisr3d]
- [stix1 export] Fixed AS attribute value export. [chrisr3d]

  - 'number' field in STIX object side if the value is
    only digits
  - 'handle' if it starts with 'AS'
  - + same parsing as the one recently pushed for STIX2
    regarding 'value' and 'comment' fields on MISP side
- [stix2 export] Checking AS attributes value. [chrisr3d]

  - Because it went out that some people sometimes put
    the AS value in comment and an ip address as value
- Fixed the annoying getcorrelation errors in the logs if someone has
  the jobs index open and times out, fixes #3339. [iglocska]
- [UI] Preserve settings on events add form if anything goes wrong with
  the validation. [iglocska]
- [UI] Fixed default value of threat level id. [iglocska]
- [sg bug] Fixed a bug where a user that should be allowed to extend a
  sharing group is blocked if they are also a sync user. [iglocska]

  - conditions requires that the sharing group has been synchronised from a remote by a different sync user
- [bug] Fixed a copy pasta fail preventing the adding of galaxies.
  [iglocska]
- [stix2 export] Fixed regkey observable creation. [chrisr3d]
- [stix2 export] Fixed network socket observable creation. [chrisr3d]
- [stix2 export] Fixing issues due to the oddity of some enumeration
  lists for observable objects. [chrisr3d]
- [stix2 export] Fixed pattern of protocol value in network socket
  object creation. [chrisr3d]
- Don't throw users out if debug is enabled with the new check.
  [iglocska]
- [bug] Endless loop when terms are not accepted / password not reset
  fixed, fixes #3336. [iglocska]
- Fixed premission on a view level for add tags. [iglocska]
- Fixed permission check for adding tags to an event. [iglocska]
- [ACL] added new functions to the ACL. [iglocska]
- [bug] invalid function call for the event lock via the objects
  controller. [iglocska]
- [extended events] Correctly handle event extensions via event ID
  instead of UUID, fixes #3332. [iglocska]
- [stix1 export] Fixed some credential object attributes export.
  [chrisr3d]

  Following the latest update on the import part
  which include credential objects import, and in
  order to avoid duplicate attribute export and
  create authentication STIX Objects more properly:
  - Parsing authentication type to avoid as much as
    possible to associate passwords with not relevant
    authentication types.
  - If only one authentication type -> distributing
    it to all the passwords (as well as it is the
    case for the authentication format).
- Added impfuzzy validation. [iglocska]
- [Diagnostic] Fixed typo in python libraries testing. [chrisr3d]
- Made sure that object edit buttons are only visible to those that can
  edit them. [iglocska]

  - also, some cleanup in the code to make it more readable
- [EventView] Still allows object edition event if the event hasn't been
  published. [Sami Mokaddem]

Other

v2.4.92 (2018-06-07)

New

- [ACL] Added new role permission: publish_zmq. [iglocska]

  - permission flag to use the "publish to ZMQ" button
- [performance] Made the deadlock fix optional. [iglocska]

  - old behaviour by default or if the setting is disabled
  - new behaviour with non transactional attribute add / correlation add
- Batch delete should hard delete if event hasn't been published yet,
  fixes #3311. [iglocska]
- [API] objects/add now supports uuids and the version number.
  [iglocska]

  - API: /objects/add/[template_id]/[version]
    - template_id can be a UUID
    - version is an optional parameter to select the specific version of a template if searching by uuid
- Hard delete attributes when event was never published, fixes #3311.
  [iglocska]
- [performance] Massive performance gains for the warninglists.
  [iglocska]
- [tooling] Added benchmark tool to AppModel. [iglocska]

  - create name benchmark runs
  - start at different levels of the code's execution
  - aggregated mode allows summed execution times over many iterations of a code path
  - show peak memory usage or full memory usage timeline of the execution history
- Added CyberCure Blocked IP,Blocked URL & Malware hash feeds
  (http://docs.cybercure.ai/) [Mona]
- Stricter validation of baseurl when coming via the API tool.
  [iglocska]
- Show galaxy namespaces and allow the loading of the new field.
  [iglocska]
- New flash message system, fixes #3252. [iglocska]

  - 3 types of flash messages (success, error, warning)
  - uses bootstrap's own classes/structure

Changes

Fix

- Removed debug breaking update. [iglocska]
- [API] Fixed a black hole on API actions via the Objects controller,
  fixes #3271. [iglocska]

  - Blanket disabling the security component due to the changes in cakePHP for API requests had the side effect that explicit security component stance changes would lead to exceptions
- Potential fix for the deadlock issue addressing #3264. [iglocska]

  - This will mean a performance hit for correlations / adding attributes in general, but let's see how it goes
- [stix1 import] Removed errors catching to let the logs have it.
  [chrisr3d]
- [object references] Object references can be added to deleted
  objects/attributes, fixes #3312. [iglocska]
- [performance] Fixed a serious performance issue with object heavy
  events. [iglocska]
- [javascript] Fixed JS broken in IE11 #3306. [Christophe Vandeplas]
- [stix1 export] Quick fix on attribute data field. [chrisr3d]
- [stix1 import] Fixed email object import. [chrisr3d]
- [stix1 import] Fixed Artifact STIX objects import. [chrisr3d]

  following the last update on export script
- [stix1 export] Fixed and improved some attributes parsing. [chrisr3d]
- [performance API] fix performance issues with warninglists via the
  API. [iglocska]
- [performance] slight tuning for the fetchEvent() function. [iglocska]
- [validation] Fixed urlOrExistingFilepath validation script no longer
  uses hard-coded error messages. [iglocska]
- [cleanup] Removed non-sensical line. [iglocska]
- [stix1 import] Fixed some Galaxy & GalaxyCluster fields. [chrisr3d]
- [stix1 import] Fixed event loading function. [chrisr3d]

  - Fixed errors if the event has no 'ttps' field
- [stix1 import] Fixed whois object name mapping. [chrisr3d]
- [stix1 export] Quick fix of set_tlp function. [chrisr3d]
- [stix1 export] Fixed Tags journal entries. [chrisr3d]
- [stix2 export] Cosmetic fix of stix2 report labels. [chrisr3d]
- [stix2 import] Fixed 'from' attribute type mapping for email object.
  [chrisr3d]
- [stix1 import] Fixed Whois object attributes import. [chrisr3d]

  - Following the latest changes on Whois object export
- Typo fixed in the tag element, preventing the quick filter from
  working. [iglocska]
- Allow updateDatabase to accept numbers. [iglocska]
- Added missing lookup for pymisp versions via the diagnostics.
  [iglocska]
- Reflected XSS via the event view. [iglocska]

  - users arriving on an event view via a malicious URL with a javascript payload and then clicking on the show deleted attributes tab would trigger the payload

  - as reported by Jarek Kozluk from zbp.pl
- [stix2 import] Fixed Custom object import attribute type. [chrisr3d]
- [stix2 import] Fixed custom object import type defining for composite
  attributes. [chrisr3d]
- [stix1 import] Fixed objects name common case definition. [chrisr3d]
- [stix1 import] Fixed x509 object name mapping. [chrisr3d]
- [stix2 export] Fixed class variable call. [chrisr3d]
- [stix1 export] Fixed dictionary comma. [chrisr3d]
- [stix2 import] Improved process object parsing. [chrisr3d]
- [stix2 export] Improved regkey objects mapping. [chrisr3d]
- [stix2 export] Fixed Custom object type typo. [chrisr3d]
- [stix2 export] Added forgotten processes related function call.
  [chrisr3d]
- [stix2 import] Removed useless return functions. [chrisr3d]
- [stix1 import] Fixed object relations for attributes of network
  connection object. [chrisr3d]
- [stix2 import] Fixed event loading. [chrisr3d]
- [stix2 export] Fixed observable object creation for port & ip|port
  attributes. [chrisr3d]
- [stix1 export] To be sure we're always using utf-8. [chrisr3d]
- [CLI] Allow for empty baseurl via the CLI. [iglocska]
- [UI] Fixed the annoying galaxy collapse issues. [iglocska]
- [UI] Fix to the galaxy cluster expand. [iglocska]
- [UI] automation page cleanup. [iglocska]
- [UI] fixed broken collapse/expand of galaxy clusters. [iglocska]
- [API] Add object request has been black-holed. #3271. [iglocska]

  - blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
- [UI filtering] be sure that '0' is not interpreted as empty. [Sami
  Mokaddem]
- [API] Add object request has been black-holed. #3271. [iglocska]

  - blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
- Invalid flash message fixed when editing an attribute. [iglocska]

  - was showing an error on success
- [UI filtering] Attribute quick filter broke all the tabbed filters,
  fixes #3247. [iglocska]
- Fixed endlessly spinning loading animation when fetching a PGP key
  that cannot be found. [iglocska]
- [cleanup] removed debug, fixes #3257. [iglocska]
- [stix1] Updated install & update instructions for stix, cybox & mixbox
  libraries. [chrisr3d]
- Fixed editing servers to add a server certificate not saving said
  certificate. [iglocska]
- Fixed a DOM based XSS with cortex type attributes. [iglocska]

  - as reported by Dawid Czarnecki (dawid@pz.pl)
- Various fixes to the add feed action/view. [iglocska]
- Ignore camelised vs underscored controller name differences in the
  ACL. [iglocska]
- User add form loses checkbox settings on failed submission when
  returning the user to the form. [iglocska]
- Invalid pluralisation. [iglocska]
- Fixed layout. [iglocska]
- Fixed some menu misalignment with debug mode off. [iglocska]
- Minor cleanup of the default layout. [iglocska]
- Fixed some issues with the new notifications. [iglocska]
- [stix1 import] Fixed uuid fetching when a STIX object has no id.
  [chrisr3d]
- [stix1 import] Fixed test to define if a STIX file is from MISP.
  [chrisr3d]
- [stix1 export] Atm skipping objects not mapped yet for export.
  [chrisr3d]
- [stix1 export] Fixed reference creation for process object when the
  reference is an attribute. [chrisr3d]
- [stix1 import] Commented atm not used attribute in object process.
  [chrisr3d]
- [stix1 import] Fixed name of MISP objects parsing for import.
  [chrisr3d]
- [stix1 export] Quick fix on variables. [chrisr3d]
- [stix1 export] Cleaned indentation typo. [chrisr3d]
- Fixed invalid org lookup on the attribute index resulting in some
  notices thrown. [iglocska]

Other

v2.4.91 (2018-05-15)

New

- Remove galaxy cluster information from the sync mechanism for now.
  [iglocska]

  - currently galaxy clusters aren't shared anyway, no point in blowing up the data size / processing time
- Added attribute level galaxy clusters. [iglocska]
- Added option to include base64 encoded attachments in the ZMQ output,
  fixes #3169. [iglocska]
- [stix1 import] Starting parsing related observables in documents from
  misp. [chrisr3d]
- [Export] Added a secondary CSV export that includes more context to
  the UI download tool. [iglocska]
- First implementation of the Noticelist system ready. [iglocska]
- Added noticelist view. [iglocska]
- Noticelist system added. [iglocska]
- Refactor of the warning message for the add attribute view. [iglocska]
- Added chartjs dependency. [Sami Mokaddem]
- Possibility to show/hide distribution repartition of
  event/attr/objAttr chg: layout adaptation. [Sami Mokaddem]
- Show elements having a distribution lower than the event distribution
  in the distribution graph. [Sami Mokaddem]
- Possibility to view connected communities and concerned sharing groups
  in distribution graph's tooltip. [Sami Mokaddem]
- Added warning about missing warninglists used for TLD resolution in
  the freetext import tool. [iglocska]

  - following the twitter feedback
- Added event enrichment functionality. [iglocska]

  - select and run a set of enrichments on all applicable attributes of the event
  - exposed to the API
  - exposed to the command line tool
  - adheres to attribute distributions
- Added Feed management API. [iglocska]

  - add/edit/delete feeds via the API
  - new APIs are RestResponseComponent aware
  - GET on add/edit to receive usage information

Changes

Fix

- Detaching galaxy clusters from attributes was using the old function
  name. [iglocska]
- Attachcluster to object attributes fails due to no flattening.
  [iglocska]
- Validation issue for objects fixed. [iglocska]
- Fixed an invalid link when attaching a cluster via all galaxies.
  [iglocska]
- Version bump. [iglocska]
- [stix1 import] Catching port type while importing ip-port MISP
  objects. [chrisr3d]
- [stix1 import] Testing if related_indicators/observables is in a
  document before watching it. [chrisr3d]
- [stix1 import] Fixed distinction between atttribute values. [chrisr3d]

  - MISP attributes can be INT sometimes, so read the 2nd comment

  - Previously an INT attribute value did not satisfy the condition,
    which made it considered as objects attributes and tried to
    create a MISP object instead of a single attribute
- [stix1 export] Fixed objects and observables IDs generation.
  [chrisr3d]
- [stix1 import] Fixed missing self argument. [chrisr3d]
- [stix1 import] Fixed some attribute parsing function calls. [chrisr3d]
- Some cleanup. [iglocska]
- Added documentation of server setting modifications via the console.
  [iglocska]

  - also added left-off server setting for enabling attachments via ZMQ
- [stix1 export] Fixed my omission of ids flag parsing for x509 MISP
  objects. [chrisr3d]
- [stix1 export] Quick fix on attribute data field test. [chrisr3d]
- Fixed the enabled field missing for non site admin users in
  warninglsits / noticelists. [iglocska]
- [validation] Fixed an issue with the unique attribute validation rule
  blocking legitimate use-cases. [iglocska]

  - adding an attribute with a matching pair or category/type/value in an existing object-contained attribute would be incorrectly flagged as violating the attribute uniqueness rule
- Don't lowercase the controllername for the ACL Component. [iglocska]
- [UI] Fixed the field name for input source in the feed edit view.
  [iglocska]
- [Feed caching] Readded the feed correlations for non correlating
  attributes. [iglocska]

  - it was breaking the indexing for the attached correlations
- [ACL] Fixed the side menu url to the correct capitalisation for the
  populate from button. [iglocska]
- [ACL] Made the ACL system's behaviour more lax when it comes to
  capitalisation mistakes in the URL, fixes #3240. [iglocska]
- [API] Tightened the disabling of the security component to counter the
  effects of cakephp 2.10.x. [iglocska]
- Bumped noticelist version. [iglocska]
- Restart the workers due to the new cakephp version causing issues.
  [iglocska]
- Remove form tampering for REST requests. [iglocska]

  - makes MISP compatible with 2.10.x
  - No point in running the security component's test since no form is submitted via REST anyway.
- Changed filepath of noticelist not reflected in update script.
  [iglocska]
- Cakephp version bumped to latest 2.x. [iglocska]

  - also gets rid of the stupid mcrypt requirement that breaks compatibility with newer ubuntu versions
- Edge case with empty objects caused *barf* [iglocska]
- Account for alternate format for /objects/edit. [iglocska]

  - I need to take a shower after this fix
- Fixed invalid indeces in the feed lookup via the event view.
  [iglocska]
- Fixed broken objects/edit. [iglocska]
- Fixed object add. [iglocska]
- Fixed name change of variable breaking /objects/add. [iglocska]
- Added the missing schemaloc namespace for system objects. [chrisr3d]
- Handle no template being passed to objects/add correctly. [iglocska]
- Fixed object->attribute references not being captured correctly.
  [iglocska]
- [DistributionGraph] include metadata for all distribution level. [Sami
  Mokaddem]

  When fetching distribution graph data, returns information about all
  distribution level (even not concerned).
- Removed break point *cough* [iglocska]
- Don't redirect users to terms page if no terms page is set. [iglocska]
- [CorrelationGraph] set the undefined ajax variable when pivoting from
  a taxonomy tag / galaxy cluster in fullscreen. [Sami Mokaddem]
- Fixed an issue with the notice message container showing invalid
  default data. [iglocska]
- Fixed regkey value string. [chrisr3d]
- Added missing space after the taxonomy name on the taxonomy view.
  [iglocska]
- Fixed email observable type parsing. [chrisr3d]
- Using an existing relationship between a process and its network
  connections. [chrisr3d]
- Directly take the sharing group name from the event. [Sami Mokaddem]

  Do not fetch the sharing group name as it is already included in the
  event.
  + fixed a css glitch
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [DistributionGraph] incorrect number in the sg progressbar tooltip.
  [Sami Mokaddem]

  Set the correct number of involved sharing instead of the sum of sharing
  group in the sg progressbar tooltip
- Fixed a bug that prevented servers from being added. [iglocska]
- [DistributionGraph] sharing group search and uniqueness of results.
  [Sami Mokaddem]

  fix a bug where filtering per sharing group was not inlcuding inherit
  attributes.
  Enforce uniqueness of involved entities.
- Fixed distribution level swapping when filtering from the distribution
  chg: moved styling into css new: Loading gif when building the
  distribution graph. [Sami Mokaddem]
- Avoid redrawin distribution graph when closin its popover + reset pb
  ticks offset at each draw. [Sami Mokaddem]
- Replaced hardcoded eventID by the real event id. [Sami Mokaddem]
- Support of filtering for distribution=0 (empty(0) is true ini php).
  Also, only consider attr and obj_attr (ignoring object as they only
  carry meta-data) [Sami Mokaddem]
- Honour `MISP.completely_disable_correlation` on attribute/event
  save/delete action. [Eugenio Paolantonio]
- Typo. [chrisr3d]
- Fixed typo of a string function. [chrisr3d]
- Attribute values that are too long for mysql text fields don't
  generate warnings and just truncate, fixes #3196. [iglocska]

  added validation error
- Removing galaxy filters in the galaxy view would redirect to an
  invalid url, fixes #3201. [iglocska]
- Allow "json" not to be set when adding a server via the API.
  [iglocska]
- Fixed /servers/add via REST API not working, fixes #3202. [iglocska]

  - corrected list of parameters
  - added sane defaults so that only the minimum list of fields is actually required
  - fixed a bunch of stuff that was just plain broken with this API
- Low timeout added for module introspection to fix performance
  bottlenecks. [iglocska]
- Testing if references before looping on it. [chrisr3d]
- Inverted 2 type values of a DNS Record. [chrisr3d]
- Fixed events from MISP recognition. [chrisr3d]
- Fixed copy pasta fail. [Andras Iklody]

  As reported by @truckydev
- Fixed path / filename split case. [chrisr3d]
- Fixed InformationSource references in STIX incident object. [chrisr3d]
- Source Format -> Input Source (C/P mistake) [Raphaël Vinot]
- Function object typo. [chrisr3d]
- Fixed library import. [chrisr3d]
- Don't correlate attribute to feeds if the correlations are disabled on
  the attribute. [iglocska]
- Fixed a typo in the side menu rework. [iglocska]
- Allow filename as an alternative for parsed domains/hostnames.
  [iglocska]
- PyMISP version 2.4.90. [Alexandre Dulaunoy]
- Added some sanitisation to the new view. [iglocska]
- Fixed namespaces (causing bugs if not set) [chrisr3d]
- Fixed external ids field type. [chrisr3d]
- Object templates updated to the latest version. [Alexandre Dulaunoy]
- Fixed weird error message if an ajax query goes wrong. [iglocska]
- Hide buttons to create proposals for read only users, fixes #3187.
  [iglocska]
- Added event enrichment to the ACL. [iglocska]
- Editing an attribute was not setting the distribution level to the
  previous value. [Sami Mokaddem]
- Changed "xhtml:body" into "xhtml:div", to avoid creating a body DOM
  which cause listener on the original body to bug. Incremented js
  number and check if request is ajax or not in ObjectController. [Sami
  Mokaddem]
- MISP warning-lists updated to latest version. [Alexandre Dulaunoy]
- Removed print. [chrisr3d]
- Fixed an issue where attribute searches via the UI would incorrectly
  return all visible data. [iglocska]
- Fail gracefully during single user PGP key checks on the user view.
  [iglocska]
- Fixed relationships in object references. [chrisr3d]
- Fixed editing feeds via the UI. [iglocska]
- Session.cookie_timeout could not be saved correctly, fixes #3182,
  fixes #3171. [iglocska]
- Downasides -> downsides. [Raphaël Vinot]
- Fixed empty event tags on the event index api. [iglocska]
- After adding a tag via the API MISP would always return the first tag,
  fixes #3159. [Andras Iklody]
- Cull empty event tags for event index. [iglocska]
- Fixed previewing image attachments via the feeds. [iglocska]
- Fixed some obscure translation errors between python 2 & 3. [chrisr3d]
- Fixed monkey copy paste errors. [chrisr3d]
- Fixed some mapping issues. [chrisr3d]

  -> Threat level name & incident status name mapping
- Fixed color mapping issue that avoided Marking creation. [chrisr3d]

Other

v2.4.90 (2018-04-21)

New

- Add download buttons for user profiles. [iglocska]
- Added the extended event lookup to the edit event view. [iglocska]
- Preview the extended event ID / UUID. [iglocska]

  - Also, cleanup of the nasty event tag code
- Added the cookie_timeout setting. [iglocska]

  - still needs some back-end changes for it to be active
- Made the threat_level_id filter for the attribute search more
  flexible. [iglocska]
- Added new field threat_level_id to /attributes/restSearch. [iglocska]
- Added getEventInfoById API. [iglocska]
- Added warning and link to the console tasks to the Task index.
  [iglocska]

  - let's deprecate this crap
- Added section that describes the command line functions to the
  automation page. [iglocska]
- Cleanup of server push, feed fetch, fed cache console commands.
  [iglocska]
- Rework of the server/feed command line tools, WIP. [iglocska]
- Added improvements to the Cortex settings. [iglocska]

  - allow for configuring SSL options for Cortex
  - previously the API key was not passed to Cortex on GET requests only on POST, breaking Cortex 2 compatibility
- Added event_timestamp parameter to attributes restsearch. [iglocska]
- Extended event first iteration added. [iglocska]

  - when adding/editing an event, add another event's UUID as an extended event UUID to extend the targeted event with the current
  - extender events can be viewed in the merged event view
- Added event/attribute add/edit to the restresponse describe
  functionality. [iglocska]
- Added server setting management via the command line. [iglocska]

  - Usage:

    - /var/www/MISP/app/Console/cake Admin getSetting [setting]
      - setting is optional, if none set "all" is assumed
      - returns all or a specific setting's current value and metadata

    - /var/www/MISP/app/Console/cake Admin setSetting [setting] [value]
      - set a given server setting by full setting name
      - for example the following will enable the import services:
        -  /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" 1

  - This feature was created in support of the CIRCL global conglomerate's APAC HQ in Tokyo
- Cleanup of role permissions. [iglocska]

  - fixed name of admin -> org admin
  - changed order of org admin <-> site admin
  - descriptions updated and now visible by hovering over any permissions' titles
- Added separation between enabled feeds and feeds enabled for caching.
  [iglocska]
- Add authorization header for Cortex 2 integration. [iglocska]
- Add event last modified to the event view. [iglocska]
- Added a small diagnostic tool to debug the impact of a bug fixed in
  2.4.89. [iglocska]
- Allow further role settings. [iglocska]

  - exclude a role from non site admin assignment
  - set max memory usage and execution time / role

Changes

Fix

- Z-index popover issue in event graph. [Sami Mokaddem]
- MISP galaxy updated. [Alexandre Dulaunoy]
- Tag removal fixed. [iglocska]
- Fixed the text of the cookie_timeout setting. [iglocska]
- Added missing view file. [iglocska]
- Enforcewarninglist can still accidentally convert the attribute list
  to an attribute dictionary using attribute fetchAttributes(), fixes
  #3166. [iglocska]
- Log seach should allow form resubmissions. [iglocska]
- Fix to the invalid refanging (Third time's the charm) [iglocska]
- Fixed invalid refanging. [iglocska]
- + changed to . in url. [iglocska]
- Bug when plotting event without attribute or object. [Sami Mokaddem]
- Set correct (previous) phyisic state after dragging. [Sami Mokaddem]
- Fitting the network more than once can make the camera bug. [Sami
  Mokaddem]
- Changed 'removing' text to 'hide' text to avoid confusion. [Sami
  Mokaddem]
- Label was not set when display filter was empty. [Sami Mokaddem]
- Switching back and forth between layout is behaving as expected. [Sami
  Mokaddem]
- Physics no longer reset when the layout change. [Sami Mokaddem]
- Fixed new namespaces definition, in case of issue with namespaces.
  [chrisr3d]
- Fixed some random mixbox namespaces issues while using python3.
  [chrisr3d]
- Fixed an edge case where an attribute could be created that is tied to
  an object but has no object relation. [iglocska]
- Avoiding import fails caused by unparsed STIX types. [chrisr3d]
- Avoid importing empty objects. [chrisr3d]
- Extends field now correctly shows a plain uuid if no event was found /
  visible. [iglocska]
- Removed the validity check for the event UUID in the extended UUID
  field. [iglocska]
- If no extension uuid is added to an event the editing via the UI would
  fail. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Removed actual file path from the command line functions path.
  [iglocska]
- Default behaviour of download_attachments_on_load fixed. [iglocska]
- Handling the case of some files that are not read because of special
  caracters. [chrisr3d]
- Fixed a bug where background jobs for feeds would not work correctly
  due to headers not being passed along with the feed object. [iglocska]
- Various fixes to the server shell. [iglocska]
- Copy pasta fixed. [iglocska]
- Fixed mess-up with the cortex settings. [iglocska]
- Fixing some report parsing possible issues. [chrisr3d]
- Fixed GalaxyCluster import format. [chrisr3d]
- Fixed STIX objects parsing to avoid errors with not parsable objects.
  [chrisr3d]
- Added description parsing as MISP attribute comment. [chrisr3d]
- Fixed ip-port observable import. [chrisr3d]
- Fixed ip-port observable export. [chrisr3d]
- Fixed custom objects parsing. [chrisr3d]
- Fixed custom object arguments & added exception to create a custom
  object. [chrisr3d]
- Fixed duplication of some attributes with unintended values.
  [chrisr3d]
- Avoid skipping domain & port values in url object export. [chrisr3d]
- Fixed pattern from MISP objects parsing separator to avoid unintended
  spaces. [chrisr3d]
- Fixed patterns parsing to avoid useless special caracters import.
  [chrisr3d]
- Fixed hash type parsing. [chrisr3d]
- Added misp label to distinguish misp stix2 files. [chrisr3d]
- Handle a non existent case error for the dictionary to return.
  [chrisr3d]
- Fixed some dictionary functions bugs. [chrisr3d]
- Handling the stix file title None case. [chrisr3d]
- Changed United States -> United States of America in the org
  nationality list. [iglocska]
- Potentially fix an issue if no extended UUID is passed on edit.
  [iglocska]
- Autoregenerate causes intermittent logouts, changed the setting
  description and guidance in the server settings to reflect this.
  [iglocska]
- Fixed info field for import from external STIX. [chrisr3d]
- Added domain restrictions to the possible org index filters, fixes
  #3147. [iglocska]
- Added organisation domain restrictions to the org index, partially
  fixes issue #3147. [iglocska]
- MISP object templates updated to latest version. [Alexandre Dulaunoy]
- Some minor fixes. [iglocska]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- ValueNotEmpty() switched to stringNotEmpty for the attribute value
  validation. [iglocska]

  - Core 1+2 of the new laptop
- MISP galaxy clusters updated to the latest version. [Alexandre
  Dulaunoy]
- Fixed issues with non string server settings when changing them via
  the console. [iglocska]
- Unknown meta-category do not longer raise an exception (use a default
  value instead) [Sami Mokaddem]
- Fixed missing reason for failure if the freetext import had a single
  attribute fail during the saving process, fixes #3141. [iglocska]
- Fix wrong object's deletion buttons title depending on the `deleted`
  property. [chkp-aliaksandrt]
- Editing an object "loses" comment, fixes #3133. [iglocska]
- Don't try to run the testBaseURL server setting check if the user
  comes from the CLI. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Tranformed function not using self as staticmethod as it should be.
  [chrisr3d]
- Skipping ttps parsing from external stix atm to avoid bugs. [chrisr3d]
- IDS flag not set when editing attribute, fixes #3126. [iglocska]
- Date order fixed in event view. [iglocska]

  - Now time for fika
- Fixed the contactination issue from before. [iglocska]
- Fixed a crappy event concatination bug for restsearch. [iglocska]
- Added missing changes in evnet.php. [iglocska]
- Financial tool result included in event. [iglocska]

  - also removing trailing . from domain names
- Added pre-fix to cortex2 authorization header. [iglocska]
- Tied the new diagnostic tool into the ACL. [iglocska]
- Handling case of stix events without labels. [chrisr3d]

Other

v2.4.89 (2018-03-23)

New

- Added STIX 2.x import to the GUI. [iglocska]
- Purge all/completed jobs via the job index, fixes #3024. [iglocska]
- Describe the new changes to the deleteAttributes API. [iglocska]
- Added self-description of the deleteAttributes API to the api
  component. [iglocska]
- Open up the attributes/deleteSelected action to the API. [iglocska]
- Allow the searching of organisations by uuid on the event index (via
  the API) [iglocska]
- Finished the first version of the recovery tool. [iglocska]
- Object reconstruction after, resolving the ID bug, WIP. [iglocska]
- Temp diagnostic tool for orphaned object attributes. [iglocska]
- RestResponse::describe() now uses generic URLs with optional url
  parameters instead of showing the currently accessed ID. [iglocska]
- Include the attribute UUID in the attribute level restsearch.
  [iglocska]

  - simply pass the `includeAttributeUuid` flag and set it to 1 via the API
- Allow requesting of misp standard format for the export modules.
  [iglocska]

  - just set the `require_standard_format` to true in the moduleinfo disctionary

Changes

Fix

- Added annoying missing space between the password field's label and
  it's tooltip. [iglocska]
- Handling case of stix events without timestamp. [chrisr3d]
- Revert one part of timestamp conversion failing. [chrisr3d]
- Quick fix on timestamps comversion. [chrisr3d]
- Critical API integrity bug, potentially allowing users to delete
  attributes of other events. [iglocska]

  - a crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute
- Get rid of keyboard shortcut footer tool when debug mode is enabled.
  [iglocska]
- Handle edge case scenarios where orphaned correlations would throw
  notices in the event view. [iglocska]
- PyMISP version is 2.4.89. [Alexandre Dulaunoy]
- PyMISP recommended version fixed. [Alexandre Dulaunoy]
- PyMISP updated to the latest revision. [Alexandre Dulaunoy]
- Various cleanups of the event preview via feeds. [iglocska]
- Support is isSiteAdmin + undeclared var + z-index. [Sami Mokaddem]
- Collapse on object_reference + create object_reference close to the
  parent node when expanding. [Sami Mokaddem]
- Fixed various potential XSS issues in the resolved attributes view.
  [iglocska]

  - potentially exposed XSS if a malicious MISP module was loaded on the instance

  - as reported by Christophe Vandeplas (@cvandeplas)
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- MISP taxonomies updated. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- Warning lists updated to the latest version. [Alexandre Dulaunoy]
- Added test to check the presence of a timestamp before trying to
  assign it to a variable. [chrisr3d]
- Fixed FileObjectType None values handling. [chrisr3d]
- Added missing space between the password and the info icon. [iglocska]

  - my OCD demands it.
- Fixed password complexity popover in the change password view.
  [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fixed error message if an attribute fails validation via the freetext
  import tool, fixes #3052. [iglocska]
- Fixed PDFFileObjectType parsing. [chrisr3d]

  (waiting for metadata attributes parsing)
- Fixed misp object parsing for cases where there is only 1 attribute.
  [chrisr3d]
- Changed recognition of stix from MISP files. [chrisr3d]

  - Fixed the problem of empty events (for stix from MISP)
    in the API
  - Also removed not used json event loader which would
    not have worked in this refactored version
- Quick fix on object_relation field for port attributes. [chrisr3d]
- Parsing composite attribute types. [chrisr3d]
- Added email-attachment to parsed email properties types. [chrisr3d]
- Fixed various issues with the template views, fixes #3050 among
  others. [iglocska]
- Object values reset when set to a custom value from a sane default
  list, fixes #3049. [iglocska]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fixed view bug causing object reference deletions to fail, fixes
  #3041. [iglocska]
- Parsing pe sections. [chrisr3d]
- Fixed pe filename value parsing. [chrisr3d]
- Updated whois parsing function following recent update on whois
  Object. [chrisr3d]
- Removed console debug output. [iglocska]
- Fixed invalid removal of attributes based on blocked tags using the
  /attributes/restSearch API. [iglocska]
- Tied the clearjobs function into the ACL and fixed a small text error.
  [iglocska]
- Correctly fail validation for invalid composite attributes, instead of
  throwing an exception, fixes #3025. [iglocska]
- Fix notice error when attribute is added with no correlation flag set
  either way. [iglocska]
- MISP taxonomies updated. [Alexandre Dulaunoy]
- MISP objects updated. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fixed invalid object deletion text, fixes #3015. [iglocska]
- Added uuid to organisations in the event index. [iglocska]

  - also unset empty sharing groups from the output
- Fixes an issue where invalid offsets where inspected within the event
  add function, fixes #3006. [iglocska]
- Empty events are created when pulling empty feeds, fixes #3008.
  [iglocska]

  - as described by Emanuele Acri (@crossbowerbt)
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Added sightings to object attributes in the JSON output, fixes #3007.
  [iglocska]
- Added menu option for object reconstruction in the diagnostics page.
  [iglocska]
- Added missing view file for the new object reconstruction tool.
  [iglocska]
- Add misp objects to log search filter. [iglocska]
- Only check the server's publish email flag if the adding of an event
  comes from a remote server. [iglocska]
- Emergency fix for objects getting overwritten on a pull in certain
  situations. [iglocska]

  - object IDs not purged on pull can lead to a local object being overwritten
  - the patch fixes the capture function to purge the object IDs

  - as discovered and reported by TS-WAY (@TS_WAY_SRL)
- Fixed issue blocking the creation of tags, fixes #2989. [iglocska]

  - as described by @Res260
- /attributes/text should allow more than one type to be downloaded.
  [iglocska]

  - simply pass something such as:

  {
    "type": ["ip-src", "ip-dst"]
  }
- Object templates updated. [Alexandre Dulaunoy]
- Warning lists updated to the latest version. [Alexandre Dulaunoy]
- Allow parameters for the /attributs/text endpoint to be passed as a
  JSON object. [iglocska]
- Reworked the way tags are attached to events on the index. [iglocska]

  - solves issues with the preview when an instance has an extremely high number of events
- Fixed issues with to_json() not supporting datetime objects.
  [chrisr3d]
- Fixed an issue with no disable_correlation key existing for an event
  in after save correlation. [iglocska]
- Throw an exception of no ID is passed to /threads/viewEvent, fixes
  #2977. [iglocska]
- Fixed missing index errors on attribute index. [iglocska]
- Open up /attributes/index to the API, fixes #2975. [iglocska]
- Handle the no modules enabled error more gracefully. [iglocska]
- Made the name field required on tags - prevents the error to be thrown
  by the DB instead of the validation. [iglocska]
- Fix tags/add on a GET request via the API. [iglocska]
- Added /tags/add to restresponse. [iglocska]
- Nicer error message when trying to add a tag to an event that doesn't
  exist. [iglocska]
- Changed stupid parameter name to better reflec what it does.
  [iglocska]

  - affects /attributes/restSearch
  - includeAttributeUuid => includeEventUuid
- GUI: Listing Attributes creates many debug.log entries fixes #2969.
  [iglocska]
- Fixed an invalid translation in the attributeRestorationForm causing
  the confirmation to throw an exception, fixes #2967. [iglocska]
- Fixes an issue where editing an object with an attachment contained
  within would soft-delete said attachment, fixes #2966. [iglocska]
- Reverted PR with alternate way of starting scheduler worker.
  [iglocska]
- Don't try to refang filepaths, fixes #2926. [iglocska]
- Misleading failure message when failing to create Attributes partially
  fixes #2955. [iglocska]
- Typo fixed for the previous commit. [iglocska]

  - apparently can't spell distribution
- No distribution set on the server should default to inherit for object
  attributes. [iglocska]
- MISP objects updated. [Alexandre Dulaunoy]
- Attribute distribution defaults fixed for adding objects. [iglocska]
- Disable_correlation now works correctly as expected. [iglocska]
- Warning lists updated to the latest version. [Alexandre Dulaunoy]
- Fixed annoying download list only having one side clickable.
  [iglocska]

  - it was annoying to brigadier general @adulau
- Removed left in debug/thrown exception. [iglocska]

Other

v2.4.88 (2018-02-21)

New

- Add API response for /sightings/listSightings. [Andras Iklody]
- Reowkred organisation merge workflow, #fixes 2931. [iglocska]

  - Organisation merge is now offered to the user by the edit page if a UUID was used to edit an organisation that is already in use
  - Merging a local org with 1+ user(s) into an external organisation converts the target organisation into a local one
  - Merging a local organisation with a logo into an organisation without one will move the current logo to over
    - caveat: this will only happen for organisations already using the new logo naming ([id].png as opposed to [name].png)
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- ModulesQueryAPI. [Juan C. Montes]

  ModulesQuery controller to can communicate from MISP API to misp_modules
- Added ssdeep threshold setting. [iglocska]

  - set the ssdeep value at which to consider two ssdeep hashes as correlating
- First iteration of ssdeep correlation. [iglocska]
- Added supporting structures for the new STIX API. [iglocska]
- Added STIX import directly to the UI. [iglocska]
- Add search shortcut for events and attributes + fix bug that triggered
  shortcuts when dropdown menus were focused. [Émilio Gonzalez]
- Add keyboard shortcuts application-wide, managed using JSON files.
  [Émilio Gonzalez]
- Add a "search all tags" input field on the taxonomy modal when adding
  a tag to an event. [Émilio Gonzalez]
- Added returnMetaAttributes flag to the /events/freeTextImport API.
  [iglocska]

  - directly returns the raw parsing data instead of creating the attributes if set
  - 177 days, 23 hours 40 minutes faster implementation than expected by @ilmoka - #PMD
- New APIs to add/remove orgs and servers from sharing groups, fixes
  #2888. [iglocska]

  - added functions to manage the additions/removals of objects from sharing groups
  - the following APIs are included:
    - /sharingGroups/addOrg/[sg_id]/[org_id]/[extend]
    - /sharingGroups/removeOrg/[sg_id]/[org_id]
    - /sharingGroups/addServer/[sg_id]/[server_id]/[all_orgs]
    - /sharingGroups/removeServer/[sg_id]/[server_id]

  - All parameters are optional and can instead be passed as JSON objects such as:

    {
      "org_uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f",
      "sg_id": "49",
      "extend": 1
    }

  - The API is extremely flexible with how to name objects, the following parameters are allowed:
    - Organisations:
      - org_id (The organisation's local instance ID)
      - org_uuid (The organisation's global UUID)
      - org_name (The organisation's identifier as known to the curent instance)
    - Server:
      - server_id (The server's local instance ID)
      - server_url (The URL of the server)
      - server_name (The local name of the server as assigned when adding the server)

  The sharing groups can also be addressed by ID or UUID.
- Allow overriding the action names in the stringified restresponse
  messages. [iglocska]

  - for example: 'addOrg' => 'add Organisation to'

Changes

Fix

- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- PyMISP fixed to the latest version. [Alexandre Dulaunoy]
- Ssdeep is now updated on PECL - installation updated. [Alexandre
  Dulaunoy]
- Warning-lists updated to the latest version. [Alexandre Dulaunoy]
- Typo in README. [Alexandre Dulaunoy]
- Resolved a potentially breaking issue for feed fetches with malformed
  objects. [iglocska]
- Keep the original org name if merging an org into a newer copy with a
  number appended (such as _1111) [iglocska]

  - no need to edit the resulting merge anymore
- Add org with known remote UUID fails silently, fixes #2930. [iglocska]
- Various fixes to the module api. [iglocska]

  - query function renamed to query enrichment
  - added check for disabled modules and for modules that the current user is not allowed to use
  - removed the module config from the index function to avoid exposing API keys / credentials to users
  - some formating fixes
- ModulesController. [Juan C. Montes]
- ModulesController. [Juan C. Montes]
- Searching for exact values not possible via the attribute search,
  fixes #2946. [iglocska]

  - Attribute search now returns only exact matches unless encapsulates between '%' characters
- Now supporting stix objects with only description text. [chrisr3d]

  - These objects are indicators or observables
  - Description text in imported as misp attribute 'text'
- Fixed an issue where events wouldn't get properly unpublished when
  accepting a proposal, fixes #2943. [iglocska]

  - only happened when a proposed new attribute was accepted, masking the issue
- Fixed command execution for site admins. [iglocska]

  - a server setting allowing the override of the path variable for esoteric RHEL systems allowed site admins to inject arbitrary commands
  - impact was limited by the setting being only accessible to the site administrator

  - as reported by Michael Grolimund from Swiss Post (@grolinet)

  - CVE-2018-6926
- Fixed invalid pgp url for fetching keys from the remote server.
  [iglocska]
- Removed debug code, added cleanup for edits/deletes. [iglocska]
- Fixed the attribute selection on the event view. [iglocska]

  - Correctly select sections even on sort or other effects changing the order of elements
  - Part of the keep @rommelfs happy package ;)
- Do not try to decrement attribute count below 0. [iglocska]
- Fixed mass delete for soft-deleted attributes. [iglocska]
- Make soft vs hard deletes more obvious. [iglocska]
- Hop over commented out functions in the queryACL tests. [iglocska]
- Parsing more types. [chrisr3d]

  - ignoring whois atm

  - creating object "file" in case of multiple hashes
    in only one observable / indicator object
- PyMISP latest version. [Alexandre Dulaunoy]
- Changed the condition to recognize stix from misp. [chrisr3d]
- Add a baseurl if none is set for the stix framing. [iglocska]

  - otherwise we end up with a namespace leading to an empty URL which apparently is the STIX library's kwqryptonite
- Removed the truncating of output file names for the stix2misp script.
  [iglocska]
- Fixes to several cases of handling blocked access incorrectly / non-
  gracefully. [iglocska]

  - As reported by Christophe Vandeplas

  - stix export: Ungraceful handling of attempted access of unauthorised event (no unauthorised data returned)
  - import module: Allows creation of proposals to unauthorised events (no unauthorised data returned, proposals are for new attributes only meaning no automatic override triggered)
  - saveFreetext: same as import module
- Don't uppercase the shortcuts as the shortcuts are lowercase.
  [Alexandre Dulaunoy]
- CVE en dash converted to '-' [iglocska]
- Fixed extension name of imported files. [chrisr3d]
- Fixed wrong dictionary key call causing empty import. [chrisr3d]
- Updated to the latest version of PyMISP. [Alexandre Dulaunoy]
- Removed object template element changes from logging system.
  [iglocska]

  - temporary fix for the model name being too long...
- Escaping user controlled variable. [Andras Iklody]
- Run the db update before trying to add users/orgs. [iglocska]
- Added missing db field to users. [iglocska]

  - fixes a nasty issue with saving users failing when ZMQ is enabled on instances installed after 2.4.69
  - fixes a typo that caused invalid user changes being pushed to the ZMQ channel
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- Added new APIs to ACL component. [iglocska]

  - wooooops
- Set the default PGP keyserver to pgp.circl.lu (faster than
  pgp.mit.edu) [Alexandre Dulaunoy]

  TODO: A configuration for setting up the PGP keyserver at the MISP
  instance setting.
- MISP objects latest version imported (fix ip-port issue with domain)
  [Alexandre Dulaunoy]
- User_id in tag table was not included in MYSQL.sql. [iglocska]

  - added it to the initial db bootstrap along with an upgrade script for existing MISPs missing the field
- Galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fix adding tags via the API fails if not encapsulated in "Tag":{},
  fixes #2897. [iglocska]

  - also, add proper response instead of a redirect to make testing a bit more friendly
- Taxonomies updated. [Alexandre Dulaunoy]
- MISP objects updated. [Alexandre Dulaunoy]
- Fix an invalid call to saving a log entry without initialising the
  class first. [iglocska]
- Graceful handling of gnupg not being set up on an instnace. [iglocska]

Other

v2.4.87 (2018-01-28)

New

- Mispzmq.py updated with new topic (tags) [iglocska]
- Added boolean attribute type. [iglocska]
- New upgrade system. [iglocska]

  - decouple db changes from version number
- Tie tags into PubSub channel. [iglocska]

  - Reset the catastrophic @ilmoka enrage timer for another 5 days
- Add restore script. [Jérôme Leonard]
- Add regex type to warninglists. [iglocska]
- New BasicAuth header generator for the feed add/edit views. [iglocska]
- Use the new OrgImg helper for fetching org logos in a more consistent
  fashion. [iglocska]
- OrgImgHelper - lookup org logoes in a similified helper, accounting
  for old and new style logo filenames. [iglocska]
- Allow passing headers along with feeds. [iglocska]

  - add any arbitrary header to a feed
  - can be used for authentication via basic auth for example
- Tell users about our lord and saviour, MISP-objects if they try to add
  a composite attribute. [iglocska]
- Filter the event index on sharing group IDs, fixes #2845. [iglocska]
- First export of pot files. [iglocska]
- Automatic cateory switching based on currently selected types for the
  freetext import/module triage screen. [iglocska]

Changes

Fix

- Removed the crazy complex lookup for attribute tag counts from the tag
  index. [iglocska]

  - Users will see the total count without any context avoiding ACL - however, they are still limited to seeing the actual data tagged that they can see anyway.
- Fixed double json decoding due to recent changes to galaxy clusters.
  [iglocska]
- View issue fixed caused by previous commit. [iglocska]
- Fixed some galaxy cluster inconsistencies. [iglocska]
- Latest version of MISP galaxy. [Alexandre Dulaunoy]
- Resolved an issue where attaching tags to attributes via the generic
  attachToObject() function was throwing an error. [iglocska]
- Reduced memory usage of tags index when requesting it via the API.
  [iglocska]
- Load orgc data after attributes are loaded in search csv export.
  [iglocska]

  - functionality still needs further fixes, WIP
- Graceful handling of removed users in discussion boards. [iglocska]
- Suricata export URL encodes an IPv6 between [], fixes #2872.
  [iglocska]
- Fixed an issue where searching for a non-existing organisation in the
  attribute search returned any visible attributes no matter the org.
  [iglocska]
- Fixed messed up org logos in attribute search. [iglocska]
- Default sort order for id / date reversed on click for #2723.
  [iglocska]
- Improved feedback when importing a blacklisted event, fixes #2859.
  [iglocska]
- New mutex object, updated person object and improved registry-key
  object. [Alexandre Dulaunoy]
- Fixed a TLP marking issue. [chrisr3d]

  (related to github issue #2623)
  Marking is no longer influenced by distribution
  level whenever Tags are set:
  - in the current attribute
  - in the event
- Object deletion view was bugged and non-functional. [iglocska]
- Retain the distribution level / sharing group ID when doing advanced
  attachment extraction, fixes #2865. [iglocska]
- Clarifies the scope of a BIC code in the financial sector. [Alexandre
  Dulaunoy]

  The Business Identifier Codes (also known as SWIFT-BIC, BIC, SWIFT ID
  or SWIFT code)...
- Added missing things for the new org image loader. [iglocska]
- Make hover enrichments work again within objects, fixes #2793.
  [iglocska]
- Fixes the object issues pointed out in #2543. [iglocska]

  - Shoutout to the debug hero finding them: @StefanKelm
- Added missing switch to the new OrgImg helper for the proposal index.
  [iglocska]
- Fix editing of an organisation that has domain restrictions set.
  [iglocska]
- Fixed an issue with invalid termination for a php block in HTML.
  [iglocska]
- Fixed an issue where mass accepting proposals didn't unpublish the
  event. [iglocska]

  - @rommelfs sees all
- Don't listen to David and Andras together ;-) [Alexandre Dulaunoy]
- Fixed a set of issues with sharing groups that lead to synced events
  not saving/updating. [iglocska]
- Add timestamp to the CSV api. [iglocska]
- Fixed invalid lookup when a non site admin searches for attributes,
  fixes #2849. [iglocska]
- Clarify timestmap parameter for attributes. [iglocska]
- Add flatten to advanced sightings add within objects. [iglocska]

  - without the flattening the advanced sighting add functionality couldn't be loaded
- Don't block email headers from being added if they have a line break
  in them. [iglocska]
- Superfluous > [iglocska]
- Fixed invalid syntax. [iglocska]
- Add alternative x509 fingerprint hashes to the freetext import tool,
  fixes #2821. [iglocska]
- Aadmin settings version updated. [iglocska]
- Fixed the inversed confirmation warning for enabling/disabling feeds.
  [iglocska]
- PyMISP updated to latest version. [Alexandre Dulaunoy]
- Missing action added to ACL system. [iglocska]

Other

v2.4.86 (2018-01-16)

New

- Mass enable/disable feeds. [iglocska]

  - protecting the sanity of MISP admins since 2012!
- Disable the viewing of a full organisation list by normal users.
  [iglocska]

  - Only site admins and sharing group editors can see organisation lists
    - this includes the org index and various statistics
  - Keep in mind: Sharing group editors CAN see the full organisation list - otherwise they wouldn't be able to create sharing groups.
  - Also, users CAN enumerate organisations that have created ANY data on the instance by looking at the given data
    - this includes events, proposals, discussion entries, etc
- Expose the Sharing Groups to the API, fixes #2767. [iglocska]

  - Add/Edit/Index/View now exposed to the API
  - rework of the sharing group capturing process
  - fix to an issue that could potentially block sharing groups from being synced (the creator org of the sharing group wasn't directly exposed and an edit to the organisation's UUID after creating the SG could make the SG non-syncable)

  - various fixes to edge cases
  - descriptors to the add/edit APIs via restresponse

  - Operation "Just relaxing and looking at stuff for the baby online" - the x-mas covert development patch(tm)
- Limit modules to a single organisation. [iglocska]

  - new settings in serverSettings
- Add API description to sightings/add, fixes #2806. [iglocska]
- Allow the collapsing of related events on the event view. [iglocska]

Changes

Fix

- Remove the option for disabling sightings - it's an integral feature
  of the MISP core. Fixes #2820. [iglocska]
- Fixed image element. [iglocska]
- Changed name of server settings -> server settings & maintenance,
  fixes #2817. [iglocska]
- Fixed various visual feed issues, fixes #2818, fixes #2819. [iglocska]
- Fixed a bug that caused sharing groups within objects to not be
  captured correctly, fixes #2816. [iglocska]
- Added missing view. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Updated to the latest version of the taxonomies. [Alexandre Dulaunoy]
- Latest version of the MISP galaxy updated. [Alexandre Dulaunoy]
- Sharing group ID set to the correct value if set implicitly by setting
  the ID instead of passing a full sharing group object along, fixes
  #2814. [iglocska]

  - also, fail if no valid sharing group was found.
- Added missing local field to fetched sharing groups, fixes #2812.
  [iglocska]
- Parsing more stix doc structures. [chrisr3d]
- Invalid algorithm used for warninglist. [iglocska]
- Objects not purged correctly when deleting an event, fixes #2810.
  [iglocska]

  - correctly included objects now in the quick delete function
  - new upgrade script that purges existing orphaned objects
- Removed debug. [iglocska]
- Clarify scope for filter options in quick search. [iglocska]
- Better attribute add feedback on validation fail and fix to a failing
  attribute index listing for normal users. [iglocska]
- Fixed misaligned org view. [iglocska]
- Fix to invalid role check preventing users from seeing the org index,
  even if they should have access. [iglocska]
- Fixed weird eating of event titles on certain unicode characters.
  [iglocska]

  - substr choked on them and produced empty strings
- Fixed typo. [iglocska]
- Removed a small slice of stupidity. [iglocska]
- Changed checks from isSiteAdmin to isAclSharingGroup for the org index
  anonymisation. [iglocska]
- Better error handling when previewing csv/freetext feeds if no valid
  data is returned. [iglocska]
- Better handling of something going wrong whilst fetching a MISP feed's
  manifest. [iglocska]
- Removed loading of roboto font css - as it hasn't actually been used
  for years. [iglocska]
- Fixed proposal add not setting valid types for each category
  automatically. [iglocska]
- Rework of the restresponse URL generator. [iglocska]

  - correctly handle multi-word controllers
- Fixed some UI wonkyness. [iglocska]
- Don't render logo images if they don't exist. [iglocska]
- FetchAttributes() now correctly adheres to object distributions.
  [iglocska]
- Removed the https url rule for now. [iglocska]
- Broken Suricata rules due to removed https branch. [iglocska]

  - possible fix, mimicing contents of https://[ip]
- Correctly show advanced sightings for object attributes. [iglocska]
- Sanitise the list of fields fetched for the admin user index.
  [iglocska]

  - as reported by @deralexxx
- We are in 2018. [Alexandre Dulaunoy]
- Taxonomies updated to the latest version. [Alexandre Dulaunoy]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fixed xml stix files loading. [chrisr3d]

  (our stix files at least)
- Fixed object_relation for some specific types. [chrisr3d]
- Supporting objects import. [chrisr3d]

  More object types will be added progressively
- Fixed event delete controller choice. [iglocska]

  - was using the current action's controller instead of locking in the events controller
- Stix 1.X import is now supporting more types. [chrisr3d]

  Still need to:
  - test some specific types
  - include 'object_relation' field to properly support
    objects import
- Quickfilter should include attribute level tags too. [iglocska]
- Fixed misaligned feed hits on the attribute list in the event view.
  [iglocska]
- Pagination on event attributes didn't load the feed correlations.
  [iglocska]
- Fixed image element sizes. [iglocska]
- Updated to the latest version of MISP objects including annotation and
  vulnerability objects: [Alexandre Dulaunoy]

  https://www.misp-project.org/objects.html#_annotation
  https://www.misp-project.org/objects.html#_vulnerability
- Opcache_reset() doesn't always exist on our favourite distro - only
  execute it if the function exists, fixes #2792. [iglocska]
- Fix to the previous issue with emptying the object_relation in
  attributes on fetch. [iglocska]
- Cleaner handling of failed connections during
  checkVersionCompatibility, fixes #2786. [iglocska]

  - log the real reason why the connection test failed in case of an exception (such as invalid certificate)
- Fixed null entry for object_relation, fixes #2773. [iglocska]
- Fixed output of batch import errors not correctly showing the failed
  attribute positions, fixes #2779. [iglocska]
- Changes following the recent PyMisp updates. [chrisr3d]
- Recursively follow redirects for feeds, fixes #2774. [iglocska]
- Fixed default to_ids setting for proposal edits (should reuse old
  setting) [iglocska]
- Fixed additional : in type field. [iglocska]
- Missing / in closing a tag. [iglocska]
- Update to the latest version of the objects template. [Alexandre
  Dulaunoy]
- Add a clarification if you have multiple MISP instances to not forget
  to change the default Redis port of CakeResque to avoid conflicts
  between different CakeResque. [Alexandre Dulaunoy]
- Misp-modules optional installation added. [Alexandre Dulaunoy]
- Sighting anonymisiation should properly remove the org names from the
  advanced sighting view. [iglocska]

  - as reported by @hel10world
- Updated to the latest version of the taxonomies. [Alexandre Dulaunoy]
- Travis link fixed. [Alexandre Dulaunoy]
- Warning-lists updated to the latest version. [Alexandre Dulaunoy]
- Naive fix for an issue with tab separated feeds being broken by the
  switch to str_getcsv. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]

Other

v2.4.85 (2017-12-22)

New

- Limit the max amount of time spent fetching the latest commit ID to 3
  seconds max. [iglocska]

  - should help avoid the unresponsive diagnostic page issue
- Update config.php template with the option whether to chase LDAP
  referrals. [Tomi Juntunen]
- Add a way to filter out attributes from being added by enforcing the
  warninglists via /attributes/add. [iglocska]

  - either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked
- Allow configuring whether to chase LDAP referrals in
  ApacheAuthenticate module. [Tomi Juntunen]
- Add console command to reset user's authkey. [iglocska]

  /var/www/MISP/app/Console/cake Authkey [email@of.user]

  - sets a new random authkey and returns it in the output
- Add tag restrictions for a single user. [iglocska]

Changes

Fix

- Fixed z-index of correlation popovers. [iglocska]
- Fixed stupidly slow cluster selection list. [iglocska]

  - thanks to sort being inside the loop. If you do something expensive, make sure you do it as often as possible!
- Latest version of misp warning-lists. [Alexandre Dulaunoy]
- Collapse attribute correlations. [iglocska]
- Feed quick sync added. [iglocska]
- Warning-lists updated to the latest version. [Alexandre Dulaunoy]
- Some fixes to the hostname parsing for warninglists. [iglocska]
- Warninglists updated. [iglocska]
- Warning-lists updated to the latest version. [Alexandre Dulaunoy]
- Fixed various warninglist performance issues for updating. [iglocska]
- Warninglist bump. [iglocska]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- I ate too much chocolate ;-) [Alexandre Dulaunoy]
- Tie warninglist delete into the ACL. [iglocska]
- Fixed various warninglist issues. [iglocska]

  - no more mysql packet size issues on ingestion
  - much hfaster ingestion of warninglists
  - delete warninglists from the UI
- MISP galaxy updated. [Alexandre Dulaunoy]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- Fixed missing flatten for advanced sightings view. [iglocska]

  - attributes within objects couldn't generate the advanced sightings view
- Fixed an issue where adding an attribute to an existing object isn't
  handled correctly via the API / sync, fixes #2760. [iglocska]
- Cleanup of setting the local server url in sharing groups over and
  over in the same request. [iglocska]
- Removed copy pasta fail. [iglocska]
- Correctly attach sharing groups to objects / attributes within
  objects. [iglocska]
- Fixed an abusive use of Identity SDO. [chrisr3d]

  - When the attribute category is not 'Person', it
  is not always justified to use Identity
- Inverted check on filterwarninglistAttributes causing the warninglist
  not to be adhered to correctly. [iglocska]
- Match the rate of the pulisher in the subscriber as default.
  [iglocska]
- Remove trailing slash from MISP.baseurl. [Jan Skalny]
- Fixed a tag lookup scope error in attributes/restSearch. [iglocska]

  - searching for an attribute tag returned all attributes contained within the event holding the located attributes

  - for example: Event with 3 attributes, one having the tag "test"
    - query /attributes/restSearch with "tags":["test"] returned 3 attributes instead of 1
- Capture tags on an object-attribute level as expected, fixes #2752.
  [iglocska]

  - The tag capturing ignored object attributes prior to this patch

  - emergency patch before the wrath of @ilmoka reaches us
- Add install of stix2 packages to support STIX 2.0 export. [Alexandre
  Dulaunoy]
- Add install of stix2 packages to support STIX 2.0 export. [Alexandre
  Dulaunoy]
- STIX2 export is no more experimental and can be safely used.
  [Alexandre Dulaunoy]
- For the events with no tag. [Christian Studer]
- Misp-object updated to the latest version. [Alexandre Dulaunoy]
- Fixed issue for events with no attributes. [chrisr3d]
- Dictionary key in registry key object. [chrisr3d]
- Issue about ip|port observable objects. [chrisr3d]
- Avoid using the original dictionary for types. [chrisr3d]

  - Deepcopy makes we use each time a fresh copy and
  modify only this copy instead of the original dict
- Object attributes calls. [chrisr3d]

  Matching with the last PyMISP release
- Error with SDO's IDs (from Galaxy) [chrisr3d]
- Fixed an issue where url parameters for restsearch didn't block
  attributes. [iglocska]

  - url parameters are bad
  - shame
  - SHAME
- For tag filters, ignore capitalisation. [iglocska]
- X-mailer variable that was wrong. [chrisr3d]
- Some keys of hashes. [chrisr3d]

  For instance shaXXX type is automatically changed in
  SHA-XXX by stix2 and needs to be identified with its
  new format
- Fixed an issue with opcache not being used yet opcache_reset() being
  called, fixes #2727. [iglocska]
- Fixed a condition where adding objects through /events/edit would
  fail. [iglocska]
- Fixed an issue with the log model being referenced incorrectly in
  MispObject. [iglocska]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- 'port' key of 'ip-src|port' attribute. [chrisr3d]

  Was set to 'dst_port' but is actually 'src_port'
- Added user restrictions for tags to the tag index. [iglocska]
- Fixed the invalid default TLDs if no warninglist is loaded. [iglocska]
- Fixed the disable correlation flags for the objec templates.
  [iglocska]

  - also added a force update for individual templates
- Follow up to the previous patch on disable_correlations in object
  templates. [iglocska]
- Fixed typo in field name for the object templates. [iglocska]

  - disable_correlation(s) - s was a mistake and it caused the feature in the templates not to work
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]

Other

v2.4.84 (2017-12-06)

Fix

- Fixed a critical issue introduced in 2.4.83 blocking the
  synchronisation of edits in certain situations. [iglocska]

  - events being edited didn't set the locked = 1 flag on push

  - as reported by SIEMENS

Other

v2.4.83 (2017-12-06)

New

- Various improvements to the CSV export. [iglocska]

  - The @FloatingCode and @ilmoka care package
  - Improved CSV performance for instances with large number of events
  - Added "value" filter for CSV (use-case: I want all indicators for this value with context)
  - Added attribute tags to the output of the CSV export
- Add restrictions for e-mail addresses to certain domains. [iglocska]
- Add attribute tag filters to the fetchEvents() functionality.
  [iglocska]

  - tag filters now filter on:
    - all events cotaining matching tags on event + attribute level (positive lookup)
    - all events not containing matching tags (negative lookup)
    - filter attributes within a matched event for blocked attributes (negative lookup)

  - moved tag filtering to subquery filtering - should improve performance massively on larger instances when filtering on tags

  - first round of implementations, more on the way
- Various improvements. [iglocska]

  - use the feed uuid caches to link directly to affected MISP events
  - various UI improvements
  - Feed preview pagination / POSTed event ID filters added
- Add the possibility to limit fields for the CSV export via POST
  requests. [iglocska]
- Added mac-address and mac-eui-64 attribute types. [iglocska]
- Added full audit logging to ZMQ and Syslog, fixes #2635. [iglocska]

  - syslog now includes all audit log entries and it's separated into proper severity levels
  - ZMQ logging and syslog logging are both optional features
- Added phone number recognition to the freetext import tool. [iglocska]

  - also, changed the massaging of phone number type attributes to replace 00 with +
- Include user action in zmq. [iglocska]
- Added logging to galaxy attach/detach tasks. [iglocska]
- Push the action for user updates/creations/logins along with the user
  object to the ZMQ channel. [iglocska]

Changes

Fix

- Updated pyMISP recommended version. [iglocska]
- PyMISP updated. [iglocska]
- Removed the requirement for a comment from the import modules.
  [iglocska]

  - if the comment field is set don't override it
- Fixed PyMISP version. [iglocska]
- Removed unused variable. [iglocska]
- Latest version of the MISP galaxy. [Alexandre Dulaunoy]
- Latest version of MISP objects. [Alexandre Dulaunoy]
- Documentation to enable cortex services. [Raphaël Vinot]
- Don't cull the list of possible models based on existing data for the
  search logs view. [iglocska]

  - slow and useless
- Fixed a bug with the resolved attributes list for freetext import /
  module imports. [iglocska]
- Fixed CSV content type. [iglocska]
- Changed name of export popup. [iglocska]
- Moved attribute_tags in the CSV export to the includeContext flag
  instead of the toggle-able attributes. [iglocska]
- Fixed some issues with the related feeds. [iglocska]
- Fix epic snafu in Event->_add() thanks to last minute save by the
  Travis tests. [iglocska]
- Some minor fixes to the attribute filtering. [iglocska]
- Fixed an issue where sharing groups were not properly attached to
  events for sync users, potentially fixes #2653. [iglocska]
- Added new field to MYSQL.sql. [iglocska]
- Added db changes needed for the user domain restrictions along with
  restricting the user self edit action. [iglocska]
- Fixed an issue where proposal quick edits didn't work for normal
  users, fixes #2685. [iglocska]
- Fixed update warninglists button being available to non site admin
  users. [iglocska]

  - functionality was blocked by ACL, but button shouldn't be shown in the first place
- Block the addition of same type/category/value attributes in one shot
  to the same event. [iglocska]

  - via the /events/add api
- Enforce server push rules on a sync user when viewing the events.
  [iglocska]

  - user not seeing the data is a side-effect, not the intended effect
  - serves to enforce the synchronisation rules
  - sync user can still view the hidden attributes via attribute searches etc. Whether we want to remove this in the future is still to be decided, but for now the sync enforcement is the only intended effect.
- Mac-eui-64 not accepted by stix validator. [chrisr3d]

  By the way, it is accepted by the validator at creation..
  .
- Latest version of the MISP objects template imported. [Alexandre
  Dulaunoy]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Dns-soa-email didn't have a category. [iglocska]
- Fixed missing entries for mac-eui-64. [iglocska]
- Made CSV parser for freetext import tool / feed ingestion compatible
  with escaped CSVs. [iglocska]

  - "" now handled correctly
- Vulnerability (CVE) should correlate (CIRCL and NCSC-NL are supporting
  it) fix #2691. [Alexandre Dulaunoy]
- Ambiguity removed from some sharing group related queries. [iglocska]
- Graceful handling of no response during getVersion pre-sync test.
  [iglocska]
- Fix an issue with a double quoted integer in the correlation update
  script during publishing, fixes #2540. [iglocska]
- Trimp the org uuid upon entering it to avoid copy-pasta issues.
  [iglocska]
- Updated the duplicate attribute removal tool to actually remove
  instead of trying to deduplicate. [iglocska]
- Fixes notices of no SharingGroupOrg being set due to a bug in the
  sharing group cacher for normal users. [iglocska]
- Fixes to various issues with adding proposals via the freetext import
  tool. [iglocska]

  - no feedback on whether the resulting dataset will be stored as attributes/proposals
  - unpublishing of the event when proposals get entered
  - alerting the event creator of new proposals if coming from the freetext import tool
- Quotes issue fixed. [chrisr3d]
- MISP objects updated. [Alexandre Dulaunoy]
- Leaking of hashed passwords in the audit logs fixed. [iglocska]

  - Scope was limited due to the audit log access restrictions to site/org admins
- Expose /users/view/me to the API, fixes #2679. [iglocska]
- Don't verify peer name on self signed certs; don't verify self signed
  peer if cert is missing. [Milan Pikula]
- Settings editor not working on touch devices. [Milan Pikula]
- Refresh rows in settings editor. [Jan Skalny]
- Relaxed email validation. [iglocska]

  - because unicode tlds / domains are such a great idea
- Disabled pretty argument. [chrisr3d]

  used while stringifying the final Bundle
- Fixed invalid timestamp generation. [iglocska]
- If no distribution level set, don't try to check if it's set to
  sharing group on the attribute level. [iglocska]

  - Attribute->editAttribute()
- MISP object updated to the latest version to fix the unusable ASN
  template. [Alexandre Dulaunoy]
- Attribute deletes are again synced correctly. [iglocska]
- Fixes an issue where assigning sharing groups based on existing IDs
  didn't work for event creation via the API. [iglocska]

  - expected full sharing groups as provided by the sync, references didn't work
- Fixed the broken feed preview. [iglocska]
- Fixed the new path for the stix files. [iglocska]
- Moved the conversion to JSON after the massage of the data for stix.
  [iglocska]
- Add galaxy to valid log action list. [iglocska]
- Shebang mixup. [Steffen Sauler]

  /!bin/sh to !/bin/sh
- 984732984th time is the charm... [iglocska]
- Reduced the user data to just a partial user object and organisation
  object for the zmq push. [iglocska]
- Fixed the pubsub user push if the user object is not contained within
  a User key. [iglocska]
- Previous commit didn't trigger in all cases. [iglocska]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- Fixed slow /tags/index calls using the API. [iglocska]

  - burned the stupid out of the API
- Fixed the downloadSamples API. [iglocska]
- Fixed silly lookup with injected event IDs on the export page for
  normal users. [iglocska]

  - broke instances with a few hundred k events
- Fixed a reflected XSS in the sharing group creator tool. [iglocska]

  - Fixed a reflected XSS in the sharing group editor that requires malicious organisation names

  - Low impact due to the following requirements:
    - organisation names with malicious org names (JS in the orgname)
    - sharing group editor user has to manually add an organisation to the list that has javascript in the org name
    - only vulnerable view is the editor itself, so the impact is limited to
      users that manually add organisations with malicious names to the list themselves / edit such sharing groups

  - As reported by Dawid Czarnecki

Other

v2.4.82 (2017-11-10)

New

- Various features. [iglocska]

  - Added quickhashing to the feed generator
  - Objects added to feed preview for MISP feeds
  - Attribute tags added to MISP feeds
- Sightings ingested on import/sync. [iglocska]
- Added object references to ZMQ. [iglocska]
- First version of the zmq reimplementation. [iglocska]
- Rework of the feed correlation lookups for the event view. [iglocska]

  - massive performance boost by using redis pipelining
  - for events with 10k+ attributes, show truncated feed correlation lookups, informing the user about the number of correlating attributes and a boolean flag on attributes saying that they correlate
  - The overall feed correlation counter also allows users to pivot to a view that loads all correlations, though it should be used with some caution as it can be somewhat heavy

Changes

Fix

- 3rd time is the charm (PyMISP updated) [iglocska]
- PyMISP version. [iglocska]
- Warning list updated to the latest version. [Alexandre Dulaunoy]
- Taxonomy updated to the latest version. [Alexandre Dulaunoy]
- MISP object updated to the latest version. [Alexandre Dulaunoy]
- Latest version of the galaxy added. [Alexandre Dulaunoy]
- Added sharing group data to the new ACL functions. [iglocska]
- Rework of tags index / galaxy view. [iglocska]

  - performance tweaks
  - no more silly queries
  - added sharing group aware ACL to the event/attribute counters
- Added context  to the sightings zmq feed. [iglocska]
- Fixed the tags/index performance snafu. [iglocska]
- Ugly fix for the float issues. [iglocska]
- Potential reflected XSS on older browsers in the histogram. [iglocska]

  - As reported by Dawid Czarnecki
- Histogram rework. [iglocska]

  - removed junk debug
  - fixed group by issue
  - better performance
- Enable auto select for new object rows when adding additional ones via
  the multiple expand. [iglocska]
- Minor tuning of suricata rules. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- MISP objects updated to the latest version. [Alexandre Dulaunoy]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Changed relationship name of filesize in add attachments to size-in-
  byte. [iglocska]
- Fixed default distribution for upload_sample(), fixes #2608.
  [iglocska]
- Invalid redirect when viewing /roles/index as a normal user, fixes
  #2606. [iglocska]
- Potential fix to sync issues with sharing groups and pushes, fixes
  #2601. [iglocska]
- Convert - to _ in csv headers. [iglocska]

  - to match the previous output
- Add the object fields by default to the CSV export. [iglocska]
- Fixed tag names in the CSV export. [iglocska]
- Fixed escaping of CSV. [iglocska]
- Fixed the CSV field name for date. [iglocska]
- Fixed an issue with the CVE export if no field parameters were passed.
  [iglocska]
- Fixed an issue preventing attributes in objects from being edited.
  [iglocska]
- Further fixes to the new zmq system. [iglocska]
- Fixed a bug where sightings couldn't be added to objects. [iglocska]
- Updated sub.py. [iglocska]
- Org field not being hot potatoed to resolvAttributes()  in the stix
  export. [iglocska]
- Added missing parameter org to resolvAttributes() call in the stix
  exporter. [iglocska]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Fixed empty emails. [iglocska]
- Added initialisation of Log model in the editAttribute() function if
  the save fails. [iglocska]
- Change 2/2 for fixing the feed scheduler fixes #2503. [Andras Iklody]

  As described by @lucamemini
- Change 1/2 for fixing the feed scheduler fixes #2503. [Andras Iklody]

  As described by @lucamemini
- Allow proposing changes to object attributes. [iglocska]
- Attribute type list when editing should be the category's one if
  already selected. [ppanero]
- Added default category for gender. [iglocska]
- Added missing IP field to logs. [iglocska]
- Misp-objects updated to the latest version. [Alexandre Dulaunoy]
- Added comment field to objects, fixes #2560. [iglocska]
- Added email-message-id's default category. [iglocska]
- Fixed an issue that caused an event edit to fail due to the invalid
  refresh of the correlations. [iglocska]
- Fixed a bug with the restSearch API. [iglocska]

Other

v2.4.81 (2017-10-10)

New

- Added first experimental STIX 2 export implementation. [iglocska]

  - kudos to @chrisr3d for digging into the deepest bowels of the scary beast that is STIX2

  - PoC, definitely needs further improvements/mapping. Let us know about issues you find!
- First round of updates to the correlation engine ready. [iglocska]

  - node deletion temporarily disabled until a bug is resolved
- Further progress on the graphing. [iglocska]

  - also, added new icon field to galaxies
- Further work on the graphing engine. [iglocska]
- First iteration of the graphing engine rework. [iglocska]
- Rework of the attachment uploader. [iglocska]

  - add attachments and upload_sample now share code
  - allow the same features via upload_sample (object creation / use of advanced add attachments)
  - new flag: advanced

  - example:

    POST to mymisp/events/upload_sample
    BODY:
  {"request":{"files": [{"filename": "bla.exe", "data": "U3RhckNyYWZ0IElJIGZvcmV2ZXI="}], "distribution": 1, "advanced":1, "info":"bla"}}

  - this commit was brought to you by CEF and

  MMMH$= -  .,   ,,.          %H++  ,= %%$$$$X+ ;=== .=  :+HHHMMMHMMM####MMH@@@@@@HHH$=      HHH@HHHHH+XXX$$$$$$$$XXXXXXX+
  MMH = -.  . ,-,,-,.         :H@H  =;;++$HH+XX$%+X%+$++=:=.XH@@@HMMMMMMMMH@@@@@@@HHX$   ,X@@@@@@@HHHHHHHHHHXXXXXXXXXXXXXX
    . ---,  -    ,,,            +@ .. ;++$HH+HHH++$+++HH+++, .+%HHMHHHHHHHHH+%%%++++$+   +++HHHHHHH+++++++++HHHHHHHHHHHHHH
  - -- ,,,  --,. -                 , ,; +$XHH@@@@HHH@@@HHHH+$+$X+HH+$$+ ;  ;=  .    %   +  ,+$X+++XXXXXXXXXXXXX++HH+++++++
  ---==,,--,-,-., :     .          -,,:/ $XHH@HMMMMMMMMMM@HHX$H@MHHHHX+H%%$%+H/:.%. $. @,,,. $$XXXXXXXXXXXXXXXXXXXXXXXXXX+
    =  - --,,   , --   ..             =/ +$+H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X+$$  = ,,, - $$XXXXX$$$$X$$$$$$$$$$$$$$X
  ====== --,,,, ,= =              ,==== ++$$+HHMMM####MH+$$+++HH@+HH@MHMMH@@H@@@HH+$+    ,,, ,. $$+$++$$$$$$$$$$++$$$$$$$X
   :==-===-,. ,., ==   .           :;; +++%$+H@HMMMMMMM%$%$$$+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+$$%%%%%%%%$+%%$$$$$XXXXX
  ,  =  ==- -  .  ==             . =; ++++%++HHHHHHHHHH++%$$X+@@H+HHHMMMMMMHH@@@+X+    , ,,,,-  , ,$$$$$$$+++++$$$$XXXXX$$
  ,,-       ,    --=    ..       . ;/ ++++%$X+HHHHHHH  ++$++X+HH+X+H@HMMHHHHHHHH+.       ,,  ,,  , .    +$$$$+%+$$$$$$$$$$
  ,-----=-=--,   ,==             ..;/ +% +%$XX+HH++HH+/+$%++H@@HHXHHH@@@@@@@@HXX  .   .,,,.  ,,,,     ,-=$$$$$$$$$$$$$$$$$
   - ,- --  -,   ,-=     .         =/++%++%+++++XXXXX$$+.  +HHH@+$XHHHHHHHHH++$        -,,,  ,,      ,,,.   ,+$$$$$$$$$$$$
   ---,-----, .   ==               =/+%+++%++$$+++$X$$$$++,$$+++XXHHHHHHHH+X$+%       ,-,-,        ,,    .  .  ,+$$+++++++
  == --, -- =--, ,,=          .    ./++$$++$+X$+/++$$XXXX$$$$XXXXXXH+HH+H+X$%%/     .,,,,,,    ..  ..    ,. ,,,-=+%+++ /++
  +   -- -  -,,-  .,    .  . .      = +$$++++HH+.  ,+$$+++++++$XX$X$XHHH+X$$+      ..--,-    .. .        .    ,-, = ======
  MH - ---- --,,,    .       .. ,      %++$$X++++ +%++++++++%++$$$$$+H++X$$+        --,    .         .   .        =  .====
  MM=,-, ---,,,,,    . .     ...,,,   =/++%$$XXXX+/+++@@H@HX$+%$$+HHHHH$$$+:       ,--    .     ,. ..       .. ==::;=-:;;;
  MM+ ,----,,,,              , .. ,.      +++X+HH+++++%++$++++$$+HHH+++$$          ,-          ,   .       .   : ;/ +%+.
  MMH ,-,-,, ,,.        .    -,     =     = +$+H@HH++++$$X$$+++HHH+++$                       ,    ..       ,  +++++++%%+%+
  MM@,--,-,,,,,. .     ,,     .    ,-,    .=+$XHHHXXHHHHHHHH@@@@HX$%+:          ,, .      ..,,  .....    ...%%%%++%%%%%%%%
  M@@== ,,,  ,                               ++++XX++HHHHHH++HHH+,              ,         ,  .  ....     . +$+%%%%%%+%%%%%
  H@H+=,,,  ..                                  ,,+%$+H@HHHXX++,               ,         ,,  .  ...   . ,$$$$$%%%%%+%+%%%%
  @H+,-,,.....       .                          .,.;; ++$$X+%+:-              ,  .     .,,,  .  ...   . XXX$$$%%%%%%+%%%%%
  +++ -, . ...                             .  .======== === ,                          ,, . .  ..   . -,XXX$X$+$+%%%%%%%%%
  $+     .                                ===:; ++++ ++++-,.  ,                       ,-,          .  $X+XX+XXX$$+%++%%%%%
  ++: ,. .                         ,-,,-==:; %%%%%+%$$%$$X$$$+%+:==        .        . ,,           ..+X$XXXXXX$$$+%%$$%%%%
  =:                              ,,,  ==   ++++++$+$$%+++$$$++$+ . ==     .        .,,,             +$$$$$$$$$$$$$$+$%%%+
   ,                          ,---, =:;/++$$XX$$$$$$X+H@H@HHH$%%%$X$++;===== .      .,            .. +%%+$++$%$$$$$$%%++%+
                                 ===; +++$$$$+ +%+++%+HH@@@@HH+++ ++%+$+,  ===      ..             ,=;   +++++++++..   :;;
                        .   =:;   /++%$$++,  ,++HHMMHH@@@@HHHH@HH++++++ ,+$$+ .     ..                :=;;:;;;;;==========
                    .,,-==;;;+%  %%+$$$$ /+++@@@@@@@@@@HH@M@MH@@@HHHHH$$% /%$XXX$X  .                -=====::::=========::
                  .    =;  ++++++$+++  , +%H@@@HHH@HH++HHH@MHHH@HHHHHH++++ , +%%+$                    ,, -       --- ==:=:
                 ====;    ++++$$+%  ++H@HHHHHHH+X++X++@@@HHH@MMMMHHHHHH@HHHH+++++.                        ,,,,-,--- =:==;;
       .,., ==;// / ++++%+%+%+++$$+@H@@@@H@HHH+XXX$%+HHHH@@HH@HMMMMMMMMMMMMMMH@+%;                       ...,,,,,--==;;;/;
   .  ...=    .,+%$++%+$XXX$++%+++H@@@@HHH@HHH+++.   ++++H+HHHHHHHMMMMMMMMMMMM@++:                            ,,, ===;;;;;
  ==: .  ++++++++HH%H+++X++HH+H@HHHH@HHHHHHH+++++%++%%+%%++ . ,   = ++$H@@HMHMMH%=                                .  ..,,=
  +++%$XXHHHHHH@H@@@@@H@HH@MMM@@HH@HH+HXH@HH%%+HH+XX$$$+++/;:=== ,,,,,, = ::; % :,                                   ...,,
  %+++HHH@HHH@@HMHHHH@HHHMHMHHHHHH+XH+HHH++++HHHH@HHHHH++%+ -,  = ,=== ,,  ,,, .
  H@HHHH#M#M#MHHHM#MMMMMMMHHHH@H@H++@H$+++HHM#MMMMHMMH@@HHHHHH%+++++%%%+++    ,  .
  %%%%%%%%%%%%%%++++%%++   ..   ...  ..  .                                   +++%+++++++%++++%+++++++++%+%++%+%%++%++++++%
- Change server settings via the API. [iglocska]

  Usage:

  Viewing current setting value:

  GET /servers/serverSettingsEdit/[mysetting]
- Allow POSTing search parameters to the /tags/index API. [iglocska]

  - to filter the tags index simply POST to /tags/index the following payload:

  {"filter": "malware_classification:malware-category"}
- Added object relations to the CSV export. [iglocska]

Changes

Fix

- Skipping composite objects. [chrisr3d]
- STIX 2.0 report doesn't require labels but the python-stix2 requires
  one. [Alexandre Dulaunoy]
- Mixbox and cybox not required then it's removed. [Alexandre Dulaunoy]
- PyMISP and warninglists updated. [iglocska]
- Fix a rare issue with zombie sighting data throwing a notice.
  [iglocska]
- Fix to a potential reflected XSS on the quickDelete. [iglocska]

  - low impact, XSS required user confirmation of malicious payload

  - as reported by Or Hanuka (PALANTIR)
- Small fix to a missing ajax check. [iglocska]

  - ajax forms opened full screen look bad
- Various UI fixes. [iglocska]

  - no more walk of shame after demoing MISP on a potato quality projector (beamer for our Belgian/Dutch/German friends)
- Removed debug output from adding object references. [iglocska]

  - caused the spinning loading of doom
- Indicators added in addition to observed data + misp tag for IDS.
  [chrisr3d]
- Galaxies updated. [iglocska]
- Fix notice if invalid taxonomy is viewed. [iglocska]
- Some cleanup of the attribute filtering. [iglocska]
- Potential fix to missing proposals during sync. [iglocska]

  - rather stupid adherence to push rules removed for proposal sync
- Fixed wonky object pre-save view. [iglocska]

  - showed numeric distributiion level for attributes
  - showed numeric sharing group ID for attributes
  - showed currently selected sharing group ID even if the distribution was ultimately not set to sharing groups
- Fix some restsearch filters fetching the same event more than once.
  [iglocska]
- Corrected filename for array of events. [iglocska]
- Internal reference: type with a uuid of an event converts to a
  clickable link. [iglocska]
- Sanitise all the things for XML, fixes #2522. [iglocska]

  - Sanitise all the things!

  ─────────────────────────────▄██▄
  ─────────────────────────────▀███
  ────────────────────────────────█
  ───────────────▄▄▄▄▄────────────█
  ──────────────▀▄────▀▄──────────█
  ──────────▄▀▀▀▄─█▄▄▄▄█▄▄─▄▀▀▀▄──█
  ─────────█──▄──█────────█───▄─█─█
  ─────────▀▄───▄▀────────▀▄───▄▀─█
  ──────────█▀▀▀────────────▀▀▀─█─█
  ──────────█───────────────────█─█
  ▄▀▄▄▀▄────█──▄█▀█▀█▀█▀█▀█▄────█─█
  █▒▒▒▒█────█──█████████████▄───█─█
  █▒▒▒▒█────█──██████████████▄──█─█
  █▒▒▒▒█────█───██████████████▄─█─█
  █▒▒▒▒█────█────██████████████─█─█
  █▒▒▒▒█────█───██████████████▀─█─█
  █▒▒▒▒█───██───██████████████──█─█
  ▀████▀──██▀█──█████████████▀──█▄█
  ──██───██──▀█──█▄█▄█▄█▄█▄█▀──▄█▀
  ──██──██────▀█─────────────▄▀▓█
  ──██─██──────▀█▀▄▄▄▄▄▄▄▄▄▀▀▓▓▓█
  ──████────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──███─────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──██─────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──██────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
  ──██───────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
  ──██──────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
  ──██─────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
  ──██────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
- Fixed potential double hashing of samples with the encrypt flag.
  [iglocska]
- Invalid uuid used in the objectreferences add form. [iglocska]
- Fixed an invalid uuid in the object reference. [iglocska]
- Flatten events for the correlation graph. [iglocska]
- Fixed some weird editing issues. [iglocska]
- IP|Port in Gui, fixes #2505. [iglocska]
- Flatten the events for the restSearch API's lookup functions.
  [iglocska]

  - otherwise valid events that only contain objects get blocked
- Fixed an issue with pushing a sample via the API / add attachments
  when no object templates are loaded. [iglocska]
- Fixed a bug where normal users couldn't add object references.
  [iglocska]

  - as reported by @deralexxx
- Added ObjectTemplateElements to the objectTemplate view via the API.
  [iglocska]
- Only lower case search terms work in tags/index's filter. [iglocska]
- Port added to network activity. [iglocska]

Other

v2.4.80 (2017-09-19)

New

- Various object template improvements. [iglocska]

  - allow multiple versions of a template to be stored at the same time
  - select which version is the primary version of a template
  - disable/enable templates
  - edit objects with one of the older versions of a template if the object's version requires that

  - various UI / bug fixes
- Objects tied into e-mailing. [iglocska]
- Add way to flatten attributes for certain exports (hids, nids)
  [iglocska]
- Added objects to object preview. [iglocska]
- Added diagnostics for the new attachment tools. [iglocska]
- Further progress on the synchronisation. [iglocska]
- Added phone-number attribute type. [iglocska]

  - Just the yugest attribute types for @rommelfs
- Expose the caching jobs / getProgress to the API. [iglocska]
- Massive performance improvements to the restSearch API. [iglocska]

  - smarter choice of pre-filtering gives a huge boost for non attribute level parameters
  - caching the results of certain parts of the algorithm
  - cleaned up some inefficient looping merges
- Sync with objects wip. [iglocska]

  - add/edit of full events now capture all object related structures
  - restructuring of the edit/add functionalities into clearly divided subsections
- Further work on the objects. [iglocska]

  - uuids of both sides saved in references
  - attachment adding fixed
- Several new features. [iglocska]

  - added multiple flag among other things
- Added first iteration of new add attachment functionality. [iglocska]

  - still WIP
- Added back referencing from a referenced object. [iglocska]

  - also fixed some view file issues
- Various new features for the objects. [iglocska]
- Added object relations. [iglocska]
- Added first iteration of object references and other changes.
  [iglocska]

  - various fixes
  - rework of the pagination library
- Progress on the Objects. [iglocska]

  - Fixed UI elements in the event view
  - Added object-aware filtering to the event view
  - Objects can now be deleted and viewed once deleted
    - object sanitisation if the setting is set is implemented
  - Edit objects directly from the interface (if the template exists)
  - Various other fixes
- Collapsible object metadata. [iglocska]
- Further work on the object UI. [iglocska]

  - refactoring
  - added objects fields to object rows
  - nested rows within the object
  - massive cleanup
- WIP - change to model aliasing to solve the reserved class name.
  [iglocska]

  - Internal name is now MispObject for the model, but it is used Aliased, removing the need to do any data massaging
  - Added WIP edit function
- Added objects submodule. [iglocska]
- Further progress with the objects. [iglocska]

  - added option to populate event with an object to the side menu
  - multiselect popup for objects added
  - redirect after adding object fixed
- More work on the objects. [iglocska]

  - mostly on adding / validating / saving objects including the UI for it
- Further progress on the objects. [iglocska]

Changes

Fix

- Reverted CakePHP version. [iglocska]
- Fixed the XML view. [iglocska]

  - please stop using XML, for your own sanity, I beg of you!
- Fixed query string and pymisp version. [iglocska]
- Fixed no specification of the tinyint length for the objects in
  MYSQL.sql. [iglocska]
- Fixed double attachment of hashes for malware-samples. [iglocska]
- Updated PyMISP. [iglocska]
- Added an upper limit for max correlations / event. [iglocska]

  - super edge-case test instance got crushed by memory usage
- Correlation improvements. [iglocska]
- Some minor bug fixes. [iglocska]
- Avoid compatibility issue with AGPL license and its warranty clause.
  [Alexandre Dulaunoy]
- Capitalisation of default tlp tag didn't match the ones coming from
  taxonomies in the event alert e-mail subject. [iglocska]
- Fix to certauth pains. [iglocska]
- Added better debugging to the password shell. [iglocska]
- Corrected a copy paste mistake. [iglocska]
- Fix to an issue blocking the JSON download of single events.
  [iglocska]
- Fixes various issues with the certauth. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fixes to various issues with the cert auth. [iglocska]
- Fixed the favourite tags not showing up in the tag index. [iglocska]
- ACL updated. [iglocska]
- When deleting an attirbute/objects, object references to it are not
  deleted, fixes #2477. [iglocska]

  - force a reference deletion on attribute/object deletion
  - changed it to match deletion type
    - soft-deleting an attribute/object soft-deletes all references to it
    - hard-deleting an attribute/object hard-deletes all references to it
- Fixed notices described in #2482. [iglocska]
- No attributes set in the objects add form makes MISP barf up notices
  instead of gracefully showing an error - fixes #2476. [iglocska]
- Referenced by counter fixed, fixes #2479. [iglocska]
- Fixed the missing refresh on attribute tags when a new tag is added.
  [iglocska]
- Unpublish event on object add. [iglocska]
- Updated the xml export tool to support objects. [iglocska]

  - though why do we still support XML?...
- Various fixes for the objects. [iglocska]
- Fixed the add attachments functionalities. [iglocska]
- Fixed the timestamp of object references not being set. [iglocska]
- Fixed the object reference's timestamp not being updated. [iglocska]
- Fixed the empty event warning if an event only has objects but no
  attributes. [iglocska]
- Various fixes with object reference editing. [iglocska]
- Fixing various issues with the pull. [iglocska]
- Fixed an invalid user field lookup. [iglocska]
- Removed an invalid line left in from a debug session. [iglocska]

  - caused galaxy cluster not to show up on event view
- Fixed an invalid user call in the paginator. [iglocska]
- Added upload logo functionality to org add form. [iglocska]

  - Forgetfullness correlates directly with age apparently
- Reverted a change from yesterday that breaks the event index.
  [iglocska]
- Fixed some parameter issues. [iglocska]
- Some realignment on the attribute add view. [iglocska]
- Fixed array level mess-up. [iglocska]

  derp
- Fixed invalid variable name. [iglocska]
- Fixed invalid lookup for adding object references. [iglocska]
- Added missing object row change. [iglocska]
- Fixed the saving of objects. [iglocska]
- Updated the new ajax methods to follow the new JSON rules. [iglocska]
- Various fixes. [iglocska]
- Fixed an outdated index pointing to a now non-existant field.
  [iglocska]
- Ommit object template elements with invalid attribute types.
  [iglocska]

  - and warn users
  - shout out to all C-level managers at SHA2017
- Fixed event view issue for empty events. [iglocska]
- Added description field to object template elements. [iglocska]
- Fixed previous commit. [iglocska]
- Missing field in object template elements added to match upgrade
  script. [iglocska]
- Updated fields. [iglocska]
- Object renamed to MispObject in form. [iglocska]
- Cakephp updated. [iglocska]
- Removed obsolete table. [iglocska]
- Fixed object references table. [iglocska]
- Add object functions to ACL. [iglocska]

Other

v2.4.79 (2017-08-28)

New

- Feeds added to the scheduled jobs. [iglocska]
- Opened up the taxonomies actions to the API: [iglocska]

  valid APIs:

  index, view, enable, disable
- Exposed Feed previews to the API. [iglocska]

  - The following can now be fetched via the API (requires site admin access):
    CSV, Freetext, MISP feeds: /feeds/previewEvent/[feed_id]
    MISP feeds: /feeds/previewIndex/[feed_id]/[event_uuid]
- Added command line tool to enable/disable misp. [iglocska]

  - /var/www/MISP/app/Console/cake Live [0|1]
  - sets the MISP.live directive
- Add a baseurl changer for shell scripts. [iglocska]

  - cake /var/www/MISP/app/Console Baseurl [new baseurl]

Changes

Fix

- Removed url -> tls_cert_subject rule conversion for the suricata
  export, fixes #2396. [Andras Iklody]
- Fixed a bug where /events/uuid would return the incorrect event.
  [iglocska]
- Only try to look for feed correlations for a proposal if the proposal
  list isn't empty. [iglocska]
- MISP taxonomy updated. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Fix to the max items displayed / page using the custom pagination
  tool. [iglocska]
- Slight improvement to event uuid lookup on the event view. [iglocska]
- Follow redirect from feed pull if the response is a 302. [iglocska]
- Cleanup for feeds fixed. [iglocska]
- Possible fix to the newsread = null issue. [iglocska]
- Fixed a potential persistent cross site scripting in the comments.
  [iglocska]

  - new tag parser for the comments implemented
  - Parser now cleanly pre-constructs the replacement items after finding tag pairs

  - This only impacts users of the same instance, as comments are not synchronised

  - as reported by Jurgen Jans and Cedric Van Bockhaven from Deloitte
- Further Event index UI fixes. [iglocska]
- Fixed event index for non site admins. [iglocska]
- Attribute view also accessible via UUID. [iglocska]
- Fetch PGP key button goes into endless loading if no key was found.
  [iglocska]
- Fixed an obviously dumb validation rule, fixes #2394. [iglocska]

  - derp
- Fixed a group by issue with the event filter overlay. [iglocska]
- Misaligned event index for read only users fixed, fixes #2397.
  [iglocska]
- Fixed mistyped field. [iglocska]
- Fixes to the galaxy import tool. [iglocska]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Fix double pagination of data in the taxonomies controller, fixes
  #2399. [iglocska]
- Added event_uuid to attribute view. [iglocska]
- Remove the notice thrown if no valid user exists for the given e-mail.
  [iglocska]
- Fixed the XML output for the restresponse library. [iglocska]
- Fixes to several issues with the template editor, fixes #2387, fixes
  #2388. [iglocska]
- Several fixes to the template editor. [iglocska]
- Fixes to issues introduced by the ajax JSON rework, fixes #2384.
  [iglocska]
- Tightening the sanitisation of indicators for the e-mail alerts.
  [iglocska]
- Fixes to several cases of reflected XSS, fixes #2381. [iglocska]

  - as reported by @import-au

  - Additionally enforce content-type on all async APIs called by the UI using CakeResponse

Other

v2.4.78 (2017-08-06)

New

- Exposed Roles to the API. [iglocska]

  - valid commands via the API
    - /admin/roles/add [GET, POST]
    - /admin/roles/delete/{id} [POST, DELETE]
    - /admin/roles/edit/{id} [GET, POST]
    - /admin/roles/index [GET]
    - /admin/roles/set_default/{id} [POST]
    - /roles/index [GET]

Changes

Fix

- Fixed capitalisation of "throw" in templateElementsController.
  [iglocska]
- Fixes the lookup of attributes in the UI attribute search to correctly
  adhere to sharing groups. [iglocska]

  - Attribute search was not correctly adhering to sharing group rules as it wasn't using the centralised lookup method

  - As reported by Helge Aksdal
- PyMISP version bump. [iglocska]
- Nicer response for the API to push events to ZMQ. [iglocska]
- Fixed a typo in the pushEventToZMQ function. [iglocska]
- Only add the permission description to the Role fetcher if the
  permission level is queried. [iglocska]
- Added constants to role permissions for the API. [iglocska]

  - Permission now accepts a constant [read|manage_own|manage_org|publish] in addition to a numeric value [0|1|2|3]
  - Querying a role via the API returns the constant additionally to the numeric value in the permission_description field

  - Added /roles/view/{id} to the API
- Previous commit was incorrect, empty filters contain null not false.
  [iglocska]
- Fixed "published":0 filter for restsearch. [iglocska]

  - also removed an empty function
- Added put/post to role deletion. [iglocska]
- Invalid model used to push ZMQ messages for discussion posts.
  [iglocska]
- Potential fix to the template element adding issue throwing ajax only
  exceptions. [iglocska]
- Changed the validation of newsread and change_pw to boolean. [Andras
  Iklody]
- Fixed an issue with the roles model failing on stricter MySQL settings
  due to missing group by. [iglocska]

Other

v2.4.77 (2017-07-12)

New

- Added php ini path. [iglocska]

Changes

Fix

- Remove delegation request once event delegation is accepted.
  [iglocska]

  - TODO, cleanup of zombie delegation requests
- Updated pyMisp and querystring versions. [iglocska]
- Added user password length change to the MYSQL.sql file. [iglocska]
- Tightened the sanitisation of the filenames in the template uploader.
  [iglocska]

  - Data from retained uploaded files when re-editing a template popuplation prior to submission was loaded into the JS directly without sanitisation
  - Whilst there was no way found to exploit this, introduced tighter sanitisation for the file data

  - Thanks to cert.govt.nz for the security report.
- Fixed some missing css/scripts from the iframe for the template
  uploader. [iglocska]
- GFI uploaded archives don't throw exceptions on failed parsing,
  instead simply show an error banner after redirect. [iglocska]

  - in situations with misconfigured MISPs (debug enabled), a parsing error
    exception thrown while parsing a maliciously malformed archive could include
    arbitrary files in the stacktrace accessed from within the apache user's
    scope if a symlinked file was uploaded in the archive

  - Thanks to cert.govt.nz for the security report.
- Upgraded hashing algorithm used and added requirement to confirm
  password for user profile changes. [iglocska]

  - Added method to upgrade all passwords to blowfish transparently
  - All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed

  - Thanks to cert.govt.nz for the security report.
- Added screenshots to attribute index/attribute search, fixes #2338.
  [iglocska]

  - Flickr can start quivering in its boots!
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Value1 and value2 removed from attributes/view/id. [iglocska]
- The server settings page (servers/serverSettings) was crashing when
  the redis connection wasn't properly working. [Cédric Bonhomme]
- Further performance tweaks to the feed fetcher. [iglocska]
- Made the feed pull for CSV/Freetext feeds much faster for large feeds.
  [iglocska]

  - value de-duplication is now a lot more efficient
- Massive performance boost when adding attributes to an already large
  event. [iglocska]
- Return json dict instead of string when queuing a feed pull job.
  [iglocska]
- Fix the massive hover popover for modules that keeps breaking the
  layout at trainings. [iglocska]

  (ノ°Д°)ノ︵ ┻━┻
- Fixed TC import. [iglocska]
- Removed unused fulltext index in favour of 255 length index.
  [iglocska]
- Fixed a potential issue with galaxy clusters with no elements causing
  notices. [iglocska]
- Accessing a pivoted event view URL without having the pivot path
  tracked in the session threw a notice. [iglocska]
- Added missing ServersController.php change that populates $php_ini.
  [iglocska]

  - faildev forgot to commit the file
- Don't run the regexp replaces on sigma rules. [iglocska]
- JSON export via the UI should download a file, not render the JSON.
  [iglocska]
- Invalid redirect from adding attachments when hitting post size limit.
  [iglocska]
- Cleanup/sync of installation guides. [SHSauler]
- Fixed the invalid CSV download filename. [iglocska]
- MISP taxonomies updated to the latest version (DML added) [Alexandre
  Dulaunoy]
- Fixed sanitisation of feed correlation fields. [iglocska]
- New dataplane.org feeds added. [Alexandre Dulaunoy]
- Meta field in galaxy cluster should be a dict even if empty in the
  JSON output, fixes #2280. [iglocska]

Other

v2.4.76 (2017-06-20)

New

- Feed http://cinsscore.com/list/ci-badguys.txt added. [Alexandre
  Dulaunoy]
- Contributing guidelines added following the initial wiki document.
  [Alexandre Dulaunoy]
- Caching of the CIDR blocks to boost the advanced correlation
  performance. [iglocska]

  - massive boost to performance when using advanced correlations
- Push new Discussion items to ZMQ Under the topic
  misp_json_conversation. [Hannah Ward]
- Performance improvements for the pub-sub modules. [iglocska]

  - Only load and open connection to redis for the pub-sub connection once.
  - Massive performance boost when the ZMQ functionality is enabled
- Add adhereToWarninglists as a JSON parameter to the freetextImport
  API. [iglocska]

Changes

Fix

- Warning-lists updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Prevent form from being submitted when changing a template element,
  fixes #2274. [iglocska]
- Error handling of proposal sync. [iglocska]

  - don't log errors if no proposals are found
  - don't throw an exception if no proposals are found
- Allow triggering the fetch feed from the API. [iglocska]
- Changed the colour of the git output to something more soothing.
  [iglocska]
- Fixed an issue in the XML export due to neglect. [iglocska]
- Fixed a group by issue. [iglocska]
- Removed silly duplicate queries from the event index. [iglocska]
- Fixed indexing of the value field for certain instances. [iglocska]
- Moved attachment access diagnostic tool to attributes controller.
  [iglocska]
- Yes is not Yee. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Possible fix for a massive performance bug on older MYSQL versions
  when entering attributes. [iglocska]
- Fix to the CIDR caching. [iglocska]
- Follow up to the previous patch, also for the individual events'
  stixification. [iglocska]
- Throw the STIX errors to file, fixes #2266. [iglocska]

  - saved to /var/www/MISP/app/tmp/logs/exec-errors.log
- Further fixes to the delete attribute length. [iglocska]
- Fix the delete proposal's length based on the number of fields in the
  table. [iglocska]
- Explanation regarding meaning of variables. [Steffen Sauler]

  Default OutputDirName (current dir) led to error for me on Ubuntu 16.04, tar 1.28. Provided works and is neater.
- Further performance improvements to the zmq module. [iglocska]

  - should make inserting data faster
- Fixed the duplicate sighting save that kept popping up in the ZMQ
  feed. [iglocska]
- Fixed error messages for the CSV export API. [iglocska]
- Don't return the mixbox version if no mixbox is installed. [iglocska]
- New way of checking for API access. [iglocska]

  - meant to resolve some issues such as being redirected to the news page if a new news item exists while running a CSV export via the API
- Possible fix to the stix export for various STIX versions / python
  versions. [iglocska]
- Fixed the mixbox version lookup. [iglocska]
- Added Mixbox to the STIX installation, fixes #2262 ##comma## fixes
  2261. [iglocska]

  - provided by @newdominic
- Corrected range of valid port numbers for the attribute validation.
  [iglocska]

  - as pointed out by @MattCarothers
- Validation for port attribute The logical check for a valid port was
  backwards.  It looked for an integer outside the range of 1-65535
  rather than inside. [Matt Carothers]
- Added cache feeds to the gitignore. [iglocska]
- Fixed a notice error in the taxonomy view. [iglocska]

Other

v2.4.75 (2017-06-13)

New

- First round of massive performance tuning (tm)(c) [iglocska]

  - Make MISP fast again
- Export default feed list in Markdown format. [Alexandre Dulaunoy]

  Simple Python script to dump the default feed list in a Markdown list.
  The script is to be used for the automatic generation of the
  misp-website and documentation to keep an up-to-date list of feeds in
  the various public places of the MISP project.
- Mass delete events. [iglocska]

  - simply use the multi select on the event index via the UI
  - for the API, simply POST to /events/delete with a payload in the following format:
    `{"id": [15, 16, 17]}`

  - if you've accidentally deleted all your events using this functionality, feel free to contact @rommelfs or contact the NSA for backups
- Added Font Awesome for greater glory. [iglocska]
- Added email-body attribute type, fixes #1062. [iglocska]

Changes

Fix

- Fixed an error causing combined feed cache issues. [iglocska]
- Relaxed UUID4 requirement for UUID validation. [iglocska]

  - we shouldn't enforce anything beyond the basic format
- Allow browsing events that have a failed full fetch. [iglocska]
- Removed port numbers from correlating, fixes #2141. [iglocska]
- Fixes a feed caching issue introduced by the performance tweaks.
  [iglocska]

  - moved the combined feed generation for the fast lookups to the feed caching algorigthms as opposed to an on an on-the-fly merge
- Fixed invalid looping to pick up feed correlation event info fields.
  [iglocska]
- Fixes a missing method needed for CIDR correlation, fixes #2256.
  [iglocska]

  - CIDR correlation for IPv6 was utterly broken and broke the entry of ip attributes
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Added missing view file. [iglocska]
- Typo fixed. [iglocska]
- GPG vs PGP key naming snafu fixed. [iglocska]
- Fixed the proposal event index view showing org IDs instead of org
  names, fixes #2248. [iglocska]
- Truncate log descriptions that are over 65532 character long.
  [iglocska]
- No commit message. [iglocska]

  - cleanup refactoring of pub sub tool
  - better handling of no access to redis
- Added download buttong for the feed settings in JSON format, fixes
  #1895. [iglocska]
- Fixed issues with feeds that time out causing failures. [iglocska]
- Forgot to catch for weird STIX version. [Hannah Ward]
- Another IDGen thing. [Hannah Ward]
- Added empty string as default for feed data. [iglocska]

  - to handle cases where no data is returned.
- Removed second publish button from the menu. [iglocska]

  - copy pasta fail FTL
- Alignment issue fixed. [iglocska]
- New and improved child-lock. [iglocska]
- Use IDGen from literally any module that has it. [Hannah Ward]
- Added child-protection for the mass select on the event index.
  [iglocska]

  - only site admins can mass select + delete now.
- Fixed a silly issue in the ZMQ publisher. [iglocska]

  - was setting up the socket and tearing it down for each message, derp
  - as reported by @RichieB2B
- Made Python 3 happy with the ZMQ scripts. [iglocska]
- Added missing css loader from the layout. [iglocska]
- Email-attachment and email-body now accept line breaks. [iglocska]

Other

v2.4.74 (2017-05-30)

New

- Added default feed list. [iglocska]
- Publish event to ZMQ on demand and beaconing of ZMQ tool. [iglocska]
- Auto load the default feeds from file. [iglocska]
- Added User and Organisation addition/change data to the ZMQ feed.
  [iglocska]
- Added filtering to the tag index. [iglocska]

  - also globally fixed the filter issues when filtering from an index with a different pagination position than the first page
- Added sightings to ZMQ pub sub system. [iglocska]
- Added attribute JSONs to pubsub system. [iglocska]

  - also made mispzmq a but more generic
- Add instance uuid. [iglocska]

Changes

Fix

- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Logrotate, database.php settings explanation. [Steffen Sauler]
- Clarified ZMQ start button (it doesn't restart anything anyway)
  [iglocska]
- Made the mispzmq.py script less crap. [iglocska]
- Gitignore updated. [iglocska]
- Initial password reset functionality. [iglocska]

  - invalid parameters sent for new users in the on-demand reset
  - been bugged for 4 months, but became somewhat obsolete with the automatic notification so no one noticed
- Added missing topics to the mispzmq.py script. [iglocska]
- Fix a copy paste bug. [iglocska]
- [misp-zmq] add a Poller for future multi-SUBscriber in ZMQ. [Alexandre
  Dulaunoy]
- Fixed an issue with false positive sightings throwing notice errors on
  the event view. [iglocska]

  - caused by the false positive sightings data being aggregated in the event level sparkline without the correct dates being set
  - solution is to remove the false positive data from being entered in the sparkline, the goal of it is only to show sightings anyway.
- Truncate the change field in log entries if it becomes humongous.
  [iglocska]

  - solves a rare situation with massive PGP keys breaking user additions / edits
- Some cleanup in the mispzmq script. [iglocska]
- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy latest version updated. [Alexandre Dulaunoy]
- Skip the import of mixbox for users of older stix libraries.
  [Alexandre Dulaunoy]

  If you rely on old idgen from previous stix libraries, mixbox is not installed.
  This completes the fix #2186 and should be fine for old and new stix libraries.

  A partial lyric has been included in this commit to ease the pain to work ##comma##:

  Money for nothin' and your stix for free
  Money for nothin' and stix for free
- Fixed a notice issue with the feed index if no cache has been
  generated yet. [iglocska]
- GUI bug/inconsistency (Explore remote server), fixes #2203. [iglocska]

  - Removed the link from the published sign, it was indeed silly
- Fixed a few silly issues with the hids export. [iglocska]

  - allow POSTed parameters
  - simpler response always responds with txt type, won't complain about view not being set for incorrect accept headers
- Hids api threw error on empty result. [iglocska]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Update to the MISP galaxy latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Deal with all the weird and "wonderful" stix versions Tries to fix
  #2181. [Hannah Ward]
- Move idgen call to mixbox. [Hannah Ward]
- Fixed an issue with the freetext importer failing if no tags were set.
  [iglocska]
- Fixed a condition where no proposals downloaded generated a warning in
  the debug log. [iglocska]
- Added default comment to event blacklists, fixes #2080. [iglocska]
- Updated cakephp solving TLS 1.2 issues. [iglocska]
- Fixed an API vs documentation mismatch for the nids exports.
  [iglocska]

Other

v2.4.73 (2017-05-10)

New

- Update all the json structures in MISP via the API, fixes #2168.
  [iglocska]

  - Just post to the following APIs as a site admin:
    - /warninglists/update
    - /galaxies/update
    - /taxonomies/update
- First implementation of the feed analysis system. [iglocska]
- Cortex objects shown in popup. [iglocska]
- New module type: Cortex. [iglocska]

  - similar to Enrichment modules except for not having the options to run hover
- New type - cortex. [iglocska]

  - raw cortex output json
- Use /events/freeTextImport/eventid via the API to directly parse and
  create attributes from the input. [iglocska]

  - expected format is {"value": "my_string_to_parse"} with "distribution" being an optional value (otherwise instnace defaults are assumed)

Changes

Fix

- Removed two duplicate fields from MYSQL.sql. [iglocska]
- Added missing fields causing pulled events to not contain attributes,
  fixes #2171. [iglocska]
- Fixed two small bugs. [iglocska]
- Don't show links to feeds on the event view to normal users.
  [iglocska]
- Several fixes to the feed overlay matrix. [iglocska]

  - lookup was broken for csv/freetext feeds
  - allow users to see the feeds if the admin allows it
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Make redis optional (for now) [iglocska]
- Fixed two looping issues in the feed analysis matrix. [iglocska]

  - fixed cache age counter going ape****
  - fixed the overlap value counters in the graph popovers
- Removed an invalid check causing travis to fail. [iglocska]
- Version bump. [iglocska]
- Several feed fixes. [iglocska]
- Added overlap count to the feed analysis hover. [iglocska]
- Added unpublish_event not being loaded. [iglocska]
- Better centering of the cortex object popup. [iglocska]
- Missing parameters for getenabledmodules. [iglocska]
- Fixed a failure with cortex modules (hopefully) [iglocska]
- Set a default colour for tags in the feed preview that don't have a
  colour set. [iglocska]
- Reduced the data pushed to the view for the tag index, potentially
  resolves #2156. [iglocska]
- Set the content header for module lookups. [iglocska]
- Add event_blacklists and org_blacklists in POSTGRESQL install scripts.
  [Adrien RAFFIN]

  Also fix small bug in imported MYSQL syntax

  WARNING: NOT tested in production

  Tests were only done to create database structure, MISP wasn't run with
  this database. It still could have incompatibilities with Model
- Add event_blacklists and org_blacklists in MYSQL install scripts.
  [Adrien RAFFIN]
- Fixed an issue where certain filters removed some elements from the
  object counter, fixes #2151. [iglocska]
- Left off controller changes in the previous commit. [iglocska]
- Removed the automatic sorting from fetchEvent to improve performance.
  [iglocska]
- Allow event edits even if the "Event" container isn't set. [iglocska]
- Fixed the publishtimestamp filter issues with the event index.
  [iglocska]

  - allow for publishtimestmap and publish_timestamp due to some documentation issues
  - fixed the lookup to be greater than by default instad of lower than
  - added the option to pass a range by passing an array with a start and end publish timestamp
- Re-added missing config settings to the export modules. [iglocska]
- Added missing distribution defaults to the import modules. [iglocska]
- Bug: Ip-dst attribute should not be able to include a "/", fixes
  #2138. [iglocska]

Other

v2.4.72 (2017-04-14)

New

- Disable taxonomy tags. [iglocska]
- Added attributes / event average to statistics. [iglocska]
- Minimal flag added to the event index. [iglocska]

  - used by the sync, greatly reduces the data fetched / transfered on the initial sync negotiation
- Added JS dev doc. [Hannah Ward]
- Added watchify for on-the-fly dev. [Hannah Ward]
- Add build script for JS new: Add es6 version of misp.js chg: Removed
  plain JS. [Hannah Ward]
- Added package.json file. [Hannah Ward]
- Added new flag to events/restSearch to disable sharing group loading.
  [iglocska]

  - sgReferenceOnly: Will only load the sharing_group_id not the actual sharing group data

Changes

Fix

- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Enforce the hide tag directive. [iglocska]
- Toggling an attribute's correlation won't reload the page anymore.
  [iglocska]

  - Part of the 2017 saving @adulau's sanity initiative(tm)
- Removed sharing group option from the quick distribution edit, fixes
  #2116. [iglocska]
- Fixed an issue with the org blacklisting. [iglocska]
- Fixed an issue where a proposal not having an assigned organisation
  broke the synchronisation on a pull. [iglocska]
- Fixed a format issue with the minimal index. [iglocska]
- No notify field set in user creation throws error. [iglocska]
- Reverted JS changes for now. [iglocska]
- Further JS fixes. [iglocska]
- Further fixes to the JS. [iglocska]
- Several js fixes. [iglocska]
- Left off changes to misp.js. [iglocska]
- Fixed a missing variable initialisation. [iglocska]
- Fixed uninitialised variable. [iglocska]
- Un-minified JS. Don't bully me. [Hannah Ward]
- Remove now unneeded JS deps. [Hannah Ward]
- Added 'var' in front of new variables. [Hannah Ward]
- Assign global functions to window. [Hannah Ward]
- Added uglifyjs for minified JS. [Hannah Ward]
- Don't try to use the react preset ;) [Hannah Ward]
- Only require node for development purposes - compiles to JS. [Hannah
  Ward]
- Ignore the *right* node folder. [Hannah Ward]
- Avoid undefined calls to .value. [Hannah Ward]
- Updated JS to fix Infinite loading when adding an attribute fails,
  fixes #2102. [iglocska]
- Removed unnecesary part of the previous fix. [iglocska]
- Fixed a mass attribute edit issue if no sharing groups are created on
  the instnace. [iglocska]
- Added fallback for getallheaders() missing for some systems.
  [iglocska]
- Missing ; added. [iglocska]
- Query string version bump. [iglocska]
- Added logging to the testconnection post-test. [iglocska]

  - also, fixed the inverted error codes as noted by @ppanero
- Fix to the correlation graph after the relatedevent format changes.
  [iglocska]

Other

v2.4.71 (2017-04-11)

New

- Set distribution level in freetext results / module import results,
  fixes #2023. [iglocska]
- Password complexity defaults tightened, also passowrd requirements
  shown to users, fixes #2117. [iglocska]
- Check is user is sudo before wiping misp. [Hannah Ward]
- Rework of the restsearch APIs. [iglocska]

  - allows for alternate download types (supported for now: openioc)
  - major refactor of the openioc export
  - refactor of the CIDR tool

Changes

Fix

- Invalid lookup in the upgrade script causing the two default entries
  for the org blacklist to not populate. [iglocska]
- PyMISP version bump. [iglocska]
- Fixed the missing brace. [iglocska]
- Fixed the upgrade script to 2.4.71. [iglocska]
- Removed obsolete file. [iglocska]
- Removed obsolete js file. [iglocska]
- Cleanup of the role add/edit checkboxes. [iglocska]
- Better error handling for failing to attach tags. [iglocska]
- Added password complexity popover to the password change dialogue.
  [iglocska]
- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Misp-warninglists updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Set comment field to an empty string in the attribute pre-validation.
  [iglocska]
- DB changes preloaded for 2.4.71. [iglocska]
- Invalid key lookup for roaming in checkIfServerInSG() [iglocska]
- Invalid lookup for the queryversion. [iglocska]
- Fixed a typo in the previous commit. [iglocska]
- Remove sharing groups from json output if empty. [iglocska]
- Slight change of the related events format in the JSON to be more
  consistent. [iglocska]

  - Org and Orgc moved within the relatedEvent->Event
- Updated to the latest version of misp-galaxy. [Alexandre Dulaunoy]
- Fixed a small issue that could lead to a failed event push using
  sharing groups. [iglocska]
- Enforce the uuid creation on the UI. [iglocska]
- Enforce adding a UUID for external organisations too. [iglocska]

  - No need to support 2.3 any longer
- Default value for the tag exportable field added. [iglocska]
- Fixed the attribute level restsearch returning a weirdly formatted
  empty array. [iglocska]
- Do not echo password on misp-wipe. [Hannah Ward]
- History is now available via the API, fixes #2111. [iglocska]
- Whitelist entries being removed breaks the indexing of attribute
  arrays. [iglocska]

  - caused issues with JSON serialisation as lists turned into dicts
- Fixed an invalid JSON serialisation for restSearch. [iglocska]
- Minor issue - duplicate style tag, fixes #2106. [iglocska]
- CSRF issue when adding an attribute via the popover. [iglocska]
- Min width added to resolved attribute value. [iglocska]

  - looked terrible on low res screens
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Fixed issues with popups across the board for low res displays, fixes
  #2101. [iglocska]

  - Popups get scrollbars / realligned for potato resolutions
  - General cleanup of popup related functions in the JS
  - Added version querystring to the css files, no more ctrl+f5ing after some updates
- Removed ajax containers from views since they are already provided by
  the layout, fixes #1753. [iglocska]

  - resolves some issues with popups not showing up after certain actions
- Rearrange the data for adding proposals. [iglocska]

  - if no ShadowAttribute container is found, encapsulate the posted data
- NotFoundException when no events found by restSearch, fixes #2096.
  [iglocska]

  - changed to just return an empty set
    - returns {"request":[]} for events/restSearch
    - returns [] for events/restSearch
- Removed unused field from user edit view. [iglocska]
- Correction to previous commit. [iglocska]

  - correlations can now be disabled by site admins, no matter who created the event
- Allow disabling correlation for events not owned by the user if the
  user is a site admin. [iglocska]
- Freetext import shouldn't require the TLD containing warninglists to
  be enabled. [iglocska]

  - as long as it exists it will be used, no need to enable it any longer
- Fixed an issue where discarding a delegation request tried to redirect
  to the event view. [iglocska]

  - however, users lose access to the event once they discard the delegation request
  - redirects to the index instead now
- Managing Delegation Request - wrong organisation in popup fixed, fixes
  #2079. [iglocska]
- Missing JS file for the template file upload re-added, fixes #2084.
  [iglocska]

Other

v2.4.70 (2017-03-26)

New

- Added 2 new types. [iglocska]

  - hex and sigma
- Sync logging to debug issues. [iglocska]
- Added a POST server connection test. [iglocska]

  - hopefully it should help debug some issues
- Update MISP from the diagnostics page. [iglocska]

  - right now it's pretty dumb, it simply pulls the same branch that the current user is on
  - Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line
- Allow for several attributes to be added in one go via
  /attributes/add. [iglocska]

  - Also a rework of the internals
  - All entry vectors are now handled the same way
  - syntax for adding several attributes is [{attribute1}, {attribute2}]
  - Sane defaults used automatically, making {"value":"1.2.3.4", "type":"ip-dst"} a valid attribute

Changes

Fix

- Spring cleaning. [iglocska]

  - removal of debug from the syncdebug
  - cleanup of the fixes that resulted from it
  - removal of the mangle sync from 2.4->2.3 (if you still have partners running 2 year old versions, time to notify them, stop syncing and unfriend on facebook)
- Potential fix for the sync issue. [iglocska]
- Some further fixes. [iglocska]

  - includes a fix to a compatibility test failure causing all instances to test as a legacy MISP
- Added missing ACL entry. [iglocska]
- Added missing popup view file. [iglocska]

  - Also added a new test string in a file for the POST connection test
- Fixed an issue with a notice error when adding a new attribute.
  [iglocska]
- Better error handling for partially failed attribute collection POSTs
  to /attributes/add. [iglocska]
- Missing echo caused the aria-label of import choices not to be
  populated properly, fixes #2038. [iglocska]
- Missing comma added. [iglocska]
- PyMISP to the latest version. [Alexandre Dulaunoy]
- Second round of accessibility changes. [iglocska]
- First round of Accessibility issues resolved with span links.
  [iglocska]

Other

v2.4.69 (2017-03-10)

Changes

- Some changes to the users. [iglocska]

  - added date created/modified in the backend
  - added date created in the users index
  - passowrd reset for a user now shows a warning if no pgp/smime key are set and the user might not be getting the email
- PyMISP update. [iglocska]

Fix
~~~
- Version bump. [iglocska]
- Fixed a typo in an upgrade script. [Iglocska]
- Readded the failing entry caused by a typo in the upgrade system.
  [iglocska]
- JS version bump. [iglocska]
- Fixed the upload of proposal attachments via the data field, fixes
  #2037. [iglocska]
- Changed the main misp js file name and switched to using query strings
  to invalidate cached versions on update. [iglocska]

  - stops MISP from disclosing the version string on the login page

  - as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs
- Removed the loading of the main js file from the login page.
  [iglocska]

  - stops MISP from disclosing the version string on the login page

  - as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs
- Tightened sanitisation in some view elements - on the index filter
  tool - organisation landing page. [iglocska]

  as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs
- Tightened sanitisation in some view elements - on the index filter
  tool - organisation landing page. [iglocska]

  as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs.
- Fixed an issue that could under certain conditions lead to empty
  events being pushed when synchronising. [iglocska]
- Removed unnecessary implode() code. [David Maciejak]
- Normalised the attirbutes/add and attributes/edit apis. [iglocska]
- Fixed a potential issue causing the attribute validation to fail.
  [iglocska]

Other
~~~~~
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
  [iglocska]
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
  [iglocska]
- Merge pull request #2033 from rmarsollier/2.4. [Andras Iklody]

  minor bugfix on TagsController.php
- Minor bugfix on TagsController.php. [rmarsollier]
- Merge pull request #2019 from dmaciejak/patch-1. [Andras Iklody]

  fix: remove unnecessary implode() call
- Merge pull request #2031 from deloittem/2.4. [Andras Iklody]

  Suricata export update
- Only display the tag name if the array contains values (depending if
  the tag is exportable or not) [Mathieu Deloitte]
- Add the attribute tags to the msg field (Suricata rule) to sort easier
  the raised alerts. [Mathieu Deloitte]
- Initialize host to empty value when the URL is formed incorrectly.
  [Mathieu Deloitte]


v2.4.68 (2017-03-08)
--------------------

New
~~~
- Added float as a new attribute type. [iglocska]
- Added a way to upload org logos directly from the org add/edit view.
  [iglocska]
- Enable sync permission for read only accounts. [iglocska]
- Added a way to disable cached exports server wide for low disk space
  instnaces. [iglocska]

  - But please consider just adding some more space instead..

Changes

Fix

- Fixed sql fail. [iglocska]
- AttachTagToObject and removeTagFromObject now accept posted JSON
  objects. [iglocska]
- Fixed some default value issues with taxonomy colours. [iglocska]
- Several blacklist related fixes. [iglocska]

  - turned the functionality to a default on feature
  - added indexes
  - fixed some default values
- Added default value to proposal_to_delete. [iglocska]
- Additional logging when an attribute can't be added. [iglocska]
- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Typo fixed. [iglocska]
- Missing file added. [iglocska]
- Some ACL tightening. [iglocska]
- PushProposals requires that the user has perm_add permissions.
  [iglocska]
- Potential fix for a weird issue blocking the editing of users, fixes
  #1992. [iglocska]
- Fixed an issue with the baseurl diagnostic. [iglocska]
- Added missing network indicators to the network filter tab in the
  event view. [iglocska]
- Truncating the title of a log entry at 65KB for some pretty rare edge
  cases. [iglocska]
- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
- Relaxed TLD validation for hostname|port, domain|ip, jabber-id, fixes
  #1977. [Iglocska]
- Allow the disabling of the correlation of an event / attribute on
  event add, fixes #1991. [iglocska]
- Fixed several issues with the sightings. [Iglocska]

  - Main issue was the expensive and potentially large query used to find all sightings for a list of tags (used on the tag and galaxy cluster index)

  potentially fixes #1993

Other

v2.4.67 (2017-02-24)

New

- Add reverse proxy support for test of baseurl. [Adrien RAFFIN]
- Added activity charts to tag and galaxy cluster indeces. [iglocska]

  - bunch of small improvements additionally
- Added advanced sightings and sparkline to the event itself. [iglocska]
- User management convenience functions added. [iglocska]

  - quick e-mail: send an e-mail to a user quickly
  - orgadmin: see the org admins of a user and contact them
  - pgp key issues shown on the user view
  - pgp fingerprint shown on the user view
  - copy paste auth keys and pgp keys quickly by clicking on them
- Added PGP fingerprint and PGP key status to user view. [iglocska]
- Sightings column added to sightings table. [iglocska]

Changes

Fix

- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- More invalid MySQL fields fixed. [iglocska]
- Fixed a mysql issue. [iglocska]
- PyMISP updated. [Alexandre Dulaunoy]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- Fixed an issue displaying events without sghting data. [iglocska]
- Added a fix to growing arrays in the ApacheSecureAuth settings, fixes
  #1981. [iglocska]
- Relaxed the TLD validation for domains / hostnames, fixes #1977.
  [iglocska]
- Typo fixed in the advanced add sighting interface, fixes #1975.
  [iglocska]
- Fixed some visual issues with the attribution/targeting data warning
  in add attributes. [iglocska]
- Some fixes for the new user admin features. [iglocska]
- Mergeing removal of deprecated JS in the new role creation. [iglocska]
- Small fix for an invalid error message in the sightings. [iglocska]
- Throw an error if the local feed file is not found. [iglocska]
- Re-added the accidentally removed code in a merge, fixes #1965.
  [iglocska]

  - affects f0e1a27b7dca2e6d36f904ef52d4976649ccefa3
- Added validation for sighting type and fixed responses for adding
  sightings. [iglocska]

Other

v2.4.66 (2017-02-19)

New

- Added links to all events that match sightings sources in the
  sightings top list. [iglocska]
- Added sighting top list to the statistics. [iglocska]
- Various fixes to the sightings. [iglocska]

  - sparkline got its own column
  - delete sightings in the sighting details
- First revision of the new sightings system. [iglocska]
- First iteration of the improved sightings. [iglocska]

Changes

Fix

- Fixed an issue that prevented < 2.4.63 from being upgraded to the
  latest version. [Iglocska]
- Version bump 2.4.66. [Alexandre Dulaunoy]
- Added eventids to the toplist API. [iglocska]
- Left off view file added. [iglocska]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- Sightings are in fact not galaxies (heading changed) [iglocska]

  - derp
- Fixed a JS error causing a feed edit to not populate the filter
  popover, fixes #1959. [iglocska]
- Fixed some permission issues preventing non site admins from using
  some functionalities correctly. [iglocska]
- ACL updated. [iglocska]
- Enforce longer value fields on the event view. [iglocska]
- Added missing column in MYSQL.sql and some indexing. [iglocska]
- Typo. [iglocska]
- MYSQL.sql brought up to date. [iglocska]
- Changed name of the activity sparkline graphs. [iglocska]
- Fixed an annoying effect when adding a sighting. [iglocska]

  - also, js file renamed to current version
- Fixed an issue with the advanced correlation. [iglocska]
- Fixed some view issues with the sightings. [iglocska]
- Execute the cach cleaning before the indexing too. [iglocska]
- Fixed a possible issue with the upgrade mechanism. [iglocska]

  - indexer expecting new indeces
- IP:port attribute types should not be line separated. [iglocska]
- Execute upgrade script. [iglocska]
- Several fixes to the new sightings. [iglocska]
- Some bug fixes. [iglocska]
- Added composer's license. [iglocska]
- Update default field of organisation when creating new accounts.
  [Adrien RAFFIN]
- Changed installation behaviour of composer. [iglocska]

  - no longer requires the live download and execution of the composer package
    - compromising https://getcomposer.org/ could lead to RCE for new MISP installations during the installation

  - As reported by Trey Darley (@treyka)
- Urlencode the user's event list lookup to prevent oddities. [iglocska]
- Fixed a bug with the freetext import that broke the detection of IP
  addresses. [iglocska]
- Added correct recognition of ip:port indicators to the freetext import
  tool, fixes #1919. [iglocska]
- Added (dot) to the refanging. [iglocska]
- Incorect IF statment in app/Model/AppModel.php, fixes #1891.
  [iglocska]

Other

v2.4.65 (2017-02-09)

Changes

- Allow the creation of read only auth users/auditors. [iglocska]

  - also add creator email to json output for auditors

Fix
~~~
- Fixed the new indexer generating a notice on a successful indexing.
  [iglocska]
- Import whitelist - add a description to make it clearer, fixes #1902.
  [iglocska]
- Labels in Add/Edit feed, fixes #1913. [iglocska]
- Remove possible duplicate entries coming from a freetext feed import.
  [iglocska]

  - Since we use saveMany() for saving attributes from the freetext/csv feed import the unique attribute constraint was ineffective
  - The constraint checks if the event already has a similar type/category/value combination

  - TODO: Refactor this, each insert is also an expensive non buffered SELECT query besides the correlation creation!
- Fix several strict issues. [iglocska]
- Fix to the advanced correlation when no hits are found. [iglocska]
- API request : "An Internal Error Has Occurred." if no Thread for an
  event fixes #1900. [iglocska]

  - also, some cleanup of the eventView api
- Fix to a strict mySQL issue with the feed table. [iglocska]
- Fixed several issues with the indexer in the upgrade algorithm.
  [iglocska]

  - also, rerun the recent indexing rules

Other
~~~~~
- Version bump. [iglocska]
- Merge branch 'auditor' into 2.4. [iglocska]
- Merge branch '2.4' into 2.4. [truckydev]
- Merge branch '2.4' into 2.4. [truckydev]
- Check if auditor have good "org_id" [truckydev]
- Merge branch '2.4' into 2.4. [truckydev]
- Get email creator user for auditor users. [Tristan METAYER]
- Add auditor user        auditor user can see event_creator_id.
  [Tristan METAYER]


v2.4.64 (2017-02-06)
--------------------

New
~~~
- Lookup organisations by uuid using organisations/view. [iglocska]
- Advanced correlations. [iglocska]

  - experimental feature, correlate on CIDR
  - can be turned on/off in the server settings
  - For the emperor
- Added mass tagging to attributes on the event view. [iglocska]

  - Oooh yes.
- New setting to sanitise attributes on delete. [iglocska]

  - if enabled server wide, any delete of an attribute will not just set the deleted flag, but also sanitise the content fields
  - fields sanitised: category, type, value, comment, to_ids
- Send out credentials directly during user creation. [iglocska]
- Added API access to the statistics. [iglocska]

  - first iteration, this is a bit more complex to get it right than this implementation
  - data cleanup to make the results somewhat more useful
  - raw data needs to be documented

  - available APIs:
    - /users/statistics/data.json
    - /users/statistics/orgs.json
    - /users/statistics/tags.json
    - /users/statistics/attributehistogram.json

Changes

Fix

- Fixed a bug retrieving an org with no users. [iglocska]
- MISP galaxy updated. [Alexandre Dulaunoy]
- MISP taxonomy to the latest version. [Alexandre Dulaunoy]
- Fixes an issue with tags missing on push. [iglocska]
- Fixes to several issues with the setting change upgrade hooks.
  [iglocska]

  - also removed the not null restriction from a problematic field with no default entry, fixes #1853
- Set IDS flag for all attributes added via Email Import module fixes
  MISP/misp-modules#98. [iglocska]
- Added default values for some problematic log columns. [iglocska]
- Simplification of the proposal sync. [iglocska]
- Warning-list for empty hashes doesn't work on malware-sample even if
  the warning list is for ALL, fixes #1837. [iglocska]

Other

v2.4.63 (2017-02-01)

New

- Small rework of the thread functionalities. [iglocska]

  - API get /threads/view/<thread_id> and /threads/viewEvent/<event_id>
  - Added new setting to show post count on the event index including a notification if it has a post newer than 24 hours
- Add and remove tags from object by uuid. [iglocska]

  - /tags/attachTagToObject/uuid/tag
  - /tags/removeTagFromObject/uuid/tag

  - tag can be tag ID or tag name (must be an exact match)
  - Affects events and attributes

Changes

Fix

- Fixing a notice introduced in the last commit. [iglocska]
- Warning list updated to the latest version. [Alexandre Dulaunoy]
- Composite attributes displayed in 2 lines. [iglocska]
- Fixed a bug causing CSRF issues for tag removal. [iglocska]

  - at least I hope it did for others.
- Added missing view file, some small fixes, pymisp version bump.
  [iglocska]
- Added new functionality to the ACL. [iglocska]
- Cosmetic copy pasta issue fixed. [iglocska]
- [misp-galaxy] updated to the latest version including ransomware.
  [Alexandre Dulaunoy]
- Fixed an attribute type description. [iglocska]
- Removing tags now spans its own CSRF tokens in the confirmation popup.
  [iglocska]

  - fixes some CSRF issues
  - improves rendering performance
- Galaxy source should act as a link if a link is provided. [iglocska]
- Remove the admin setting changes too using the prune job. [iglocska]
- Fix and cleanup script for a specific bug. [iglocska]

  - rare occurance, but some MISP servers enter an upgrade loop causing massive amounts of log entries
  - this patch cleans up the bug preventing further upgrade loops as well as offers a script to clean up the fallout
- Fixed a bug that didn't correctly handle validation errors on the
  attribute add popup, fixes #1875. [iglocska]
- Removed malware-sample and attachment from the attribute type options.
  [iglocska]

  - should not be possible to select these via the add/edit attribute functions
- Fixed various tagging issues. [iglocska]

  - event tag when editing an event wasn't added correctly
  - tags that were not exportable returned weird empty lists via the API

Other

v2.4.62 (2017-01-26)

New

- Added the option to delete files after ingestion of local feed.
  [iglocska]
- Local feeds. [iglocska]

  - still needs testing
- Added two new parameters for the attribute restsearch. [iglocska]

  - to_ids, with the following options
    - false (default): include all attributes, no matter the to_ids flag
    - true: include only to_ids attributes
    - "exclude": exclude attributes marked to_ids

  - deleted with the following options
    - false (default): only include non deleted attributes
    - true: include deleted attributes
    - "only": ONLY include deleted attributes

Changes

Fix

- PyMISP version bump. [iglocska]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- Fixed an invalid lookup for the site admin debug. [iglocska]
- Fixed an issue where setting site admin debug to false resulted in a
  critical warning. [iglocska]
- Empty delimiter for CSV feeds causing grief. [iglocska]
- Fixed an issue that prevented a feed to be convertable between types.
  [iglocska]
- Fixed an issue with the feed url validation. [iglocska]
- Fixed an old bug returning an invalid feed pull result. [iglocska]

  - no new events / nothing to update returned an error before
- Views left off. [iglocska]

Other

v2.4.61 (2017-01-22)

New

- New warninglist type: hostname. [Iglocska]

  - use lists designated as hostname lists (which can be domains too)
- Allow the new type "substring" to be used for warninglists. [Iglocska]

Changes

Fix

- Fixed the hacky solution for hostname evaluation in warninglists.
  [Iglocska]
- Critical fix to an issue with event add fixed. [Andras Iklody]

  - a reuse of a pointer causes an invalid duplication of an attribute on entry, leading to the last attribute being dropped
- Fixed the org edit API. [Iglocska]

  - it only worked if all fields were set
  - switched to a different strategy where any changed field is updated
- Badges, badges and more badges! [Alexandre Dulaunoy]
- Badges more badges! [Alexandre Dulaunoy]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- Organisation UI and API improvements. [Iglocska]

  - opened up the organisations controller to API actions
    - this includes index/add/edit/delete
    - uses the still new-ish standardised REST library
    - send GET requests to add/edit to view the parameters

  - reworked the org index to paginate 60 items instead of 20 and to have a view all button
- Fixed an issue that erroneously updated the date of an org creation on
  edit. [Iglocska]
- Just force utf8 encoding if it's not set. [Iglocska]
- Added a warning if utf8 encoding isn't set up in the database config.
  [Iglocska]

  - also, changed the default database config to enforce utf8
- Do the centering after the screenshot is shown. [Iglocska]

  - otherwise it returns 0 as the width
- Left off css changes. [Iglocska]
- Whois-registrant-email added as type when an email is detected in
  freetext. [Alexandre Dulaunoy]
- ACL updated for attribute level tagging. [Iglocska]
- Don't try to add the attribute tag field to proposals. [Iglocska]
- Andreas Ziegler significant contribution acknowledged in Copyright.
  [Alexandre Dulaunoy]
- Temporary fix for no relatedattributes producing an empty string
  instead of an empty array in the retrieved data. [Iglocska]

Other

v2.4.60 (2017-01-17)

New

- Request encryption of samples via the event REST api. [iglocska]

  - Add the encrypt flag to attributes to be added via the events/add or events/edit api
  - simply add "encrypt": true to the attributes that have a sample attached in the "data" field
  - make sure that the attribute value is the desired filename, the hashes will be added automagically
- Add a new api to check the supported PyMISP version. [iglocska]
- Index API for sightings added. [iglocska]
- Sightings API improvements WIP. [iglocska]

  - reworked responses
  - started work on the new index
- Show attributetags on sync event preview. [Andreas Ziegler]
- Show attributetags on api calls for single attributes. [Andreas
  Ziegler]
- Show usage count of an attributetag in tag list. [Andreas Ziegler]
- Show usage count of an attributetag in taxonomies detail view.
  [Andreas Ziegler]
- Search for attributetag by clicking on one. [Andreas Ziegler]

  including major reorganisation of attributes search() method
- Add&remove attributetags on event view. [Andreas Ziegler]
- Add search&result for attributetags. [Andreas Ziegler]
- Add findAttributeIdsByAttributeTagNames() to Tag Model. [Andreas
  Ziegler]
- Show attributetags on event view. [Andreas Ziegler]
- Show attributetags on attribute index. [Andreas Ziegler]
- Add config options for attribute tagging. [Andreas Ziegler]
- Add AttributeTag. [Andreas Ziegler]
- Add table attribute_tags on updates to 2.4.53. [Andreas Ziegler]
- Add sql for attribute_tags (PostgreSQL) [Andreas Ziegler]
- Add sql for attribute_tags (MySQL) [Andreas Ziegler]

Changes

Fix

- Fix a unicode issue with the correlation graphs. [Iglocska]
- Fix an issue with the graphs when no relations are found. [Iglocska]
- Clarification a selectable group is also an active group. [Alexandre
  Dulaunoy]

  or an active group is also selectable.
- Epic fail due to missing brackets. [Iglocska]

  - mimicing Apple's gotofail well.
- Some UI love. [Iglocska]
- Update the attribute timestamp on attaching/removing tags. [Iglocska]
- Unpublish event when adding/removing an attribute tag. [Iglocska]

  - also show the event being unpublished immediately
- Fixed some issues with the galaxies that got broken. [iglocska]
- Fixed some issues with the addTag/removeTag APIs. [iglocska]
- Fixed an issue that prevented tas to be added from attributes.
  [iglocska]

  - whenever the "all" taxonomy was chosen
- Further merge fixes. [iglocska]
- Merge issue fixed. [iglocska]
- Cleaner fix, testBool doesn't need to run testForEmpty. [Iglocska]
- Don't show value not set on boolean false values that are actually set
  in the server settings. [Iglocska]
- Disable_correlation not updated using the events/edit api. [Iglocska]
- Edit events by uuid instead of id, fixes #1842. [Iglocska]
- Only allow malware-samples to be created using the upload_sample api,
  fixes #1843. [Iglocska]

  - contrary to the documentation, setting the IDS flag decided the type of the resulting upload (malware-sample vs attachment)
  - attachments can easily be created without any black magic using the add attribute api anyway

  - also fixed a bug that prevented the timestamp of events receiving a sample via the upload_sample api from being re-timestamped
- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
- [misp-warninglists] updated to the latest version. [Alexandre
  Dulaunoy]
- Cannot list users in own org - but button to do so is shown #1749.
  [iglocska]

  - normal users saw the option to see their own orgs' users but clicking the button resulted in an exception caused by the ACL
  - fixed a bug that caused the button to show up in the first place
- Fixed an issue with an empty SMIME field preventing users from being
  added, fixes #1821. [iglocska]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- Debug alert removed. [iglocska]
- Copyright dates updated. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- Added sightings index to the ACL. [iglocska]
- Fixed some UI issues. [iglocska]
- Fixed an issue where the published field would disappear on the event
  view. [iglocska]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] Galaxy updated to the latest version. [Alexandre
  Dulaunoy]
- [misp-galaxy] New clusters exploit-kit and TDS added. [Alexandre
  Dulaunoy]
- Small UI issue fixed. [Iglocska]
- Fixed some UI issues with the correlation status on the event view.
  [Iglocska]
- Fix empty space issues with server settings. [Iglocska]

  - on input trim the string
  - on the not empty check, first trim the string to warn users about existing issues
- Show that an event is unpublished when you accept a proposal, fixes
  #1763. [iglocska]

  - we've had the system for a while for adding tags already anyway
- Fixed the editing of tags using the rest API. [iglocska]
- Merge issues fixed. [iglocska]
- Create attributetags during import of attributes. [Andreas Ziegler]
- Prepare attributetags in import data. [Andreas Ziegler]
- Export attributetags as Tag elements (like eventtags) [Andreas
  Ziegler]

Other

v2.4.59 (2017-01-01)

New

- Added a new field for an exclude regex for the CSV / Freetext feeds.
  [iglocska]

  - just set a php compatible PCRE regex pattern to exclude values
- Added feed metadata download link. [iglocska]
- Various new feed features. [iglocska]

  - import feed descriptor json pastes to add a list of pre-defined feeds
  - improvements to the feed pull (a single non validating attribute shouldn't break the process)
  - altered the saving of the attributes to happen in chunks during a feed pull to avoid very large feeds from stalling the process
  - split the feeds into 3 tabs: default, custom, all
- Added caching and pagination to freetext/csv feeds. [iglocska]
- Added session settings to the server settings. [iglocska]

  - also, new method for writing the MISP config file

Changes

Fix

- Copy paste fail. [iglocska]
- Left off changes to the complextypetool. [iglocska]

  - oops
- Fixed a copy paste bug and the default feed index scope. [iglocska]

  - defaults to all feeds now
- Fix to several issues with the feeds: [iglocska]

  - settings (csv column number, delimiter) were ignored
  - skipped fields were still counted by the paginator showing some pages with fewer than the expected 60 values
- Setting naming consistency fail. [iglocska]

  - separator != delimiter
- Fixed some minor issues with the feed import. [iglocska]
- Updated the ACL. [iglocska]
- Added rest response to the importFeeds method. [iglocska]
- Fixed the colour settings for taxonomies. [iglocska]
- Updated to the latest version of the galaxy. [Alexandre Dulaunoy]
- Org field missing in log entry causing proposal sync to fail.
  [iglocska]

  - Added SYSTEM as the default value
- Allow users to fetch their PGP keys. [iglocska]
- Updated to the latest version of misp galaxy. [Alexandre Dulaunoy]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- Show additional flags for non MISP feeds. [iglocska]
- Fixed a new issue introduced in ajax response handling. [iglocska]
- Invalid element load while browsing the galaxies, fixes #1752.
  [iglocska]

  - was hard to spot at first, but indeed the bug is as described in the issue and masked by an ajax load of the contents
- Only show related events in red if it's created by the same org, fixes
  #1528. [iglocska]

  - was using the local owner id instead of the creator id

Other

v2.4.58 (2016-12-22)

New

- Disable correlation. [iglocska]

  - globally
  - on an event level
  - on an attribute level

Changes

Fix

- Small fix on the attribute correlation popup's header. [iglocska]

  - F-A-I-L
- MISP galaxy update. [Alexandre Dulaunoy]
- Set event to locked = 1 when importing from a MISP export. [iglocska]
- Changed bro cached export to the .intel extension. [iglocska]
- Changed bro file extension to .intel. [Andras Iklody]
- Broken bro export. [Andras Iklody]

  - Sanitisation issues with linebreaks in comments breaking the export
- Cluster synonyms were shown twice on the event view, fixes #1777.
  [iglocska]
- Pull not respecting negated tag rules fixed, fixes #1775. [Andras
  Iklody]
- Don't show the attribute level correlation checkboxes if the event
  correlation is disabled. [iglocska]
- Invalid closing tag. [iglocska]

  - copy pasta fail supreme
- Added an alternative to bcmod if it doesn't exist. [iglocska]

  - simply threw an exception if the module wasn't loaded on the event view if it contained an IBAN number
- Added ACL changes. [iglocska]
- Some fixes with the automatic publish/unpublish feedback. [iglocska]

  - automatically set the event to unpublished in the view when adding/removing tags
  - officially the keep @RichieB2B happy patch ;)
- Unpublish events when tagging/removing tags. [iglocska]

  - same for galaxy clusters
  - also, new ajax way of showing/hiding published status
- Invalid lookup caused the same message to be displayed on correlation
  disabling and enabling for attributs. [iglocska]

Other

v2.4.57 (2016-12-19)

New

- Added new option to the attribute level restsearch. [iglocska]

  - filter on attributes using timestamps newer than parameter
- Added the warninglist enforcement flag to the remaining exports.
  [iglocska]

  - still missing: Export modules
  - consider having the flag for misp JSON/XML and STIX perhaps?
- WIP: Parameter to remove warning list hits from exports. [iglocska]
- Added a way to disable certain tags from the UI, fixes #1733.
  [iglocska]

  - also added a new setting to set the default posture when an event containing a tag is pushed (via the API/sync/etc)
    - new setting allows to automatically set new tags to hidden

  - the hidden setting only hides the tags from the tag selection when tagging an event
- First iteration of the new types. [iglocska]

Changes

Fix

- Failtypo fixed. [iglocska]
- Taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Added exception for site admins to be able to add galaxies to events
  of other users. [iglocska]
- Galaxy updated to the latest version. [Alexandre Dulaunoy]
- Added additional refanging patterns to the complex type tool, fixes
  #470. [iglocska]
- Better validation of links, fixes #1745. [iglocska]

  - move to the built in url validation instead of the regex we used before
- Fixed several issues with the template file uploads, fixes #1743.
  [iglocska]

  - Bug with uploading attachments as described in the issue
    - move from pass by reference for a loop was still lacking the correct selector to update the array element instead of the loop's copy
    - attachment uploader tried to base64 the file-name instead of the file-data and store it as the attachment

  - Fix to an unrelated bug that didn't encrypt malicious files when going through the template uploader
- MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
- Issue with new installations not correctly setting the default
  password for the initial user. [iglocska]
- Fixed an invalid link used when pivoting from galaxies to clusters in
  the add cluster flow. [iglocska]
- Fixed an issue with the warninglist detection. [iglocska]
- On newer MySQL versions proposing a deletion to an attribute failed,
  fixes #1741. [iglocska]
- Fixed an issue with the freetext importer. [iglocska]

  - It looks like PHP does parse single quoted strings and replaces double backslashes with a single literal backslash
- Fixes the missing default for the descriptions of galaxy clusters.
  [iglocska]
- Fixes MySQL 5.7 group by issues. [iglocska]
- Python3 tests. [Raphaël Vinot]
- Pivot to the filtered event index from the event view using the
  selected cluster as a filter, affects #1731. [Iglocska]
- Galaxy permission issue fixes #1. [Iglocska]

  - affects #1731

Other

v2.4.56 (2016-12-07)

New

- Tied the galaxies into the ACL. [Iglocska]
- First RC of MISP galaxies 1.0. [Iglocska]
- Added galaxy attach/detach functions. [Iglocska]
- First iteration of the galaxies (WIP) [Iglocska]
- Added upgrade scripts. [Iglocska]
- Added galaxy tables. [Iglocska]
- Added the publish_timestamp and timestamp parameters to both
  restSearch functions, fixes #1703. [Iglocska]

  - TODO document it
  - new way of handling it, both accept lists with 2 values for ranges
- Added the published flag to restsearch. [Iglocska]

  - allows users to specify whether the events / attributes returned should come from published / unpublished events only. If the parameter is not set both are included

Changes

Fix

- Removed a duplicate ACL entry. [Iglocska]
- Clusters added don't have the exportable field set on the tag and
  because of that they don't show up on the API. [Iglocska]
- Updated to the latest version of PyMISP. [Alexandre Dulaunoy]
- Moved requeue of pull scheduled job to the front. [Iglocska]
- Fixed missing publish flag in restsearch. [Iglocska]
- Galaxies are now loaded by default. [Iglocska]
- Updated event.json for travis tests. [Iglocska]
- Galaxy update. [Iglocska]
- Added galaxy submodule. [Iglocska]
- Index length fixed for several text fields. [Iglocska]
- Escape field names again. [Iglocska]

  - TODO, have a backtick replacement script for postgres
- Attempt at a fix for SQL woes. [Iglocska]
- Fixed an issue where a normal index was attempted to be created for a
  text field causing the installation to fail. [Iglocska]
- Fixed the detaching of galaxies. [Iglocska]
- Added missing dependencies for the index adder. [Iglocska]
- Removed copy paste junk. [Iglocska]
- Update PyMISP. [Raphaël Vinot]
- PyMISP updated. [Alexandre Dulaunoy]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- MISP taxonomies updated. [Alexandre Dulaunoy]
- Warning lists updated. [Alexandre Dulaunoy]
- Do not allow empty values to be returned by the enrichment queries.
  [Iglocska]
- Use comment field from modules when using freetext attribute type
  detection. [Iglocska]
- Trim strings of brackets before running the freetext detection on
  them. [Iglocska]
- Temporary fix for a keyword mismatch between the import modules and
  the freetext import. [Iglocska]
- README updated with new features and export formats. [Alexandre
  Dulaunoy]
- Access attribute edit / editField via the UUID instead of the ID.
  [Iglocska]

  - also cleaned up some dumb crap in the attributes/edit function when POSTing JSONs
- Fixed an issue where the diagnostics complained about STIX not being
  installed if the stixtest.py was not readable. [Iglocska]
- Removed an accidentally added edit button. [Iglocska]
- Fixed an issue that incorrectly reported a feed update to have failed
  when not using delta-merge mode. [Iglocska]

  - the issue was that in the case of a feed update to a fixed event without delta merge, MISP tried to insert all parsed attributes, which correctly automatically blocked duplicates
  - however, since these attributes were blocked by the validator, the feed fetcher reported that the fetch didn't succeed as it contained validation errors

  - this fix simply runs non-delta merge mode updates through the comparisons to the existing event, removing duplicates in advance
- Fixed an issue that prevented the feeds from working in CSV mode if no
  value field was set. [Iglocska]
- Removed invalid entry in writeable file diagnostics. [Iglocska]

Other

v2.4.55 (2016-11-22)

New

- Sightings enabled by default. [Iglocska]
- Added timestamps of shadow attributes wherever appropriate. [Iglocska]
- Added uuid as a restsearch parameter, fixes #1683. [Iglocska]

  - search for events/attributes by uuid
- Added checks for the loaded php extensions, fixes #1672. [Iglocska]

  - Diagnosing not loaded extensions was a nightmare
  - New system checks the loaded extensions via php and php-cli (could help with un****ing some RHEL/CentOS issues)
  - Version check for the php-cli php version added

  - only one extension is checked currently, to be updated at a later point in time (remember to also update the web and the cli extension list!)
- Show the date of the latest sighting / organisation on the event view.
  [Iglocska]
- Added multiselect for attributes on the event view. [Iglocska]

  - simply check the checkbox of an attribute/proposal then shift click the checkbox of another to select the full range
  - affects #1618

Changes

Fix

- Some additional changes to accomodate for the automatically enabled
  sightings. [Iglocska]
- Tell MISP to run the db update. [Iglocska]
- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Fixed annoying issues with the tags not looking OK on a feed/server
  event preview. [Iglocska]
- Added sighting time to the event sighting summary. [Iglocska]
- Do not try to sort on fields that are not paginated. [Iglocska]
- Opened up attributes/editField to the API, fixes #1674. [Iglocska]
- Fixed an issue where adding an attribute to an empty temlate as a
  first element caused an error, fixes #1635. [Iglocska]
- Invalid error returned to the STIX/CyBox diagnostics if no version is
  installed, fixes #1661. [Iglocska]
- Revert to previous commit. [Alexandre Dulaunoy]
- Travis move to MySQL 5.6. [Alexandre Dulaunoy]
- Mysql requirements. [Alexandre Dulaunoy]
- Travis mysql requirement. [Alexandre Dulaunoy]
- Fixed an issue with editing MISP feeds, fixes #1664. [Iglocska]
- Fixed pagination issues with the taxonomy view, fixes #1660.
  [Iglocska]
- Tightened check for tag removals. [Iglocska]

  - users could remove tags via the api for other organisations
- Fixes an issue where the wrong set of tags were applied when
  populating an event from a template, fixes #1636. [Iglocska]
- Left off changes in attribute.php for the previous commit. [Iglocska]
- Added domain|ip to nids exports. [Iglocska]
- Tag API only returns a subset of the results, fixes #1656. [Iglocska]

  - pagination was used even for the API, changed it to a simple find
- Fixed annoyting column order in the statistics. [Iglocska]
- Some small fixes to the add user API, affects #1621. [Iglocska]

  - Do not force change_pw/termsaccepted default settings based on role when using the API
  - Some cleanup

Other

v2.4.54 (2016-11-04)

New

- Added new statistics page, fixes #1648, fixes #1557. [Iglocska]

  - brought back the quick organisation overview as it's a much missed feature
  - added treemap for tags
  - brought attribute histogram into statistics page

  - more coming in the future
- Added a check and deletion tools for orphaned attributes to the
  diagnostics page. [Iglocska]
- Added two additional api filters to the event index (timestamp,
  publishtimestamp) [Iglocska]

  - Currently these are not exposed to the filter UI
  - Easy way to get metadata newer than timestamp/publish timestamp
- Enrichment queries now pass the base64 encoded data to the enrichment
  modules. [Iglocska]

  - first implementation, malware is sent as an encryptet zip base64 encoded
- Added admin user APIs. [Iglocska]

  - The following urls are now available via the API:
    - /admin/users/add
    - /admin/users/edit/id
    - /admin/users/view/id
    - /admin/users/index
    - /users/resetauthkey/id

  - For add and edit, sending a GET request will describe the APIs

  - New API response system's initial implementation, to be used for other APIs in the future
    - standardised responses
    - standardised error codes
    - convenience functions

  - TODO:
    - tie non admin functions into the APIs (maybe?)
    - reuse the new API system for other APIs
- First commit for the user API rework and the new response handler.
  [Iglocska]
- Show file sizes on the export page, fixes #1640. [Iglocska]
- Added new feature to block attributes from IDS sensitive exports based
  on proposals. [Iglocska]

  - Enabled via a new server setting (MISP.proposals_block_attributes)
  - Attributes are skipped from exports that require the to_ids flag if:
    - they have an active proposal that proposes to remove the to_ids flag
    - they have an active proposal that proposes to delete the attribute

  - Currently affected exports:
    - OpenIOC
    - All HIDS exports
    - All NIDS exports
    - All text exports
    - RPZ Zone file export

Changes

Fix

- PyMISP to the latest version. [Alexandre Dulaunoy]
- Fixed an issue with an incorrect condition on the admin index.
  [Iglocska]
- Increased space between taxonomy names in the treemap as some of them
  can be quite long. [Iglocska]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- PyMISP updated to the latest version. [Alexandre Dulaunoy]
- MISP name fixed. [Alexandre Dulaunoy]
- Fixed annoying capitalisation mess in the event index parameters.
  [Iglocska]

  - just throw everything to lowercase
- Fixed an invalid path for attribute downloads, fixes #1647. [Iglocska]
- Fixed some merge issues. [Iglocska]
- Fixes an invalid check allowing user profile modifications to target
  different users within the org. [Iglocska]

  - User edit had an incorrect check that allowed a normal user edit on a different account within the same org
  - Also removed the deprectated option for this function to be used by org/site admins to be used as an alternative to the admin edit

  - as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
- Attempted fix for an issue with large stix exports getting truncated.
  [Iglocska]
- Certificate typo fixed. [Alexandre Dulaunoy]
- Lowercasing in the tag search wasn't exactly great. [Iglocska]
- Removed test code. [Iglocska]
- Fixed an issue where pushing events worked even if the remote user
  wasn't a sync user. [Iglocska]
- Fixed an issue with the attribute search. [Iglocska]

  - a typo prevented the lookup based on event UUIDs
- Check if the taxonomy directory contains the machinetag.json file
  before trying to read it, fixes MISP/misp-taxonomies#45. [Iglocska]
- Fixed several issues with the import modules. [Iglocska]

  - config settings are not passed correctly to the import modules
  - not having any paste/file upload in an import module would fail
    - removed the requirement to have either filled, if a module doesn't use any of the two fields it will simple pass an empty data field
    - this could be handy for modules that create event data based on the userconfig fields
- Fixes an issue where attachments / malware samples were erroneously
  coloured white. [Iglocska]

  - placeholder hard-coded white class replaced with dynamic value
  - Can't check the referenced issue, shame on Norwegian.no for claiming to have wi-fi onboard...
- Invalid bro export generation due to invalid syntax on the intel
  field. [Iglocska]
- Made the UUID field in the event view optional. [Iglocska]

  - displaying the UUID field seemed to clutter the UI for some users
  - by default it is now disabled and a new control called show context is introduced
  - could be reused in the future for similar use-cases
- Fixed a UI issue with proposals and links, fixes #1624. [Iglocska]

  - fixed an issue where link type attribute values were not visible due to links being too similar of a colour to the blue background of attributes with indicators
- Better fix than the previous one. [Iglocska]
- Fixed a potential empty event_id field that blocked new CSV feeds from
  being added. [Iglocska]
- Removed double sanitisation of the resolved attributes. [Iglocska]

Other

v2.4.53 (2016-10-21)

New

- Added a way to disable the default HTTP_ header namespace or to alter
  it to something else for the custom auth plugin. [Iglocska]
- Added quick search in tag selection popup. [Iglocska]
- CSV feeds and various fixes. [Iglocska]

  - Added the CSV feed format
    - users can specify which fields in the CSV should be parsed
    - comment lines are automatically omitted
    - new settings system added to feeds, currently only used for the value fields

  - Slight rework of the correlation lookup for the feeds
    - got the Speed Force treatment
    - correctly checks against value1 and value2 instead of value

  - Various freetext import fixes
- Added correlations to the freetext feed preview. [Iglocska]

Changes

Fix

- Fixes an issue where adding a new user allowed an invalid role choice.
  [Iglocska]

  - as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
- Fixes an issue where an invalid role could be assigned to a user.
  [Iglocska]

  - As reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult.
- Separate the GFI upload directory from the attachment directories.
  [Iglocska]

  - ensure that no one can't retrieve GFI export files
  - As reported by Vytautas Paulikas and Robert Giruckas from SEC Consult
- Don't correlate shadow attributes to attributes in the same event.
  [Iglocska]
- Fixed the titles of some columns on the event index. [Iglocska]
- Resolved an issue where the new uuid field didn't get coloured the
  same way as the remaining proposal fields. [Iglocska]
- Don't destroy the session on failed customauth login if customauth is
  not enforced. [Iglocska]
- If the custom auth is not required, throw the user to the usual login
  if the custom auth login failed. [Iglocska]
- Fixes a bug that returned the wrong user's email address on the event
  view, viewed by an org admin. [Iglocska]
- Added default values to some of the event fields when adding a new
  event. [Iglocska]

  - basically the only required field now is the info field, everything else uses sane defaults
- Fixed an inverse lookup. [Iglocska]
- Fixed an issue with editing feeds. [Iglocska]
- Pull icon visible even when pull is not enabled for an instance, fixes
  #1608. [Iglocska]
- Log name of remote server in event history, fixes #1607. [Iglocska]

  - currently only affects pull
  - it is becoming more and more crucial that we differentiate between a normal REST add and a push sync. This would allow us to log source servers also on pushes.
- Default setting change when browsing the preview index. [Iglocska]

  Automatically set a threat level based on the server config
- Changed the default value of the threat level ID to match the previous
  fix. [Iglocska]
- Fixed an issue where a validation fail would only semi-populate the
  feed add form fields. [Iglocska]
- Fixed an error on the automation page. [Iglocska]
- Fixed various minor issues and a potential more serious bug.
  [Iglocska]

  - various UI issues prevented the freetext/csv feed related fields from being hidden when adding a new MISP feed
  - issue that potentially prevented new feeds from being saved if no target event is set (cannot reproduce)
- Fixed an issue where adding an empty event would set the error key in
  the returned JSON. [Iglocska]
- Fixed an issue with the type restrictions, fixes #1603. [Iglocska]

  - fixes an issue where the type list in the attribute add/edit view wouldn't automatically restrict to the valid options
- Fixes an issue where the csv feed pull would be routed through the
  freetext code path. [Iglocska]

Other

v2.4.52 (2016-10-07)

New

- First implementation of the freetext feed pull. [Iglocska]
- View proposal count on event index and filter events on whether they
  have proposals. [Iglocska]

  - only non deleted proposals are counted
  - allows users to quickly set up filters to view all events that have pending proposals
- Rework of the attribute/proposal views and popovers round 2.
  [Iglocska]

  - also fixes to a bunch of small UI bugs and code style issues
- First cut of the popover rework for form selects. [Iglocska]
- Add the sightings cont to the event index. [Iglocska]
- Add Tool for random string generation. [Andreas Ziegler]
- Add compatibility Lib for random_int. [Andreas Ziegler]
- Added the metadata flag to the event restsearch API. [Iglocska]

  - allows fetching metadata only without including attributes/proposals
- Db structure&data file for PostgreSQL support. [Andreas Ziegler]
- Add basic documentation on experimental PostgreSQL support. [Andreas
  Ziegler]
- Add basic experimental support for PostgreSQL. [Andreas Ziegler]

Changes

Fix

- Fixes to the ssdeep detection as it was way too loose. [Iglocska]
- Resolved several issues with error handling in the new feed system.
  [Iglocska]
- Removed already removed file that got reverted. [Iglocska]

  - As first committed by @rotanid
  - The file is not used any longer, however removing it causes issues unless we clean the model cache
  - upgrading to a new version will force the cleaning of the model cache, so it's a great time to finally remove it
- Various fixes to the feed system. [Iglocska]

  - allow users to override the IDS flags and keep all attributes pulled from a freetext feed IDS = off
  - UI changes
  - fix to a bug that caused already deleted attributes to be counted as existing ones
- Added missing initialisation of the synctool. [Iglocska]
- Added some missing entries to gitignore. [Iglocska]
- Added missing changes to the javascript file. [Iglocska]
- The JSON schema regarding the related event from Array -> Object.
  [Alexandre Dulaunoy]
- Left off the actual file affected for the last commit. [Iglocska]
- Fixed a bug with the event view. [Iglocska]

  - the fetcher was moving proposals within an attribute if the proposal was directed at the attribute (correctly)
  - this left the event proposal list in a non progressive array key format, which lead to a weird situation where the JSON format used string numeral keys in a dict as opposed to the desired list. Nobody in their right mind would ever want that.
  - fixed
- Fixed the incorrect column order on the event index. [Iglocska]
- Fixed the broken check that prevented the sightings count from
  displaying. [Iglocska]
- Really restrict the shown proposal count to non deleted proposals.
  [Iglocska]
- Added changes to JS. [Iglocska]
- Added the capability to merge attachments/samples. [Iglocska]
- Fixed the event index in various places (such as the user admin view)
  [Iglocska]

  - also added missing view files from previous patch
- Left off the changes to the js. [Iglocska]
- Various fixes to the user index, fixes #1597, fixes #1598. [Iglocska]

  - highlight deleted users
  - use the same index for the org user view (without the filter options)
  - fixes the pagination of the users when viewing it through the organisation view
- Added the git commit ID to the feed request. [Iglocska]
- Org id potentially not being set when capturing tags. [Iglocska]
- Fixed an issue that resulted in empty event tags showing up in the
  event index JSON. [Iglocska]
- Small fix to the worker start script. [Iglocska]
- Even dirtier hack to only replace the STIX_Package object with a
  Package object. [Iglocska]
- Several fixes to the STIX export. [Iglocska]

  - based on the findings of @RichieB2B
- Fixed an issue with the restsearch export potentially incorrectly
  loading all eligible events in one go into memory. [Iglocska]
- Fix an issue where duplicates of auth methods in Security.auth keep
  piling up. [Iglocska]

  - due to a bug, each change in the server settings with an auth plugin enabled would reappend the full list of enabled auth plugins to Security.auth
  - this lead to an exponential growth of the number of entries in the array in the config file
- Missing new TLDs in free text import, solves #1149 (#1574) [Cristian
  Bell]

  * fix: missing new TLDs in free text import, solves #1149
- Php warning on buildAlertEmailBody in Event.php. [Andreas Ziegler]

  if an attributes type was longer than $appendlen-2 a php warning was logged.
  str_repeat()'s 2nd parameter, an integer, must not be smaller than 0.
- Don't show the org restriction of a tag in the event view JSON.
  [Iglocska]
- Set the org_id field to 0 if it is not set. [Iglocska]
- Removed accidentally committed code. [Iglocska]
- Fixed an anchor in the documentation. [Iglocska]

  - as pointed out by @rotanid
- Removed functions needed for the delegation restored. [Iglocska]

  - as discovered by @RichieB2B
- Fixed an issue with the thread index that prevented your org only
  threads from ever being visible to users, as highlited in #1570.
  [Iglocska]
- Typo in comment. [Andreas Ziegler]
- The server add view incorrectly allowed the internal server settin to
  be set even if the default organisation picked wasn't the host
  organisation. [Iglocska]
- Hide the salt key in the UI unless it's the old default key, fixes
  #1566. [Iglocska]
- No tag set in the remote index leads to notice errors. [Iglocska]
- Sort server preview events by timestamp, fixes #1558. [Iglocska]
- Don't try to show sightings count if sightings aren't enabled.
  [Iglocska]
- Missing return keyword before a message-string. [Andreas Ziegler]
- PostgreSQL handling in __dropIndex() [Andreas Ziegler]
- DropIndex before adding indexes on tags/org_id &
  cake_sessions/expires. [Andreas Ziegler]

  to make sure they are created from scratch
- Restrict tag usage for restricted tags in a place where it was missed.
  [Iglocska]
- Don't load relations when running the password shell. [Iglocska]
- Removed left in debug line. [Iglocska]
- Append text to variable (as originally intended) [Andreas Ziegler]

  without this change, the text won't be used or display ever
- Add keyword 'new' to an exception throw. [Andreas Ziegler]
- Force order of the regex entries. [Iglocska]
- Fixes to the API request e-mail. [Iglocska]
- Fixes a bug introduced by f37963fde4ad91b625d3ee80eb52ebd048f3dc71
  where on API request the user itself receives an e-mail and not his
  org_admin or site_admin. [Cristian Bell]
- Added a fallback for no active flag being set on sharing group
  capture. [Iglocska]
- Issue resulting from references removal, #1501, 25e52a6 (#1544)
  [Andreas Ziegler]
- Fallback to insecure random for php 5.x if the random_compat submodule
  isn't loaded. [iglocska]
- Fixed the inversed namespacing in the STIX export, fixes #1543.
  [iglocska]
- Added missing changes needed for the new description of the bro
  export. [Iglocska]
- Updated the bro documentation. [Iglocska]
- Remove the temp directory after generating the bro cache. [Iglocska]
- Refactor of the bro export to always create a zip archive with
  separate files if "all" types are queried. [Iglocska]
- Some changes to the bro export. [Iglocska]

  - moved the whitelisting out of the plugin
  - source now contains the instance host org name (if applicable), the event UUID and the creator org name
- Removing some unused code. [Cristian Bell]
- Fix to an invalid parameter description on the automation page, fixes
  #1530. [Iglocska]
- Fixed an issue where non API users could not download events in
  JSON/XML format, fixes #1525. [Iglocska]
- Updated to the latest version. [Alexandre Dulaunoy]
- Fix the broken bruteforce protection. [Iglocska]

  - Moved the bruteforce protection directly to the login action
  - Fixed the datetime format used by the protection
  - Cleaned up the logging of failed attempts
- Removed deprecated path from functions that are allowed for API users.
  [Iglocska]
- Fixed the style of a page header. [Iglocska]
- Fixed an issue with internal sync failing on more than one added
  server. [Iglocska]
- Further fixes to the internal sync. [Iglocska]
- Internal sync fixed for pushes on your org only events. [Iglocska]
- Fixed various issue with the stix export, fixes #1505. [Iglocska]
- Typo recurisve/recursive in EventsController. [Andreas Ziegler]
- Fix to an invalid namespace in CIQ based elements in STIX. [Iglocska]
- Revert to the old functionality of the stix export where the data is
  passed back from the internal stix method, fixes #1509. [Iglocska]
- Notify the user requesting API key access if e-mailing is disabled on
  the instance. [Iglocska]
- Fixed an issue where fetching the PGP key without entering an e-mail
  address in the user creation form wasn't handled cleanly. [iglocska]
- Some clarification on the user creation/edit forms. [iglocska]
- Cleanup of the routes file. [iglocska]
- Removed unreachable line referencing a non-existing variable.
  [iglocska]
- Cleanup of missing whitespaces in PR. [Iglocska]
- Fixed a newly introduced bug that breaks the NIDS exports, as
  referenced in #1489. [iglocska]
- Added the default role selector to the ACLComponent. [iglocska]
- Removed filename check from the AppController. [iglocska]

  - rerouted all calls to the method to the Model equivalent
- Check whether e-mailing is enabled or not before publishing.
  [iglocska]

  - before the publishing process (wheter by a background worker or not) would be executed before checking whether e-mailing was even enabled
  - this lead to a lot of e-mail jobs that ended up doing nothing but creating a log entry
- Invalid indeces used for the MISP.host_org_id setting. [iglocska]
- Add key length to text field index. [iglocska]
- Removed incorrect index in the previous commit. [iglocska]
- Update version number to 2.4.51 in MYSQL.sql. [Andreas Ziegler]
- Removed unused lookup in EventsController::index(), fixes #1484.
  [iglocska]

  - old code became obsolete when the taxonomies were implemented
- Fixed a copy paste issue with the description comment of a method,
  fixes #1483. [iglocska]
- Added 2.4.51's database changes to MYSQL.sql. [iglocska]
- Added internal convenience method to check remote server version.
  [iglocska]
- Event index should respect pagination requests for API users.
  [iglocska]
- Inverse conditional for cleaning up the expired sessions. [iglocska]
- Moved the example API script using SSL client certificate. [iglocska]

Other

v2.4.51 (2016-08-29)

New

- Add default role to the user creation, fixes #256. [iglocska]
- New piece by piece stix export allowing large datasets to be exported.
  [iglocska]
- Add e-mail in event history view, fixes #1389. [iglocska]

  - Only visible to site admins and org members
- Simple diagnostic tool for the modules added. [iglocska]
- Screenshot preview in the event view. [iglocska]
- Added a way to clear worker queues. [iglocska]
- Improved jobs overview. [iglocska]

  - Correctly interpreting job states
  - Show errored background jobs
  - Show jobs that cannot proceed because no active worker is monitoring the queue
  - Allow site admins to view the reason of the failure (up to 24h after the fact) including a stack trace

Changes

Fix

- Pushing upgraded to respect the internal sync setting. [iglocska]

  - Allows the push of org only attributes
  - No downgrading of attributes/events
- Fixed an invalid log entry breaking the publishing process. [iglocska]
- Added missing job exception viewer view file. [iglocska]
- Fixes to the internal server setup. [iglocska]

  - Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync
  - This ensures that internal sync only happens when the same organisation owns both instances
- Some minor fixes to the client_certs for the sync to align it with the
  other upstream changes. [iglocska]
- Some exports (HIDS, NIDS) failing on certain MySQL versions due to an
  only_full_group_by policy violation in the attribute fetcher, fixes
  #1390. [iglocska]
- Updated the stix export files to support separate packaging.
  [iglocska]
- Update to the caching task. [iglocska]
- Refactoring of the STIX export. [iglocska]

  - Also adding it to the caching mechanism
  - still WIP
- Differentiate queued and running jobs if no granular progress is
  returned. [iglocska]
- Version bump. [iglocska]
- Updated to the latest version of the MISP taxonomies. [Alexandre
  Dulaunoy]
- Update to latest version of PyMISP. [Alexandre Dulaunoy]
- Corrected attribute degradation on pull. [iglocska]

  - events were correctly degrading, however, attributes weren't on a pull
  - also removed some ancient compatibility code that was there for MISP 2.0 which is a version that hasn't been supported in ~3 years
- Cleaner way of handling no correlations in the correlation engine
  changes. [iglocska]
- Fixed a missing field in the correlation lookup causing travis to
  fail. [iglocska]
- Remove incorrect correlations on deleted attributes. [iglocska]
- Performance boost for the correlations. [iglocska]

  Going through insertMulti to insert correlations to get a massive speed boost
- Removed debug from previous commit. [iglocska]
- Resolved slow ingestion of warninglists. [iglocska]

  - switched to a more direct database access approach for the warninglist entry insertion
- Cleanup of some unused code. [iglocska]

  - based on @rotanid's findings
- Removed incorrect uses of pass by reference, fixes #1472. [iglocska]
- Remove substr() from value in CIDR part of restSearch. [Andreas
  Ziegler]
- Add missing $ to variable name in CIDR part of attribute search.
  [Andreas Ziegler]
- Fixed an invalid array_merge in the attribute fetcher. [iglocska]
- Raised the default timeout for modules. [iglocska]

  - possible fix for #1466
- Some exports (HIDS, NIDS) failing on certain MySQL versions due to an
  only_full_group_by policy violation in the attribute fetcher, fixes
  #1390. [iglocska]
- Missing ACL entries added. [Iglocska]
- Small fix to the Shibboleth authentication. [Iglocska]
- Minor code issues: - added brackets to the IF/ELSE statement.
  [Cristian Bell]
- Minor code issues: - redundant var initialisation - for the
  automatically created organization the "created_by" is 0, which
  produces a Notice error in /View/Organization/view.ctp. [Cristian
  Bell]
- Attribute delete should not return the full event via REST, instead a
  message saying that it was deleted similar to the event deletion is
  enough, fixes #1449. [iglocska]
- Added check for instances not using database sessions to skip the
  automatic session cleanup. [iglocska]

  - But... Use database sessions.
- Fixed an issue with the histogram on newer MySQL versions. [iglocska]
- Invalid response by the queryEnrichment() function if the module
  server is not reachable. [iglocska]
- Overwrite cached json exports, fixes #1439. [Richard van den Berg]
- Cleaner input for caching jobs. [iglocska]
- Fixed an issue with large samples from modules causing the import
  process to fail. [iglocska]
- Don't show the No worker active message in the jobs index if a job is
  already completed. [iglocska]
- Fixed the performance issues with the self cleaning by adding an index
  to the expired field. [iglocska]
- Some performance tuning for the auto-session-cleanup. [iglocska]
- Debug mode not set throws notices. [iglocska]
- Added automatic cleanup of expired sessions. [iglocska]

  - on page load for site admins
- View for the new jobs screen. [iglocska]
- Invalid permission check order leads to a notice. [iglocska]
- Show tag value in event history, fixes #1422. [iglocska]

  - also log removed tags
- Organisation index view fixes. [iglocska]

  - Changed the name of the User count field
  - Fixed an issue where the lookup of an invalid index not handled in the user count array occured when an organisation had no members (for example an external organisation, or a newly created local organisation)
- Moved lookup function from controller to model and fixed some other
  issues. [iglocska]

  - That function has no reason not to be in a model
  - Removed invalid contain
  - Simple lookup against the users table is more efficient
- Permissions for non-auth enabled users to use the API fixed.
  [iglocska]
- Hover not working correctly for users viewing the events of another
  organisation. [iglocska]

Other

v2.4.50 (2016-08-10)

New

- Added export module first iteration. [Iglocska]
- First revision of the new import system. [Iglocska]

Changes

Fix

- Some cleanup. [Iglocska]
- Removed debug. [Iglocska]
- Further work on the modules. [Iglocska]
- More capitalisation. [Iglocska]
- Capitalisation > me. [Iglocska]
- More capitalisation issues. [Iglocska]
- I suck at capitalisation. [Iglocska]
- Lowercasetypo. [Iglocska]
- Fixed some issues with the module services not using the correct
  url/port settings. [Iglocska]
- Fixed checkbox types. [Iglocska]
- Fixed the import module. [Iglocska]

  - correctly populates the resolved attribute list
  - added validation by input type for fields
  - added error message from introspection config to the validation check
  - still needs plenty of refinement
- XSS vulnerability in a malicious feed provider. [iglocska]

  Thanks to Emanuele Gentili from tigersecurity.pro for reporting this vulnerability
- Small change, removal of unnecesary parameter. [iglocska]
- Fixed some issues with the misp export importer and added better
  logging. [iglocska]
- Taxonomies updated to the latest version. [Alexandre Dulaunoy]
- Warning lists updated to the latest version. [Alexandre Dulaunoy]
- Removed the old administrative tools panel. [iglocska]
- Some cleanup in the freetext tool. [iglocska]
- Last pushed/pulled ID are not in the db anymore. [Raphaël Vinot]
- Clarification on menu. [KalyParker]

  Change menu 'Send Credentials' by 'Reset Password' on User's administration page.
  The functionality is to reset the password, not simply send credentials :speak_no_evil:
- Description of the JSON and XML was reversed. [Alexandre Dulaunoy]
- Warninglist warnings not shown if no relations are present. [Iglocska]
- Some fixes to the caching. [Iglocska]

  - invalid linebreaks used for the hids caching
  - added sha256 to the hids caches
- Added progress bar to JSON cache generation. [Iglocska]
- Various fixes to the cached exports. [Iglocska]

  - Tightened the rules for export generation when no valid published events exist
  - Corrected various issues with the progress bars
  - Added the missing JSON export to the caches
  - XML/JSON caches now correctly take into account the cached attachent inclusion setting
  - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not
  - Added correct progress bar to the HIDS export
- No categories set in a module causes the enrichment to fail.
  [Iglocska]
- If no attribute type change is possible in the resolved
  freetext/enrichment results then the correlation popover didn't fire.
  [Iglocska]
- Missing parameter in the OpenIOC export fixed, fixes #1393. [Iglocska]
- Fixed the white text on white background in proposal relation
  popovers. [Iglocska]
- Some proposal correlations lack the remove event date, for now only
  show it if it exists, fixes #1386. [Iglocska]
- If the types field passed back from the enrichment module is a string
  the import fails. [Iglocska]
- Aligned freetext import with the changes to the attribute resolution.
  [Iglocska]
- Fix to the 2.4.49 SG upgrade. [Iglocska]

  - was incorrectly changing the org_id of the synced sharing group instead of adding the org to the distribution list
- Remove list of instances for roaming sharing groups. [Iglocska]
- Allow distribution level 5 as an option for the upload_sample api,
  fixes #1377. [Iglocska]

Other

v2.4.49 (2016-07-22)

New

- Updates to the module system. [Iglocska]

  - hover modules now require a 0.5 second hover to fire off the query
  - Introduced a new timeout setting to avoid a long lasting query by the module system to stall MISP
- Added a php version check to teh diagnostics page. [Iglocska]
- Work on the refactoring of the module system. [Iglocska]
- Added a tag restriction to restrict the usage of a tag to a single
  organisation. [Iglocska]
- Installation instructions for MISP on Debian 8. [Andreas Ziegler]
- Installation instructions for MISP on Ubuntu 16.04. [Andreas Ziegler]

Changes

Fix

- Sharing group edit summary tab issues. [Iglocska]

  - if no external organisations were added it still showed the sentence listing them with the list being empty
- Added salt generation to UserInitShell. [Iglocska]
- Don't require users to accept the terms and conditions if they are not
  set, fixes #1381. [Iglocska]
- MySQL error on users.certif_public, fixes #1378. [Iglocska]
- Editing an event via the API should not require the distribution to be
  set in the pushed payload. [Iglocska]

  - The goal is to be able to issue quick edits to single fields instead of having to include any other fields
  - Permissions are checked before the internal _edit method anyway, this was only used to capture sharing groups
- Publish/Alert responses for API users added. [Iglocska]

  - publishing/alerting worked via the API, but it wasn't returning a response
- Small clarification in the diagnostics message for the PHP version.
  [Iglocska]
- Remove the default defined salt #625. [Cristian Bell]
- Removed a DB change that lead to an endless redirect to the news page.
  [Iglocska]
- Added the mitigation against httpoxy as described at httpoxy.org.
  [Iglocska]
- Allow correlations between a proposal and attributes in the same
  event. [Iglocska]
- Tag lookups are not string matches only, substring matches will not
  work. [Iglocska]
- Cherry picking and pulling updates should not require the pull flag to
  be set on an instance. [Iglocska]
- Removed the debug from the previous commit. [Iglocska]
- Fixed an issue with certificate uploades when adding an instance /
  editing an instance. [Iglocska]
- Fix virustotal detection for the freetext import tool, fixes #1373.
  [Iglocska]

  - regex currently looks for https://www.virustotal.com, but https://virustotal.com is also valid
- Roaming mode's functionality had to be reversed as it was still using
  the logic of limiting the server distribution. [Iglocska]
- Added roaming to sharing groups in  the mysql.sql. [Iglocska]
- Updated job_id to process_id for tasks in the leftover spots.
  [Iglocska]
- No need for default tasks in the MYSQL.sql file any longer. [Iglocska]

  - handled by the tasks automatically on view
- Added perm_delegate to the default roles in the MYSQL.sql file.
  [Iglocska]
- Fixed strings for tinyint(1) type fields in the MYSQL.sql file.
  [Iglocska]
- Fixed a typo in the sharing group model. [Iglocska]
- Added the new role permission for perm_delegate to the role model.
  [Iglocska]
- Fixes to the upgrade procedure for 2.4.49. [Iglocska]
- Save the process id of caching too. [Iglocska]
- Reverted version number in MYSQL.sql. [Iglocska]
- Changed field name from job_id -> process_id for tasks. [Iglocska]
- Use php5-redis package instead of pecl for deb7/ubu14. [Andreas
  Ziegler]
- Submodule updates: force overwrite. [Andreas Ziegler]
- Several fixes to the sharing group behavious. [Iglocska]

  - New setting roaming:
    - Until now, users could unselect "Limit instances to which data in this sharing group should be pushed to"
    - This lead to no servers added to the distribution list, and MISP would simply determine, based on the sync rules, whether the host organisation of the remote instance is eligible for the event
    - This works well in most cases, but in some cases, the local instance is not kept after a sync (aliases for the local instance baseurl vs remote instance's view of the url)
    - In these cases the sharing groups ended up being "unlimited", which was not the intent
    - Generally this shouldn't cause any issues as MISP still requires the sync link's organisation to be directly contained in an SG before it would push the event further
    - However, introducing the roaming setting this can be more clearly defined
    - By default, sharing groups are set to non roaming

  - Some further fixes to the sharing group update procedure for 2.4.49

  - Update the roaming status of existing sharing groups. Local sharing groups with no instances attached will become roaming by default, all others are assumed to be non-roaming
- Add own org of sync user to the Sharing group if the sync user is in
  no way contained in the sharing group. [Iglocska]

  - This situation should normally only occur during a pull when the remote end has a sharing group that allows access for all local orgs
- Progress on the sharing group fix for pulled server based sharing
  groups. [Iglocska]
- Cleanup of some messy function call parameters. [Iglocska]
- Fixed an issue where a MISP.org setting with non alphanumeric
  characters could lead to invalid STIX document generation. [Iglocska]
- Added taxonomies/delete to the ACL component. [Iglocska]
- Added functionality to remove taxonomies, fixes #1365. [Iglocska]
- Allow null values for taxonomies expanded column, fixes #1354.
  [Andreas Ziegler]
- Tightened lookups for the addTag / removeTag APIs. [Iglocska]

  - no longer a substring match, users have to specify the full tag name
- Add perm_delegate to MYSQL.sql. [Andreas Ziegler]
- Remove SET from sql ADD column statement. [Andreas Ziegler]
- Update mysql structure for 2.4.49 updates. [Andreas Ziegler]
- Specify correct&specific branches in .gitmodules. [Andreas Ziegler]
- Additional chars =~ in mail address regex. [Andreas Ziegler]
- Use different variable name in sub-loop. [Andreas Ziegler]
- Check for correct event uuid and id. [Andreas Ziegler]
- Fixed an issue where an event view by a malformed UUID would result in
  a lookup against the leading numerical value in the malformed UUID,
  fixes #1338. [Iglocska]
- Add warninglist tables to MYSQL.sql. [Andreas Ziegler]
- Use same default value as in AppModel update mechanism. [Andreas
  Ziegler]
- Tag keywords in attribute search filter has issues with an empty
  newline, fixes #1330. [Iglocska]
- Fixed leading/trailing white spaces from breaking the quick filter on
  the event index, fixes #1329. [Iglocska]
- Fixed an issue with an invalid offset in a comparison when adding
  events. [Iglocska]
- Removed duplicate of the same condition. [Iglocska]
- Filtering on attributes in the event view gives a no attributes
  warning if a tab doesn't contain attributes. [Iglocska]

  - Warning now only triggers if the event doesn't have any attributes in any tabs
- Throw exception for malformed xml file. [Andreas Ziegler]
- Set default value for realFileName. [Andreas Ziegler]
- Throw exception if necessary config cant be read. [Andreas Ziegler]
- Fixed two issues for API add event corner cases, fixes #1298.
  [Iglocska]

  - Correctly handle old style creator org fields ("orgc":orgc_string)
  - Correctly handle new tags with no colour set
- Follow up to the previous patch, same thing for log searches.
  [Iglocska]
- Move case statement and add break. [Andreas Ziegler]
- Fixed an issue with org admins having too much access via the logs.
  [Iglocska]
- Organisations updated with no changes cause erroneous log entries,
  fixes #1099. [Iglocska]
- Allow the export of an empty event in MISP JSON/XML format, fixes
  #1295. [Iglocska]
- Fixed an issue that caused MISP's capture org to disambiguate on the
  name instead of the UUID in some cases. [Iglocska]

  - Due to a fallback mechanism the disambiguation happened on the name if there was no UUID match during the saving of an event instead of creating a new organisation. This was an issue if a remote org changed UUID for example.
- Added domain|ip to the OpenIOC export. [Iglocska]

  - also, the new system should be much easier to extend with new mapping options and is generally a lot cleaner.
  - It would be more complete if Airbus wouldn't have skimped on power outlets on the A380s....
- Rework of the IOC export component, fixes #1292. [Iglocska]
- Ambiguous order field fixed, fixes REST sort of index. Fixes #1266.
  [Iglocska]

  - Fixes an issue where viewing the index of an instance remotely returns no events if sorted on a field.
  - This was caused by some ambiguous field names (such as ID)
  - Fixed by prepending the sorted field name by "Event."
- Fixed an issue with the attribute search incorrectly showing org
  admins the edit button for attributes they don't own, fixes #1278.
  [Iglocska]

  - Also added a way to propose directly from the attribute list / search results
- Empty comments may be added to events #1263. [Iglocska]

  - moved to plain jquery
  - check on back+frontend
  - better responses when adding events
  - fixed an issue with the org_id not being selected for posts
- Fixed a notice error with the attribute pagination. [Iglocska]
- Reverted previous change. [Iglocska]
- Secureauth removed from the config dump. [Iglocska]
- Old upgrade SQL script moved to legacy directory. [Alexandre Dulaunoy]
- Removal of unused file. [Alexandre Dulaunoy]
- Removed the field restrictions from the save() calls in the certauth
  plugin. [Iglocska]

  - apparently cakephp also removes those fields from the beforevalidation hook, meaning that a plugin can potentially escape any data consolidation methods. Not sure if this is intended behaviour by cakephp...
- Fix to an issue with default values not set by the beforeValidate of
  users. [Iglocska]
- Case-insensitive functions calls. [Andreas Ziegler]
- Removed some useless loops, fixes #1231. [Iglocska]
- Reverted the change from addslashes -> escapeshellargs. Will revisit
  the reason it was causing the uploads to fail at a later point in
  time. [Iglocska]
- Multiple values for the restsearch quickfilter added. [Iglocska]
- Proposals now have the correct page title. [Iglocska]

Other

v2.4.48 (2016-06-08)

New

- Enable/disable feed via API. [Iglocska]

  - simply POST to /feeds/enable/feed_id or /feeds/disable/feed_id to enable and disable a feed

Changes

Fix

- Fix to a bug that allowed adding server connections without an org.
  [Iglocska]
- Some small fixes. [Iglocska]

  - Lowered TLP string setting to low importance
  - auto set authkey if not set during user creation
- Add missing return statement. [Andreas Ziegler]
- Change to correct variable name. [Andreas Ziegler]
- Case-insensitive function calls. [Andreas Ziegler]
- Small fix to the top menu when debug mode is enabled. [Iglocska]
- Brace ordering. [Andreas Ziegler]
- Dont override type variable. [Andreas Ziegler]
- Case-sensitive functions calls. [Andreas Ziegler]
- Move unlink() to correct location. [Andreas Ziegler]
- Reverted two removals of dynamically accessed vars that shouldn't be
  removed. [Iglocska]
- Left off change in view_graph.ctp. [Iglocska]
- Can't add Elements to a newly created Template. fixes #1188.
  [iglocska]
- Fixed epel url for centos 7.x. [Iglocska]
- Minor cosmetic issue in distribution, fixes #1197. [Iglocska]
- Use of unset variable in Model/Event.php sendContactEmailRouter(),
  fixes #1210. [Iglocska]
- Fix to a duplicate parameter passed to fetchevent instead of passing
  the "to" parameter as expected. [Iglocska]
- Reverted a patch to allow organisations without uuids to be added.
  [Iglocska]
- Cannot delete users, fixes #1200. [Iglocska]
- Fixed an issue with the text export not returning anything if used via
  the API. [Iglocska]
- Default bootstrap fixed for http. [Iglocska]
- Fixed an issue with the default bootstrap.default.php. [Iglocska]
- Two small fixes. [Iglocska]

  - search by uuid on the event index via the quickfilters
  - view button on the disussion index added to make the UI a bit more consistent
  - This unimaginative patch would not have existed without an uncomfortable British Aerospace ATP
- Added the date field to the related attribute popover, fixes #1190.
  [Iglocska]
- Fix to a previous change of the bootstrap.php file to accomodate for
  some exotic setups. [Iglocska]
- Accidental invalid debug code left in the verifyGPG admin task
  breaking the script. [Iglocska]
- Fix to an error with MISP and MySQL 5.7+ caused by no order clause on
  a distinct select query, fixes #1188. [Iglocska]
- Cleanup of the password reset tool. [Iglocska]
- A removed user was giving some notice errors on the thread index.
  [Iglocska]

Other

v2.4.47 (2016-05-24)

Fix

- Wrong variable name in __ipv6InCidr() [Andreas Ziegler]
- Reverted a change that broke PyMISP's copy_list.py To be revisited for
  a better solution. [Iglocska]
- Removed duplicate array keys, fixes #1162. [Iglocska]
- Fixed a broken tag situation when the line wrap happened just between
  the tag and its delete button. [Iglocska]
- Tags were distorted when too many where in a single line due to a
  crappy table. [Iglocska]
- Left off a change. [Iglocska]

Other

v2.4.46 (2016-05-23)

New

- Added Statixtics for taxonomy and tag usage, fixes 1158. [Iglocska]

Changes

Fix

- Fixed some wonky behaviour with the popover enrichment and the warning
  list popover. [Iglocska]
- Fixed an issue with the attribute search timing out. [Iglocska]
- Removed a superfluous line that broke lists of values from being
  passed to the restsearch API. [Iglocska]
- Bug causing the attribute search to truncate the search terms when a
  list of organisations is searched for, fixes #1156. [Iglocska]
- Added hard-delete for soft-deleted attributes, fixes #1144. [Iglocska]
- Added the option for users to see and undelete attributes if an event
  was created by their org, fixes #1144. [Iglocska]

  - Also some minor fixes to the ACL

Other

v2.4.45 (2016-05-20)

New

- Added the news functionality back. [Iglocska]

  - admins can add/edit/delete news items
  - users get redirected if there is a newsitem that they haven't seen yet

Changes

Fix

- Fix to the redirect issues on logout. [Iglocska]
- Added the new db changes to the SQL files. [Iglocska]
- Some more cleanup on the redirects at login. [Iglocska]
- Removed redirect to the news page if no user is logged on. [Iglocska]
- Fixed an issue that would create blank server entries after a
  scheduled pull, fixes #1142. [Iglocska]
- Soft deleted attributes editable and they show up using attribute
  search, fixes #1144. [Iglocska]
- Wrong default setting in bootstrap.php fixed. [Iglocska]
- Fix to an issue causing the sync to fail due to an invalid version
  error for no reason. [Iglocska]
- Revert to relative paths only for requests coming via the command
  line. [Iglocska]

  - baseurl not auto-resolved if the $_SERVER['SERVER_ADDR'] isn't populated
  - solves issues with background workers executing requests on an instance where no baseurl is set
- Resolved commented out request type checks, fixes #1141. [Iglocska]
- Fixes to issues with MYSQL >= 5.7. [iglocska]
- Contact Users Form Email Issue fixed, fixes #1130. [Iglocska]

Other

v2.4.44 (2016-05-12)

Fix

- Fixed an issue with the download as MISP XML/JSON failing for regular
  users due to a permission issue. [Iglocska]
- Fix to an issue with server urls having a trailing slash causing an
  invalid sharing group server detection. [Iglocska]

Other

v2.4.43 (2016-05-11)

New

- Started work on the new attribute deletion. [Iglocska]

Changes

Fix

- Attribute search - download as CSV returns empty result set, fixes
  #1122. [Iglocska]
- Fixed an issue that would cause invalid empty events to be created
  when using the API to delete attributes. [Iglocska]
- Several issues with the soft delete resolved. [Iglocska]
- Fixed broken undelete button. [Iglocska]
- Left off a change. [Iglocska]

Other

v2.4.42 (2016-05-05)

Changes

- Filter event index for my own events. [Iglocska]

  - Part of the initiative for a happier Andrzej
- Attribute search download also offered as JSON, fixes #1035.
  [Iglocska]

  - also added some convenience functions for JSON/XML collections in the appropriate export tools
  - can start reusing them in other functionalities
- Added event ID to enrichment input, fixes #1091. [Iglocska]
- Small comment fix. [Iglocska]
- Fixed the flash messages when viewing remote instances. [Iglocska]
- Fixed invalid output of some fields in the remote instance views.
  [Iglocska]
- Removed the relation of users -> favourite tags. [Iglocska]

  - at the moment it is not used, but can cause issues
  - revisit this later
- Version bump. [Iglocska]
- Added options to inject the SCL php paths into the PATH when executing
  the worker shell scripts on RHEL/CentOS. [Iglocska]

Fix
~~~
- Problem with osint json/taxonomy, fixes #1119. [Iglocska]

  - Added a new validation for strings where "0" should be a valid value
- Comment from expansion lost after free-text import, fixes #1115.
  [Iglocska]
- Attachment upload of existing file, fixes #1024. [Iglocska]
- Fixed an ACL issue preventing normal users from viewing the instance
  version. [Iglocska]

  - this is required by the enrichment modules
- Fix to an issue for new installations. [Iglocska]

Other
~~~~~
- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4.
  [Iglocska]


v2.4.41 (2016-04-28)
--------------------

Changes

Fix

- Fixed some issues with the favourite tags. [Iglocska]


v2.4.40 (2016-04-28)
--------------------

New

Changes

- Added encryption feature with PGP or S/MIME support. [Alexandre
  Dulaunoy]

Other
~~~~~
- Airbus added as contributor. [Alexandre Dulaunoy]


v2.4.39 (2016-04-27)
--------------------

Changes

Fix

- Fixed an issue with handling SMIME encrypted messages on instances
  that don't have a signing key. [Iglocska]

Other

v2.4.38 (2016-04-23)

v2.4.37 (2016-04-18)

v2.4.36 (2016-04-15)

v2.4.35 (2016-04-15)

v2.4.34 (2016-04-08)

v2.4.32 (2016-03-30)

v2.4.31 (2016-03-30)

v2.4.30 (2016-03-28)

v2.4.29 (2016-03-28)

v2.4.28 (2016-03-21)

v2.4.27 (2016-03-11)

v2.4.26 (2016-03-10)

v2.4.25 (2016-03-09)

v2.4.24 (2016-03-07)

v2.4.23 (2016-02-22)

v2.4.22 (2016-02-21)

v2.4.21 (2016-02-19)

v2.4.20 (2016-02-17)

v2.4.18 (2016-02-13)

v2.4.17 (2016-02-11)

v2.4.16 (2016-02-02)

v2.4.15 (2016-02-02)

v2.4.14 (2016-01-29)

v2.4.13 (2016-01-28)

v2.4.12 (2016-01-21)

v2.4.11 (2016-01-20)

v2.4.10 (2016-01-20)

v2.4.9 (2016-01-19)

v2.4.7 (2016-01-14)

v2.4.6 (2016-01-07)

v2.4.5 (2016-01-04)

v2.4.4 (2015-12-30)

v2.4.3 (2015-12-27)

v2.4.2 (2015-12-26)

v2.4.1 (2015-12-26)

v2.4.0 (2015-12-24)

v2.3.178 (2015-12-14)

v2.3.177 (2015-12-08)

v2.3.176 (2015-12-08)

v2.3.175 (2015-12-04)

v2.3.174 (2015-12-04)

v2.3.173 (2015-12-02)

v2.3.172 (2015-12-01)

v2.3.171 (2015-12-01)

v2.3.169 (2015-11-27)

v2.3.168 (2015-11-27)

v2.3.167 (2015-11-26)

v2.3.166 (2015-11-26)

v2.3.165 (2015-11-26)

v2.3.164 (2015-11-22)

v2.3.163 (2015-11-19)

v2.3.162 (2015-11-17)

v2.3.161 (2015-11-17)

v2.3.160 (2015-11-16)

v2.3.159 (2015-11-15)

v2.3.158 (2015-11-13)

v2.3.157 (2015-11-12)

v2.3.156 (2015-11-11)

v2.3.155 (2015-11-10)

v2.3.154 (2015-11-10)

v2.3.153 (2015-11-09)

v2.3.152 (2015-11-08)

v2.3.151 (2015-11-03)

v2.3.150 (2015-10-30)

v2.3.149 (2015-10-30)

v2.3.148 (2015-10-28)

v2.3.147 (2015-10-27)

v2.3.146 (2015-10-27)

v2.3.145 (2015-10-22)

v2.3.144 (2015-10-21)

v2.3.143 (2015-10-15)

v2.3.142 (2015-10-14)

v2.3.141 (2015-10-13)

v2.3.140 (2015-10-12)

v2.3.139 (2015-10-09)

v2.3.138 (2015-10-09)

v2.3.137 (2015-10-09)

v2.3.136 (2015-10-09)

v2.3.135 (2015-10-08)

v2.3.134 (2015-09-24)

v2.3.133 (2015-09-24)

v2.3.132 (2015-09-23)

v2.3.131 (2015-09-21)

v2.3.130 (2015-09-17)

v2.3.129 (2015-09-16)

v2.3.128 (2015-09-16)

v2.3.127 (2015-09-16)

v2.3.126 (2015-09-16)

v2.3.125 (2015-09-09)

v2.3.124 (2015-09-07)

v2.3.123 (2015-09-03)

v2.3.122 (2015-09-02)

v2.3.121 (2015-09-02)

v2.3.120 (2015-08-27)

v2.3.118 (2015-08-27)

v2.3.117 (2015-08-27)

v2.3.116 (2015-08-25)

v2.3.114 (2015-08-24)

v2.3.112 (2015-08-18)

v2.3.110 (2015-08-18)

v2.3.109 (2015-08-18)

v2.3.108 (2015-08-18)

v2.3.107 (2015-08-17)

v2.3.106 (2015-08-07)

v2.3.105 (2015-08-07)

v2.3.104 (2015-08-04)

v2.3.103 (2015-08-04)

v2.3.102 (2015-07-27)

v2.3.100 (2015-07-22)

v2.3.99 (2015-07-20)

v2.3.98 (2015-07-17)

v2.3.97 (2015-07-13)

v2.3.96 (2015-07-12)

v2.3.95 (2015-07-09)

v2.3.94 (2015-07-08)

v2.3.93 (2015-07-07)

v2.3.92 (2015-07-01)

v2.3.91 (2015-07-01)

v2.3.90 (2015-07-01)

v2.3.88 (2015-06-29)

v2.3.87 (2015-06-25)

v2.3.85 (2015-06-22)

v2.3.84 (2015-06-18)

v2.3.83 (2015-06-17)

v2.3.82 (2015-06-16)

v2.3.81 (2015-06-10)

v2.3.80 (2015-06-09)

v2.3.79 (2015-06-06)

v2.3.77 (2015-06-05)

v2.3.76 (2015-06-04)

v2.3.74 (2015-06-03)

v2.3.73 (2015-06-03)

v2.3.71 (2015-06-01)

v2.3.69 (2015-05-27)

v2.3.68 (2015-05-21)

v2.3.67 (2015-05-20)

v2.3.66 (2015-05-15)

v2.3.65 (2015-05-15)

v2.3.64 (2015-05-13)

v2.3.63 (2015-05-04)

v2.3.62 (2015-04-16)

v2.3.60 (2015-04-13)

v2.3.59 (2015-04-08)

v2.3.58 (2015-04-01)

v2.3.57 (2015-03-16)

v2.3.56 (2015-03-14)

v2.3.55 (2015-03-10)

v2.3.54 (2015-02-24)

v2.3.53 (2015-02-23)

v2.3.52 (2015-02-18)

v2.3.51 (2015-02-16)

v2.3.50 (2015-02-16)

v2.3.49 (2015-02-16)

v2.3.48 (2015-02-10)

v2.3.47 (2015-02-09)

v2.3.46 (2015-02-05)

v2.3.45 (2015-02-05)

v2.3.44 (2015-02-04)

v2.3.43 (2015-02-03)

v2.3.42 (2015-02-03)

v2.3.41 (2015-02-02)

v2.3.40 (2015-01-15)

v2.3.39 (2015-01-12)

v2.3.37 (2014-12-12)

v2.3.36 (2014-12-10)

v2.3.35 (2014-12-10)

v2.3.34 (2014-12-05)

v2.3.33 (2014-12-03)

v2.3.31 (2014-11-27)

v2.3.30 (2014-11-27)

v2.3.29 (2014-11-20)

v2.3.28 (2014-11-19)

v2.3.27 (2014-11-14)

v2.3.26 (2014-11-14)

v2.3.25 (2014-11-14)

v2.3.24 (2014-11-12)

v2.3.23 (2014-11-05)

v2.3.22 (2014-11-03)

v2.3.21 (2014-10-31)

v2.3.20 (2014-10-31)

v2.3.19 (2014-10-30)

v2.3.18 (2014-10-29)

v2.3.17 (2014-10-28)

v2.3.16 (2014-10-27)

v2.3.15 (2014-10-27)

v2.3.14 (2014-10-27)

v2.3.0 (2014-10-07)

v2.2.1 (2014-02-19)

This site is open source. Improve this page.