MISP v2.5.24 - Security & Stability Update

This release focuses on security enhancements, bug fixes, and minor improvements to stability and functionality.

• GCVE-1-2025-0010 < MISP 2.5.24 - Arbitrary file-hash inclusion via templates in the template engine in MispAttribute allows a web user to obtain the MD5 hash of any file accessible to them via inclusion of tmp_name in templates.
• GCVE-1-2025-0011 < MISP 2.5.24 - Invalid check for uploaded file validity in EventsController can lead to arbitrary file inclusion / deletion via import modules by spoofing the tmp_name of the request.
• GCVE-1-2025-0012 < MISP 2.5.24 - Potential vulnerability in file check upload but this vulnerability is non-exploitable as the code is never executed. This vulnerability information is kept for archiving.
• GCVE-1-2025-0013 < MISP 2.5.24 - Authorization bypass / improper access control in app/Controller/SharingGroupBlueprintsController.php in MISP on web application /or API allows an authenticated low-privilege user to inject arbitrary organizations into existing sharing groups (including groups that should not be extendable), thereby granting those organizations access to shared resources and escalating access via crafted sharing-group blueprints or API requests that bypass validation.
• GCVE-1-2025-0014 < MISP 2.5.24 - Cross-site scripting in Mermaid chart rendering component in MISP event report allows a remote attacker part of a MISP community to execute arbitrary JavaScript in the victim’s browser via injection of HTML tags in raw Mermaid charts synchronized through event reports.
• GCVE-1-2025-0015 < MISP 2.5.24 - Cross-site scripting in decaying tool simulation UI/component in MISP on web application allows an attacker/org who can set an organization’s display name to execute arbitrary JavaScript in other users’ browsers when they view or run simulations via a crafted organization name containing a script payload that is rendered unsanitized when a specific attribute is chosen for the simulation.
• GCVE-1-2025-0016 < MISP 2.5.24 - Local file inclusion in [ImportFromUrl() URL handling component in MISP event report (with pandoc support) on server-side document import feature / web application allows an attacker who can supply a URL to read local filesystem documents and disclose sensitive information (limited to document file types) via providing file:// URLs to ImportFromUrl() that are fetched without proper scheme/host validation.

Thanks to Raphael Lob and Jeroen Pinoy from NATO Cyber Security Center for the security evaluation and report.

Continue reading

MISP 2.5.23 Released with Enhanced Benchmarking, Many Bug Fixes, and Documentation Updates

MISP 2.5.23 Release Notes - (2025-10-15)

We’re rolling out MISP 2.5.23! This release is another step in our continuous effort to keep MISP running smoothly and effectively for the entire threat intelligence community. We know how crucial it is to have a reliable platform for sharing and analyzing threat data, and we’re committed to delivering regular updates that bring you solid improvements and quick fixes.

Continue reading

MISP 2.5.22 released with improvements and bugs fixes

We are pleased to announce the release of MISP v2.5.22.

This release brings new features, improvements, fixes, and important updates to keep MISP stable and up to date.

Continue reading

MISP 2.5.21 released with a new recorrelate feature, various fixes and updates.

MISP 2.5.21 released (2025-09-10)

We are pleased to announce the release of MISP v2.5.21.
This version introduces new features affecting the various correlation tools, important fixes, and various updates to objects, taxonomies, and galaxy.

Continue reading

MISP 2.5.19 brings important fixes, improvements to the on-demand correlation engine, refinements in the task scheduler, and better error handling.

MISP 2.5.19 Release Notes

Release date: 2025-08-20

MISP 2.5.19 brings important fixes, improvements to the on-demand correlation engine, refinements in the task scheduler, and better error handling.

Continue reading

MISP v2.5.18 released with new on-demand correlation engine, a new improved task scheduling system and many more updates

MISP v2.5.18 Release Notes

We are pleased to announce the release of MISP v2.5.18, featuring a brand-new on-demand correlation engine, new improved task scheduling, Forgejo CI integration, and a wide range of fixes and refinements.

Continue reading

MISP Releases v2.5.16 & v2.4.214 - A Major Leap in Performance and Stability

We are thrilled to announce two new releases for the MISP project: a significant feature and performance release, v2.5.16, and a stable maintenance release, v2.4.214.

Continue reading

MISP 2.4.213 & 2.5.15 Released - A Double Dose of Security, Search, and Stability

We are thrilled to announce a dual release of MISP, bringing significant enhancements to both our stable and development branches with versions 2.4.213 and 2.5.15.

Continue reading

MISP 2.4.211 & 2.5.13 Released - A Double Dose of Security, Search, and Stability

We are excited to announce the parallel release of two new MISP versions: 2.5.13 for our latest branch and 2.4.211 for the 2.4 branch. These releases are packed with critical security patches, a major overhaul of the search functionality, and a host of improvements and bug fixes to enhance your threat intelligence experience.

Continue reading

MISP 2.4.210 / 2.5.12 released with many improvements, UI enhancement and various fixes

This release provides a critical round of security fixes, significant improvements to attribute validation, and UI enhancements for event views and analyst workflows. Multiple components including Galaxy, STIX, and warning lists were also updated. Special attention has been given to improving compatibility, performance, and documentation.

Continue reading

MISP v2.4.209 and v2.5.11 Released with new features, security fixes and improvements in workflow engine.

This release introduces several new features, important security fixes, and major improvements to the workflow engine, sharing group logic, and plugin handling. It also includes enhancements developed during hackathon.lu 2025.

Continue reading

MISP v2.4.208 and v2.5.10 Released with Many Bugs Fixed

This release introduces important security fixes, enhancements in authentication plugin handling, and better cache management in the workflow editor. It also updates various MISP components and improves remote sync behavior.

Continue reading

MISP v2.4.207 and v2.5.9 Released with Many Bugs Fixed

Summary

This dual release of MISP (versions 2.4.207 and 2.5.9) brings significant stability improvements, better performance, and architectural refinements, particularly around background job handling, workflow modules, and Galaxy cluster operations.

Continue reading

MISP v2.4.206 and v2.5.8 Released - new workflow modules, improved graph object relationship management and many other improvements

Summary

MISP v2.4.206 and v2.5.8 introduces new workflow modules, enhanced object relationship management and significant improvements to the event synchronisation mechanism. Key highlights include improved a reworked attribute search functionality, better handling of event reports, and various security fixes. Additionally, numerous optimizations and bug fixes enhance stability and performance.

Continue reading

MISP v2.4.205 and v2.5.7 Released - Enhancements, Fixes, and Improved Correlation Management

Combined Release Notes: MISP v2.5.7 & v2.4.205 (2025-02-24)

The MISP Project is pleased to announce the release of MISP v2.5.7 and v2.4.205, bringing several new features, important fixes, and enhancements to improve the overall user experience and platform functionality. This release addresses critical improvements in synchronization filtering, correlation management, and UI enhancements, ensuring a more stable and efficient MISP environment.

Continue reading

MISP 2.4.204 and 2.5.6 released including new features, performance improvements and many other improvements.

Combined Release Notes: MISP v2.5.6 & v2.4.204 (2025-01-03)

The MISP team is excited to announce the release of MISP v2.5.6 and MISP v2.4.204. These updates bring several new features, fixes, and performance improvements to enhance the platform’s usability and efficiency. Here’s a summary of the key changes:

Continue reading

MISP 2.4.203 and 2.5.5 released including new features, improvements and many security improvements.

MISP Software Release: Combined Updates for v2.4.203 and v2.5.5

Introduction

We are thrilled to announce the release of MISP v2.4.203 and MISP v2.5.5, bringing a range of new features, improvements, and fixes to enhance the platform’s performance, usability, and security. These updates reflect our ongoing commitment to providing a robust and reliable open-source threat intelligence platform for the community.

Continue reading

MISP 2.4.202 and 2.5.4 released with numerous enhancements including analyst data, bug fixes, and security improvements

Changes

Configuration

• Base URL Setting: Added a new setting to skip base URL coercion for the framework. This resolves issues when running MISP under a subdirectory but may have adverse effects for other setups.

Settings

• REST Client Settings: Enhanced security by tightening REST client-related settings:
  • rest_client_baseurl is now CLI-only.
  • Updated rest_client_enable_arbitrary_urls description for clarity.
• Removed Unused Setting: Security.disable_form_security, a legacy setting for testing purposes, has been removed.

Updates

• Taxonomies, Warning Lists, Objects, Galaxy: Updated to their latest versions.
• MISP-STIX and PyMISP: Updated to the latest versions.

Analyst Data

• Analyst Data objects like Notes and Opinions are now flattened lists attached to their data layer instead of nested.
• Improved handling of analyst data in various endpoints and views.
• Added new metrics for analyst data and event reports.

UI

• Minor tweaks and improvements.

Attributes

• Support for adding combinations of tag collection tags and other tags simultaneously.

Statistics

• Added metrics for analyst data and event reports.

CI

• Path fixes and branch updates.

Fixes

Security

• Resolved multiple vulnerabilities:
  • Stored XSS in JsonTool::encode() used in JavaScript.
  • Tightened template elements endpoint to prevent abuse.
  • File upload process improved to prevent abuse.
  • Prevented TOTP secret logging in audit logs.
• Updated encoding in the upload_file view element.

Analyst Data

• Addressed issues with nested data handling and JSON export.
• Fixed data fetching inconsistencies and restored functionality for viewing nested analyst data.

REST Search

• Adjusted deleted flag behavior to improve results consistency.

Miscellaneous

• Corrected variable definition, CLI arguments, and template index naming.

Other

• Merge Requests: Integrated various feature and fix branches into 2.4-develop.
• Community Additions: Added Threatmon MISP Community.
• Custom Image Path Check: Updated image path validation logic.

This release includes several critical security fixes, updates, and enhancements, improving the overall functionality and stability of MISP. Users are encouraged to update promptly to benefit from the latest improvements and security measures.

Continue reading

MISP v2.5.3 and v2.4.201 released with numerous enhancements, bug fixes, and security improvements to strengthen threat information sharing capabilities.

We are excited to announce the latest updates to MISP with versions v2.5.3 and v2.4.201, which bring numerous enhancements, bug fixes, and security improvements to strengthen threat information sharing capabilities. As with any security release, we highly recommend that you update ASAP and inform your partners to do the same.

Continue reading

FlowIntel 1.3.1 released and MISP integration

FlowIntel 1.3.1 released and MISP integration

FlowIntel is a lightweight and flexible platform built to help teams manage their tasks and cases efficiently. It offers a range of features, from detailed documentation tools to integration with external platforms, ensuring that workflows remain seamless and adaptable to various needs.

Continue reading