Releases: cerebrate-project/cerebrate
Cerebrate version 1.26 released with improvements and security and bug fixes.
Cerebrate Release Notes - v1.26 (2024-11-28)
We are glad to announce the release of Cerebrate v1.26, which introduces new features, key improvements, and a host of fixes aimed at enhancing functionality and security. Here's a breakdown of what's new:
🚀 New Features
- Bookmark Security Enhancements:
Administrators can now tighten bookmark creation rules by restricting base URLs to a predefined list via server settings, ensuring greater control and security.
🔧 Improvements & Changes
- AuthKey Management:
- More elegant solutions for adding authentication keys.
- Improved permission handling for group admins, allowing them to manage API keys for their groups.
- Streamlined user dropdown for adding AuthKeys to focus on relevant users only.
🛠️ Fixes
This release resolves numerous issues to improve system stability, usability, and security:
Security Fixes:
- Tightened role assignment permissions to prevent privilege escalation by low-privilege administrators.
- Improved ACL handling for group admin permissions, preventing unauthorized user assignments to external organizations.
- Bookmark error handling enhancements, ensuring failures are explicitly reported and resolved.
Bug Fixes:
- Fixed installation issues caused by non-boolean debug mode.
- Correctly set the
perm_community_admin
value to resolve community admin role issues. - Improved debug level settings to ensure numeric values fall within valid ranges.
- Addressed typos in configurations, descriptions, and controllers for smoother operation.
- Resolved internal server errors in user settings view when accessed without a user ID.
- Fixed cryptic error messages related to role deletions with attached users.
Usability Enhancements:
- Enhanced error handling for Ajax contexts, ensuring clear feedback during save failures.
- Resolved edge cases for PGP key status checks.
- Set proxy settings diagnostics severity to
info
for improved clarity.
📝 Miscellaneous Updates
- Streamlined and cleaned up the ACL component by removing duplicate checks.
We encourage all users to update to v1.26 to benefit from these enhancements and fixes.
Huge shoutout to @Wachizungu for his incredible contributions and attention to detail! 😎
As always, thank you for your continued support and contributions to the Cerebrate project!
For a detailed list of changes, visit the Cerebrate GitHub repository.
Cerebrate version 1.25 released with improvements and various bugs.
Cerebrate v1.25 Release Notes (2024-09-25)
We are excited to announce the release of Cerebrate v1.25! This update includes several new features, enhancements, and bug fixes to improve the overall experience.
New Features:
- UI Enhancements: Country flags have been added in the following sections:
- Organisations: /organisations/[index/view]
- Users: /users/[index/view]
Contributed by Sami Mokaddem
Changes:
- Docker README: Updated PHP version.
Contributed by Sami Mokaddem - User Permissions: Refined permission limitations for organisations on the /users/add page.
Contributed by Sami Mokaddem - Bookmarks: Improved the handling of malformed content, ensuring the system fails gracefully instead of throwing server errors (500s).
Contributed by iglocska
Fixes:
- Permission Limitations: Corrected the display of the number of permission limitations for org_group_managers when an organisation they manage lacks users.
Contributed by Sami Mokaddem - User Filtering: Added ACL entries for the filtering modal on the users' index page.
Contributed by Sami Mokaddem - UI Fixes: Adjusted the search dropdown width to prevent overflow on large result sets, addressing issues raised by @gallypette and @adulau.
Contributed by Sami Mokaddem - Group Admin: Resolved a DatabaseException occurring when a group-admin condition included an empty list of values.
Contributed by Sami Mokaddem - Bookmarks: Added additional error handling for malformed bookmark entries.
Contributed by iglocska
Other:
- Several merges from
main
anddevelop
branches to keep the codebase up-to-date.
Contributed by Sami Mokaddem, iglocska, Andras Iklody
This release strengthens the stability and functionality of Cerebrate. Thanks to all contributors for their valuable input!
Cerebrate version 1.24 released with API improvements
v1.24 (2024-08-29)
API improvements
Improvement of meta field usage via the API
Add/Edit endpoints have been updated to accept a simplified format of metafields for easier integration. Metafields are now passed as a list of objects with 4 required keys (field, value, template_uuid and template_version).
An example for adding a user, along with metafields set is as follows:
{
"individual": {
"email": "[email protected]",
"first_name": "Andras",
"last_name": "Iklody"
},
"username": "[email protected]",
"organisation_id": "2",
"role_id": "3",
"meta_fields": [
{
"field": "perm_misp",
"value": true,
"template_uuid": "447ded8b-314b-41c7-a913-4ce32535b28d",
"template_version": 2
}
]
}
Better error handling
Passing malformed data or not setting the proper media type headers resulted in rather arcane messages, complaining about certain validation errors / missing fields in the provided content. This lead to a fair bit of confusion, so from v1.24 on, if for whatever reason Cerebrate cannot pick up on the contents of a POST/PUT request, it will return a 400 warning the user about malformed / missing post bodies.
Thanks to Paweł Pawliński for testing the API and providing feedback!
Alignments and authoring of individuals
In order to shed the frustrations that were up until now caused by org admins / group admins being able to create Individuals, but not to modify them after the fact, we have modified the behaviour altogether.
Having an alignment to the individual enabled org/group admins to modify individuals and as of v1.24, any individual created by one of them will automatically be aligned with their organisation. This should allow org/group admins to retain authoring right.
Version and links to the Cerebrate-project resources
We have added a link to both Cerebrate-project's website and the release notes of the current version to a small header text displayed at all times after login, also indicating the currently installed version for easier identification.
Cerebrate version 1.23 released with an ACL improvement
v1.23 (2024-08-27)
New
-
[metafield editor permission] added. [iglocska]
- users/org admins/group admins/community admins can now only modify metafield data on any object if the permission is set for their role
- Since some communities use this for ACL to secondary tools, this will allow them to restrict who can modify them
Changes
- [version] bump. [iglocska]
Cerebrate version 1.22 released with various bugs fixed and improvements
v1.22 (2024-08-24)
New
-
[administration] allow group/org admins to edit individuals aligned to their managed orgs. [iglocska]
- based on alignment
-
[permissions] split of admin and community admin. [iglocska]
Changes
-
[migration] minor fix for rerunability. [iglocska]
-
[version] bump. [iglocska]
-
[cleanup] removed older revision of upgrade script. [iglocska]
Fix
-
[metafield limitation] fixes. [iglocska]
- correctly show error messages on user creation when limits are hit
- fixed a bug that cause users from being uncreatable even due to a hit limitation, even if the current user wouldn't influence said limitation
-
[community admin] fixes. [iglocska]
-
[ACL component] fixes. [iglocska]
Other
- Merge branch 'develop' [iglocska]
Cerebrate version 1.21 released with various bugs fixed
v1.21 (2024-07-02)
New
-
[extended logger] added. [iglocska]
- Added more information about the request to the stack traces
- logs user name / ID
- logs request x-forwarded-for
Changes
- [tag] bumped. [iglocska]
- [permission limitations] free limitation count when user disabled. [iglocska]
- Thanks to Elisabeth from BSI for reporting it
- [permission limitations] free limitation count when user disabled. [iglocska]
Fix
- [user add] fixed bug with metafields on new users causing an exception. [iglocska]
Cerebrate version 1.20 released with various bugs fixed
Release Notes for v1.20 (2024-06-07)
New Features
- Metafield Restrictions: Not enforced on an edit that doesn't change the state of the offending value.
- If a user is already over the limit of a restriction, they should still be editable.
Changes
- Encryption Keys: Listed for organizations and individuals on their respective views. (Fixes #167)
- Dashboard Redirects: To individual models now sort by modified by default.
- The dashboard shows new entries, making it logical to sort the list based on changes.
- Small fix to avoid sanitizing index URLs, ensuring multiple query parameters work correctly.
Fixes
- Alignments: Rules relaxed. (Fixes #164)
- Site admins can add alignments to anyone.
- Organization admins can add alignments for their own organization members.
- Group admins can add alignments for any of their managed organization's members.
- Authkeys: Allow for authkeys with no expiration set. (Fixes #169)
- Authkey Add: Ensure default to expiration=0 if not provided.
- Encryption Keys: Allow for large keys.
- Setting Cerebrate: Enforce debug setting to be true or false.
Cerebrate v1.19 released with several usability / functionality fixes
Cerebrate v1.19 released with several usability / functionality fixes
v1.19 is a maintenance release with fixes and improvements mostly based on the feedback of the CSIRT-Network and ENISA.
New
- Added session handling related settings
Fixes
- Keycloak metafield sync fixed
- Keycloak user modification/view issues when more than 100 users were enrolled due to a built in pagination limit in Keycloak
- User enrollment fixes
- Settings fixes
- Correctly handle the boolean settings such as debug
- Correctly display numeric settings
- Ensure that the settings are loaded correctly
- Prevent the saving of an invalid key expiration (either for dates in the past or altogether invalid dates that were cast to indefinite expiration)
- Group admin fixes
- Group admins can now properly enroll users for organisations other than their own that they manage
- Group admins can now modify organisation metadata for all of their managed organisations
- UI fixes to properly reflect what a group admin can do
- Pagination issues fixed across the board
- hard limit of 100 elements /page relaxed
Changes
- Encryption key improvements
- Reworked UI
- Fixes to the search interface (search by owner org or individual)
- Various search improvements
- affected scopes include organisations, users, authentication keys
- Backport and alignment of the MISP3 CRUD component
Cerebrate version 1.18 released including new features, improvements and bugs fixed.
Cerebrate version 1.18 released including new features, improvements and bugs fixed. (2023-12-20)
New
-
[settings:inbox.data_change_notify_for_all] Added setting to be more verbose for data changes. [Sami Mokaddem]
-
[CRUD:Filtering] Added support of options in index filtering modal. [Sami Mokaddem]
Changes
-
[version] bump. [iglocska]
-
[inboxes:filtering] Populate username with eligible users in filtering modal. [Sami Mokaddem]
-
[crud:index] Include all meta-fields regardless of user's preference when in REST context. [Sami Mokaddem]
-
[MISP connector] added bulk org pull. [iglocska]
Fix
-
[inboxes:index] Fixed pagination target key. [Sami Mokaddem]
-
[component:CRUD] Make sure not to override table aliases when paginating. [Sami Mokaddem]
-
[individual:validation] Enforce email format to be a valid email address. [Sami Mokaddem]
-
[behavior:notifyAdmins] Fixed typo in date serialization. [Sami Mokaddem]
Other
-
Merge branch 'develop' [iglocska]
-
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [Sami Mokaddem]
Cerebrate v1.17 released with new community management and orchestration features
Cerebrate v1.17 released with new community management and orchestration features
Cerebrate topology view
With the release of 1.17, we have added a new interface to view and interact with your Cerebrate and its connected local tools as well as syncing broods.
By bringing up the topology view, Cerebrate will draw a layout of your setup using mermaid.js, showing identified issues and giving you easy access to managing the individual tools.
Using the local tools diagnostic interface, you can tie your own tool into this diagram, giving you an easy overview over misconfigured or misbehaving tools. Simply pivot to any of the sync connections or local tools to modify settings, execute updates and more.
MISP connector updates
In tandem with the topology changes, the MISP connector has gone through a rework, allowing for more thorough diagnostics as well as easier exchange of contact items.
The diagnostics will now warn about worker issues, outdated versions, or misconfigured MySQL / PHP setups. Wherever possible, quick remediation will also be offered via specific actions (such as "update MISP" or "restart workers").
In order to make the exchange of organisations and sharing groups easier, the index interface has been reworked:
The new UI allows for comparing the data in Cerebrate to that in the connected MISP instance and pulling in a new / updated objects in a convenient multi-select function. In order to push organisation or sharing group data, you can use filter rules to define what will get pushed:
Multiple fixes and improvements based on feedback from the CSIRT Network and ENISA
Thanks to our close collaboration, we have received a long list of ideas improvements and fixes in the past few weeks, resulting in a long list of fixes. These include highly improved filtering options for the user index, allowing sub-filtering based on metafields, a new CSV output format.
This becomes increasingly interesting when using Cerebrate with an IAM platform such as keycloak, where we manage subscriptions to certain services via metafields in Cerebrate. Being able to quickly view and interact with users that are subscribed to certain services is now a breeze.
Various other fixes
A long list of fixes targeting our CI test suite as well as realigning the installed dependencies to newer versions (and resolving the issues they caused) were also included, for a full list of changes don't hesitate to check out our Changelog.