Skip to content

Releases: cerebrate-project/cerebrate

Cerebrate version 1.16 released including new features and improvements

14 Sep 13:03
v1.16
fb83ae6
Compare
Choose a tag to compare

Cerebrate version 1.16 released including new features and improvements

Organisation Group management added

With the release of 1.16, we have introduced the new concept organisation groups, an administrative layer sitting on top of organisations, allowing designated group administrators to manage a set of organisations.

Whilst this feature comes as a newly requested feature submitted by ENISA for managing the European CSIRT network, we already see a host of other possibilities for taking advantage of it, ranging from virtual organisation grouping to managing larger sharing communities with self-reliant sub-groups.

In essence, the new feature allows for the creation of sub communities with a degree of self-management, so if you would like to enroll say an ISAC or other sectorial / national group in your community, this can greatly ease the burden of user management on the site administrators by delegating the task to entrusted parties within the sub communities.

Our experience with both MISP and with Cerebrate has shown that contrary to the most common immediate observaions of a potential risk coming from diluting administrative responsibilities, it actually achieves the opposite, by allowing for a smoother, self-service management of not only user enrollment, but also rotating out user accounts and general auditing and life-cycle management of user accounts.

As a site administrator, simply create a new group:

image

Add administrator(s) to the group to allow for self-management:

image

Start adding organisations to the group:

image

Once done, the desginated group administrator can start managing the users of the listed organisations.

Changes

  • [users:acl] Improved waterfall model for CRUD operation and updated UI to reflect them. [Sami Mokaddem]

  • [ui] Improved reflection of ACL logic in the UI for OrgGroups, Organisations and individuals. [Sami Mokaddem]

  • [VERSION] bump. [iglocska]

  • [alignments:acl] Reflected ACL logic from individuals to alignments. [Sami Mokaddem]

  • [users:edit] Allow users to self edit. [Sami Mokaddem]

  • [user-settings:edit] Prevent assigning a setting to another user. [Sami Mokaddem]

  • [command:summary] Added data about the modified entity. [Sami Mokaddem]

  • [navigation:tags] Updated UI to reflect users' permissions. [Sami Mokaddem]

  • [navigation:individuals] Only show edit and deletion buttons if users are allowed to do it. [Sami Mokaddem]

  • [genericElements:numberOfElement] Added parameter to show or not the show all option. [Sami Mokaddem]

  • [ACL:tags] Relaxed ACL on tags for index and view pages. [Sami Mokaddem]

  • [ACL:individual/add] Allow org-admins to create new individuals. [Sami Mokaddem]

Fix

  • [ACL] group admins can view users in their group. [iglocska]

  • [internal] fixed the function checking if a user belongs to the current User's managed org group. [iglocska]

  • [acl:canEditUser] Typo in table name. [Sami Mokaddem]

  • [OrgGroups:checkIfGroupAdmin] Consider site_admins as group admin. [Sami Mokaddem]

  • [strict typing] Made Sami's frankenstein setup happy. [iglocska]

  • [temp] ACL function built up. [iglocska]

  • [ACL] fixes. [iglocska]

  • [org admins] should be able to edit the org. [iglocska]

  • [individual:edit] Select individuals based on their id and not their user_id. [Sami Mokaddem]

  • [navigation:CRUDAction-auditlogs] Make ordering by created field unambigous and hide audit button to non-admin users. [Sami Mokaddem]

  • [userSettings:add] Aded check to avoid duplicated setting for the same user. [Sami Mokaddem]

  • [mailinglist:ACL] Fixed bug in ACL check for access. [Sami Mokaddem]

Cerebrate version 1.15 released including new features, improvements and security fix (CVE-2023-41363)

14 Sep 13:02
v1.15
8d819bd
Compare
Choose a tag to compare

Cerebrate version 1.15 released including new features, improvements and security fix (CVE-2023-41363)

Changes

  • [version] bump. [iglocska]

  • [misisng] change. [iglocska]

  • [internal] fetch first role if no default is set. [iglocska]

  • [command:summary] Consider perm meta-fields addition/deletion as uesr edit. [Sami Mokaddem]

  • [config] Force usage of secure cookie for session and csrf protection. [Sami Mokaddem]

  • [component:CRUD] Include meta-fields in REST queries and clever pagination support for REST queries. [Sami Mokaddem]

  • [command:summary] Added support of user MetaFields. [Sami Mokaddem]

    Allow to show addition and deletion of user metafields such as the ones used for permissions

Fix

  • [security] user settings editable by arbitrary user fixed. [iglocska]

  • [internal] user add fix attempt #2. [iglocska]

  • [userSettings:edit] Correctly pre-select user to be edited. [Sami Mokaddem]

Other

  • Merge branch 'develop' [iglocska]

  • Merge branch 'main' into develop. [iglocska]

  • Update INSTALL.md. [Andras Iklody]

  • Update INSTALL.md. [Andras Iklody]

    some minor fixes

Cerebrate version 1.14 released including new features, improvements and security fixes

31 May 07:48
v1.14
47a8f4f
Compare
Choose a tag to compare

v1.14 (2023-05-31)

New

  • [enumerations] added enumerations system. [iglocska]

    • for string entry fields, simply add lists of values to convert the text entry for values
    • helps with maintaining accurate lists
    • currently the fields that are valid targets are organisations.nationality, organisations.sector, organisations.type
  • [enumerations] schema update added. [iglocska]

Changes

  • [version] bump. [iglocska]

  • [CRUD] allow for sorting on related model fields. [iglocska]

    • some hacks to resolve issues with sorting on related fields
  • [command:importer] Make sure to use the latest known version of the template. [Sami Mokaddem]

  • [command:importer] Make sure to use the latest known version of the template. [Sami Mokaddem]

  • [UI:saas] Clean-up css files and improved sidebar behavior and rendering for all themes. [Sami Mokaddem]

Fix

  • [users] added the country information to the index / view. [iglocska]

  • [genericElements:formInfo] Removed unused portion of code. [Sami Mokaddem]

  • [security] blind SQL injection in searchAll. [Sami Mokaddem]

    • As reported by Zigrin Security
  • [meta-template-name-directory] Do not access property from null object. [Sami Mokaddem]

  • [meta-template-direcotry:index] Pass baseurl to the anonymous function. [Sami Mokaddem]

  • [metaTemplateDirectory:index] No static call anymore. [Sami Mokaddem]

  • [template:registration] Correct usage of modal parameters. [Sami Mokaddem]

  • [template:update_all] Correct usage of modal parameters. [Sami Mokaddem]

  • [helper:formFieldMassage] Correctly check for key to avoid debug output. [Sami Mokaddem]

  • [app:js] Removed log forgotten console log output. [Sami Mokaddem]

Other

  • Merge branch 'develop' [iglocska]

  • Merge branch 'main' into develop. [iglocska]

  • Merge branch 'main' into develop. [Sami Mokaddem]

  • Merge branch 'develop' into main. [Sami Mokaddem]

Cerebrate version 1.13 released including new features, improvements and bug fixes

20 Mar 10:56
v1.13
eaa3398
Compare
Choose a tag to compare

We are pleased to announce the immediate availability of Cerebrate 1.13, including new features, improvements bug and security fixes.

We strongly recommend Cerebrate users to update to this latest version.

v1.13 (2023-03-13)

New

  • [metaTemplateNameDirectory] Added index to see the known template and their associated saved meta-templates. [Sami Mokaddem]

  • [user:permissionLimitation] Added current permission status while in add or edit context. [Sami Mokaddem]

    Also moved the notification key from meta-fields to meta-template-fields

  • [element:tagsField] Added support of editable based on passed configuration. [Sami Mokaddem]

  • [ui:formInfo] Rafactored formInfo and added support of field description. [Sami Mokaddem]

    Can be done by using the tooltip key on the field configuration

  • [crud:filter] Added support of IN searches using dropdown. [Sami Mokaddem]

  • [component:CRUD] Added support of IN condition when filtering index. [Sami Mokaddem]

Changes

  • [version] bump. [iglocska]

  • [meta-template:index] Added link to metaTemplateNameDirectory. [Sami Mokaddem]

  • [metaTemplate:update] Gracefully handle case when template on disk is not readable. [Sami Mokaddem]

  • [ui:select2] Added CSS file relying on BS variables instead of default theme hardcoded values. [Sami Mokaddem]

  • [helper:bootstrap] Make sure to output the value even if it's a 0 [Sami Mokaddem]

  • [settings:cerebrate] Improved check before saving debug level. [Sami Mokaddem]

  • [component:CRUD] Added afterFind support in add. [Sami Mokaddem]

  • [user:permissionRestriction] Move check from beforeSave to ApplicationRule. [Sami Mokaddem]

  • [component:CRUD] Include meta-template before calling afterFind [Sami Mokaddem]

  • [tags:org/individual] Relaxed ACL on tagging. [Sami Mokaddem]

    • Before only site_admin could add tags.
    • Now org_admins can add tags for their orgs and individuals
    • Regular users can self manage their own individual tag
  • [encryptionKeys:beforeSave] Updated ACL to disable management of keys for regular orgs. [Sami Mokaddem]

  • [encryptionKey] Made key searchable with substring strategy. [Sami Mokaddem]

  • [organisations:add] Added notice about UUID reuse. [Sami Mokaddem]

  • [helper:bootstrap] Added support of ID option. [Sami Mokaddem]

  • [organisations] nationality field renamed to country. [iglocska]

    • UI display only so far
      • want to maintain alignment with MISP, might change in the future
    • filtering still calls it nationality
    • API still calls it nationality
  • [roles:index] Only show add role button for users having ACL access. [Sami Mokaddem]

  • [authkeys:add] Select logged-in user by default. [Sami Mokaddem]

  • [audit:filter] Made request_action a multiple search. [Sami Mokaddem]

Fix

  • [meta-template:update] Typo in variable name. [Sami Mokaddem]

  • [elements:dropdownField] Always attach select2 to the body. [Sami Mokaddem]

  • [individuals:delete] Gracefully catches deletion of individuals associated to a user. [Sami Mokaddem]

  • [acl:metaTemplate] Added missing entry. [Sami Mokaddem]

  • [individuals:canEdit] Changed function from public to private. [Sami Mokaddem]

  • [elements:bootstrapTabs] Removed unused options. [Sami Mokaddem]

  • [elements:metaTemplateForm] Restored error container in the form. [Sami Mokaddem]

  • [element:metafields_panel] Correct usage of notices for bootstrap/listTable. [Sami Mokaddem]

  • [individual:getValidToEdit] Restricted ACL to prevent one org_admin to edit another from the same org. [Sami Mokaddem]

  • [authkey:add] Forced expiration field to use datetime UI component. [Sami Mokaddem]

    Fix #145

Other

  • Merge branch 'develop' [iglocska]

  • Merge branch 'develop' into main. [Sami Mokaddem]

  • Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [Sami Mokaddem]

  • Merge branch 'main' into develop. [iglocska]

  • Security: [authkey:add] Restrict creation of API keys for users in the same org and for other org_admins. [Sami Mokaddem]

Shout outs

Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do.

A huge thank to the EC for the co-funding for the development of Cerebrate under "Connecting Europe Facility – Cybersecurity Digital Service Infrastructure Maintenance and Evolution of Core Service Platform Cooperation Mechanism for CSIRTs – MeliCERTes Facility” (SMART 2018/1024) contract.

Cerebrate 1.12 released

21 Feb 13:38
v1.12
a7dca82
Compare
Choose a tag to compare

We are pleased to announce the immediate availability of Cerebrate 1.12, including new features, improvements and bug fixes.

New features

  • Get the audit logs associated to any entities generating log entries when in the {controller}/view scope
  • New meta-templates and meta-fields migration strategies:
    • update_existing, delete_all, update_existing
    • update_existing has been set as the default strategy; replacing create_new
  • New setting added, allowing the disabling of user deletions
  • New UI components to streamline user interactions
  • New fastEnrolment CLI tool to quickly enroll users, organisations and individual

Improvements

  • Improved UI of the Notification/DataChange Inbox processor
  • Meta-fields synchronisation by using meta_template_directory_id
  • UI description and documentation for update strategies and conflict resolutions
  • Refactoring of the generic Bootstrap UI elements. Adding support for more options and including extensive component documentation
  • Previewing remote Cerebrate instances now support pagination, filters and synchronisation status

Fixes

Several annoying issues have been resolved, especially in regards to meta-template updates and meta-fields migration.
For a full list of changes, refer to the changelog

Shout outs

Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do.

A huge thank to the EC for the co-funding for the development of Cerebrate under "Connecting Europe Facility – Cybersecurity Digital Service Infrastructure Maintenance and Evolution of Core Service Platform Cooperation Mechanism for CSIRTs – MeliCERTes Facility” (SMART 2018/1024) contract.

Screenshots of new features

New migration strategies

image1
image2
image3

Audit logs on every entity

image4

Cerebrate 1.6 released with some bugfixes

10 Jun 05:43
b5d9d6b
Compare
Choose a tag to compare

We are pleased to announce the availability of Cerebrate 1.6, a bugfix release resolving several issues identified as a follow up of the 1.5 release.

Fixes

Several annoying issues have been resolved, especially in regards to older instances being brought up to date with the current state of Cerebrate.

Shout outs

Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do. For a full list of changes, refer to the changelog

Cerebrate 1.5 released with a collection of improvements

10 Jun 05:40
b90e563
Compare
Choose a tag to compare

We are happy to announce the 1.5 release of Cerebrate, a security, feature and usability release focusing on the various CSIRT use-cases and a user management revamp.

Meta template rework

As of the 1.5 release, meta templates have received a host of new functionalities, including advanced search functionalities and special meta fields. The main objective was to enable organisations to capture constituency information for organisation, including CIDR blocks and AS numbers whilst also enabling users to find the correct PoC when searching for responsible parties by for example IP address.

User management and keycloak rework

The strategy used to enroll and update users in keycloak has been reworked. Cerebrate is now the authoritative identity provider in our current vision, pushing changes to keycloak. We have also added recurring synchronisation mechanisms to the exchange.

Security

We have had a large penetration test conducted by Zigrin Security as a follow up of the rework of key aspects of Cerebrate such as user management. We have fixed a series of identified vulnerabilities and weaknesses along with identified usability bugs as part of this release. Besides just fixes, this also resulted in some additional security features such as a registration flood protection. For a full run-down of all fixes refer to the changelog and the security page for identified CVEs.

A massive thank you to the Luxembourgish army for funding the penetration test and thereby helping us ensure that our open-source toolchains remain secure and reliable.

Various usability and UX improvements

A number of views have received overhauls and usability reworks - this is a continuous effort and we are looking for any feedback on how we can further ensure that Cerebrate doesn't get in your way of achieving your community management objectives.

Shout outs

Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do. For a full list of changes, refer to the changelog

Cerebrate 1.4 released with a long list of improvements and fixes

27 Jan 22:00
4563a39
Compare
Choose a tag to compare

v1.4 (2022-01-27)

We are happy to announce the 1.4 release of Cerebrate, a stability and bug-fix release resolving a long list of issues that have plagued Cerebrate so far.

Integration test

This release adds the first revision of the CI suite developed by @righel, allowing us to catch and remediate regressions before they would get merged to the main branch. Expect further tuning and improvements to this suite with most releases going forward from this point on.

API documentation

OpenAPI integration and descriptions directly available via the UI.

Fixes

A long list of fixes, affecting most subsystems, from API, through local tools all the way to the configuration settings. Massive thank you to Dawid Czarnecki from Zigrin Security, who is conducting a penetration test of Cerebrate and was kind enough to report any bugs that he ran into during his extensive testing. We would also like to thank The Luxembourg Armed Forces (LAF) for funding the testing and helping us ensure the reliability and security of our tooling.

Cerebrate is the core software component of the MeliCERTes project, aiming to support the pan-european information exchange and collaboration of the CSIRT community. The project is co-funded by the European Commission under Connecting Europe Facility.

Cerebrate 1.3 released with various improvements in Keycloak authentication, MISP connector and UI/JS.

23 Dec 14:41
9801a71
Compare
Choose a tag to compare

v1.3 (2021-12-22)

Changes

  • [keycloak] added screw to loosen timing issues. [iglocska]

  • Misp connector index changes. [iglocska]

  • [themes] Recompiled themes using dart-sass. [Sami Mokaddem]

  • [themes:packages] Replaced node-sass by dart-sass. [Sami Mokaddem]

Fix

  • [local_tool:batchApiAction] Various UI and backend fixes. [Sami Mokaddem]

  • [main] Prevent setting listeners if dependencies are not loaded. [Sami Mokaddem]

Other

  • Merge branch 'main' of github.com:cerebrate-project/cerebrate into main. [iglocska]

  • Don't ignore platform reqs in dockerfile. [Andras Iklody]

  • Merge branch 'develop' into main. [iglocska]

  • Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [iglocska]

Cerebrate 1.2 version released with new ACL helper and many fixes

15 Dec 15:37
3305730
Compare
Choose a tag to compare

v1.2 (2021-12-15)

Cerebrate v1.2 released with a host of bugs resolved and some slight modifications to the handling of the user objects.

User objects are now tied to organisations

Prior to this versions, the only way to bind a user to an organisation was via the related individual object. This caused issues with users belonging to multiple or no organisations in practice, both of which are valid for individuals, but make access control difficult.

With the current release, users are now tied to organisations and the access control is restricted accordingly. If the intent is to allow a user to act on behalf of multiple organisations, simply add multiple users to an existing individual, one for each organisation, to achieve the expected result.

Changelog

New

  • [ACL Helper] check access for controller / action pair for given user. [iglocska]

    • accesible everywhere in the UI
  • [ACL component] new functionalities. [iglocska]

    • getRoleAccess now returns either URLs or arrays
    • array format allows for easy checking of controller + action pairs
  • [ACL] getRoleAccess endpoint added. [iglocska]

    • prints all valid URLs for the current user's role

Changes

  • [sharing group index] add button now has the new checkaccess conditions applied. [iglocska]

  • [appcontroller] minor changes. [iglocska]

    • getRoleAccess now returns array format
    • moved setting of view variables behind a rest check, to avoid additional unused actions for API queries
    • current user's role access matrix passed to view via "roleAccess"

Fix

  • [sharing group index] fixed members link. [iglocska]

  • [sharing groups] index members column fixed. [iglocska]

  • [encryptions] fixed adding encryption keys. [iglocska]

  • [ACL] added missing entries. [iglocska]

  • [ACL] fix wildcard controller checks failing. [iglocska]

  • [encryption keys] only show valid options when creating keys as a user. [iglocska]

  • [keycloak] enrollment org_id issues fixed. [iglocska]

  • [user add] form fixes. [iglocska]

  • [forms] added missing password form field. [iglocska]

  • [forms] dropdowns overriding values from request. [iglocska]

Other

  • Merge branch 'develop' into main. [iglocska]

  • Merge branch 'main' into develop. [iglocska]