Closed adulau closed 4 years ago
thanosa75
commented
5 years ago Needs testing but surely a valid request - do you foresee problems if the update fails? Is there a case that a manual intervention may be required - does the UI allow e.g. rollback?
thanosa75
commented
5 years ago @adulau an upgrade of MiSP requires a git checkout ??? for security reasons, our image does not have binaries such as git, and many others.
iglocska
commented
5 years ago Git checkout? It requires a git pull on the current branch. How were you updating MISP until now? Surely you've had a method for previous versions of MELiCERTES?
adulau
commented
5 years ago If you are building a container for a module in the CSP such as MISP, ensuring that the default update process of tool works sound very sane to me. Would it be possible to add this?
A side note, we are currently evaluating to have a functionality in the MISP sync to enforce and assess the version used on the remote MISP. Especially to avoid leak of data or security issues in the future. Having the update process in the CSP for the MISP would ensure long-term availability of CSP components and especially to access the other MISP sharing communities.
thanosa75
commented
4 years ago Resolved via commit 5700fe56a114f37068cd4cd91b43c1d21f38ee00 and others before it.
The default CSP uses an old version of MISP 2.4.107. Can you push an update to the MISP module to have the latest version 2.4.113?
Could you allow the default update mechanism (from MISP UI) to work? It will allow users of the CSP to keep their MISP up-to-date without waiting for the release of a module by the third-party.
Thank you.