Temp files cleanup

docker-compose-dev.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2024 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -76,6 +76,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
       - ./persistent/${COMPOSE_PROJECT_NAME}/tls/:/etc/ssl/private
@@ -90,7 +91,9 @@ services:
     image: jisccti/misp-workers-dev:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
+  modules_cache:
+  web_temp:

docker-compose-ha.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -85,6 +85,7 @@ services:
     image: jisccti/misp-web:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -102,8 +103,10 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
+  modules_cache:
+  web_temp:

docker-compose-shibb.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -79,6 +79,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -98,6 +99,7 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
@@ -116,4 +118,5 @@ services:
       - ./persistent/${COMPOSE_PROJECT_NAME}/shibb/logs:/var/log/shibboleth
       - ./persistent/${COMPOSE_PROJECT_NAME}/shibb/run:/run/shibboleth
 volumes:
-  modules_cache:
+  modules_cache:
+  web_temp:

docker-compose.yml

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023-2025 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -77,6 +77,7 @@ services:
       - ${HTTPS_PORT:-443}:443
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp
       #- /etc/letsencrypt/archive/MISP:/etc/letsencrypt/archive/MISP:ro
       #- /etc/letsencrypt/live/MISP:/etc/letsencrypt/live/MISP:ro
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
@@ -94,8 +95,10 @@ services:
     image: jisccti/misp-workers:latest
     restart: unless-stopped
     volumes:
+      - web_temp:/tmp/misp-web
       - ./persistent/${COMPOSE_PROJECT_NAME}/custom/:/opt/misp_custom
       - ./persistent/${COMPOSE_PROJECT_NAME}/data/:/var/www/MISPData
       - ./persistent/${COMPOSE_PROJECT_NAME}/gpg/:/var/www/MISPGnuPG
 volumes:
-  modules_cache:
+  modules_cache:
+  web_temp:

misp-web/scripts/misp_maintenance_jobs.ini

@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2023 Jisc Services Limited
+# SPDX-FileCopyrightText: 2023-2026 Jisc Services Limited
 # SPDX-FileContributor: Joe Pitt
 #
 # SPDX-License-Identifier: GPL-3.0-only
@@ -9,6 +9,13 @@ baseurl = hxxp://misp-web
 debug = False
 verifytls = False
 
+[cleanup_temp_files]
+command = /usr/bin/find /tmp/misp-web/ -type f -mmin +120 -delete
+enabled = True
+interval = 60
+lastrun = 0
+needsauthkey = False
+
 [rotate_logs]
 command = /var/www/MISP/venv/bin/python3 /opt/scripts/rotate_logs.py
 enabled = True

pages/changelog.md

@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2025-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 
 SPDX-License-Identifier: GPL-3.0-only
@@ -8,6 +8,11 @@ SPDX-License-Identifier: GPL-3.0-only
 
 This page tracks significant changes to the images.
 
+## May 2026 - MISP >=2.5.37
+
+* Made MISP-Web `/tmp` directory a volume and added task to delete stale temporary files - requires
+    updating `docker-compose.yml` and `misp_maintenance_jobs.ini` to activate
+
 ## December 2025 - MISP >=2.5.27
 
 * Updated images to use PHP 8.5

pages/dev/misp-web.md

@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2024-2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2024-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 SPDX-FileContributor: James Ellor
 
@@ -89,5 +89,6 @@ The image uses the following volumes:
 | Mount Point | Purpose |
 |-------------|---------|
 | /etc/ssl/private/ | Holds the TLS certificate (and chain) (`misp.crt`) and the private key (`misp.key`) used to serve MISP over HTTPS. |
+| /tmp | Holds Apache and PHP temporary files. |
 | /var/www/MISPData | Holds the instance specific data which needs to be persisted between updates and container recreations. |
 | /var/www/MISPGnuPG | Holds the GPG/PGP key chain used by MISP for email signing and encryption. |

pages/dev/misp-workers.md

@@ -1,5 +1,5 @@
 <!--
-SPDX-FileCopyrightText: 2024-2025 Jisc Services Limited
+SPDX-FileCopyrightText: 2024-2026 Jisc Services Limited
 SPDX-FileContributor: Joe Pitt
 SPDX-FileContributor: James Ellor
 
@@ -44,5 +44,6 @@ The image uses the following volumes:
 
 | Mount Point | Purpose |
 |-------------|---------|
+| /tmp/misp-web | Holds Apache and PHP temporary files from misp-web. |
 | /var/www/MISPData | Holds the instance specific data which needs to be persisted between updates and container recreations. |
 | /var/www/MISPGnuPG | Holds the GPG/PGP key chain used by MISP for email signing and encryption. |