Ghostwriter v5.0.0

Summary

The changes in this release are few, but they will significantly impact the use of the web UI. Therefore, we are incrementing the major version for this release. Please review the role-based access controls and communicate the changes to your users before updating.

CHANELOG

[5.0.0] - 7 February 2025

Added

• Managers now have the ability to invite users to view a client or project from the client and project dashboards
• Added the DATABASE_URL variable to the Django container's environment (Fixes #578)

Changed

• This release changes role-based access controls in the web UI to match the GraphQL API's stricter controls
  • Users with the standard user role will no longer be able to see or access projects to which they are not assigned
  • These users will be able to see a client has other past or current projects, but will be unable to see the details of those projects
  • Admins and managers can grant a user access to a client or project by inviting them from the client or project dashboards
• Fixed the WYSIWYG editor not working for custom Rich Text fields added to the log entry model
• Added tags to the autocomplete results when searching for findings and observations (Closes #582)
• Added autocomplete to client and project filters

Ghostwriter v5.0.0-rc1

Summary

This is a release candidate (RC) for v5.0.0. Although the changes in this release are few, they will significantly impact the use of the web UI. Therefore, we are incrementing the major version release and releasing an RC first.

CHANGELOG

[5.0.0-rc1] - 23 January 2025

Added

• Managers now have the ability to invite users to view a client or project from the client and project dashboards

Changed

• This release changes role-based access controls in the web UI to match the GraphQL API's stricter controls
  • Users with the standard user role will no longer be able to see or access projects to which they are not assigned
  • These users will be able to see a client has other past or current projects, but will be unable to see the details of those projects
  • Admins and managers can grant a user access to a client or project by inviting them from the client or project dashboards

Ghostwriter v4.3.11

Summary

This release only updates the GHostwriter CLI binaries to address an issue. These binaries are also available here:

https://github.com/GhostManager/Ghostwriter_CLI/releases/tag/v0.2.22

CHANGELOG

[4.3.11] - 8 January 2025

Changed

• Updated the pre-built Ghostwriter CLI binaries to v0.2.22

Ghostwriter v4.3.10

Summary

This release includes the latest Ghostwriter CLI with minor updates and bug fixes.

CHANGELOG

[4.3.10] - 3 January 2025

Added

• Added a HASURA_GRAPHQL_SERVER_HOSTNAME for the DotEnv file to allow for setting the Hasura server hostname (Fixes #566)
  • This is available for Kubernetes deployments (see issue #566)
  • For all other deployments, the Hasura server hostname should be left set to graphql_engine by default

Changed

• The linter now checks if the list styles are of type PARAGRAPH in the Word template
• The archived reports page now displays the project name for each report to help with identification
• Updated the pre-built Ghostwriter CLI binaries to v0.2.21

Ghostwriter v4.3.9

Summary

This release contains some minor changes related to evidence.

CHANGELOG

[4.3.9] - 10 December 2024

Changed

• Evidence previews for custom fields and evidence detail pages now display evidence at 6.5" wide to mimic the standard full-width seen in a Word document

Fixed

• Fixed an issue that could cause improper casing for the first word in a caption

Ghostwriter v4.3.8

Summary

This release addresses user feedback for minor enhancements and fixes an issue we identified with filtering activity logs containing substantial data (e.g., lenghty command output).

CHANGELOG

[4.3.8] - 6 December 2024

Added

• Added buttons to jump to a selected template from the report dashboard

Changed

• Enabled pasting with formatting in the WYSIWYG editor
  • This change allows you to paste formatted text from other sources (e.g., Word documents) into the editor
  • This caused issues in the past when pasting from Word, some terminals, and some websites, but the reporting engine seems to handle the formatting well now
  • Note: Pasting with formatting may not work as expected in all cases, so please check your pasted content in the editor before generating a report
• Increased the auto-complete list's maximum items from 10 to 20 to show more evidence files
• Using the "Upload Evidence" button in the editor now pushes a ref version of the auto-complete entry to the auto-complete list upon successful upload

Fixed

• Fixed activity log filtering not working correctly when very large log entries were present (PR #558)

Ghostwriter v4.3.7

Summary

This release fixes some issues with custom fields and cross-references in Word documents.

CHANGELOG

[4.3.7] - 25 November 2024

Fixed

• Fixed forms not accepting decimal values for extra fields (PR #554)
• Fixed cross-references not working when the reference name contained spaces (PR #556)

Ghostwriter v4.3.6

Summary

This release adds functionality for tables and captions in Word reports, addresses list formatting in Word reports, and reduces exposed services in production environments.

CHANGELOG

[4.3.6] - 14 November 2024

Added

• Added support for table captions in the WYSIWYG editor (PR #547)
  • Caption text can be customized by right-clicking on the table > Table Properties > General > Show caption
• Added report configuration options for figure and table caption placement (above or below) for Word

Changed

• Production deployments now default to only exposing PostgreSQL and Hasura ports to internal services (PR #551)
  • This change is to improve security by limiting the number of exposed ports on the server
  • If you need direct access to PostgreSQL or Hasura, you can adjust the Docker Compose file to expose the ports on the host system or run a utility like psql inside the container

Fixed

• Fixed observations not being cloned when cloning a report (PR #548)
• Fixed lists being styled as List Paragraph in Word instead of with user-defined Bullet List or Number List styles (PR #550)

Ghostwriter v4.3.5

Summary

This is a minor release that adjusts the linter and report context.

CHANGELOG

[4.3.5] - 30 October 2024

Changed

• The added_as_blank attribute for findings is now included in the template linter

Fixed

• Fixed false values appearing as "" in the report template context after release v4.3.4

Ghostwriter v4.3.4

Summary

This is a minor release to patch an issue with the cloud server creation and update checks for duplicate IP addresses added in a previous release.

CHANGELOG

[4.3.4] - 24 October 2024

Changed

• Adjusted the duplicate IP address checks for cloud servers on a project to make them more robust to catch more edge cases

Fixed

• Fixed an issue with creating a new cloud server on a project