Releases: OpenBAS-Platform/openbas
Version 1.8.2
Enhancements:
- #1453 Ability to support IAM roles for Amazon S3 / MinIO configuration
Full Changelog: 1.8.1...1.8.2
Version 1.8.1
Bug Fixes:
- #1778 Non-admin user granted for a simulation not able to access it
- #1751 Add Kosovo country
- #1347 Error 500 when updating Groups
Full Changelog: 1.8.0...1.8.1
Version 1.8.0
The OpenBAS 1.8.0 is out ! Hope you will enjoy it! 🚀
📒 Customizable Debrief
Feeling like sharing the results of your simulation to enhance collaboration ? You can now generate a customizable report page and export it into nicely formatted and shareable PDFs, along with an overall summary to receive insights in a clear and accessible format.
⛓️ Conditional Inject Chaining
Building on version 1.7, seamlessly condition injects launch based on the expectations of previous ones, creating more dynamic simulations with multiple inject paths.
🏗️ Payload Categorization by Architecture
In need of precision regarding your architecture for your payloads ? We organized and categorized your payloads by binary architecture to facilitate the selection of your injects.
👓 Advanced Player and Asset Filtering
We added filters on the players and asset groups pages to streamline your analysis and focus on the most relevant data.
And we also solved a lot of bugs, made some UI improvements and updated our documentation.
Enhancements:
- #1582 Improve latency on page: admin/scenarios/:id
- #1580 Improve latency on page: admin/scenarios/:id/injects
- #1555 Add filters to Players page
- #1554 Add filters to Asset group page
- #1487 [ Unit testing - simulation scope ] - lessons learned surveys
- #1485 [ Unit testing - simulation scope ] - inject creation/update
- #1385 Conditional inject chaining
- #1189 Categorize payload by architecture
- #1080 Create customizable debrief page - generate a report page with a global note
Bug Fixes:
- #1704 Message "internal error" + Error 500 occurring when creating a technical scenario
- #1701 Scenario & Simulation full reload when refetching
- #1699 Remove double fetch organizations in Groups
- #1682 Remove duplicate requests for pagination & filters
- #1678 Fix deprecated local method to start frontend
- #1670 MITRE ATT&CK matrix dashboard results is not working
- #1668 When deleting an endpoint in an inject, line is not removed but becomes empty
- #1666 Default value of payload argument is not taken into account when creating an atomic testing
- #1660 Images (logos) of security systems uploaded by collectors should not be deletable
- #1658 Mouse cursor is disappearing when mouse is going to the result by target in inject
- #1655 Putting expectation with the security platform is broken
- #1633 Import injects: Pagination hides injects over 100 + action only works if the user refreshes
- #1632 Labels in select inputs look broken
- #1610 Tags are not displayed in simulation overview
- #1603 Score max value on the scalebar is not coherent with default value or set value
- #1600 Can't update an inject without filling all mandatory fields
- #1586 Simulations never ends if no inject / disabled injects / deleted injects
- #1521 Removing a team from the context doesn't work
- #1473 [ UI improvement ] to display uri of a media pressure in an email inject
Pull Requests:
- Update dependency @mui/x-date-pickers to v7.18.0 by @renovate in #1537
- Update dependency esbuild to v0.24.0 by @renovate in #1542
- Update dependency chokidar to v4 by @renovate in #1560
- Update dependency date-fns to v4 by @renovate in #1561
- Update dependency vitest to v2 by @renovate in #1563
- Update maven Docker tag to v3.9.9 by @renovate in #1576
- Update dependency slack to v5 by @renovate in #1579
- Update eclipse-temurin Docker tag to v21.0.4_7-jre by @renovate in #1574
- Update docker/build-push-action action to v6 by @renovate in #1564
- [backend/frontend] Add filters on player page by @RomuDeuxfois in #1605
- [frontend/backend] add inject result inside report by @MarineLeM in #1519
- Improve latency on endpoint teams by @RomuDeuxfois in #1584
- Update dependency zustand to v4.5.5 by @renovate in #1598
- [backend] Add ID on expectation type by @RomuDeuxfois in #1613
- Update dependency http-proxy-middleware to v3 by @renovate in #1562
- Update dependency @types/react to v18.3.11 by @renovate in #1597
- Update dependency @types/node to v20.16.10 by @renovate in #1596
- Update eslint monorepo to v8.57.1 by @renovate in #1575
- [backend] Fix 401 when user not admin and go to page with filters by @damgouj in #1620
- [backend] Fix call to the management plugin not working when using ssl by @Dimfacion in #1622
- Bugfix/1478 fix filter order by @savacano28 in #1623
- [backend/frontend] fix bulk update injects by @savacano28 in #1628
- [backend] Use join map to avoid duplicate join by @RomuDeuxfois in #1619
- [frontend] Documents are not duplicated when an inject is duplicated by @isselparra in #1641
- [backend/frontend] Categorize payload by architecture by @isselparra in #1612
- [backend] Fix latency scenarioId by @savacano28 in #1606
- [backend/frontend] Add filters to Asset group page by @RomuDeuxfois in #1646
- Update dependency @babel/plugin-transform-modules-commonjs to v7.25.7 by @renovate in #1595
- [frontend] Fix deprecated start method to start frontend (#1678) by @guillaumejparis in #1679
- [frontend] Remove duplicate requests for pagination & filters by @guillaumejparis in #1683
- [frontend] fix import icon by @MarineLeM in #1695
- [backend/frontend] Fix removing a team from the context doesn't work by @RomuDeuxfois in #1544
- [backend] Inject creation/update in a simulation (#1485) by @johanah29 in #1636
- [frontend] Fix tags displayed and links to item exercises lists (#1610) by @damgouj in #1689
- [frontend] Improve scalebar component by @savacano28 in #1703
- [frontend] fix import openbas logo in pdf by @MarineLeM in #1705
- [frontend] avoid full reload of scenario & simulation when refetching… by @guillaumejparis in #1702
- [frontend] delete double fetch in groups (#1699) by @guillaumejparis in #1700
- [backend] Fix param to retrieve asset groups from a raw map by @savacano28 in #1710
- Update dependency http-proxy-middleware to v3.0.3 [SECURITY] by @renovate in #1724
- [backend] Fix raw teams request (#1704) by @guillaumejparis in #1721
- [backend] Add obfuscator base64 on expectation signature for OpenBAS agent by @RomuDeuxfois in #1712
- [frontend] create reportComment component by @MarineLeM in https://github.co...
Version 1.7.3
Bug Fixes:
- #1629 Documents are not duplicated when an inject is duplicated
- #1608 Results of OpenBAS scenarios are not displayed anymore in OpenCTI
Full Changelog: 1.7.2...1.7.3
Version 1.7.2
Bug Fixes:
- #1627 Adding / replacing / removing inject teams in bulk also remove all attached document
Full Changelog: 1.7.1...1.7.2
Version 1.7.1
Version 1.7.0
Hello dear community! The OpenBAS 1.7.0 is out ! Hope you will enjoy it! 🚀
In this release, we’ve focused on addressing key community pains and squashing bugs to enhance your overall experience.
Improve the readability in our platform logs for more efficient debugging
For better readability, efficiency in troubleshooting and allowing compatibility with an observability platform such as Grafana (filtering, graphs), we changed our logs from Java to JSON.🔍
Command Details in execution traces
Need to see your command information to follow what will be executed? It’s now possible to see what command lines have been executed in your inject details or atomic testing page. 📖
Self-signed certificate
Great news! Following a request from our community, our HTTP client now supports self-signed certificates, making it easier to authorize and connect securely in custom environments. 🚘
Customizable expiration time settings
Introducing customizable expiration settings! Now, you can manage the expiration time of your expectations in their setting and at platform level through your config file. Take full control and fine-tune your workflow like never before! 💥
Clearer insights for expectation score and validation
Say hello to clearer insights! We’ve refined our UI to clarify expectation scores settings and validation screens giving you instant clarity at a glance! 🧹
And we also solved a lot of bugs and made some UI improvements.
Enhancements:
- #1418 Better readability for platform logs: from java default stack traces to JSON
- #1218 Authorized platform self-signed ssl certificate
- #1171 For expectations, add the ability to customize the expiration time used by the expiration manager
- #1232 Command Details in execution traces
- #1198 Improve UI of score settings/validation
Bug Fixes:
- #1550 Error message of Caldera executor not responding when there is no Caldera config
- #1516 Delete a team from simulation works but generates an error in the interface
- #1508 open agent windows 10 invalid peer certificate unknown issuer
- #1503 in animation page, selecting a tag doesn't impact the graphs
- #1496 obas a gent on win11 arm
- #1482 Notify success & error from network requests are not translated
- #1476 When adding a team with multiple players, it can lead to duplicate inserted in database which generate an error
- #1471 bulk deletion of inject only delete the first one of the list
- #1456 Sorting on "executor" in "Endpoints" section triggers "Internal error"
- #1452 UI inconsistency: space separators in simulation list + height of the lines
- #1435 Mitre Attack Coverage is partially hidden on firefox
- #1371 Scenario result should not be interactive and show clearly that they have no data when no simulation has been played
- #1028 In some cases, IMAP store of sent message can fail
- #1425 Inject expectation is missing on atomic testing
- #1431 Consistent wording for UI in asset groups: Dynamic asset filter or rule
Pull Requests:
- Update dependency swagger-typescript-api to v13.0.22 by @renovate in #1444
- Update dependency @playwright/test to v1.47.1 by @renovate in #1439
- Update dependency uuid to v10 by @renovate in #1446
- Update dependency jsdom to v25 by @renovate in #1445
- Update dependency mdi-material-ui to v7.9.2 by @renovate in #1443
- Update dependency html-react-parser to v5.1.16 by @renovate in #1442
- Update dependency axios to v1.7.7 by @renovate in #1441
- Update dependency qs to v6.13.0 by @renovate in #1440
- [backend/frontend] Add possibility to launch openbas agent on docker and linux image by @RomuDeuxfois in #1417
- Update dependency express to v4.20.0 [SECURITY] by @renovate in #1426
- [Frontend | Backend | Database] Improve UI of score settings/validation by @johanah29 in #1420
- Update Node.js to v20.17.0 by @renovate in #1437
- Update Yarn to v4.5.0 by @renovate in #1438
- [backend] Add payload elevation required by @savacano28 in #1410
- Update dependency vite to v5.3.6 [SECURITY] by @renovate in #1467
- [backend/frontend] fix trigger now injects by @savacano28 in #1424
- Bump vite from 5.3.6 to 5.4.6 in /openbas-front by @dependabot in #1469
- [backend/frontend] Improv filters UI by @RomuDeuxfois in #1462
- [frontend] can done and trigger inject only in animation tab by @MarineLeM in #1428
- [frontend] change wording for dynamic asset filter by @MarineLeM in #1472
- [backend] Add tracing with OpenTelemetry by @RomuDeuxfois in #1404
- [frontend] Add teams in a scenario for multiple injects (#1464) by @damgouj in #1474
- [backend] Fix expectations in injects (#1425) by @damgouj in #1463
- [backend/frontend] Command Details in execution traces (#1232) by @damgouj in #1449
- [frontend] Fix abnormal space and height in lists by @johanah29 in #1479
- [backend/frontend] add exercise report by @MarineLeM in #1419
- [frontend] Keep commands lines shown if another element is updated in atomic testing page by @damgouj in #1493
- [frontend] Fix Mitre Att&ck Coverage display on Firefox by @isselparra in #1484
- [frontend/backend] remove updateAttributes and isListened from api-ty… by @MarineLeM in #1510
- [frontend] fix translation in network success or fail messages (#1482) by @guillaumejparis in #1483
- Update dependency typescript to v5.6.2 by @renovate in #1288
- [frontend/backend] add isListened in api-types file by @MarineLeM in #1511
- Update dependency @types/qs to v6.9.16 by @renovate in #1526
- Update dependency @types/node to v20.16.6 by @renovate in #1525
- Update dependency @playwright/test to v1.47.2 by @renovate in #1524
- Update dependency @emotion/react to v11.13.3 by @renovate in #1523
- Update dependency @dagrejs/dagre to v1.1.4 by @renovate in #1522
- [backend/frontend] Sorting on "executor" in "Endpoints" section triggers "Internal error" by @isselparra in #1514
- [backend] Add retry on imap connexion by @RomuDeuxfois in #1497
- [backend] Fix wrong count for pagination by @RomuDeuxfois in #1529
- [frontend]Fix the display of the result of injects bulk deletion by @johanah29 in #1481
- Bump rollup from 4.13.0 to 4.22.4 in /openbas-front by @dependabot in #1520
- Update dependency vite to v5.4.7 [SECURITY] by @renovate in #1535
- Update dependency commons-io:commons-io to v2.17.0 by @renovate in #1541
- Update dependency com.rabbitmq:amqp-client to v5.22.0 by @renovate in #1540
- Update dependency @xyflow/react to v12.3.0 by @renovate in #1538
- [frontend] update teamsIds state by @savacano28 in https://githu...
Version 1.6.1
Bug Fixes:
- #1466 Creating challenges or media pressure inject does not work
- #1465 Broken variable in media pressure inject
- #1464 Add teams in a scenario for multiple injects not working
Full Changelog: 1.6.0...1.6.1
Version 1.6.0
Hello dear community! The OpenBAS 1.6.0 is out ! Hope you will enjoy it! 🚀
Interactive Timeline Display for injects
Our brand-new timeline is getting fancier ! On top of being able to create and modify your injects more intuitively, you can now chain your injects, opening the way to our future exciting feature: conditional inject launch ! 🛤️
Filters implementation
Find More, Faster: unleash the Power of Filters for a Seamless Experience! You can now leverage filtering on the most important lists of OpenBAS to better understand various kinds of situation for your scenarios, simulations, atomic testing etc. 👀
Test emails and SMS related injects
Not sure if your email or SMS was sent ? You can replay a test for a single inject or do it in bulk. 📬
Launch a scenario now as we do in simulation
No time to waste ? Feeling like launching your scenario right away without scheduling ? It’s now possible with the start now button on the scenario level. ⛷️
Caldera is removed from the default OpenBAS stack
Caldera was complicated to use for the community. We’ve heard you! OpenBAS has reached a good level of maturity by integrating atomic red team so we decided to remove it from our default stack. 👏
Enhancements:
- #1421 Remove Caldera from default stack
- #1368 Ability to launch a scenario - same as we do for simulations - with a start now
- #1336 Be able to replay test for sms and email injects
- #1294 Implement filters on atomic testing, inject and payload lists
- #1194 Chaining injects logically
- #124 Implement filters on injector contract, scenario & simulation lists
Bug Fixes:
- #1400 In scenario tab, anormal spaces between overlay and separators
- #1397 Lessons learned survey are never received
- #1361 Avoid deadlocks during Flyway migrations (>9.0.)
- #1350 When updating an expectation score, the expectation status doesn't change
- #859 Login UI should be iso with OCTI
- #844 404 errors are not correctly handles, leading to spinning forever
Pull Requests:
- [backend/frontend] fix expectation status when updating score by @MarineLeM in #1379
- [github] Adding a way to have the labels automatically set by @Dimfacion in #1372
- [github] Fixing the branch name by @Dimfacion in #1381
- [frontend/backend] align login page with octi (#859) by @guillaumejparis in #1373
- [frontend] add a warning instead of loading indefinitely on 404 for s… by @guillaumejparis in #1369
- Add quick filters on scenarios, simulations and atomic testing by @RomuDeuxfois in #1352
- [backend] fix deadlock flyway migration on 9.22.3 by @savacano28 in #1358
- [frontend] Fix on moving an inject deletes it's content by @Dimfacion in #1393
- [backend] fix obas injector for linux & mac (#1388) by @guillaumejparis in #1391
- [backend] Add sortable property to team_name by @savacano28 in #1399
- [backend/frontend] Add missing sortable by @RomuDeuxfois in #1401
- [frontend/backend] Be able to replay test by @johanah29 in #1364
- [backend/frontend] Fix team creation by @RomuDeuxfois in #1402
- Atomic testing list is slow on demo environment by @RomuDeuxfois in #1389
- [backend/frontend] Add quick filters on scenarios injects & simulations injects by @RomuDeuxfois in #1383
- [Frontend] Fix spaces between overlay and separators in scenario tab by @johanah29 in #1406
- [readme] fix readme screenshot and links by @guillaumejparis in #1407
- [backend/frontend] Add quick filters on assets & asset groups when inject creation by @RomuDeuxfois in #1394
- [frontend] Fix inject action update in inject list by @RomuDeuxfois in #1411
- [frontend/backend] add a start now for scenario (#1368) by @guillaumejparis in #1405
- [frontend/backend] Chaining injects logically by @Dimfacion in #1380
- [backend/frontend] Filters options should not be limit to 10 by @RomuDeuxfois in #1430
- [frontend] Error display when a survey is send by @RomuDeuxfois in #1429
- [frontend] Fix missing filter on dynamic asset group by @RomuDeuxfois in #1434
- [frontend] Change some wordings by @RomuDeuxfois in #1432
- [frontend] Improv filter style by @RomuDeuxfois in #1433
- [frontend] Small fix on chaining UI by @Dimfacion in #1448
- [backend] Fix inject status delete cascading by @RomuDeuxfois in #1447
Full Changelog: 1.5.1...1.6.0
Version 1.5.1
Bug Fixes:
- #1398 Teams creation does not work
- #1392 Moving an inject deletes it's content
- #1388 Launching payload with Atomic Testing on Linux is not working
Full Changelog: 1.5.0...1.5.1