v1.10.0
https://docs.openkat.nl/release_notes/1.10.html
What's Changed
- Update 1.8 release notes by @dekkers in #959
- Upgrade to RabbitMQ 3.11 by @praseodym in #946
- Replace "rc" with "~rc" in Debian package version by @dekkers in #977
- Improve Makefile by @praseodym in #966
- Dependabot PRs by @ammar92 in #979
- Bump sqlalchemy from 1.4.31 to 1.4.48 by @dependabot in #971
- Updated docker-py by @ammar92 in #985
- Latex docs, now signed. by @tobiasBDO in #983
- Change line endings by @Donnype in #989
- Tell the mixed-line-endings check to set everything to lf by @Donnype in #991
- Create boefjes.md by @ring-ring-ring in #828
- Delete
plugin_repository
package by @ammar92 in #992 - Update debianinstall.rst by @brennodewinter in #822
- update/nuclei path fix, backwards compat by @RiieCco in #962
- Remove job model and generate migrations by @Donnype in #995
- Scheduler tests clean up by @jpbruinsslot in #978
- Fix error on clone settings without organization selected by @Donnype in #997
- Pin typing-extensions to 4.5.0 by @Donnype in #1019
- Removed LXD legacy by @ammar92 in #1016
- Upgrade to requests v2.31.0 by @praseodym in #1020
- Upgrade to Django 4.2 by @praseodym in #1004
- Make two-factor authentication (2fa) optional by @praseodym in #1002
- Upgrade FastAPI and dependencies by @ammar92 in #467
- Upgrade (default) container Dockerfiles from Python 3.8 to 3.11 by @Darwinkel in #1021
- Only sleep when all queues are empty by @dekkers in #952
- Feature/add signing provider for raw file by @Donnype in #994
- Various fixes to Fierce boefje by @praseodym in #1001
- Fix RDO workflow by @dekkers in #1023
- Add new permissions by @Rieven in #950
- feature(octopoes): fields to finding type model by @Lisser in #921
- Bump mmh3 from 3.0.0 to 4.0.0 by @dependabot in #1005
- Fix phony targets in Makefile by @praseodym in #1055
- Fix scheduler ranking by @jpbruinsslot in #988
- Add 1.9 release notes by @dekkers in #1029
- Fix clearance level views by @praseodym in #1035
- Add date, name and status filters by @Haikevt in #572
- Clients can start scans on objects without changing clearance by @Rieven in #945
- Bump sphinx-rtd-theme from 1.2.0 to 1.2.1 by @dependabot in #1062
- add latex docs to index by @tobiasBDO in #1071
- Add "Closes" to the pr template to make sure tickets are linked to the issues by @Donnype in #1078
- Bump tldextract from 3.4.2 to 3.4.4 by @dependabot in #1059
- Add Debian 12 build image and add version to existing image names by @dekkers in #1063
- Bump cachetools from 5.3.0 to 5.3.1 by @dependabot in #1061
- Bump pydantic from 1.10.7 to 1.10.8 by @dependabot in #1060
- 🐛 fix incorrect TLS finding definition by @zcrt in #1082
- Better JSON schema support for plugin settings in Rocky by @Donnype in #939
- Fix scan profile db event issue by adding an explicit reference field by @Donnype in #1070
- add readmes to table of contents by @ring-ring-ring in #1092
- Update xtdb-http-multinode to v1.0.6 by @dekkers in #1086
- Add external auth support by @dekkers in #1039
- Rocky: Add ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS env vars by @praseodym in #1084
- Unpin typing-extensions dependency by @praseodym in #1089
- add 'ideas' as a category in project guidelines by @ring-ring-ring in #1105
- Remove unused boefje fields when creating a BoefjeTask object to send to the scheduler by @Donnype in #1103
- Fix failing test-debian-install in CI by @dekkers in #1111
- Bump cryptography from 40.0.2 to 41.0.0 in /bytes by @dependabot in #1100
- Bump cryptography from 40.0.2 to 41.0.1 by @dependabot in #1108
- Bump cryptography from 39.0.1 to 41.0.0 in /boefjes/boefjes/plugins/kat_ssl_certificates by @dependabot in #1099
- Remove containers after
docker-compose run
by @praseodym in #1112 - add findingtype files by @noamblitz in #1117
- Finding Types Boefjes by @Lisser in #1056
- Fix typos in 'no organizations found' message by @praseodym in #1123
- Add script to automatically backport PR to release branch by @dekkers in #1097
- Handle an empty plugin.consumes field for the plugin detail page by @Donnype in #1104
- Persist impact, recommendation and source fields in FindingType objects in XTDB by @Lisser in #1126
- Remove tasks and items on mutation delete by @jpbruinsslot in #1090
- Add endpoints in Octopoes for bulk operations in the object list page by @Donnype in #1067
- test(boefjes): snyk by @Lisser in #1116
- Fix thread termination in Mula by @jpbruinsslot in #1003
- Add bit to set default values for FindingType risk levels in Octopoes by @Lisser in #1075
- Edit icon and Text were missing at Organization settings page by @Rieven in #1141
- Dependabot PRs by @ammar92 in #1147
- Make user full name required in Django model by @praseodym in #1148
- Set
full_name
in Debian package test by @praseodym in #1150 - Fix incorrect reference for unhandled exceptions by @jpbruinsslot in #1155
- findingtype files to code instead of github by @noamblitz in #1153
- Create missing
can_mute_findings
permission by @praseodym in #1163 - Source of FindingType information in XTDB - (Octopoes & Rocky implementation) by @Lisser in #1118
- Bump sphinx-rtd-theme from 1.2.1 to 1.2.2 by @dependabot in #1143
- Upgrade OpenTelemetry SDK to 1.18.0/0.39b0 by @praseodym in #1171
- Delete retirejs.json from rocky by @noamblitz in #1176
- Take MutedFinding into account for FindingType counts by @Lisser in #1174
- added ## for better headers in the TOC by @ring-ring-ring in #1182
- Add external auth users to default organizations by @praseodym in #1122
- fix crisis-room-endpoint in octopoes by @Lisser in #1185
- Upgrade to manon v15.1.3 (Layout) by @HeleenSG in #548
- Specify bookworm version of python image explicitly by @dekkers in #1188
- Add Debian 12 packages and refactor github action by @dekkers in #1124
- Fix leaking environment variables in locally running boefjes by @Darwinkel in #1083
- Minor Robot CI fix after Manon upgrade by @Darwinkel in #1194
- Fix crisis room not correctly handling Octopoes error by @dekkers in #1202
- Yield the finding type in https redirect bit by @dekkers in #1200
- Fix expiring dict while flushing cache in scheduler by @jpbruinsslot in #1156
- Fix non-available preselected option on OOI add form by @Lisser in #1203
- Implement
django-environ
by @ammar92 in #1173 - Fix lists in .env-dist after django-environ PR by @praseodym in #1268
- Fix new installs using an empty databse DSN by @Darwinkel in #1270
- Fallback to cvss2 when cvss3 not available by @noamblitz in #1271
- Handle empty EMAIL_PORT as default value by @dekkers in #1274
- fix ooi detail finding urls by @noamblitz in #1273
- Fix sorting in KAT-alogus (1.10) by @dekkers in #1290
- Do not force that deletion can only be done by superuser (1.10) by @dekkers in #1398
- Remove more then 1 active state on menu items (1.10) by @dekkers in #1400
- Fix object page ignoring the filters for JSON and CSV export (1.10) by @dekkers in #1401
- Align inline buttons when 2 or more buttons are available (1.10) by @dekkers in #1402
- Add anchor tag to jump to after submitting the "set clearance level bulk form" on OOI list (1.10) by @dekkers in #1403
- Fix 403 on "My organizations" page (1.10) by @dekkers in #1404
- Add and use our own CVE API (1.10) by @dekkers in #1419
- Don't scan hostname nmap in nmap boefje (1.10) by @dekkers in #1422
- Fix translation in Debian package (1.10) by @dekkers in #1433
- Add masscan boefje (1.10) by @dekkers in #1435
- External asset database boefje (1.10) by @dekkers in #1447
- backport fix ooi form by @noamblitz in #1450
- Fix exception in object report view (1.10) by @dekkers in #1482
- Use the correct clearance level variable in organization member list template by @TwistMeister in #1504
- Fix: Add red teamer permissions to admin as well by @TwistMeister in #1502
- Fix CVE findings with cvss V2 (1.10) by @dekkers in #1509
- Make sure Boefje containers are removed (1.10) by @dekkers in #1511
- Fix webpage capture boefje (1.10) by @dekkers in #1512
- allow subject to be None (1.10) by @dekkers in #1513
New Contributors
- @brennodewinter made their first contribution in #822
Full Changelog: v1.9.0...v1.10.0