- New filters code from @WhiteWinterWolf
- Reviewer variable
- Remediation complexity color by @Syzik
- Mongo-data volume from @noraj
- Minor bumps
- Fix build error due to Node version
- Fix LFI/RCE vulnerability
- Add Dark mode theme
9564911
- Update CVSS calculation
5cb9661
- Use First roundup function for impact and exploitability subscores
- Add temporal colors for template
- Add environmental colors for template
- Add environmental impact and exploitability subscores
- Update sorting with Environmental and Temporal scores
- Removed cvssScore and cvssSeverity from models since now they are always calculated based on the vector string
- Update websockets to reconnect after a disconnect
0813945
- Updated socket.io to last version
- If server connection is lost websockets for Audit menu will reconnect automatically
- Add dynamic check for backend connection
2673749
- If websocket disconnect then a loading message appear until it reconnects
- Remove user deletion to prevent missing references
6e3de55
- Deleting users breaked their links to different objects like audits.
- It's better to use the recent disable feature to avoid orphan objects
- Added a short name to companies and included it on reports
cd72648
- Create filter to sort findings in document
a551379
- Add i18n fr-FR translation
260f5dc
- i18n de-DE: Adding German Interface Translation
48dad91
- Add 'Disable user' feature
a8d6d49
- Correctly reject promise when wrong password on profile
711dbf1
- Fix client selection issue (#242)
f8e6c27
-
Update Default Template
5764df8
-
Fix template count function
31b6577
- Close #237
-
Fix numbering issue in ooxml conversion
cb9883c
- Close #236
- Update convertDateLocale filter
876b96d
- Changed numeric to 2-digit to have 2021/08/01 instead of 2021/8/1
- Update default template
51e48ed
- Removed some {-w:p} tags that could cause errors with images
- Handle Categories order in findings
08748f2
- Fix Categories order using their position in Custom Data
- Add "categories" data available in report template to generate findings dynamically by Category:
categories: {categoryName:<name>, categoryFindings:<[Array of Findings]>}
- Add Caption feature in HTML Editor
f93fbdd
- Caption labels are dynamic and can be added in the
Settings
page (Default will beFigure
) - Caption can be added anywhere in the Editor
- It will render
<label> 1 - xxx
in Word generated document (select all + F9 to update numbering in Word) - The style in the generated report can be customised by creating/editing the
Caption
style in the Word template
- Caption labels are dynamic and can be added in the
- Update CVSS calculator
9baf6ef
- Update to version 3.1
- Add Temporal and environmental scores
- Add impact and exploitability scores
- Add tooltips description
- Add translation for report data
88d89f0
- Dictionary files can be used to translate some data automatically depending on audit language
- A dictionary draft for French can be found in
backend/src/translate
- The name of the folder should correspond to the name of the locale defined in
Data > Custom Data > Languages
- Angular expression can be directly used in report template:
{input | translate:'locale'}
- The following data will be automatically translated based on the audit language:
- cvssObj
- auditType
- findings[i].vulnType
- findings[i].category
- sections[i].name
- Add Category creation on vulnerabilities import
0e97ffc
- When importing vulnerabilities, if a Category does not exist it will be created
- Add Internationalization for Frontend
a239bb6
- Language can be changed in
Settings
page - Currently supported languages:
en-US
andzh-CN
- Language can be changed in
- Add TOTP feature
c1aaf12
- TOTP can be enabled in the user profile page
- Add Sub-Templating
21e583b
- Add sub templating with delimiter
{_{xxx}_}
for exemple if you put{_{client.firstname}_}
in description during the generation it will be replace with the client firstname. If var not found/undefined the system will replace{_{client.firstname}_}
by nothing
- Add sub templating with delimiter
- Update python to python3 in apk repo
efcbc51
- Add Email and Phone fields for Collaborators
9a0ab63
- Update : python no longer existe in apk repo now it's python3
91d10f4
- Fix issues related to sub-templating
631bc0a
- Changes to CVSS data require to update Word templates to avoid report generation errors
- Replace
{cvssv3}
by{cvss.vectorString}
- Replace
{cvssScore}
by{cvss.baseMetricScore}
- Replace
{cvssSeverity}
by{cvss.baseSeverity}
- Replace
{@cvssColor}
by{@cvss.cellColor}
findings[i]: //before { cvssv3 cvssScore cvssSeverity cvssColor } findings[i]: // now { cvss: { vectorString baseMetricScore baseSeverity temporalMetricScore temporalSeverity environmentalMetricScore environmentalSeverity baseImpact baseExploitability cellColor } }
- Replace
- Update JWT generation
15f3dc0
- JWT is now dynamically generated
- config files moved to on location
- Update Session management using refresh token
ff1b868
- A refresh token has been introduced allowing to request for a new token
- Token is now valid for 15min and refreshtoken for 7days
- So now when updating a user (role or remove) it will take maximum 15min (or page refresh) to invalidate the old token
- Each refresh token is associated with a sessionId allowing to have multiple sessions on different devices
- Add different options to sort Audit findings
32dd337
- The automatic sorting parameter can now be customized for each vulnerability category
- Custom fields can be used as sorting parameter (input, date, radio and select)
- Default sorting can be set in Custom data > Vulnerability Categories
- Manual sorting of findings is also possible now with drag&drop
- Add Audit reviews and approval feature
02d144d
. Thanks@lm-sec
and@alexandre-lavoie
- Add a new process (disabled by default) to handle Audit approbation
- Update Settings
- Add readonly visual on Audits when user cannot edit
- Fix issue in HTML editor
63c6359
- Toolbar styles could be applied by using their HTML tags directly in the editor resulting in visual bugs
- Fix issue in textarea-array component
dd5b51f
- Removed trim function since it caused issues with resetting cursor at end of input when deleting and reaching a space. It is taken care of by the trim option in mongoose
- Fix database compatibility issue
361cd0a
- Fix the mongodb version to avoid compatibility issue with newer versions for now
- After updating, Settings will be reset to default
- Add Settings feature with image border
74cb76c
- It is now possible to enable and manage color of border on images generated in the report
- Add Trim to all strings saved in database
011d9d2
- Avoid issues like additionnal spaces in titles
- Add Company creation directly from Audit General
1b28a21
- Update select with input filtering
- If Company does not exist it will be created upon saving in Audit General section (make sure to tap enter to add the company)
- Add creator to new vulnerability from finding
5173b07
- Like for vulnerablities updates, creator is now visible when editing newly created vulnerability
- Fix editor affix issue in vulnerabilities modals
9e5d0c
- Disable affix to avoid issues
- Add new Custom Field Components
972641f
- Checkbox
- Date
- Radio
- Select
- Select Multiple
- Add new customFields to report generation data
404420d
- Add affix by default for all HTML editors
6d50b13
- Remove Audit Section create and delete
30a1563
- Not needed anymore since automatically handled by Audit Type
- Fix custom-fields rules validation on multiple options
8d6edeb
- Fix Audits List search filter
e254603
- Language match is fixed
- Company is changed to an exact match
- Doc Update: Detailed how to import a network scan
#115
- Update Audit Types and Audit Creation
1de6353
- Audit Types are now linked to Templates and Sections
- An Audit can then be customized depending on its Audit Type
- Template selection when creating an Audit is now replaced by Audit Type
- Sections are automatically added when creating the Audit based on the Audit Type
- Add Section Customization
7225972
- Sections are now entirely made of Custom Fields allowing complete customization
- Each Section can be customized in the
Custom Fields
tab - Default Text can be set for each Custom Field for all languages available
- Manually adding sections in an Audit has been removed
- Languages for Audit Types and Custom Sections have been removed
- Old Default Text in
Custom Sections
tab won't be available anymore. Back it up before updating - Since Sections can't be added manually anymore, any Audit in progress should be finished or Sections added to them before updating