- Added alert informing of obsolescence and SCNR.
- Fixed redirect back calls.
- Updated to Rails 6.
- Profile
- Fixed bug causing plugins values to be overwritten on edit.
- Added audit nested cookies option.
- Fixed default value of "scope exclude file extentions" option.
- Hide affixed sidebar on smaller screens to prevent overlaps.
- Notifications:
- Updated to sanitize scan targets.
- Profile
- Scope: Validate regular expressions.
- Added "exclude file extensions" option.
- Added "HTTP authentication type" option.
- Issue
- Fixed incompatible encoding error when displaying vector inputs.
- Switched to absolute paths instead of full URLs across the interface.
- User
#name-- Force encoding to UTF8.
- Profile
#name-- Force encoding to UTF8.- Whitelisted
scope_exclude_binariesoption. - Form
- Show HTTP proxy types as drop-down.
- Scan
- Progress page
- Fixed bug causing scroll offset not to be maintained between AJAX refreshes on Chrome.
- Progress page
- Profiles
- Added UI form and UI input audit options.
- Changed
textDB columns that may containnull-bytes tobinary.- Breaks backwards compatibility.
- Switched to Arachni Public Source License v1.0.
- Updated Rails dependency.
- Re-enabled update script.
Scan- Improved error logging.
- Removed charts from progress page due to JS memory leak.
Report#objectserialization now usesMessagePackto fix encoding errors and improve performance. (Breaks backwards compatibility)
Profile#strong_params-- Fixed parameter whitelist, causing some options to be ignored.- Added audit options for JSON and XML inputs.
Profile#export-- Fixed error on YAML/JSON exporting.- Fixed plugin option validation.
- Fixed bug causing stored plugin options not to be shown in their forms.
Scan- Only stop the scan when an RPC connection error occurs, not for every RPC exception.
- Scans
- Show error message when the full report could not be retrieved instead of crashing.
- Profile
- Added the
http_response_max_sizeoption.
- Added the
ProfilesController- Added
http_request_queue_sizeoption to the permitted parameters.
- Added
- Scan
- Added support for exporting reports as AFR (Arachni Framework Report).
Dispatcher- Remove RPC clients of deleted or unreachable Dispatchers from the cache.
#preferred-- Only include reachable Dispatchers.
Scan#start-- Only set status toactiveafter the RPC call, to avoid a race condition.- Improved logging of RPC errors.
- Fixed loose-typing bug when using PostgreSQL.
Issue- Fixed loose-typing bug when using PostgreSQL.
Profile#to_rpc_options- Sanitize hash via
Arachni::Options.hash_to_rpc_data. - Only use the configured input values and ignore Framework defaults.
- Sanitize hash via
Gemfile: Includepggem.
- Admin can no longer delete self.
- Fixed XSS on Markdown inputs [Issue #71].
- Issue
- Data to include DOM information.
- Description and remedy guidance textx are now rendered as GitHub-flavored Markdown.
- Profiles
- Updated options for Framework v1.0.
- Check and plugin information now rendered as GitHub-flavored Markdown.
- Scans
- Added suspension support.
- Added import support via AFR report files.
- Added support for scheduled scan termination.
- With optional suspension.
- Report filenames now include scan URL, profile name and scan ID.
- Added
scan_importscript, allowing AFR reports to be imported as scans via a CLI.
- External links now open in new windows.
- Removed Turbolinks as it breaks Bootstrap modals.
- Updated to use HTML5
localStorageinstead of cookies to store UI state. - Navigation menu
- Removed "Home" item since it was redundant.
- Updated JS detection of active page when the WebUI is mounted under a subdirectory.
- Profiles
- Added Regexp validation for the login-check-pattern input.
- Added Import and Export/Download functionality, supporting:
- YAML -- Including the CLI AFP files.
- JSON
- Delete dialog now warns of the existence of associated Scans.
- Added support for the
http_queue_sizeoption. - Fixed formatting of cookies as an
RPC::Server::Instance#scanoption. - Component selection accordions are now zebra-styled [Issue #57].
- Scans
- Index
- Fixed a nil error caused when a Scan's Profile has been deleted.
- Can now be edited.
- Can be scheduled, with support for recurring (incremental/differential) Scans.
- Issues
- Fixed encoding error when handling request parameters [Issue #39].
- Redesigned table to group issues by type [Issue #52].
- Updated severity colors.
- Reporting
- Removed Metareport and Text reports as they were unusable via the WebUI.
- Added proper content-types for all reports.
- Index
- Settings
- Profiles
- Fixed heading (Profiles => Plugins).
- Added "General" tab.
- Added Timezone setting.
- Profiles
- Scan monitoring
- Keep track of (and restore) the window scroll position between AJAX refreshes.
- Fixed bug causing the system to hang after
1:24hours of scan monitoring, caused by improper caching of RPC clients. - Scan
- Monitoring
- Redirect to the Scans list page with an alert if the monitored scan was deleted.
- Monitoring
- Profiles
- Added HTTP auth options.
- Login-screen
- Disabled AJAX refreshing of top-level menu.
- Scan
- Monitoring
- Fixed bug causing the error log not to appear when there are errors.
- Monitoring
- Added welcome screen after first sign-in.
- Added support for PostgreSQL along with sample database configuration file (
config/database.yml.pgsql). - Added
script/importto import database and their configurations from older packages. - Switched to GitHub-flavored Markdown.
- Profiles
- Added configuration options for the new platform fingerprinting feature.
- Login page
- Added a notice for first-time users about the location of the default credentials.
- Scans
- Index
- Added resume/pause/abort all buttons.
- Monitoring
- Fixed "Share" button to show the modal dialog with the share form.
- New scan
- Removed multi-Instance scan warnings and updated Grid behavior as per the framework changes.
- Index
- First version.