From 2bbc4c46aadfef7aba502ee053461c3ce9eca3df Mon Sep 17 00:00:00 2001 From: Jeroen Dekkers Date: Mon, 8 Jul 2024 10:00:30 +0200 Subject: [PATCH] Update 1.16 release notes (#3195) Co-authored-by: Jan Klopper --- docs/source/release_notes/1.16.rst | 73 +++++++++++++++++------------ docs/source/release_notes/index.rst | 1 + 2 files changed, 43 insertions(+), 31 deletions(-) diff --git a/docs/source/release_notes/1.16.rst b/docs/source/release_notes/1.16.rst index 49931f5cb38..8cd8c69d472 100644 --- a/docs/source/release_notes/1.16.rst +++ b/docs/source/release_notes/1.16.rst @@ -1,54 +1,65 @@ ============================================ -[DRAFT for: v1.15.1...67f18e3] OpenKAT 1.16 +OpenKAT 1.16 ============================================ -This release includes some big optimizations in the new reporting functionality -that was introduced in 1.14. Measurements show that generating a report on 100 -objects is approximately 20 times faster. The reports in general also got a lot -of improvements and bugfixes. +This release adds saving of reports. When completing the reporting workflow the +report will be saved and can be viewed later. This is a big step towards being +able to schedule automatically generated reports. The reporting also has had a +lot of improvements and fixes. + +Support for running custom OCI images using only a boefje definition +(boefje.json) has been added. This has been applied to nmap and dnssec boefjes. +The boefje.json still needs live in the OpenKAT code directory in this release, +but this is a big step towards being able to add custom boefjes. New Features ============ -* Add xtdb-cli tool to Octopoes -* Update several plugins: Wappalizer, dns-records, ssl-certificates, pdio_subfinder and remove the many-ports-open boefje/normalizer -* Add backup scripts -* Introduce importing/exporting capabilities in xtdb-multinode-tool +* Add xtdb-cli tool to Octopoes. This can be used to easily interact with XTDB + and doing importing/exporting. +* The onboarding workflow uses the new reporting system. +* Add a warning to the CSP validator for 'self' on script-src directives. Ignore + missing CSP if the page is not XSS capable. +* Add bit that checks for disallowed domains in the CSP header. +* Update several plugins: Wappalizer, dns-records, ssl-certificates, pdio_subfinder, nuclei +* The many-ports-open boefje/normalizer has been removed. +* Backup scripts to backup container data when using the development setup. Thanks to @TobiasBDO for contributing the scripts. * More Octopoes Query support for complex path queries +* Optimize queries executed when running bits * Introduce support for running custom built OCI images using only a boefje definition (boefje.json), applied to nmap. -* Improvements of the design, plugin overview and Report titles. -* Improvements of several Reports in terms of performance, styling, OOI selection and configuration. -* More documentation on: Reports, the new OCI image functionality and architecture, IPv6 support in Docker and Octopoes Models. +* Improvements of several reports in terms of performance, styling, OOI selection and configuration. +* Improved documentation about reports, the new OCI image functionality and architecture, IPv6 support in Docker and Octopoes models. +* Added documentation on how to make a boefje, normalizer, model, bit and report with examples. Thanks to @Souf149 for contributing some of these improvements. +* Frysk has been added to the selectable list of languages. Over 30% of OpenKAT has been translated due to the amazing and hard work of `Wim Benes `_. Tige tank! Bug fixes ========= -* Fix OOI Add/Edit form -* Fix version handling when no version is present. -* Fix aggregate plugin overview table -* Fix task api status code response for malformed id in the scheduler -* Fix select all OOIs -* Fix openssl boefje being stuck on port 80 -* Fix pdf alignment -* Fix critical vulnerability counter -* Fix in System Specific Reports -* fix schema errors on empty / missing schemas -* Fix improve error handling -* Fix missing cipher csv in Debian package -* Fix Update nuclei -* Fix and improve running boefjes/normalizer -* Fix the KATalogus plugin API limit +* Fix OOI add/edit form +* Fix version handling when no version is present in wappalyzer normalizer. +* Error handling has been improved in a lot of places. +* Fixed schema errors when plugin schema is empty or missing. +* Fix and improve manually running a boefjes/normalizer. +* The KATalogus plugin API doesn't have a hardcoded limit anymore. +* Missing titles in FastAPI API's have been added. +* Added workaround for broken links to OOIs in the normalizer task list. +* Fix Snyk boefje creating empty CVE ids. Upgrading ========= -It is no longer needed to seed the KATalogus database using `python -m boefjes.seed` on upgrades. -This is because v1.16.0 phases out the `repository` database model in the KATalogus. -The migration could potentially not be backward compatible for each install, -So please read the following carefully before triggering an upgrade. +It is no longer needed to seed the KATalogus database using `python -m +boefjes.seed` on installation or upgrades. This is because v1.16.0 phases out +the `repository` database model in the KATalogus. The migration could +potentially not be backward compatible for each install, so please read the +following carefully before triggering an upgrade. + +All bits all need to be rerun because of model changes. This can be done on the +organization settings page. Checking the KATalogus Migration ================================ + If you are using OpenKAT as a regular user and never called APIs or tweaked the database manually, you can move forward with the normal instructions of upgrading :ref:`Debian packages` or upgrading :ref:`containers `. diff --git a/docs/source/release_notes/index.rst b/docs/source/release_notes/index.rst index 1d51022e0a0..7dfe0b237a8 100644 --- a/docs/source/release_notes/index.rst +++ b/docs/source/release_notes/index.rst @@ -5,6 +5,7 @@ Release notes :maxdepth: 1 :caption: Releases + 1.16 1.15 1.14 1.13