Improved targets overview
The target overview has been restyled for a better presentation of assessments with many targets. Filtering, searching and CSV export functionality has also been added.
Disable assessment types
- Added functionality to disable assessment types. This is useful for clearing up assessment types that you no longer use. For example, switching from OWASP 2017 Top 10 to the new 2021 version.
- Disabled assessment types can not be selected when creating a new assessment.
New status 'On Hold' for assessments
- Assessments can be put 'On Hold' from the assessment edit page under the 'Status and Phases' tab.
- Existing '... when completed' permissions are now simplified as 'work on locked assessment'. This allows users to keep working on assessments that are 'On Hold' or 'Completed'. Other users can not work on an assessment while it is 'On Hold' or 'Completed'.
- Researchers are notified when an assessment has been switched to an 'On Hold' status.
- The task counters in the researcher panel now update when (un)assigning or (un)completing tasks.
- The schedule can now be filtered by assessment status.
- Assessment Phases can now be scheduled from the Schedule page.
- The API documentation has been restructured for better readability.
- Added several API routes:
- GET routes for Assessment Types and Targets.
- POST routes to create Targets, Clients, Assessments, and Users.
- The assessment page now always shows the initial and latest retest phase's start and end dates (as applicable). The next deadline is only shown to researchers.
- Fixed an exception rendering a specific type of task on the task index page.
- Fixed a bug where pasting files in markdown fields did not upload the file.
- Fixed a bug where an imported target could be matched to a target in a different assessment.
- Fixed an issue where a blocked user would show as 'John Doe (deactivated) (deactivated)' in certain places.
- Fixed a bug where changing the OWASP risk rating 'low/low' setting would not update the severity of all models.