Download
Show checksums
Docker Compose example package SHA256: 9b9a7e87c670c1495b5848864d9b80bdf9c5fe8207c56968b2571b3902f2a10d
Docker image SHA256: 0049a2c6b0f7487c71c4b009526194fbee81d5217f9ced1faeb4cbfb87e810e1
Improved targets overview
The target overview has been restyled for a better presentation of assessments with many targets. Filtering, searching and CSV export functionality has also been added.
Disable assessment types
- Added functionality to disable assessment types. This is useful for clearing up assessment types that you no longer use. For example, switching from OWASP 2017 Top 10 to the new 2021 version.
- Disabled assessment types can not be selected when creating a new assessment.
New status 'On Hold' for assessments
- Assessments can be put 'On Hold' from the assessment edit page under the 'Status and Phases' tab.
- Existing '... when completed' permissions are now simplified as 'work on locked assessment'. This allows users to keep working on assessments that are 'On Hold' or 'Completed'. Other users can not work on an assessment while it is 'On Hold' or 'Completed'.
- Researchers are notified when an assessment has been switched to an 'On Hold' status.
Other improvements
- The task counters in the researcher panel now update when (un)assigning or (un)completing tasks.
- The schedule can now be filtered by assessment status.
- Assessment Phases can now be scheduled from the Schedule page.
- The API documentation has been restructured for better readability.
- Added several API routes:
- GET routes for Assessment Types and Targets.
- POST routes to create Targets, Clients, Assessments, and Users.
- The assessment page now always shows the initial and latest retest phase's start and end dates (as applicable). The next deadline is only shown to researchers.
Bugfixes
- Fixed an exception rendering a specific type of task on the task index page.
- Fixed a bug where pasting files in markdown fields did not upload the file.
- Fixed a bug where an imported target could be matched to a target in a different assessment.
- Fixed an issue where a blocked user would show as 'John Doe (deactivated) (deactivated)' in certain places.
- Fixed a bug where changing the OWASP risk rating 'low/low' setting would not update the severity of all models.