Requires Attention
The default value for the MAIL_ENCRYPTION setting has changed from tls to the more secure value ssl. Set the value of MAIL_ENCRYPTION to tls if your SMTP server makes use of STARTTLS. See the documentation for more information.
Continuous Assessments
A new status 'Continuous' has been added for assessments that are always open and have no specific end date and phases. This status is helpful in enabling bug bounty style assessments.
Client User Groups
Client users can now be organized in groups. These groups can be used to grant access to assessments or to assign resolvers to findings. Adding a user to a group also grants them access to findings and assessments for which that group has access, and removing a user revokes that access.
Assign Findings to Resolvers
Specific client users or groups can be assigned to a finding as resolvers. A resolver is a user responsible for fixing the finding and requesting retests for it. Resolvers are notified when they are assigned.
Access to findings can be restricted to resolvers. When this setting is enabled in an assessment, client users can only see a finding if they, or a group they belong to, is explicitly assigned as a resolver for that finding.
Other Improvements
- The tool output parsers have been updated. Several new tools are supported, and this update includes a fix so CVSS 3 strings from the Nessus output are correctly parsed.
- On the assessment show page, user icons now show more context about the role or permission of users.
- Researcher display options for an assessment have been improved. For example, only users that have been assigned to a phase can be put on the cover of the report.
- The quality of scaled images has been improved for Chromium-based browsers.
- Improved update notifications for new Reporter releases.
- Markdown headers are no longer numbered or listed in the report's table of contents.
- SMTP configuration options have been clarified.
- Simultaneous edit functionality has been improved to detect changes of the same user in other tabs or browser screens. For example, if a user has a particular finding open in several tabs, edit functionality is locked in all non-active tabs when the finding is updated.
Bugfixes
- Fixed several target filter bugs on the assessment page.
- Fixed a bug that caused forms not to lock when simultaneously editing a form when Pusher is enabled.
- Fixed several links with an incorrect filter instruction for targets.
- Fixed a bug where the default scoring system wasn't set when creating an assessment.
- Fixed a bug where expired users couldn't be removed from assessments.