Self-hosted WebSockets, no third-party service required
Breaking change, read the upgrade guide!
WebSockets are now integrated directly into Reporter, eliminating the need for third-party services like Pusher.
WebSockets power some of our collaboration features, including the researcher panel state and form-locking functionalities. Built-in WebSockets capability allows all users, even those with stringent company policies prohibiting the use of third-party services, to utilize these features.
Moreover, this enhancement paves the way for many new and exciting features in the future. Stay tuned for upcoming updates!
Upgrade Guide
To use these features, you must update your Docker configuration. Additionally, we have dropped support for Pusher. Users who currently use Pusher are also required to update their configuration.
Assessment sections review
Similarly to the review functionality of findings, assessment sections are now part of the review flow. The content of sections that have not yet been published is not visible to client users.
You can set the default review status of assessment sections within the assessment templates. When you create a new assessment using a template, all configured properties, including the review status, will be automatically applied. Additionally, you can update the review status for existing assessments directly through the assessment section edit function.
Other changes related to the review flow:
- A new review status, "Revision Requested," has been introduced. This status indicates that a revision is required before the review can be approved, making it clear when an item has undergone a review rather than just being drafted.
- Draft findings, retests, and assessment sections will now appear in draft reports. Previously, this feature was only available for findings. This change ensures that all draft components are included in draft reports.
Improvements
- The assessment template for "Azure Security Benchmark V3" (ASB) has been replaced with a template for its successor, "Microsoft Cloud Security Benchmark V1" (MCSB). To add the new template, use the 'Clone default template' button on the assessment templates overview page.
- The API documentation has been clarified to describe how filtering works with multiple possible values ("or" filtering).
- In the "Findings table" report component, you can now show or hide the status column or make it only appear when at least one retest has been requested.
- The API now has routes and includes that let you retrieve the entire finding timeline in one request. Support has been added for all types of finding events in the API. See the updated API documentation for details.
- More icons were added to the researcher panel to display better which sections need action. The documentation now has an extra section that explains these icons in more detail.
Bugfixes
- Fixed a regression in the researcher panel, where hidden sections were no longer indicated as such.
- The Tool Import functionality has been improved to better handle the import of very large findings.
- Fixed inconsistent capitalization in the "Risk summary table" component.
- The Okta SSO provider wasn't properly registered.
- The parsing logic for code block closing tags in the Markdown editor has been improved. This ensures that code blocks are now correctly identified and displayed as intended.
- The import process has been updated to ensure that the correct assessment is selected when importing findings from previous assessments.
- The deletion process for cloned findings with associated rejected events has been corrected.
- The task layout has been updated to handle large images in client comments more gracefully.
- Table captions now correctly display as "Table 1" without the colon if no caption text is present.
- The link in comment notifications now correctly directs to the comments tab.