New Finding Statuses
Two new statuses have been added to findings: Partially Resolved and Unable to Verify. These are available alongside the existing statuses: Unresolved, Resolved, Retest Pending, and Accepted Risk.
Partially Resolved indicates that a finding has been resolved for some targets, but not all. When changing a finding's status to either Unresolved or Partially Resolved, Reporter will automatically determine the correct status based on which targets have been marked as resolved.
Unable to Verify is a manual status, similar to Accepted Risk. It is intended for findings that cannot be retested—for example, when another related finding has already been resolved, making verification of this one no longer possible.
We have also made the ordering of finding statuses more consistent throughout the application.
It is no longer possible to delete targets that have associated findings, because doing so would cause unintuitive changes to the findings' status.
Components per Section
The following report components can now be limited to findings within a specific section of the report:
- Action plan table
- Audit table
* - Finding counts by severity
- Findings by severity and status bar chart
- Findings severity chart
- Findings table
- Results table (including management results table)
*
For components marked with an *, only top-level sections can be chosen. By selecting a section, only findings in that section and any of its subsections will be shown or counted in the component. The captions have been updated to include the name of the selected section.
You can choose a section when adding a new instance of a component in the markdown editor, or when adding the components to assessment templates.
CVE Auto-link
When you add a CVE identifier—such as CVE-2024-20439—in a markdown field, it now automatically becomes a clickable link to a CVE database. For example, CVE-2024-20439 will link to: https://nvd.nist.gov/vuln/detail/CVE-2024-20439
By default, links point to nvd.nist.gov, but admins can configure them to use mitre.org, cvedetails.com, or a custom URL. Auto-linking can also be disabled entirely.
These settings can be adjusted under Settings > General > Functionality.
More Code Box Highlighting Options
New [mark] styles have been added to the Markdown editor, allowing you to highlight specific lines or elements within code blocks more clearly.
Other Improvements
- Added separate permissions for adding, editing, removing, and reordering assessment sections. This will provide you with more granular control over custom assessment roles.
- You can now use the
!-tag to highlight sections in assessment templates. - Added new placeholder options for dates from the latest retest phase, or from the most recent phase (whether research or retest).
- Notifications about draft reports now trigger a direct download of the report, instead of redirecting to the assessment page.
- It's now possible to disable the dotted lines in the report's table of contents via the theme editor settings.
- You can now customize the bullet style of bulleted lists in the theme editor.
Bug Fixes
- Fixed an error that occurred when attempting to approve and/or publish an assessment section from the review page.
- Fixed an issue that caused certain API routes to respond slowly.
- Fixed a bug that prevented you from adding MIME type rules to file custom fields.
- Fixed a rare issue where an assessment with a retest status (such as
Retest Active), but no retest phase, was sorted in the wrong place. - Fixed an issue where the task count in the researcher panel was not always updated correctly.