Elasticsearch and Redis updated
Breaking change, read the upgrade guide! - Likelihood of Impact: Very High
Reporter has been updated to use Elasticsearch 8 and Redis 8. You MUST upgrade to Elasticsearch 8 and Redis 8 as part of this upgrade! Reporter will not be compatible with Elasticsearch 7 after this upgrade.
Use the following instructions to set up Elasticsearch 8 and Redis 8:
Dynamic comparison operators for API filters
You can now use comparison operators in API filters for exact fields by prefixing the field name. For example, filter[severity]=<2 returns records where severity is less than 2.
| Operator | Description | Example |
|---|---|---|
| (none) | Equal to | filter[severity]=2 |
<> | Not equal to | filter[severity]=<>2 |
< | Less than | filter[severity]=<2 |
<= | Less than or equal to | filter[severity]=<=2 |
> | Greater than | filter[severity]=>2 |
>= | Greater than or equal to | filter[severity]=>=2 |
New checklist templates
The following checklist templates are now available:
- OWASP AI Testing Guide - Version 1
- OWASP Top 10 for LLM Applications - version 2025
- OWASP Mobile Top 10 - version 2024
- OWASP API Security Top 10 - version 2023
- OWASP Top 10 CI/CD Security Risks - version 2023
- OWASP Kubernetes Top 10 - version 2022
- OWASP Cloud-Native Application Security Top 10 - version 2022
- OWASP Top 10 - version 2021
- OWASP Docker Top 10 - version 2020
- OWASP Internet of Things Top 10 - version 2018
You can add any of the new templates if you are an admin or a checklist template manager by following these steps:
- Go to the Checklist templates page.
- Click Clone default template.
- Select the template you want to add.
- Click Create fresh copy of template.
Improvements
[todo]tags are now also rendered in text fields, for example, in the title of the finding (template) edit page.- The assessment wrench dropdown menu has been restructured for improved clarity.
- Targets on the finding show page are now rendered as links. Clicking on a target opens a modal with its details.
- Add storage and Elasticsearch info to the status report.
Bug Fixes
- Updated several third-party dependencies.
- Fixed inconsistent expand/collapse behaviour in the checklist table.
- Fixed an error that occurred when loading the researcher panel in certain assessments.
- Resolved out-of-memory issues and a MySQL packet limit issue with the tool import.
- Fixed a bug where test cases on the finding show page would not open the checklist modal after using inline edit on another field.
- Fixed an issue where unclosed callouts in markdown were not rendered properly or caused an error.
- Fixed an error that caused documents to not be rendered correctly in the researcher panel target details.
- Fixed a bug that prevented the project admins from seeing assessment activity.
- Fixed a bug where filtering assessments by manager or researcher did not work.
- Fixed broken links to "suggest" and "create templates from findings".
- Fixed an error that occurred when trying to create a file custom field.
- Fixed a bug that cause the result of a test case to become desynced from the related findings.