https://docs.openkat.nl/release-notes/1.18.html
What's Changed
- Feature: improve settings and environment logic and phase out redundant environment keys by @Donnype in #3384
- feat: adds notification styling and icons by @HeleenSG in #3461
- Hotfix for normalizer API bug by @Donnype in #3475
- fix: toggle styling by @HeleenSG in #3449
- Bump cryptography from 42.0.8 to 43.0.1 in /bytes by @dependabot in #3473
- Dont yield all snyk findings when no version was found by @noamblitz in #3431
- Make the "name" field for plugins mandatory by @Donnype in #3471
- Handle empty normalizer results by @Donnype in #3482
- Fix enabling normalizers from Rocky by @Donnype in #3481
- Feature/upload multiple files at once to bytes by @Donnype in #3476
- Add report scheduler functionality to scheduler by @jpbruinsslot in #3352
- Fix report types selection not being overriden by @Rieven in #3436
- Add json download to report export by @Rieven in #3460
- Add new Boefje by @madelondohmen in #3400
- feat: multi select dropdown by @HeleenSG in #3446
- Fix hanging upload of large files by @noamblitz in #3489
- Add timezone to valid time by @noamblitz in #3429
- Check if the task is still running according to the scheduler before changing the status by @Donnype in #3506
- Exclude OOIs creation from the OOI add form by OOI-types by @Rieven in #3490
- Use the right variable name in the template's if-statement by @Donnype in #3519
- Add regex pattern check to PORTS setting of
nmap-portsby @Donnype in #3516 - Update xtdb-http-multinode to the latest version by @dekkers in #3523
- Updated findings in the findings database by @stephanie0x00 in #3427
- remove unneeded column from filtered plugin table view by @underdarknl in #3515
- Also delete self-affirming or self-infered objects by @originalsouth in #3498
- Support valid_time and the like for queries in xtdb tools by @originalsouth in #3430
- Chore: use only Pytest in the boefjes by @Donnype in #3536
- Invert findings, add source URLs. by @stephanie0x00 in #3538
- Fix JSON line logging by @ammar92 in #3511
- Fix xtdb-cli by @originalsouth in #3543
- Create boefje variant by @madelondohmen in #3456
- make session commit less chatty by @underdarknl in #3544
- Fix duplicate OOI references in result in origin by @originalsouth in #3531
- a bit more detailed erroring in the scheduler client. by @underdarknl in #3546
- Update docs for creating a new Boefje by @madelondohmen in #3540
- Show proper error message instead of stacktrace if boefje API is unreachable by @dekkers in #3550
- Fix headings by @madelondohmen in #3528
- Feat/bit domain ownership pending by @underdarknl in #3290
- Improve boefje runner error messages on container failure by @dekkers in #3548
- Fix/pin pydicom dependency and revert irrelevant version bumps by @Donnype in #3553
- Translations update from Hosted Weblate by @weblate in #3567
- Clean more stale origins by @originalsouth in #3561
- Update Packages by @ammar92 in #3563
- Fix Pydantic warnings by @ammar92 in #3557
- Prevent race conditions between Octopoes' event manager and the scheduler from recreating already deleted OOIs through affirmations by @originalsouth in #3564
- burpsuite fix by @underdarknl in #3381
- Fix boefje schema on Boefje Setup page by @madelondohmen in #3574
- Set default findingtype risk in model instead of in bit by @noamblitz in #3562
- Add permission that grants access to all organizations by @dekkers in #3532
- Add unique constraint to database plugin names by @Donnype in #3556
- Feature/add boefje scheduling fields by @Donnype in #3555
- Refactor and fix faulty save_origin exception code by @originalsouth in #3577
- Dont show manual tasks in normalizer list by @noamblitz in #3580
- Add descriptions to katalogus by @stephanie0x00 in #3545
- Update a Boefje by @madelondohmen in #3521
- Explicitely use the fork context for multiprocessing to fix running boefjes on macOS by @Donnype in #3576
- fix: button style by @HeleenSG in #3565
- Use stdlib instead of dateutil to parse ISO datetime by @dekkers in #3590
- Do not store the hypothetically produced mime-types always by @Donnype in #3583
- Remove old Findings Report by @madelondohmen in #3560
- Add 'set start date' functionality to scheduler by @jpbruinsslot in #3589
- Make API usable by non-admin users and check specific permissions by @dekkers in #3571
- fix: button styling by @HeleenSG in #3591
- Add interval to Boefje by @madelondohmen in #3579
- Add boefje interval and cron check for deadline in scheduler by @jpbruinsslot in #3529
- Always redirect to katalogus when enabling plugins by @noamblitz in #3584
- Fixes notification alignment by @HeleenSG in #3522
- REST API to recalculate bits and clone katalogus settings by @dekkers in #3572
- fix: form styling by @HeleenSG in #3588
- Remove an erroneously generated request body from an object history GET call in Octopoes' router by @originalsouth in #3605
- RFD 0002: Code of Conduct: Code Reviews by @jpbruinsslot in #3425
- Fix grace period is being used instead of interval for boefjes that have interval specified in scheduler by @jpbruinsslot in #3602
- Use identifiers on modal triggers and modal component instead of integral trigger by @TwistMeister in #3541
- Refactoring for Report Recipe, Report Task Runner and Scheduling by @Rieven in #3597
- Handle existing Boefje name by @madelondohmen in #3573
- Update boefje interval texts to make functionality more clear by @stephanie0x00 in #3609
- Translations update from Hosted Weblate by @weblate in #3610
- Update development tutorial documentation by @allan-firelay in #3611
- Feature/sort ooi type clearance level by @HeleenSG in #3300
- Feature/report runner integration by @Donnype in #3607
- Report Schedules List by @Rieven in #3608
- Add s3 functionality in Bytes by @Souf149 in #3505
- Implement SonarCloud integrations by @ammar92 in #3001
- Fixed references in SonarCloud workflow by @ammar92 in #3620
- Update filter unit and integration tests by @jpbruinsslot in #3595
- Enable ruff format skip-magic-trailing-comma by @dekkers in #2975
- Fixes for xtdb-cli by @originalsouth in #3624
- Give python-docker-boefjes the possibility to use modules that are not part of OpenKAT by @Souf149 in #3621
- fix tagging list in scheduled_reports_table.html by @underdarknl in #3615
- Revert 1b4aed6 by @originalsouth in #3647
- Add audit trail logging to boefje crud actions in boefje by @madelondohmen in #3613
- use correct error mimetype by @noamblitz in #3646
- Bump django from 5.0.8 to 5.0.9 in /rocky by @dependabot in #3653
- Create 1.17.rst by @underdarknl in #3631
- Update katalogus client, input sanitization / validation by @underdarknl in #3396
- Bug fixes for the reports flow by @Rieven in #3630
- Update helper text for report names by @madelondohmen in #3616
- Remove source link in Findings Report when source is none by @madelondohmen in #3642
- add CA bundle env var to dadb boefje schema. by @underdarknl in #3618
- Fix nmap-ports regex pattern not allowing 80 by @Donnype in #3651
- Fix boefje container image url by @madelondohmen in #3622
- Bump sphinx-rtd-theme from 2.0.0 to 3.0.0 by @dependabot in #3625
- Fix description on plugin page when all plugins are enabled by @madelondohmen in #3644
- Fix for downloading PDF by @madelondohmen in #3664
- update readme by @F3licity in #3648
- Fix sorting plugins list by @Rieven in #3659
- fix the boefje id check for uuid's. A cleaner match regex would problably be better. by @underdarknl in #3665
- Fix table in DNS Report by @madelondohmen in #3650
- Pass bytes instead of string to BytesClient.upload_raw() by @Donnype in #3670
- make some things look better by @Rieven in #3661
- Fix/yielded objects by @Donnype in #3669
- Add rocky worker service to debian packages by @Donnype in #3619
- Update upload_raw.py by @underdarknl in #3645
- Translations update from Hosted Weblate by @weblate in #3673
- Add plugins to findings report by @Rieven in #3657
- Fix jsonb 'contained by' query by @jpbruinsslot in #3643
- Fix empty vulnerability reports by @madelondohmen in #3662
- Add docs for xtdb analyze bits. by @stephanie0x00 in #3688
- Silence KATFindingType not found error in JobHandler by @originalsouth in #3686
- Updated packages by @ammar92 in #3694
- Github action should trigger if workflow definition changes by @dekkers in #3680
- Do not run dh_strip_nondeterminism in Debian packaging by @dekkers in #3674
- Fix first order dangling affirmation delete by @originalsouth in #3682
- Fix javascript and component template in prod environments by @dekkers in #3672
- Add delete schedule functionality for schedules in the scheduler by @jpbruinsslot in #3678
- Fix/report naming by @Donnype in #3666
- Add search endpoint for schedules for scheduler by @jpbruinsslot in #3695
- feat: ✨ add Shodan InternetDB boefje by @zcrt in #2615
- Add sterr to output list by @noamblitz in #3649
- Rework workflow for variable python version, add python 3.11 by @sigio in #3721
- Update Sphinx and documentation by @ammar92 in #3710
- Fixes in Report Overview by @madelondohmen in #3707
- Add REST API to list report and download pdf report by @dekkers in #3689
- Add start date to report schedule by @madelondohmen in #3701
- Edit report recipe by @madelondohmen in #3690
- Docs/add muted findings by @stephanie0x00 in #3699
- Bump waitress from 3.0.0 to 3.0.1 in /octopoes by @dependabot in #3760
- Fix Multi Report recursion error by @Rieven in #3714
- Fix report names for scheduled reports by @madelondohmen in #3726
- Refactor Multi Report to comply to the new report flow by @Rieven in #3705
- Add exception handling to the rest api by @jpbruinsslot in #3708
- Add rocky REST API for report recipes by @dekkers in #3746
- Fix auth token middleware with wrong format header by @dekkers in #3755
- Fix vulnerability chapters in Aggregate table of content by @madelondohmen in #3780
- Make systemctl call for kat-rocky-worker conditional by @dekkers in #3782
- Fix scheduled Aggregate Report naming by @madelondohmen in #3748
- Fixes for dropdowns by @Rieven in #3732
- Update
croniterby @ammar92 in #3767 - Exclude Report from ooi list by @Rieven in #3768
- Update README.rst - Fix guidelines URLs by @Thijs0x57 in #3789
- Fix reports with orginization tags by @noamblitz in #3790
- Silence staticfiles warning by @dekkers in #3795
- Add configurable httpx request timeout and increase default by @dekkers in #3786
- fix: Long links within tables by @HeleenSG in #3724
- Translations update from Hosted Weblate by @weblate in #3762
- Update web system report to make "certificate valid" check positive by @stephanie0x00 in #3798
- Add live set (filter/query) to ReportRecipe by @madelondohmen in #3769
- Add reports to scheduled table by @madelondohmen in #3787
- fix: Adds code element styling by @HeleenSG in #3722
- Fix filtered ooi types for reports by @Rieven in #3807
- Replace finding description 'None' with the id by @madelondohmen in #3806
- Button styling by @HeleenSG in #3772
- Fix settings boefje settings via system env vars by @dekkers in #3766
- Update normalizer texts in katalogus for some normalizers. by @stephanie0x00 in #3821
- Add searching and sorting to Findings page by @madelondohmen in #3804
- Fix typo in InternetDB boefje name by @dekkers in #3828
- Refactor KATalogus client in Rocky by @Donnype in #3717
- Check queue size before polling by @Donnype in #3829
- Do not fail silently when deleting non-existing objects in octopoes by @Donnype in #3813
- Add bulk actions on report overview by @TwistMeister in #3777
- Upgrade script notes and fix for 1.16 on Debian by @Donnype in #3824
- Bug fix: When opening subreports it throws index error by @Rieven in #3775
- Delete log.txt by @underdarknl in #3851
- Update intro.rst, fix security email address by @underdarknl in #3846
- Update scheduler documentation by @jpbruinsslot in #3692
- Support a Schedule without a schedule in scheduler by @jpbruinsslot in #3834
- Report types listed in a modal @ report plugins by @Rieven in #3718
- Skip empty queues in the Rocky worker by @Donnype in #3860
- Let local plugins (files) take precedence over database entries by @Donnype in #3858
- Limit requesting prior tasks for ranking in scheduler by @jpbruinsslot in #3836
- Add configuration setting for number of octopoes workers by @dekkers in #3796
- Add start time to scheduled reports by @madelondohmen in #3809
- Sub reports for Aggregate Report by @Rieven in #3852
- Fix cron for last day of the month by @madelondohmen in #3831
- Fixes for empty tables by @madelondohmen in #3844
- Updates boefje clearances and descriptions by @stephanie0x00 in #3863
- optimize locking in katalogus.py, reuse available data by @underdarknl in #3752
- Enable/disable scheduled reports by @madelondohmen in #3871
- Fix rocky katalogus tests and delete unused fixtures by @dekkers in #3884
- Change plugins enabling in report flow to checkboxes by @noamblitz in #3747
- Let mailserver inherit l1 by @noamblitz in #3704
- Ignore specific url parameters when following location headers by @noamblitz in #3856
- Add
auto_calculate_deadlineattribute to Scheduler by @jpbruinsslot in #3869 - Fix for task id as valid UUID by @Rieven in #3744
- Increase max number of PostgreSQL connections by @dekkers in #3889
- Translations update from Hosted Weblate by @weblate in #3870
- Update scheduler folder structure by @jpbruinsslot in #3883
- Feature/improve rename bulk modal by @TwistMeister in #3885
- fix: 🐛 allow boefje completion with 404 by @zcrt in #3893
- Create separate finding for Microsoft RDP port by @stephanie0x00 in #3882
- Add additional check if task already run for report scheduler by @jpbruinsslot in #3900
- Adds loggers to report flow by @madelondohmen in #3872
- Fix mula migrations Debian package by @dekkers in #3919
- Updated packages by @ammar92 in #3898
- Remove sigrid workflows by @dekkers in #3920
- Bug fix: KAT-alogus parameter is now organization member instead of organization code by @Rieven in #3895
- Fix call to get_katalogus by @dekkers in #3924
- add support for detecting Lame dns delegations on ip ranges by @underdarknl in #3899
- Update pre-commit and all hooks by @dekkers in #3923
- Add bgp.jsonl and bgp-meta.json to .gitignore by @dekkers in #3928
- Improve the KATalogus
/pluginsendpoint performance by @Donnype in #3892 - Create scheduled report with zero objects selectable by @madelondohmen in #3907
- Fix layout issues on scheduled reports page by @TwistMeister in #3930
- Bump python-multipart from 0.0.9 to 0.0.18 in /bytes by @dependabot in #3925
- Add export http boefje by @noamblitz in #3901
- Update website_discovery.py by @underdarknl in #3921
- add unpkg.com to disallowed hostnames in CSP by @underdarknl in #3927
- Dont check for Locations on local Ip's. by @underdarknl in #3894
- fix: 🔨 do not store CDN findings by @zcrt in #3931
- Boefje runonce functionality in scheduler by @jpbruinsslot in #3906
- Fix report recipe API by @dekkers in #3942
- Translations update from Hosted Weblate by @weblate in #3939
- Report flaws by @madelondohmen in #3880
- Updates CWE archive to 4.16 by @ammar92 in #3943
- Fix typing in more places and configure mypy to follow imports by @dekkers in #3932
- Do not let enabling plugins affect the global plugin cache by @Donnype in #3944
- Bump django from 5.0.9 to 5.0.10 in /rocky by @dependabot in #3940
- fix typos in description.md by @underdarknl in #3952
- Add documentation for S3 Support by @Souf149 in #3953
- fix/Makes expando row chevron buttons sticky in report history and scheduled reports tables by @TwistMeister in #3954
- Move event codes logging to KATalogus client by @Donnype in #3956
- Docs/update userguide objects tasks members settings by @stephanie0x00 in #3957
- Add Kubernetes and Ansible to docs by @stephanie0x00 in #3970
- Translations update from Hosted Weblate by @weblate in #3969
- Add cron parser to make cron human readable. Add "next scan" to object table on boefje detail view by @TwistMeister in #3960
- Upsert report recipe in REST API by @dekkers in #3968
- Translations update from Hosted Weblate by @weblate in #3984
- Fix
docstarget in Makefile by @ammar92 in #3987 - Update packages by @ammar92 in #3990
- Fix test_report_runner.py by @originalsouth in #4003
- Update folder structure in scheduler architecture doc by @jpbruinsslot in #4002
- Bump SonarSource/sonarcloud-github-action from 3.1.0 to 4.0.0 by @dependabot in #4001
- minor changes to onboarding, remove header, make prefered route more visible. by @underdarknl in #3986
- Docs: adding Questions and Configs by @stephanie0x00 in #3975
- Move the NXDomain catch to look at the results now that we dont raise… by @underdarknl in #3997
- Update Wappalyzer by @ammar92 in #3800
- Add SPF optional machnism qualifier to model and parser. fix Human readable formatting for various mechanisms by @underdarknl in #3999
- Bump django from 5.0.10 to 5.0.11 in /rocky by @dependabot in #4025
- Changes to schedule all reports, even for once by @Rieven in #3840
- Documentation Export HTTP API boefje by @stephanie0x00 in #4030
- catch the schema mismatch error and produce an error raw file by @underdarknl in #3995
- Add risk level severities to docs by @stephanie0x00 in #4037
- Fix pagination in the history API by @Donnype in #4041
- Fix/remove unneeded lookups for inference params by @underdarknl in #4031
- Update dropdown.scss, add scrolling / max height by @underdarknl in #4040
- Fix/remove unneeded tree lookups on ooi views by @underdarknl in #4032
- Fix/ooi detail fixes by @underdarknl in #4024
- Update organization_list and settings page, remove unused stuff, add tags + direct settings link by @underdarknl in #4039
- Fix/reuse report ooi entities by @Donnype in #4047
- make reference parsing more strict in init.py by @underdarknl in #4065
- Add normalizer name to tasklist on object details page, observation table. by @underdarknl in #4034
- Feat/plugin selection toggler by @underdarknl in #4063
- Report Task List by @Rieven in #4059
- Add one-off jobs for report scheduler by @jpbruinsslot in #4045
- Remove the keiko report module by @dekkers in #4066
- Translations update from Hosted Weblate by @weblate in #4046
- Add run-on to Boefje Setup page by @madelondohmen in #4061
New Contributors
- @allan-firelay made their first contribution in #3611
- @F3licity made their first contribution in #3648
- @Thijs0x57 made their first contribution in #3789
Full Changelog: v1.17.0rc1...v1.18.0rc1