github thalesgroup-cert/Watcher v3.5.0
on GitHub

4 hours ago

v3.5.0

This release introduces a full Timeline audit trail module with per-object history and actor avatars, a PendingActions approval workflow for UDRP case transfers, a reworked ThreatsWatcher dashboard with a custom layout editor and resizable panels, and a smart auto-fit pagination in all table views.

Update Procedure

⚠️ This release includes database schema changes. Run migrations after updating. No other breaking changes or configuration are required. Please follow the standard update process. 

python manage.py migrate

New Django app timeline must be present in INSTALLED_APPS and its URLs registered, both are included automatically if you pull the updated settings.py and urls.py.

What's New

Timeline Audit Trail

A new standalone timeline Django app that records every create, update, and delete action across all Watcher modules and exposes a per-object history panel directly in the UI.

  • Automatic capture : a Django middleware + signals system transparently logs created, updated, and deleted events for all tracked models, storing the acting user, timestamp, and a field-level diff.
  • History button : every table row now has a clock icon that opens a TimelineModal showing the full chronological history of that record, including field-by-field diffs for updates.
  • Last event column : all serializers expose a last_event field; table rows display a color-coded user avatar for the most recent actor at a glance, with a tooltip showing their name, action, and timestamp.
  • API : history is queryable at /api/timeline/events/?content_type=<app.model>&object_id=<id>.

User Avatars

  • New avatar_color field on UserProfile (migration included), automatically assigned a deterministic color from a curated palette on first login.
  • New UserAvatar React component renders color-coded initials throughout the UI.
  • LastEventCell and LastEventHeader helpers integrate avatars directly into table columns for all modules.

PendingActions Approval Workflow

A new approval layer inserted between automated UDRP wins and domain transfers, preventing unreviewed domains from being promoted automatically.

  • New PendingAction model in the common app stores the action type, payload, status (pending / approved / rejected), and the requesting actor.
  • When a UDRP case changes to won, a PendingAction is created instead of immediately calling transfer_to_legitimate_domains().
  • Admins can approve or reject pending actions from the frontend; approval triggers the actual transfer.
  • API endpoints for listing, approving, and rejecting pending actions, secured by existing permission guards.

ThreatsWatcher Dashboard Rework

The ThreatsWatcher dashboard has been significantly refactored for flexibility and clarity.

  • Sources & Summary panel : the former "Trend & Sources" panel is replaced by a split ResizableContainer showing a new WordSummary AI summary alongside the post-URL list, with a draggable divider.
  • New ResizableContainer component : reusable two-pane split layout with a drag handle, configurable min/max widths, and localStorage persistence.
  • Notification timestamps : all notification toasts now include a formatted timestamp.
  • Word Cloud improvements : better integration with the map country filter and the selected-word state.

TableManager Auto-Fit Pagination

All table views now dynamically calculate the optimal number of rows per page based on the available panel height.

  • A ResizeObserver watches the parent panel; on any resize, available height is measured and itemsPerPage is recalculated automatically.
  • Measurement accounts for the info bar, table header, pagination bar, and Bootstrap spacing values to avoid overflow.
  • Users can switch to a fixed items-per-page at any time via the existing selector; the chosen value is persisted per module in preferences and restored on reload, disabling auto-fit for that module.
  • Auto-fit is re-evaluated on data or filter changes via componentDidUpdate.

Performance : Google Fonts Removed

Google Fonts CDN calls have been removed across the entire application. All icon and font assets are now served locally.

Bug Fixes & Improvements

This release also includes several bug fixes and usability improvements across the application.

  • Vulnerability external links : fixed the vulnerability identifier link generation logic. Watcher now correctly detects the identifier type before building external URLs, allowing non-CVE references (such as MAL-YYYY-XXXX) to redirect to the appropriate external resource instead of always using the CVE website. (#294)
  • Data Leak source links: fixed an issue where links for certain Data Leak sources (such as hackage.haskell.org) could be generated incorrectly due to multiple URLs being concatenated. Links now correctly point to the intended resource. (#271)
  • Data Leak direct file links: Data Leak results now include direct links to the matching file when supported by the source, allowing investigators to jump directly to the relevant content while preserving access to the repository homepage. (#269)

Full Changelog: v3.4.0...v3.5.0

Check out latest releases or
releases around thalesgroup-cert/Watcher v3.5.0

Don't miss a new Watcher release

NewReleases is sending notifications on new releases.

Get notifications