Release History

• Editor: Add inline code, and highlight code buttons to the toolbar
• Layout: Improve primary action visibility and add view descriptions
• Navigation: Move Trash and Project Configurations in main navigation bar
• Contributors: Add a dashboard with Gateway, Remediation Tracker, and Notification widgets
• Projects: Add user select-all functionality in project creation
• Upgraded gems:
  • faraday, rack, rails, uri
• Bugs fixes:
  • Editor: Add disabled button styling
  • Datatables: Ensure correct record ordering when applying sorting
  • Kits: Restore the functionality of the 'Add mappings from kit' option
  • Notifications: Remove the duplicate breadcrumb link shown in project notifications
  • Sidebar: Prevent the toggle button from being covered by the scrollbar
• New integrations:
  • Webhooks: react to server-side events in your other systems
• Integration enhancements:
  • Gateway:
    • Add activities tracking
    • Add event instrumentation for webhooks
  • Issue Library:
    • Add bulk delete action for entries
    • Import entries to the library using a CSV file
    • Import published entries to projects when using QA

• Activities: Include methodology name in all methodology actions
• Business Intelligence:
  • Add Custom Properties view
  • Add Dashboard view with Year-Over-Year insights
  • Add sub-navigation
• Font: Improve font weight consistency for international characters
• Layout: Add custom error pages
• Issuelib: Update entry edit UI to match issue edit UI
• Mappings: Add an option to copy existing mappings when uploading kits or report templates
• Rails: Upgrade Rails version to 8.0.2.1
• Ruby: Upgrade Ruby version to 3.4.4
• Upgraded gems:
  • resque, rexml, selenium-webdriver, thor
• Bug fixes:
  • Combobox: Prevent forcing the selection of the first available option for multi-select forms
• Integration enhancements:
  • Azure DevOps: Replace OAuth with Microsoft Entra ID

• Activation: Add offline activation option for when online activation fails
• Active project cards:
  • Display the most recently updated Methodology
  • Render empty states instead of hiding content
• Admin settings:
  • Add ability to white label contributor-facing views
  • Update UI to match other settings-related UIs
• Analyzer: Add support for multi-word fields
• Calculators: Add MITRE ATT&CK
• Contributors: use Contributor login by default
• Hera:
  • Update brand colors
  • Add sub-navigation icons to improve consistency
• Integrations Manager:
  • Prevent installation of integrations not matching current Dradis version
  • Specify Dradis version when downloading integration from the portal
• Jobs: Add /jobs view to view and manage background jobs
• Logs: Update logs to use string UIDs
• Mailer: Fix email footer incorrectly redirecting to tester login
• Profile: Add click-to-reveal functionality for the API token
• Report Templates: Add option to download a kit for each report template
• Upgraded gems: nokogiri
• Bugs fixes:
  • Avatars: fix avatars disappearing after enabling/disabling an integration
  • Calculators: Render Calculator links in tools menu
  • Quote Selector: Scroll to comment box in Safari after selecting quote content
  • Word:
    • Only process scoped issues in node content controls
    • Don't create an analytics event when validating the project
• Integration enhancements:
  • Gateway: Add dynamic project title to Ares theme
  • Issue Library: Update issues import to be more consistent with the table search
  • LDAP: Enable installation and editable configuration through the Tool Manager
  • Nessus: Ignore entries that have blank values
  • SAML: Add name_identifier_format in the config generator and default to 'emailAddress' instead of 'unspecified'
• Reporting enhancements:
  • Adjust the default styles for unordered bulleted lists
  • Excel: Track failed job states using JobTracker
  • Filters: Fix filters with double quotes (") not catching the correct values
  • Word: Track failed job states using JobTracker
• REST/JSON API enhancements:
  • Export: Add endpoints for exporting and downloading Word/Excel reports
  • Upload: Add endpoint for uploading tool outputs

• Activation: Add offline activation option for when online activation fails
• Active project cards:
  • Display the most recently updated Methodology
  • Render empty states instead of hiding content
• Admin settings:
  • Add ability to white label contributor-facing views
  • Update UI to match other settings-related UIs
• Analyzer: Add support for multi-word fields
• Calculators: Add MITRE ATT&CK
• Contributors: use Contributor login by default
• Hera:
  • Update brand colors
  • Add sub-navigation icons to improve consistency
• Integrations Manager:
  • Prevent installation of integrations not matching current Dradis version
  • Specify Dradis version when downloading integration from the portal
• Jobs: Add /jobs view to view and manage background jobs
• Logs: Update logs to use string UIDs
• Mailer: Fix email footer incorrectly redirecting to tester login
• Profile: Add click-to-reveal functionality for the API token
• Report Templates: Add option to download a kit for each report template
• Upgraded gems: nokogiri
• Bugs fixes:
  • Avatars: fix avatars disappearing after enabling/disabling an integration
  • Calculators: Render Calculator links in tools menu
  • Quote Selector: Scroll to comment box in Safari after selecting quote content
  • Word:
    • Only process scoped issues in node content controls
    • Don't create an analytics event when validating the project
• Integration enhancements:
  • Gateway: Add dynamic project title to Ares theme
  • Issue Library: Update issues import to be more consistent with the table search
  • LDAP: Enable installation and editable configuration through the Tool Manager
  • Nessus: Ignore entries that have blank values
  • SAML: Add name_identifier_format in the config generator and default to 'emailAddress' instead of 'unspecified'
• Reporting enhancements:
  • Adjust the default styles for unordered bulleted lists
  • Excel: Track failed job states using JobTracker
  • Filters: Fix filters with double quotes (") not catching the correct values
  • Word: Track failed job states using JobTracker
• REST/JSON API enhancements:
  • Export: Add endpoints for exporting and downloading Word/Excel reports
  • Upload: Add endpoint for uploading tool outputs

• Contributors:
  • Add an intermediate login page to prevent Microsoft Safe Links from consuming the one time token
  • Add Notification Settings link
• Forms: Add a combobox for selecting, filtering, and creating options
• Hera: Add new layout with redesigned navigation
• Navigation: Replace Turbolinks with Hotwire
• QA:
  • Add project states and QA stats in the active projects card
  • Add View History link when viewing Issues/Content blocks
  • Add a 'Reviewer' role for publishing Issues/Content blocks
  • Automatically go to the next record after reviewing
• Revisions: Show state changes in the revisions view
• Usage Tracking: Track the choice of toggling on/off
• Upgraded gems:
  • capybara, mysql2, net-imap, nokogiri, paper_trail, rack, rails, rails-html-sanitizer, rexml, rspec-rails, selenium-webdriver
• Bug fixes:
  • Report Templates: Make the uploaded template available in the "copy template properties" select menu for subsequent template uploads
• New integrations:
  • Dradis Pro OTP: two-factor authentication using OTP
  • Dradis Pro Audit: enable tracking of key actions for improved visibility and compliance
• Integration enhancements:
  • Azure DevOps: Add support for 'Iteration Path' and 'Tags' fields
  • Burp: Fix HTML importer associating issues in the wrong node
  • Dradis Plugins: Default to 'Draft' state on tool upload
  • Gateway:
    • Add overview of projects using active project cards
    • Services: Implement Services and Questionnaires to initiate a pre-project process
  • Issuelib: Update syntax of default entries
  • Netsparker: Add support for Additional Websites as nodes
  • Nexpose: Fix UnorderedList/OrderedList formatting to work with Textile
  • PDF Export: Add table of contents
• Reporting enhancements:
  • Export: Default export button to 'All' if all records in project are in 'draft' state
  • Word: Fix links containing special characters by no longer double escaping
• REST/JSON API enhancements:
  • Nodes: include Node properties

• Projects: Add Owner column to projects data table
• Tags: Add custom ordering
• Welcome Kit:
  • Add HTML report template
  • Add issue and evidence templates
  • Add integration mappings
  • Add project template
  • Add rules for Rules Engine
  • Update OWASP Top 10 methodology to latest version (2021)
  • Update report templates
• Upgraded gems: net-scp, net-ssh, rexml
• Bug fixes:
  • Dashboard: refresh cache on recent project changes
  • Word export: allow charts to be edited post-export
• Integration enhancements:
  • Gateway: Process Liquid in content block, evidence, issue and note text by default when rendering template
  • SAML: Bump ruby-saml dependency to 1.17
• Reporting enhancements:
  • Word:
    • Add support for cross-references
    • Add support for mismatched nested lists
• Security Fixes:
  • High: Authenticated (author) persistent cross-site scripting

• Issue Library:
  • Associate issues with Issue Library entries
  • Sync content between associated issues and Issue Library entries
  • Implement a Quality Assurance view for Issue Library entries
• Kit Import: Use file name sequencing when a template file with the same name exists
• Upgraded gems: concurrent-ruby, et-orbi, fugit, puma, rexml
• Bug fixes:
  • Report Templates: Fix confirmation on deleting a report template
  • Spelling: Fix typos in log output and "What's New" section
• Integration enhancements:
  • Acunetix: Separate general importer into Acunetix360 & Standard importers
  • Business Intelligence: Show search results in a data table
  • NeXpose: Separate general importer into Full & Simple importers
  • Veracode: Import data from the software composition analysis section
• Reporting enhancements:
  • Word:
    • Allow fields that contain Liquid to be used as an export sorting field
    • Ignore Tag field when auto-generating word template properties

• Liquid: Make project-level collections available for Liquid syntax
• Validations: Evaluate Liquid syntax before validating the fields
• Upgraded gems: nokogiri, rails, redcloth, rexml
• Bug fixes:
  • Business Intelligence:
    • Prevent the "Business Intelligence" navigation label overflowing (in Project and Team forms) on mid-size view ports
    • Prevent the "Compare" chart y-axis label from being covered by chart data
  • Navigation: Restore functionality of native browser back/forward buttons
  • Rules Engine: Prevent issues from getting multiple tags
  • Tables: Enable sorting by validation column status
  • Word: Prevent EvidenceCounter filters from being ignored
• Integration enhancements:
  • Calculators: Add CVSS/Dread calculators to the Tools Manager
  • Duo Web: Add support for the Duo Universal Prompt
  • Rules Engine: Process Liquid syntax before matching field condition
  • Scheduler:
    • Add option to export calendar as ics file
    • Update FullCalendar.js to v6.1.15
  • VSTS: Support custom picklist fields for WorkItems
• Reporting enhancements:
  • Word:
    • Auto-generate fields for uploaded templates
    • Process Liquid before generating the Word report
    • Remove the NoSpacesInNodesValidator
    • Skip QA validation when exporting all the records
• Security Fixes: Medium: Authenticated (author) horizontal privilege escalation affecting attachments

• Attachments: Add size, created_at, and download link to the API
• Kits: Automate creating Mappings
• Mappings Manager: Map fields from scanner integrations to Dradis fields
• Upgraded gems:
  • nokogiri, rails
• Bugs fixes:
  • Avatars: Allow both .jpg and .jpeg formats
  • Projects: Fix redirection when updating an issue or content block
  • Sidebar: Prevent version number from overlapping listed records
• New integrations:
  • Pentera
• Integration enhancements:
  • CVSS Calculator: Add CVSS v4 support
  • Integration Manager: Clarify integration status after enabling/disabling
  • Veracode:
    • Create evidence for every instance of
    • Use cweid as the issue identifier
• Reporting enhancements:
  • Word: Accept scope parameter in command line export
  • Excel: Accept scope parameter in command line export
• Security Fixes:
  • High: Authenticated author path traversal on attachment rename

• Assets: Add importmap-rails to handle js libraries
• Liquid: Add LiquidAssignsService
• nginx: Add HTTP/2 support
• Revision history: Improve version history for content with carriage return
• Tylium: Show liquid content in editor preview
• Web-server: Replace unicorn with puma in production
• Validation: Display attachment validator errors when viewing/editing a record
• Flash alert: Allow the 'license about to expire' alert to be dismissed for the session
• Upgraded gems:
  • rails, resque-scheduler
• Bugs fixes:
  • Code blocks: Remove extra padding and background for code elements outside of projects
  • Contributors: Expire one time token after login
  • Evidence: Prevent loading old Evidence template content at the Issue level
  • Methodologies: validate presence of content
• Integration enhancements:
  • Authentication Integrations: Use the AuthenticationStrategies class for Rails 7 support
  • Burp: Change nokogiri search to xpath to support nokogiri >= 1.15
  • Nexpose:
    • Add port/protocol to evidences
    • Use the details in as the OS node property
    • Import vulnerability.risk_score as a new Issue field
    • Allow multiple evidence with the same test id & node address
  • Qualys: Add support for the output for Qualys WAS API 3.13 and later
• Reporting enhancements:
  • Word:
    • Fix export crashing with links with trailing special characters
    • Skip link formatting for hyperlinks in inline code blocks
• Security Fixes:
  • Low: Authenticated (author) information disclosure
    • After a user has been removed from a project, they may still get notifications for Issues they were subscribed to, resulting in the disclosure of Issue titles.
  • Low: Authenticated (author) information disclosure in the output console of upload manager

• Report Template Properties: Add fields with "String" type by default
• Tylium: Consolidate sidebars
• Integration Manager:
  • Add error handling for enabling/disabling and installing incompatible files
  • Add the HTML Exporter to the Tools Manager
• Plugin Manager: Add support for Liquid content in templates
• Users: Add support for longer TLDs in user emails
• Projects: Allow archiving of projects
• Upgraded gems:
  • font-awesome-sass, nokogiri, puma, rails, sanitize, selenium-webdriver
• Bug fixes:
  • Activity Feed:
    • Correctly render icons for each activity in the feed
  • Export:
    • Prevent exporting reports when the exporter doesn't have any templates
    • Exclude blank and n/a values from range filters
  • QA: Enable @mentions and formatting toolbar for comments in QA show views
• Integration enhancements:
  • Azure DevOps: Implement Mappings Manager for Azure DevOps
  • HTML Export
    • Add to the Tools Manager
    • Fix default templates
    • Prevent exporting reports without any HTML templates
  • JIRA
    • Add support for Liquid when sending issues to JIRA
    • Implement Mappings Manager for JIRA
    • Implement ticket assignment when sending issues to JIRA
    • Fix Author authorization when sending an issue to JIRA
    • Send attachments included in an issue to JIRA
  • WPScan: Import "version" findings with status: outdated
• Reporting enhancements:
  • Word: Validate project before export
• REST/JSON API enhancements:
  • Boards, Lists, Cards: add initial implementation
• Security Fixes:
  • Medium: Authenticated (author) broken access control: read access to system files

v4.9.0 (May 2023)

• AccessTokens: allow the storage of per-user encrypted tokens
• QA: Show state changes in activity feed
• Sessions: Store :secret_key_base in encrypted configuration file
• Tylium:
  • Extend support for Liquid Dynamic Content
• Upgraded gems:
  • bootstrap, popper_js, simple_form
• Bugs fixes:
  • Issue Library: Prevent rendering navbar over top of the fullscreen editor
  • QA: Redirect to correct view when changing states on QA edit views
  • Users: Force logout for users with locked accounts
• Integration enhancements:
  • Acunetix: Parse inline code, not just code blocks
  • Burp: Adds strong and code tags parsing
  • CSV: Fix CSV Upload for files with special characters
  • Nessus:
    • Parse code tags as inline code
    • Add plugin_type as an available Issue field
  • Nexpose:
    • Parse inline code, not just code blocks
    • Wrap ciphers in the ssl-weak-message-authentication-code-algorithms finding
  • Qualys: Adds Request/Response Evidence fields for Web Application Scans (WAS)
  • Azure DevOps: Switch authentication from PAT to OAuth2
  • Duo 2FA:
    • Migrate to UI-based configuration
    • Add to Integrations Manager
  • ServiceNow:
    • Migrate to UI-based configuration
    • Add to Integrations Manager
• Reporting enhancements:
  • Word
    • Add support for filtering nodes by properties
    • Add support for the notextile tag
    • Allow multi-word fields/values in the content control filters with double quotes
    • Extend support for liquid dynamic content in Word reports
    • Warn of missing blank lines around a screenshot only when it's not the first or last item in a field

v4.8.0 (April 2023)

• Quality Assurance: Review/approve Issues and Content Blocks before including them in reports
• Tester Administration: Add unlock button to UI for locked Testers
• Integration enhancements:
  • JIRA: Add support for Jira Data Center v8.4+
• Upgraded gems:
  • rack, rails, time
• Bug fixes:
  • Kits: Enable import of kit with no project template
• Security Fixes:
  • Medium: Authenticated (author) persistent cross-site scripting

v4.7.0 (February 2023)

• Configurations: Add usage tracking and sharing
• Content Blocks:
  • Add auto-caching
  • Add image upload button to source view toolbar
• Issues: Display the results from importers in a Datatable
• Rubocop CI:
  • disable EnforcedShorthandSyntax rule under Style/HashSyntax cop
• Tylium:
  • Add breadcrumbs to Revision History view
  • Add secondary sidebar toggling functionality
  • Remove Recent Activity tabs and add View History link to the dots menu
  • Tags: Add tag management
• Nginx:
  • Remove support for TLSv1.0 and TLSv1.1
  • Add support for TLSv1.3
• Integration enhancements:
  • Burp: Add support for large base64 response
  • Nessus: Clean up code tags in description fields
  • Netsparker: Add issue.classification_owasp2021 as a new available field
  • JIRA: Fix configurations page requiring JIRA token
  • Remediation Tracker
    • Add a sidebar with a back link and info pane for contributors
    • Hide ticket actions from other addons for contributors
  • SAML: Fix assets on login for some providers
• Upgraded gems:
  • nokogiri, rails, rails-html-sanitizer, sanitize, sinatra
• Bug fixes:
  • Business Intelligence: Prevent tracking of discarded projects/teams in dashboard
  • Issues: Prevent multiple action cable subscriptions when going back to the issues table
  • Project: Pre-select the project template when project creation fails
  • Methodologies: Ensure params are validated when moving list/card
  • Issuelib: Avoid partial matches being found when importing tool output
• Reporting enhancements:
  • Word:
    • Add support for inline code
    • Ignore character properties inside Code paragraphs
    • Use 'DradisData' as sheet name for embedded chars
• REST/JSON API enhancements:
  • Author: Add author field for content blocks, notes, issues, and evidence

• Dashboard: See active projects, notifications, assignments, and what's new in one view
• Integration and Tool Manager: Add UI for installing and managing integrations
• Kits:
  • Add selection of kits to choose from
  • Enable import of kit with no templates
• Mintcreek: Adjust element contrast ratios to be WCAG 2.1 compliant
• Navbar:
  • Split the Addons menu into Integrations and Tools menus
  • Remove inaccessible addon's menu items for contributors
• Notes: Remove category selection from form UI
• Projects: Update active projects empty state
• Trash: Delete projects and teams permanently
• Rubocop: lint changed files since previous commit
• Upgraded gems:
  • nokogiri
• Bugs fixes:
  • Comments: Align comment header content in Safari
  • Content Blocks: Fix revision history links
  • Fix instance activation issue
• New integrations:
  • Core Impact
  • Veracode -Integration enhancements:
  • Implement enable/disable feature for Gateway, JIRA, Remediation Tracker, Scheduler, and VSTS
  • JIRA:
    • Add view for editing configuration
    • Hide link in addons menu for contributors
  • VSTS:
    • Add view for editing configuration
    • Issues: add WorkItem Status and Comment feed
• REST/JSON API: new v2 released
  • Projects: undiscard and permanently delete from trash.
  • Teams:
    • Undiscard and permanently delete from trash.
    • Deprecate the "/clients" endpoint, use "/teams"
    • Deprecate the "client_since" attribute, use "team_since"

• Dashboard: See active projects, notifications, assignments, and what's new in one view
• Integration and Tool Manager: Add UI for installing and managing integrations
• Kits:
  • Add selection of kits to choose from
  • Enable import of kit with no templates
• Mintcreek: Adjust element contrast ratios to be WCAG 2.1 compliant
• Navbar:
  • Split the Addons menu into Integrations and Tools menus
  • Remove inaccessible addon's menu items for contributors
• Notes: Remove category selection from form UI
• Projects: Update active projects empty state
• Trash: Delete projects and teams permanently
• Rubocop: lint changed files since previous commit
• Upgraded gems:
  • nokogiri
• Bugs fixes:
  • Comments: Align comment header content in Safari
  • Content Blocks: Fix revision history links
• New integrations:
  • Core Impact
  • Veracode -Integration enhancements:
  • Implement enable/disable feature for Gateway, JIRA, Remediation Tracker, Scheduler, and VSTS
  • JIRA:
    • Add view for editing configuration
    • Hide link in addons menu for contributors
  • VSTS:
    • Add view for editing configuration
    • Issues: add WorkItem Status and Comment feed
• REST/JSON API: new v2 released
  • Projects: undiscard and permanently delete from trash.
  • Teams:
    • Undiscard and permanently delete from trash.
    • Deprecate the "/clients" endpoint, use "/teams"
    • Deprecate the "client_since" attribute, use "team_since"

• Content Blocks: implement Revision History
• Upgraded Dradis Pro to run on ruby 3.1.2
• Upgraded gems:
  • acts_as_tree, bootsnap, bundler-audit, factory_bot, paper_trail, rails, rails-html-sanitizer, timecop, thor, unicorn, unicorn-worker-killer
• Bug fixes:
  • Attachments: Fix attachments not showing, validating, or exporting correctly
  • Evidence:
    • Add validation for creating evidences in the issue view
    • Set correct localStorage key to prevent pre-populating incorrect content at the issue level
  • Issue Library: Render colored badges in the Tags column of the entries table
  • Nodes: Prevent evidence labels linking to external resources
  • Rules Engine: Fix the Rules Engine not matching Issue Library entries with no trailing empty lines
• New integrations:
  • CSV Importer
• Integration enhancements:
  • JIRA:
    • Add support for datepicker custom fields
    • Add Bulk Send To support
    • Update JIRA setup instructions
  • Rules Engine: Prevent subsequent rules from running after a discard action
  • Qualys: Wrap ciphers in code blocks for the Vuln Importer
• Reporting enhancements:
  • CSV Export: Rename integration to dradis-csv_export
  • HTML Export: Add :rtp plugins feature
  • Word:
    • Fixes "-" in hyperlinks displaying HTML entity
    • Fixes duplicated relationship Ids when adding relationships
    • Fixes text with double exclamation marks breaking report
    • Show error message in export logs when populating multi-paragraph content in inline content controls
    • Show error message in export logs when removing invalid screenshots
• Security Fixes:
  • Medium: Authenticated author broken access control: read access to issue content

• Login View: Design update
• Plugin Manager: Add ability to validate plugin templates with report templates
• Projects: Add ability to clone projects
• Tylium:
  • Implement bulk updating for issues/evidence fields
  • Improve mobile experience
  • Show the resource title in the header when viewing a resource
• Upgraded gems:
  • nokogiri, rack, sinatra
• Bugs fixes:
  • Cards: Prevent adding 'card' class to card comments
  • Fix upgrade error around the rules uploader migration
  • Login: Add button styles for 3rd party login addons
• Integration enhancements:
  • Nikto: Make references available as an issue field
  • Rules Engine: Matching fields are now based on the fields defined in the Plugin Manager
  • VSTS: Optimize API calls to VSTS endpoint
• Reporting enhancements:
  • Word:
    • Allow exporting report templates generated using the Mac version of Word
    • Assign unique Word IDs to each element in the document.

• Comments: Show public comments for issues in a project
• Mintcreek: Add breadcrumb navigation
• Uploads: Allow subsequent file uploads from the same scanner without needing to re-select the scanner
• Upgraded gems:
  • nokogiri, rails
• Bugs fixes:
  • Document Properties: Set focus to property name/value inputs when clicking the edit icon
  • Editor:
    • Add keyboard shortcut support for windows and linux
    • Allow comparing document property values with "==" operator
    • Allow text selection expansion using shift-click
  • Issues: Show correct links in the "Send To" menu
  • Subscriptions: Show correct Subscribe/Unsubscribe link after a new comment is posted
  • Tables: Prevent columns state from resetting after 2 hours
  • Teams: Prevent displaying trashed projects
  • Tylium: Remove extra left padding from the first line of content in a code block
  • Upload: Show pre upload validation for Qualys
• Integration enhancements:
  • Openvas: Update Node label parsing. Include :hostname and :asset_id properties.
  • Qualys: Add Qualys Asset Scanner (ASSET) support
• Reporting enhancements:
  • Word: Charts in Word can now be exported without the need for macros
• Security Fixes:
  • Low: Password reset token can be reused in a 5-minute window

• Editor: Support fields with the same name in the Fields View
• Increased table loading performance on Issues, Evidence, and Notes for projects with a lot of issues, evidence, or notes
• Issues:
  • Display evidence in a table
  • Load evidence tab content asynchronously
  • Multi-delete evidence at the issue level
  • Update evidence content while creating evidence records at the issue-level
• Notifications Navbar Dropdown:
  • Improve font-sizes
  • Wrap long notifications links
• Projects:
  • Generate default report content when updating the report template
  • Truncate long team name badges in active project cards
• Report Templates: Add Show option to display certain evidence and issue fields by default in tables
• Trash: Allow projects and teams to be soft deleted
• Tylium:
  • Import CSS manifests from addons
  • Move '...' (more actions) menu closer to the content affected by the actions of the menu
  • Move the 'Edit' action out of the '...' (more actions) menu for issues, evidence, notes, etc.
  • Remove extra left padding from the first line of content in a code block
  • Remove height restriction from code blocks
  • Simplify issues table columns
  • Updates focus state outline color
• Upgraded gems:
  • mini_racer, puma, rails
• Bug fixes:
  • Comments: Show sticky toolbar when adding long comments
  • Issues: Send To menu updates when new plugins are installed
  • Fixes background services from not restarting after upgrades
  • Liquid drops: Allow author collection to be called in ProjectDrop
  • Methodology: Fix misformatted cards when saving a methodology as a template
  • Redirect back to issue when updating evidence from the issue level
  • Rules Engine: Allow authors with "update" permission to sort rules
  • Tables:
    • Prevent the select all button from selecting filtered out rows when a filter is been applied
    • Fixes issue default fields appearing in the evidence table
  • Upgrade: Fixes a DUP upgrade issue on older OVA instances
  • Subscriptions: Fixed a caching issue preventing users from subscribing or unsubscribing after the first cache was stored
• Integration enhancements:
  • Dradis Projects:
    • Fixes missing parent nodes during template and package imports
    • Fixes missing nodes for attachments during template and package imports
  • Gateway:
    • Bug fixes:
      • Fixes 'authors' call for the atlantia theme
      • Fixes missing attachments crashing Gateway
      • Select a default pane when Authors edit a Gateway project instead of loading a mostly blank screen
  • Nexpose:
    • Add the Hostname Node property from the name rather than site-name tag
  • Nipper:
    • Add Nipperv1 fields to issues
  • PDF Export:
    • Add Thor task for console export
    • Add view hook for Export#index
  • Qualys:
    • Add 'element.qualys_collection' as issue field
    • Add Qualys Web Application Scanner (WAS) support
  • Remediation Tracker:
    • Bug fixes: Hide the tickets' "edit" and "delete" buttons for unauthorized users
  • SAML:
    • Add PingIdentity support
    • Add SAML logo to Log in button
    • Increases log verbosity on errors
  • Scheduler
    • No longers shows disabled projects in the calendar
  • VSTS:
    • Format issue content when sending to VSTS
• REST/JSON API enhancements:
  • Projects/Teams:
    • Discard Projects through the DELETE endpoint
    • Hide discarded projects/teams from endpoints
• Security Fixes:
  • Low: Authenticated author broken access control: read access to screenshots

• Editor: Support fields with the same name in the Fields View
• Increased table loading performance on Issues, Evidence, and Notes for projects with a lot of issues, evidence, or notes
• Issues:
  • Display evidence in a table
  • Load evidence tab content asynchronously
  • Multi-delete evidence at the issue level
  • Update evidence content while creating evidence records at the issue-level
• Notifications Navbar Dropdown:
  • Improve font-sizes
  • Wrap long notifications links
• Projects:
  • Generate default report content when updating the report template
  • Truncate long team name badges in active project cards
• Report Templates: Add Show option to display certain evidence and issue fields by default in tables
• Trash: Allow projects and teams to be soft deleted
• Tylium:
  • Import CSS manifests from addons
  • Move '...' (more actions) menu closer to the content affected by the actions of the menu
  • Move the 'Edit' action out of the '...' (more actions) menu for issues, evidence, notes, etc.
  • Remove extra left padding from the first line of content in a code block
  • Remove height restriction from code blocks
  • Simplify issues table columns
  • Updates focus state outline color
• Upgraded gems:
  • mini_racer, puma, rails
• Bug fixes:
  • Comments: Show sticky toolbar when adding long comments
  • Issues: Send To menu updates when new plugins are installed
  • Fixes background services from not restarting after upgrades
  • Liquid drops: Allow author collection to be called in ProjectDrop
  • Methodology: Fix misformatted cards when saving a methodology as a template
  • Redirect back to issue when updating evidence from the issue level
  • Rules Engine: Allow authors with "update" permission to sort rules
  • Tables:
    • Prevent the select all button from selecting filtered out rows when a filter is been applied
    • Fix issue default fields appearing in the evidence table
  • Subscriptions: Fixed a caching issue preventing users from subscribing or unsubscribing after the first cache was stored
• Integration enhancements:
  • Dradis Projects:
    • Fixes missing parent nodes during template and package imports
    • Fixes missing nodes for attachments during template and package imports
  • Gateway:
    • Bug fixes:
      • Fixes 'authors' call for the atlantia theme
      • Fixes missing attachments crashing Gateway
      • Select a default pane when Authors edit a Gateway project instead of loading a mostly blank screen
  • Nexpose:
    • Add the Hostname Node property from the name rather than site-name tag
  • Nipper:
    • Add Nipperv1 fields to issues
  • PDF Export:
    • Add Thor task for console export
    • Add view hook for Export#index
  • Qualys:
    • Add 'element.qualys_collection' as issue field
    • Add Qualys Web Application Scanner (WAS) support
  • Remediation Tracker:
    • Bug fixes: Hide the tickets' "edit" and "delete" buttons for unauthorized users
  • SAML:
    • Add PingIdentity support
    • Add SAML logo to Log in button
    • Increases log verbosity on errors
  • Scheduler
    • No longers shows disabled projects in the calendar
  • VSTS:
    • Format issue content when sending to VSTS
• REST/JSON API enhancements:
  • Projects/Teams:
    • Discard Projects through the DELETE endpoint
    • Hide discarded projects/teams from endpoints
• Security Fixes:
  • Low: Authenticated author broken access control: read access to screenshots

• Editor: Support fields with the same name in the Fields View
• Increased table loading performance on Issues, Evidence, and Notes for projects with a lot of issues, evidence, or notes
• Issues:
  • Display evidence in a table
  • Load evidence tab content asynchronously
  • Multi-delete evidence at the issue level
  • Update evidence content while creating evidence records at the issue-level
• Notifications Navbar Dropdown:
  • Improve font-sizes
  • Wrap long notifications links
• Projects:
  • Generate default report content when updating the report template
  • Truncate long team name badges in active project cards
• Report Templates: Add Show option to display certain evidence and issue fields by default in tables
• Trash: Allow projects and teams to be soft deleted
• Tylium:
  • Import CSS manifests from addons
  • Move '...' (more actions) menu closer to the content affected by the actions of the menu
  • Move the 'Edit' action out of the '...' (more actions) menu for issues, evidence, notes, etc.
  • Remove extra left padding from the first line of content in a code block
  • Remove height restriction from code blocks
  • Simplify issues table columns
  • Updates focus state outline color
• Upgraded gems:
  • mini_racer, puma, rails
• Bug fixes:
  • Comments: Show sticky toolbar when adding long comments
  • Issues: Send To menu updates when new plugins are installed
  • Fixes background services from not restarting after upgrades
  • Liquid drops: Allow author collection to be called in ProjectDrop
  • Methodology: Fix misformatted cards when saving a methodology as a template
  • Redirect back to issue when updating evidence from the issue level
  • Rules Engine: Allow authors with "update" permission to sort rules
  • Tables: Prevent the select all button from selecting filtered out rows when a filter is been applied
  • Subscriptions: Fixed a caching issue preventing users from subscribing or unsubscribing after the first cache was stored
• Integration enhancements:
  • Dradis Projects:
    • Fixes missing parent nodes during template and package imports
    • Fixes missing nodes for attachments during template and package imports
  • Gateway:
    • Bug fixes:
      • Fixes 'authors' call for the atlantia theme
      • Fixes missing attachments crashing Gateway
      • Select a default pane when Authors edit a Gateway project instead of loading a mostly blank screen
  • Nexpose:
    • Add the Hostname Node property from the name rather than site-name tag
  • Nipper:
    • Add Nipperv1 fields to issues
  • PDF Export:
    • Add Thor task for console export
    • Add view hook for Export#index
  • Qualys:
    • Add 'element.qualys_collection' as issue field
    • Add Qualys Web Application Scanner (WAS) support
  • Remediation Tracker:
    • Bug fixes: Hide the tickets' "edit" and "delete" buttons for unauthorized users
  • SAML:
    • Add PingIdentity support
    • Add SAML logo to Log in button
    • Increases log verbosity on errors
  • Scheduler
    • No longers shows disabled projects in the calendar
  • VSTS:
    • Format issue content when sending to VSTS
• REST/JSON API enhancements:
  • Projects/Teams:
    • Discard Projects through the DELETE endpoint
    • Hide discarded projects/teams from endpoints
• Security Fixes:
  • Low: Authenticated author broken access control: read access to screenshots

• Contributors:
  • Create a new Team (optionally) when creating a new Contributor
• Editor:
  • Insert an appropriate single or multiline tag for blockquotes and codeblocks
  • Limit the content height for easier access to the Create/Update button
  • Quote text from comments and resource content (cards, evidence, issues, notes, etc)
• Evidence:
  • Create a new issue (optionally) when creating new evidence
  • Move evidence across nodes
• Liquid drops:
  • Add available_properties method to DocumentProperties drop
• Projects:
  • Sort templates by title in project form
• Project Validation:
  • Add missing attachments validation for Textile screenshots
• Report templates:
  • Add functionality to download templates
• Report Template Properties validation
  • Disable bulk validation in Issues and Evidence tables if "Validation" column is hidden
  • Move bulk validation in Issues and Evidence tables to a background job
• Tables:
  • Add selector to change the number of records displayed
• Tylium:
  • Add view hooks for the export view
  • Import CSS manifests from addons
  • Remove height restriction from code blocks
• Upgraded gems:
  • brakeman, nokogiri, puma, rails
• Bugs fixes:
  • Account Lockout:
    • Send password reset instructions on account lockout
  • CIC:
    • Accepts the default credentials for login
  • Conflict resolver:
    • Apply the correct warning when a conflict happens on edit
  • Custom Properties:
    • Remove Custom project properties header in team show
  • Document Properties
    • Allow document properties to have a value and be nested at the same time.
  • Editor:
    • Allow drag and drop attachment uploads to work again
  • Methodologies:
    • Ensure boards don't nest when the instance has been inactive
  • Nodes:
    • Remove extra html tag causing the methodology tab to break after a board is added
  • Tables
    • Prevent columns state from resetting
• Integration enhancements:
  • CVSS Calculator:
    • Settings: show/hide the calculator in the Issues view
    • Toggle between CVSSv3.0 and CVSSv3.1
  • Dread Calculator:
    • Settings: show/hide the calculator in the Issues view
  • Gateway
    • Deliverables:
      • Allow macro enabled word and excel filetypes
      • Allow the csv filetype
    • Projects:
      • Add 'Created' and 'Updated' columns to the Gateway projects table
      • Show theme versions when selecting a project theme
    • Themes:
      • Atlantia:
        • Check for the existence of document properties before rendering the value
        • Remove newlines from issue titles
        • Show untagged issues
        • Wrap text in code blocks
    • Bug fixes:
      • Allow Authors to enable their own projects for Gateway
  • Issue Library:
    • Add comments to entries
    • Add subscriptions to entries
    • Create entry from note templates
    • Notify users on updates
  • Jira:
    • Bugs fixes:
      • Issue form: Prevent app from crashing when submitting without project or issuetype
  • Nessus:
    • Add product_coverage & cvss3_impact_score as available Issue fields
  • Nexpose
    • Update HTML tag cleanup to better cover UnorderedList and URLLink tags in the solution field
  • Qualys
    • Add <dd>, <dt> support
    • Remove orphaned <b> tags
  • Remediation Tracker: Tickets: Create new categories and states (optionally) when creating new tickets
• Reporting enhancements:
  • Word:
    • Adds EvidenceCounter controls support to not nested in an Issue controls
    • Fixes exporting attachments with spaces in its filename
    • Fixes exporting with missing attachments
    • Fixes exporting images on "Exactly" line spaced templates
    • Fixes invalid predicate error by escaping control characters in xml attributes
    • Fixes links inside inline controls
    • Fixes numeric values for non-range filters
    • Fixes 'frozen string' error when exporting nodes without a services table
    • Move image captions to its own paragraph
• Security Fixes:
  • High: Authenticated author broken access control: read access to issue content
  • High: Authenticated author path traversal

• Contributors:
  • Create a new Team (optionally) when creating a new Contributor
• Editor:
  • Insert an appropriate single or multiline tag for blockquotes and codeblocks
  • Limit the content height for easier access to the Create/Update button
  • Quote text from comments and resource content (cards, evidence, issues, notes, etc)
• Evidence:
  • Create a new issue (optionally) when creating new evidence
  • Move evidence across nodes
• Liquid drops:
  • Add available_properties method to DocumentProperties drop
• Projects:
  • Sort templates by title in project form
• Project Validation:
  • Add missing attachments validation for Textile screenshots
• Report templates:
  • Add functionality to download templates
• Report Template Properties validation
  • Disable bulk validation in Issues and Evidence tables if "Validation" column is hidden
  • Move bulk validation in Issues and Evidence tables to a background job
• Tables:
  • Add selector to change the number of records displayed
• Tylium:
  • Add view hooks for the export view
  • Import CSS manifests from addons
  • Remove height restriction from code blocks
• Upgraded gems:
  • brakeman, nokogiri, puma, rails
• Bugs fixes:
  • Account Lockout:
    • Send password reset instructions on account lockout
  • CIC:
    • Accepts the default credentials for login
  • Conflict resolver:
    • Apply the correct warning when a conflict happens on edit
  • Custom Properties:
    • Remove Custom project properties header in team show
  • Document Properties
    • Allow document properties to have a value and be nested at the same time.
  • Editor:
    • Allow drag and drop attachment uploads to work again
  • Methodologies:
    • Ensure boards don't nest when the instance has been inactive
  • Nodes:
    • Remove extra html tag causing the methodology tab to break after a board is added
  • Tables
    • Prevent columns state from resetting
• Integration enhancements:
  • CVSS Calculator:
    • Settings: show/hide the calculator in the Issues view
    • Toggle between CVSSv3.0 and CVSSv3.1
  • Dread Calculator:
    • Settings: show/hide the calculator in the Issues view
  • Gateway
    • Deliverables:
      • Allow macro enabled word and excel filetypes
      • Allow the csv filetype
    • Projects:
      • Add 'Created' and 'Updated' columns to the Gateway projects table
      • Show theme versions when selecting a project theme
    • Themes:
      • Atlantia:
        • Check for the existence of document properties before rendering the value
        • Remove newlines from issue titles
        • Show untagged issues
        • Wrap text in code blocks
    • Bug fixes:
      • Allow Authors to enable their own projects for Gateway
  • Issue Library:
    • Add comments to entries
    • Add subscriptions to entries
    • Create entry from note templates
    • Notify users on updates
  • Jira:
    • Bugs fixes:
      • Issue form: Prevent app from crashing when submitting without project or issuetype
  • Nessus:
    • Add product_coverage & cvss3_impact_score as available Issue fields
  • Nexpose
    • Update HTML tag cleanup to better cover UnorderedList and URLLink tags in the solution field
  • Qualys
    • Add <dd>, <dt> support
    • Remove orphaned <b> tags
  • Remediation Tracker: Tickets: Create new categories and states (optionally) when creating new tickets
• Reporting enhancements:
  • Word:
    • Adds EvidenceCounter controls support to not nested in an Issue controls
    • Fixes exporting attachments with spaces in its filename
    • Fixes exporting with missing attachments
    • Fixes exporting images on "Exactly" line spaced templates
    • Fixes invalid predicate error by escaping control characters in xml attributes
    • Fixes links inside inline controls
    • Fixes numeric values for non-range filters
    • Fixes 'frozen string' error when exporting nodes without a services table
    • Move image captions to its own paragraph
• Security Fixes:
  • High: Authenticated author broken access control: read access to issue content

• Projects:
  • Cleanup the New/Edit view
  • Create and remove the results portal from the Edit view
  • Dashboard: Add Default issue entry to menu when project is empty
  • If there is only one RTP, select it by default
• Setup: new initial Team and User wizard
• Teams: cleanup the New/Edit view
• Users: account gets locked after too many failed sign in attempts
• Upgraded gems: addressable, nokogiri, papertrail, puma
• Bugs fixed:
  • Upgrade issue where older OVAs failed to upgrade because of Gemfile.plugin compatability problems.
  • Better support for characters inside textile linked text
  • Display placeholder text for issue sorting dropdown when no field has been selected to remove confusion about default options that are not yet applied
  • Fix issue library entries action buttons not appearing due to caching
  • Fix revisions with "destroy" event not removed from the database after deleting a project
• Integration enhancements:
  • Acunetix:
    • Add support for Acunetix 360
    • Make Request and Response fields available at the Evidence level
  • Gateway 🍾
    • Moved project contributor assignment to Gateway management
    • Deliverable upload management
      • Your contributors can now download assets directly from your resultsportal!
    • Themes!
      • Gateway now supports theme management and the ability to apply different themes to different projects
  • IssueLib entries#index API now supports pagination
  • Nessus:
    • Add age_of_vuln, exploit_code_maturity, threat_intensity_last_28 threat_recency, and threat_sources_last_28 as available Issue fields
  • Nexpose:
    • Update HTML tag cleanup
  • Nipper:
    • Include multiple paragraphs when importing fields.
  • RemediationTracker
    • Use Datatables for the Tickets#index table
• Reporting enhancements:
  • Word:
    • Add support for template syntax within resources exported in Word reports
    • Fix exporting node labels with links
• REST/JSON API enhancements:
  • Update the API to handle pagination
• Security Fixes:
  • Medium: Authenticated (contributor) information disclosure
    • After a contributor had been assigned Gateway access to a project by an admin user they may retain access to the project after the projects team has been changed.

• Add avatar and user's name to project navbar
• Comments:
  • Add comment feed to content blocks
  • Load feed asynchronously
• Configuration Kits
• Emojis! Update the database collation to allow emojis
• Improve accessibility:
  • Add alt text to any linked images
  • Add screen reader only text to forms
  • Adjustments to font and element contrast to meet at minimum Level AA WCAG 2.0 standards
  • Fix any broken Aria references
  • Update element label association & add missing labels
• Mintcreek notifications:
  • Add notifications dropdown in mintcreek navbar
  • Add project and plugin notifications in the view
  • Authors and contributors will now be notified when assigned a project
• Replace deprecated font-awesome-sass gem with vendor asset files
• Rule Engine: include rule name in upload console
• Subscriptions:
  • Load feed asynchronously
• Truncate long hostnames when viewing evidence in an issue
• Upgraded gems:
  • Rails
• Bugs fixed:
  • Fix attachments base64 encoding for filenames with symbols
  • Placeholder gravatars appear if gravatar is not available
  • SMTP file will take configuration precedence again
  • Update the HelpScout beacon in the instance admin
  • Update scripts directory during the upgrade
  • Prevent DUP upgrades from selecting the wrong ruby version
• Integration enhancements:
  • Remediation Tracker:
    • Add activity and comment feed
    • Users can now be subscribed to tickets
• Reporting enhancements:
  • Fix exporting formatting in content controls without Crazy Triangles
  • Fix exporting captions with non-alpha characters
  • Fix URLs breaking textile table formatting

• Add avatar and user's name to project navbar
• Comments:
  • Add comment feed to content blocks
  • Load feed asynchronously
• Configuration Kits
• Emojis! Update the database collation to allow emojis
• Improve accessibility:
  • Add alt text to any linked images
  • Add screen reader only text to forms
  • Adjustments to font and element contrast to meet at minimum Level AA WCAG 2.0 standards
  • Fix any broken Aria references
  • Update element label association & add missing labels
• Mintcreek notifications:
  • Add notifications dropdown in mintcreek navbar
  • Add project and plugin notifications in the view
  • Authors and contributors will now be notified when assigned a project
• Replace deprecated font-awesome-sass gem with vendor asset files
• Rule Engine: include rule name in upload console
• Subscriptions:
  • Load feed asynchronously
• Truncate long hostnames when viewing evidence in an issue
• Upgraded gems:
  • Rails
• Bugs fixed:
  • Fix attachments base64 encoding for filenames with symbols
  • Placeholder gravatars appear if gravatar is not available
  • SMTP file will take configuration precedence again
  • Update the HelpScout beacon in the instance admin
  • Update scripts directory during the upgrade
• Integration enhancements:
  • Remediation Tracker:
    • Add activity and comment feed
    • Users can now be subscribed to tickets
• Reporting enhancements:
  • Fix exporting formatting in content controls without Crazy Triangles
  • Fix exporting captions with non-alpha characters
  • Fix URLs breaking textile table formatting

• Add avatar and user's name to project navbar
• Comments:
  • Add comment feed to content blocks
  • Load feed asynchronously
• Configuration Kits
• Emojis! Update the database collation to allow emojis
• Improve accessibility:
  • Add alt text to any linked images
  • Add screen reader only text to forms
  • Adjustments to font and element contrast to meet at minimum Level AA WCAG 2.0 standards
  • Fix any broken Aria references
  • Update element label association & add missing labels
• Mintcreek notifications:
  • Add notifications dropdown in mintcreek navbar
  • Add project and plugin notifications in the view
  • Authors and contributors will now be notified when assigned a project
• Replace deprecated font-awesome-sass gem with vendor asset files
• Rule Engine: include rule name in upload console
• Subscriptions:
  • Load feed asynchronously
• Truncate long hostnames when viewing evidence in an issue
• Upgraded gems:
  • Rails
• Bugs fixed:
  • Fix attachments base64 encoding for filenames with symbols
  • Placeholder gravatars appear if gravatar is not available
  • SMTP file will take configuration precedence again
  • Update the HelpScout beacon in the instance admin
• Integration enhancements:
  • Remediation Tracker:
    • Add activity and comment feed
    • Users can now be subscribed to tickets
• Reporting enhancements:
  • Fix exporting formatting in content controls without Crazy Triangles
  • Fix exporting captions with non-alpha characters
  • Fix URLs breaking textile table formatting

• Upgraded DradisPro to run on Ruby 2.7.2 and Rails 6.1.2
• Add view hooks for the export view
• Increase secondary sidebar width for medium viewports
• Projects page: Add caching to speed up slow loading when thousands of projects are present
• Upgraded gems: bundler, papertrail, rails
• Bugs fixed:
  • Correct position of sticky editor toolbar in fullscreen source view
• Integration enhancements:
  • Integrate JIRA ticket/status details into Remediation Tracker
  • IssueLib: Add caching to speed up the issuelib table when thousands of entries are present
  • Add remote JIRA Comments to Issues#show and Tickets#show
• Security Fixes:
  • Medium: Authenticated (admin) persistent cross-site scripting in Business Intelligence Custom Properties search

• Disabled users enhancement
  • Allow admins to disable and re-enable users and contributors
  • Removed disabled users from comment mentions list
  • Stop disabled users from receiving notifications
• Main sidebar improvements:
  • Labels added under icons
  • Removed animations and transitions while expanding and collapsing
• Migrate bootstrap to v4
• Navbar dropdown menu's are no longer locked to the right side of the browser
• New item menu in sidebar: isolate Default entry (from template) with a divider
• Update logo assets
• Project owners can now be updated
• Bugs fixed:
  • Christmas easter egg Santa hat blocking clicks on input element plugins
  • Rules Engine: make sure tag auto-complete works on page render
• New integrations:
  • dradis-nipper
• Integration enhancements:
  • Allow viewable image attachments for Gateway contributors
  • IssueLib: ability to seed with the starter set
• Reporting enhancements:
  • Performance:
    • Re-work Word export processing top to bottom
    • Faster hyperlink processing
    • Faster numbering processing
    • Faster screenshot processing
  • Remove unused nested content controls from all resource types (issues, content blocks, evidence etc.)
  • Introducing the new and improved servicesEntries and ServicesTable content controls with full support for filtering and sorting
    • When nested inside a Node control you can get direct access to Services attributes with a servicesEntries control, and child attrbiute controls eg. Protocol, State, Port etc.
    • The existing services control that produces pre formatted table based data can now be labeled ServicesTable in your template
  • Enhance report export log in both the CLI, and Web Console
    • Indented log lines to enhance readability and make it simple to follow nested processing. ex. Evidence within a Node.
    • 🌈 Colors! Make use of colours to show
      • Green: when processing is successful
      • Yellow: when filters filter out all resources
      • Red: when something bad happens like a control has no placeholder
  • Word: Wrap exported screenshots inside a paragraph
  • Excel: Fix excel exports worksheet relationships
• REST/JSON API enhancements:
  • Add new endpoint to update project owner
• Security Fixes:
  Medium: Authenticated (author) persistent cross-site scripting

• Disabled users enhancement
  • Allow admins to disable and re-enable users and contributors
  • Removed disabled users from comment mentions list
  • Stop disabled users from receiving notifications
• Main sidebar improvements:
  • Labels added under icons
  • Removed animations and transitions while expanding and collapsing
• Migrate bootstrap to v4
• Navbar dropdown menu's are no longer locked to the right side of the browser
• New item menu in sidebar: isolate Default entry (from template) with a divider
• Update logo assets
• Project owners can now be updated
• Bugs fixed:
  • Christmas easter egg Santa hat blocking clicks on input element plugins
  • Rules Engine: make sure tag auto-complete works on page render
• New integrations:
  • dradis-nipper
• Integration enhancements:
  • Allow viewable image attachments for Gateway contributors
  • IssueLib: ability to seed with the starter set
• Reporting enhancements:
  • Performance:
    • Re-work Word export processing top to bottom
    • Faster hyperlink processing
    • Faster numbering processing
    • Faster screenshot processing
  • Remove unused nested content controls from all resource types (issues, content blocks, evidence etc.)
  • Introducing the new and improved servicesEntries and ServicesTable content controls with full support for filtering and sorting
    • When nested inside a Node control you can get direct access to Services attributes with a servicesEntries control, and child attrbiute controls eg. Protocol, State, Port etc.
    • The existing services control that produces pre formatted table based data can now be labeled ServicesTable in your template
  • Enhance report export log in both the CLI, and Web Console
    • Indented log lines to enhance readability and make it simple to follow nested processing. ex. Evidence within a Node.
    • 🌈 Colors! Make use of colours to show
      • Green: when processing is successful
      • Yellow: when filters filter out all resources
      • Red: when something bad happens like a control has no placeholder
• REST/JSON API enhancements:
  • Add new endpoint to update project owner

• Add a validation panel for Issues, Evidence, and Content Blocks
• Add a validation column for Issues and Evidence table
• Auto upload attachments and screenshots without requiring the use of the staging area
• Cards, Evidence, Issues, and Notes now have their own attachment support
• Displays a notification badge in the browser tab when there are unread notifications
• Editor: Allow drag & drop, copy & paste, and direct image uploading
• Increase the node properties column size by changing it to LONGTEXT
• Layout: Breadcrumbs have a fixed position
• Long dropdown menus are vertically scrollable
• Upload Manager: better validation
• Bugs fixed:
  • Live filtering of templates (methodologies, notes & projects) via sidebar
  • Use absolute send times in notification emails instead of relative
• Reporting enhancements:
  • Excel: Fix report generation exceeding the maximum cell limit
  • Word: Add NOT and OR operation for filtering content control
  • Word: Allow non-english localization documents to be exported
• Upgraded gems: rails
• Security Fixes:
• High: An authenticated author who is disabled by admins may no longer continue to use the API.

• Add a validation panel for Issues, Evidence, and Content Blocks
• Add a validation column for Issues and Evidence table
• Auto upload attachments and screenshots without requiring the use of the staging area
• Cards, Evidence, Issues, and Notes now have their own attachment support
• Displays a notification badge in the browser tab when there are unread notifications
• Editor: Allow drag & drop, copy & paste, and direct image uploading
• Increase the node properties column size by changing it to LONGTEXT
• Layout: Breadcrumbs have a fixed position
• Long dropdown menus are vertically scrollable
• Upload Manager: better validation
• Bugs fixed:
  • Live filtering of templates (methodologies, notes & projects) via sidebar
  • Use absolute send times in notification emails instead of relative
• Reporting enhancements:
• Excel: Fix report generation exceeding the maximum cell limit
• Word: Add NOT and OR operation for filtering content control
• Word: Allow non-english localization documents to be exported

• Add all activity view
• Give dynamic columns, sorting and filtering to project list table
• New Per-Tool Permissions
• Premier the new project permission panel for testers
• Introduce permission management for Issue Library, Rules Engine, and Remediation Tracker
• Remove inconsistent content blocks breadcrumb
• Render markup inside table columns
• Update top navigation link styles and collapsed menu
• Upgraded gems: rack, sanitize, sassc
• Bugs fixed:
  • Comments:
    • Removes the edit link while editing
    • Removes lingering comment borders after deleting comments
  • Fixes broken OVA and DUP upgrades on VM's running in ESXi
  • Prevent icon overlap of long headers in secondary sidebar
  • Prevent overflow of long unbroken table cell text
  • Prevent text overflow on to select arros
  • Word report generation no longer errors with extra document properties
  • Integration enhancements:
    • IssueLib: markup rendered in columns
  • Reporting enhancements:
    • Excel: add Tag column
    • Word: new AffectedCounter content control
    • Word: new AffectedList content control (on host per line)
    • Word: Update exported tables to have 100% width by default

• Add author to evidence and notes views
• Add dynamic columns, sorting and filtering to Projects list
• Add team name link to project navbar
• Adjust Uploads layout to provide more visibility to the output console
• Allow renaming and deleting boards through their dots menu
• Avoid browser pre-populating password fields when editing users
• Card improvements:
  • Not require a mandatory due date
  • Redirect to new url if the card has changed lists
  • Show board name and link in the Activity Feed
• Card, Evidence, Issue, and Note form data will not be lost even if the form is not saved
  • Clear the form when the “Cancel” link is clicked
  • Remove prompt to restore data and instead persist and restore any changes seamlessly
• Comments
  • Add Textile markup
  • Not lose changes even if the comment is not saved
  • Update comments feed to show author’s name instead of email
• Display note and evidence titles in breadcrumbs
• Display the Dots-menu in all views
• Editor improvements:
  • Formatting toolbar to help with markup
  • New form-view to edit each field individually
  • Side-by-side editor preview that auto-updates
• Generate consistent URLs in emails
• Increase the size of output console
• Let Admins be added or removed after a project is created
• Link to Methodology from project summary chart
• Move resource action links to dots-menu in breadcrumbs
• Persist the state of the navigation sidebar in projects while navigating across different views
• Remove tag color from issue titles in issue summary
• Update code element style
• Use shared noscript partial
• Use user model reference for activities instead of user email
• Upgraded gems: kaminari, puma, rack, rails, sass-rails, websocket-extensions
• Bugs fixed:
  • Allow Authors to set project permissions on project creation again
  • Fix Board partial broken structure
  • Fix ItemsTable extra whitespace causing unnecessary vertical scrolling
  • Fix Long items_table dropdown menus not scrollable
  • Fix Long project names interfering with search bar expansion
  • Fix breadcrumbs in cards under node boards
  • Fix textile preview not showing on issues with very long text
  • Initialize the editor toolbar and textile in mintcreek layout
  • Prevent repetitive prompt when images are pasted after navigating multiple views.
  • Prevent report ‘Download’ button becoming a disabled ‘Processing…’ button once clicked
  • Render Textile preview of issues with very long text
  • Render avatars in activity feed
  • Set :author when creating Evidence from an Issue
  • Show active state of Sidebar items properly
  • Bug tracker items: #560, #634
• Integration enhancements:
  • IssueLib: sortable columns
  • Nexpose: better cipher wrapping coverage
  • Nikto: support new nested niktoscan format
• Reporting enhancements:
  • Custom Properties are now updated on document open
  • Export into templates built with French-localised versions of Word
  • HTML reports now use main app’s markup rendering
• Security Fixes:
  • Medium: Authenticated persistent comments cross-site scripting
  • Low: Authenticated (admin) persistent methodology template cross-site scripting

• Update app to new Tylium layout
• Upgrade to Rails 5.2.4.1
• Added the ability for kits to update an instance's Plugin Manager templates
• Add revision history for cards
• Upgrade bundler
• Bugs fixed:
  • Updated support beacon. Legacy support was dropped for older versions
  • Fix errors on content overwrite flash messages
  • Fail and redirect to login instead of raising an error when attempting to log in as a user that has been removed
  • When a report export is invalid and errors we disable the the download button to prevent further errors
  • Fix the mail initializer not finding existing configuration settings from the db
  • Fix Cancel link path for the Note Edit page
  • Fix services_extras not being excluded from Excel exports
  • Fix Rule checking for non-existent fields
  • DUP Installation will properly apply Debian 10 assets to OVA's
  • OVA has removed invalid nameserver entries
• Integration enhancements:
  • CVSSv3 calculator provides access to all Temporal/Environmental fields.
• Reporting enhancements:
  • Add support for ellipsis
  • Better Evidence references on failed validations
• REST/JSON API enhancements:
  • Add team (team id, team name, team_since) in teams API endpoint
• Security Fixes:
  • High: Authenticated author can no longer continue to make project changes and will be logged out after being disabled by an admin
  • Medium: Prevent admins from updating other user's comments
  • Upgraded gems: puma

• Update app to new Tylium layout
• Upgrade to Rails 5.2.4.1
• Added the ability for kits to update an instance's Plugin Manager templates
• Add revision history for cards
• Bugs fixed:
  • Updated support beacon. Legacy support was dropped for older versions
  • Fix errors on content overwrite flash messages
  • Fail and redirect to login instead of raising an error when attempting to log in as a user that has been removed
  • When a report export is invalid and errors we disable the the download button to prevent further errors
  • Fix the mail initializer not finding existing configuration settings from the db
  • Fix Cancel link path for the Note Edit page
  • Fix services_extras not being excluded from Excel exports
  • Fix Rule checking for non-existent fields
• Integration enhancements:
  • CVSSv3 calculator provides access to all Temporal/Environmental fields.
• Reporting enhancements:
  • Add support for ellipsis
  • Better Evidence references on failed validations
• REST/JSON API enhancements:
  • Add team (team id, team name, team_since) in teams API endpoint
• Security Fixes:
  • High: Authenticated author can no longer continue to make project changes and will be logged out after being disabled by an admin
  • Medium: Prevent admins from updating other user's comments

• Email notifications
• Add notification settings to decide how often to get email notifications
• Add an smtp.yml config file to handle the SMTP configuration
• Preserve SMTP configuration on updates
• Various mention related improvements:
  • Enhance the mentions box in comments to close when it is open and the page is scrolled.
  • Fix bug that prevents the mentions dialog from appearing after navigating through the app.
  • Fixed elongated avatar images so they are round once again.
  • Added avatar images to mentions in comments.
  • Load gravatars for users who's email has been setup with gravatar.
• Add and update methodology download links to Dradis Portal
• Enhancement when adding new nodes to copy node label data between the single and multiple node forms.
• All tables can be sorted by column
• Bugs fixed:
  • Fix handling of pipe character in node property tables
  • Fix projects count not updating in teams view
  • Fix error on team page when showing primary team
  • Fix overflow issue where content would expand out of view
  • Fix page jump when issues list is collapsed
  • Fix conflicting version message when updating records with ajax
  • Fix hamburger dropdown menu functionality.
  • Fix node merging bug when `services_extras` properties are present
  • Fix cross-project info rendering
  • Prevent content block group names to be whitespaces only
  • Fix displaying of content blocks with no block groups
  • Limit project name length when viewing a project
  • Removed bullet style in node modals
  • Validate parent node project
• Integration enhancements:
  • Burp: Make `issue.severity` available at the Issue level
  • Nessus: Fixed bullet points formatting to handle internal text column widths
  • Nexpose: Wrap ciphers in code blocks
  • Netsparker: Fix link parsing of issue.external_references
  • Jira: Loading custom (required) fields from JIRA by IssueType and Project
• REST/JSON API enhancements:
  • Fix disappearing owner when assigning authors to a Project using the API
  • Set the "by" attribute for item revisions when using the API
• Security Fixes:
  • High: Authenticated (author) without permission to access a project may obtain info from that project using the API
  • Medium: Authenticated (author) mentioning an existing user outside of the project will subscribe that user to the note/issue/evidence
  • Upgraded gems: nokogiri (CVE-2019-13117)

• Allow nodes to have an associated methodology
• Highlight code snippets.
• Better new board form empty name handling
• Fix migration paths during database setup
• Collapsable sidebar in issues
• Collapsable sidebar in report content
• Better placeholder syntax in Issuelib
• Contributor dashboard redesign
• Fix screenshot validator when Textile screenshot links have captions
• Added Node merging feature
• REST/JSON API:
• New coverage: Tester users
• Word reports:
• Add CodeHighlight style support
• Add-on enhancements:
• Nexpose: Add risk-score attribute to nodes
• Nmap: Add port.service.tunnel field to the port template
• Remediation tracker: tickets can be assigned to testers and contributors, and contributors can see their tickets too.
• Security Fixes:
  • High: Authenticated (author) path traversal vulnerability
  • Medium: Authenticated (author) information disclosure
  • Low: Authenticated (admin) SQL Injection

• Allow nodes to have an associated methodology
• Highlight code snippets.
• Better new board form empty name handling
• Fix migration paths during database setup
• Collapsable sidebar in issues
• Collapsable sidebar in report content
• Better placeholder syntax in Issuelib
• Contributor dashboard redesign
• Fix screenshot validator when Textile screenshot links have captions
• Added Node merging feature
• REST/JSON API:
• New coverage: Tester users
• Word reports:
• Add CodeHighlight style support
• Add-on enhancements:
• Nexpose: Add risk-score attribute to nodes
• Nmap: Add port.service.tunnel field to the port template
• Remediation tracker: tickets can be assigned to testers and contributors, and contributors can see their tickets too.
• Security Fixes:
  • High: Authenticated (author) path traversal vulnerability
  • Medium: Authenticated (author) information disclosure
  • Low: Authenticated (admin) SQL Injection

• Added comments, subscriptions and notifications to notes
• Added comments, subscriptions and notifications to evidence
• Added comments, subscriptions and notifications to cards
• Pre-flight tool upload validator
• Fix default tags creation bug
• Allow numeric fields to be 0 when validating
• Fix BI engine load error (hook into model load and not ActiveRecord load)
• Fix overflow bug when editing report templates (issue sorting tab)
• Updated how add-ons hook into the main menu
• Fix error pages
• Renamed clients to teams in the backend
• Fix blockcode characters displaying incorrectly
• Fix red dot still being displayed on the first visit to the page that caused the single unread notification
• Fix wrong 'There are no comments' message
• Escape html in comments
• Track activities when multiple-creating evidence
• Fix BI custom project properties
• Better engine manifest hooks
• Keep lists and cards order when exporting as xml
• When errors found validating evidence, report with evidence id
• Add-on enchancements:
• Note and evidence comments in export/import in dradis-projects
• Fix usage of set_property to use set_service in nexpose plugin
• Netsparker: Update cleanup_html to format content + add new fields

• Add comments for issues
• Add notifications for comments
• Add subscriptions for issues in a project
• Nest the dradis elements under the project scope
• Add 'Send to...' menu for issues
• Add better handling of the Services table
• Use puma for the development and test server
• Remove resque dependency
• Improve redirect on Evidence#edit
• Alphabetically sort ContentBlocks
• Validate empty fields
• Fix exporting with bc.. prepended with a newline
• Fix password reset thor task
• Fix cookie overflow
• Fix license redirection
• Fix missing lists bug
• Add-on enhancements:
  • Add references and vulnerability_classifications fields in the Burp plugin
  • Fix formatting errors and hostname Node property in the Burp plugin
  • Fix vertical buttons for the CVSS calculator
  • Fix issue sorting in HTML export
  • Split services data in the Metasploit, Nessus, Nmap plugin
  • Update fields template in Nessus plugin
  • Add CVSS fields for the Netsparker plugin
  • Resolve nested duplicate content in Paragraph tags in the Nexpose plugin
  • Better handle finding `id`s in Nikto plugin
  • Smart table header for the IssueLibrary
• Bugs fixed: #102, #118, #321

In this release:

• Added bulk view (and multi delete) for a node's notes and evidences.
• Added the trash functionality to content blocks
• Added the Methodology tasks and content blocks to the search
• Added report content attachments
• Added validation for block groups with empty names
• Fixed nested lists in exported reports
• Fixed the multi-deletion of issues
• Fixed the ghost nodes issue
• Fixed the project import and export with missing users
• Add-on enhancements:
  • Added trend analysis for the Business Intelligence add-on
  • Added node properties to the Acunetix and Qualys plugin
  • Added metric-specific fields to the CVSS calculator
  • Fixed the encoding error for the Burp upload plugin
  • Fixed the export errors for the HTML export plugin
• Bugs fixed: #173, #349, #354

In this release:

• Added ContentBlock content control
• Added Attachments Box to Report Content pages
• Fixed bug when there was only one word/excel template to export

In this release:

• Added the content blocks feature
• Added delete option for document properties
• Added Excel export through the command line
• Added "Default for template" in Evidence multi-add form.
New add-on:
• Netsparker upload
Add-on enhancements:
• Allow .xlsx and .xlsm templates.
• Update Nessus plugin to include CVSSv3 fields
• Added HTTPS Support for the Mediawiki plugin
• Added content blocks service in dradis-plugins
• Bugs fixed: #150, #157, #332.

In this release:

• New Excel exporter
• New Report Content page for custom document properties
• v2 Methodology Admin templates
• Methodology actions included in the activity feed
• Independent scrolling for Methodology Lists
• User profile image in the navbar
• Word reports:
• IssueCounters nested in Nodes work as expected.
• New EvidenceCounter content controls.
• Fixed handling of array properties
• Add-on enhancements:
• Improved the Qualys plugin data representation
• Updated the Nexpose plugin with Evidence templates
• Improved the Nexpose plugin parsing issues
• Added mouseover details to the CVSSv3 calculator
• Improved to the Dradis Plugins Content Service
• Fixed Dradis Plugins import for extremely long descriptions
• Fix plugin upload and export thor task errors
• Bugs fixed: #119, #347

• Better support for security testing methodologies (see below)
  • Organize tasks in a Kanban board (we ❤️ Trello too!)
  • Provide additional context, gather results, or set a due date for each task.
  • Assign tasks to different team members.
  • Keep Notes and information on each task.
  • Export Methodology details into your reports.
• Merge multiple Issues in your project (see below)
• Local Profile Pics (not just Gravatars!)
• Redesigned error pages with the data you need for troubleshooting.
• Edit / delete links for Evidence, Issues, and Notes from the sidebar.
• Attachments HTTP API endpoint.
• Validate Evidence fields.
• Automatically generated Evidence Template.
• Add-on enhancements:
  • Updated Nessus Plugin to support files that are missing a plugin_output tag.
  • Updated Qualys Plugin to better handle tags in report content.
  • Updated Burp Plugin to detect non-base64 encoded files and binary request/response data.
  • Updated the Burp-Dradis connector to correct HTTPS errors.
• Word reports:
  • Methodology and Task content controls let you provide fine-grained information about your testing methodology as part of your deliverables.
• Fix XSS in Issues diff view.
• Bugs fixed: #84, #104, #164, #206, #280, #316

In this release:

• Trash feature to restore deleted content
• Hide expand button in Nodes tree when Node has no children
• Add multiple Nodes at the same time
• Select default Issue template
• Improved Project Validation error messages
• Performance upgrades (Russian doll caching)
• Add-on enhancements:
  • Updated Acunetix plugin to include CVSSv3 scores
  • Updated Nessus plugin to accomodate Severity Recasting
  • Updated Nmap plugin Services table and NSE data
• New add-ons:
  • Zed Attack Proxy (ZAP) upload
• Word reports:
  • Filter Evidence content controls
• Bugs fixed: #215, #256, #268, #327, #334, #336, #337, #338, #340

In this release:

• Project-wide search (see below)
• UI improvements (see below)
  • I18n support for tags (thanks @kulisu)
  • Validate on save
  • Optimistic locking
  • Evidence multi-add
• Copying of Report Template Properties
• Word reports
  • Better file extension handling in Windows
• Minor bug fixing.

In this release:

In this release:

• Full REST/JSON API coverage (documentation)
• Performance improvements: Rails 4.2, Ruby 2.2, memory monitoring.
• Fix bug in Activity Feed of project templates.
• Add-on enhancements
  • CSV: export evidence data, fix CLI integration
  • HTML: fix CLI integration
• Bugs fixed: #204, #319

In this release:

In this release:

• Fix tree navigation bug (#307)
• Fix "Add issue" behavior after searching in library
• Sort issues alphabetically in new Evidence form
• Always run uploads in the background
• Database performance improvements
• Jump to host / evidence from Issue (#299)

In v2.0.3

• Security fixes.

In v2.0.3

• Fixed bug in CSV export.

In v2.0.2

• Fixed bug in Upload Manager.

In v2.0.1

• Fixed bug in HTML export.

In v2.0.0

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • HTML export bug fixed
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Security fixes.

In v2.0.3

• Fixed bug in CSV export.

In v2.0.2

• Fixed bug in Upload Manager.

In v2.0.1

• Fixed bug in HTML export.

In v2.0.0

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • HTML export bug fixed
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Fixed bug in CSV export.

In v2.0.1

• Fixed bug in Upload Manager.
• Fixed bug in HTML export.

In v2.0.0

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • HTML export bug fixed
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• Fixed bug in Upload Manager
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • HTML export bug fixed
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • HTML export bug fixed
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Activity Feed: see what others are doing
• Content revisions: track and *diff* edits
• New Change Value action for the Rules Engine
• Open support ticket from the app
• Better issue Tagging support
• REST API: Clients and Projects
• Scheduled DB cleanup
• DB performance enhancements
• New add-ons
  • Brakeman Rails security
  • Metasploit Framework
• Word reports
  • Better handling of screenshots
  • Pre-export validator
  • Add .docx / .docm support CLI generation
  • Report template properties
• Plugin enhancements:
  • Acunetix issue identification accuracy
  • LDAP integration (Corporate plan)
  • NMap CLI bug fixed
  • NTOSpider additional data gathering
  • NTOSpider Plugin Manager bug fix
  • Qualys port and protocol information
• Security fixes

Bugs fixed: #223, #301, #303, #307b

In this release:

• Rules Engine add-on:
  • Tag findings depending on field values.
  • Replace finding body from entry in your Issue Library.
  • De-duplicate findings from multiple scanners.
• Lazy load of tree of nodes improves performance for large projects.
• Lazy load of evidence data to improve performance for large projects.
• Node properties / node types
• Fixed regression in HTML export.
• Include issue tags in project export / import.
• Offline mode for user avatars.
• New clean and modern admin UI
• Upload Manager and Export Manager use the unified project UI
• Word reports
  • IssueCounter control - count Issues with filters (e.g. how many Highs?)
  • Better support for custom properties.
  • Pre-export validator
  • Native support for .docx and .docm
  • Better concurrency support
  • I18n fixes.
  • Report template properties (e.g. CVSS sorting).
• Plugin enhancements:
  • New Acunetix plugin.
  • New NTOSpider plugin.
  • Burp Evidence template.
  • Nexpose Evidence template.
  • Added support for OpenVAS v7.

Bugs fixed: #14, #57, #126, #128, #131, #141, #145, #165, #184, #189, #197, #205, #212, #238,

Security fixes:

• HIGH: an authenticated path traversal bug affecting attachments.

In v1.11.1

• Enhancements to the tagging of Issues/Evidence
• Enhancements to reporting engine:
  • Support for numbered lists
  • Support for bullet point lists
  • Support for hyperlinks

In v1.11.0

• Bulk tagging and deleting of Issues.
• Performance improvements for large projects.
• Report generation now takes place in the background.
• Project methodology editor.
• Onboarding tour.
• Finally removed the Old interface, long live the New interface!
• Word reports
  • Filter issues by tag in the report.
  • Fix aspect ratio of screenshots.
  • Word reports: add support for screenshots with spaces in their filenames.
  • Better support for formatting within tables.
• Improved Support / Diagnostics.
• Fixed regression on 'Move node' operation.
• Added support for custom gemified plugins.
• Fix orphaned tags problem.
• Fix permissions issue for background workers.
• Fix regression in methodologies module.

Bugs fixed: #20, #24, #50, #52, #55, #74, #142, #143, #146, #147, #151 #159

Relevant guides

Upgrade guide

Working with projects

Custom Word reports

This is a small release that introduces some handy features:

• Enhancements to the tagging of Issues/Evidence
• Enhancements to reporting engine:
  • Support for numbered lists
  • Support for bullet point lists
  • Support for hyperlinks

In v1.11.0

• Bulk tagging and deleting of Issues.
• Performance improvements for large projects.
• Report generation now takes place in the background.
• Project methodology editor.
• Onboarding tour.
• Finally removed the Old interface, long live the New interface!
• Word reports
  • Filter issues by tag in the report.
  • Fix aspect ratio of screenshots.
  • Word reports: add support for screenshots with spaces in their filenames.
  • Better support for formatting within tables.
• Improved Support / Diagnostics.
• Fixed regression on 'Move node' operation.
• Added support for custom gemified plugins.
• Fix orphaned tags problem.
• Fix permissions issue for background workers.
• Fix regression in methodologies module.

Bugs fixed: #20, #24, #50, #52, #55, #74, #142, #143, #146, #147, #151 #159

Relevant guides

Upgrade guide

Working with projects

Custom Word reports

A small yet powerful update:

• Bulk tagging and deleting of Issues.
• Performance improvements for large projects.
• Report generation now takes place in the background.
• Project methodology editor.
• Onboarding tour.
• Finally removed the Old interface, long live the New interface!
• Word reports
  • Filter issues by tag in the report.
  • Fix aspect ratio of screenshots.
  • Word reports: add support for screenshots with spaces in their filenames.
  • Better support for formatting within tables.
• Improved Support / Diagnostics.
• Fixed regression on 'Move node' operation.
• Added support for custom gemified plugins.
• Fix orphaned tags problem.
• Fix permissions issue for background workers.
• Fix regression in methodologies module.

Bugs fixed: #20, #24, #50, #52, #55, #74, #142, #143, #146, #147, #151 #159

Relevant guides

Upgrade guide

Working with projects

Custom Word reports

• Minor bug fixing
• New Support menu with links to open ticket, Chat, the forum, etc.

In v1.10.1

• Make HTML reports compatible with Export Manager
• Export project Issues to HTML reports
• New markup cheat-sheet in the editor
• Word custom properties always populated automatically (no need to "Update field..")

Bugs fixed: #70, #89, #134, #135

In v1.10.0

A fully functional 'New interface' including:

• Methodology progress summary.
• Issue summary chart.
• Taggable issues.
• Rename nodes.
• Move nodes.
• Assign note categories.

Bugs fixed: #43, #44, #64, #65, #72, #75, #77, #85, #87, #94, #97, #101, #104, #110, #112, #113, #118, #121

Relevant guides

Upgrade guide

• Make HTML reports compatible with Export Manager
• Export project Issues to HTML reports
• New markup cheat-sheet in the editor
• Word custom properties always populated automatically (no need to "Update field..")

References

Bugs fixed: #70, #89, #134, #135

Upgrade guide

A fully functional 'New interface' including:

• Methodology progress summary.
• Issue summary chart.
• Taggable issues.
• Rename nodes.
• Move nodes.
• Assign note categories.

References

Bugs fixed: #43, #44, #64, #65, #72, #75, #77, #85, #87, #94, #97, #101, #104, #110, #112, #113, #118, #121

Upgrade guide

Bugfix release:

• Sort nodes in Word export (i.e. IP addresses appear sorted)
• Project export/upload problem (due to an issue in our Zip library)
• Various performance improvements for large projects

References

https://groups.google.com/forum/#!topic/dradis-pro/e5JD0ntcGd8

https://groups.google.com/forum/#!topic/dradis-pro/iP9Z-kmb4II

Upgrade guide

Fixes two reporting issues introduced in 1.9.0 and the Ruby 2.0 stack:

• The Symbol into Integer conversion error
• Screenshots not being shown (due to an issue in our Zip library)

References

http://github.com/securityroots/dradispro-tracker/issues/60

http://github.com/securityroots/dradispro-tracker/issues/81

https://groups.google.com/forum/#!topic/dradis-pro/xDqg1tyjKI0

General

• Redesigned interface (see blog post).
• New management console and upgrade process.
• A faster, more reliable stack.
• Drag’n'drop report template manager (read more).
• Add methodologies and checklists to your project templates.
• Add evidence templates (#59)
• Fixed a bug that prevented Methodologies from working as expected(#46)
• Fixed a bug that prevented URLs from being autodetected and hyperlinked(#47)

Reporting

• Custom Word tables (blog post, guide)
• Mix Issues as Notes throughout the template
• Enhance the engine to support Issues and Notes (#7)
• Add support for stand-alone Evidence controls (#51)

Plugins

• Make OpenVAS plugin compatible with v6 (#26)
• Fixed a bug in Burp plugin that prevented certain files from being parsed (#33)
• Fixed a bug in the Project plugin that caused issues to appear multiple times after importing a project template (#34)