Release: v2.3.0-rc1

[chrismaddalena]

[2.3.0-rc1] - 2022-04-01

Added

• User profiles now have a role field for managing permissions in the upcoming GraphQL API
• Added components for upcoming GraphQL API that are only available with local.yml for testing in development environments
  • New Docker container for Hasura GraphQL engine
  • Work-in-progress Hasura metadata for the GraphQL API
  • New HASURA_ACTION_SECRET environment variable in env templates
  • New utilities for generating and managing JSON Web Tokens for the GraphQL API
• Added support for block quotes in report templates and WYSIWYG editor
• Added ProjectInvite and ClientInvite models to support upcoming role-based access controls
• Added a menu option to export a project scope to a text file from the project dashboard
  • Exports only the scope list for easy use with other tools–e.g., Nmap

Changed

• Disabled L10N by default in favor of using DATE_FORMAT for managing the server's preferred date format (closes Error: Encountered an error generating the document: time data fév. 4, 2022 does not match format %b. %d, %Y (french language) #193)
• Updated env templates with a DATE_FORMAT configuration for managing your preferred format
  • See updated installation documentation on ghostwriter.wiki
• User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
• Updated nginx.conf to align it with Mozilla's recommendations for Nginx v1.21.1 and OpenSSL 1.1.1l (closes Align nginx config with Mozilla Guideline 5.4 #53)
  • See config: https://ssl-config.mozilla.org/#server=nginx&version=1.21.1&config=intermediate&openssl=1.1.1l&ocsp=false&guideline=5.6
• Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
• Domain list table now shows an "Expiry" column and "Categories" column now parses the new categorization JSON field data
• Domain list filtering now includes a "Filter Expired" toggle that on by default
  • Filters out domains with expiration dates in the past and auto_renew set to False even if status is set to "Available"
• The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
• Simplified usage of the format_datetime filter
  • Filter now accepts only two arguments: the date and the new format string
  • Format string should use Django values (e.g., M d, Y) instead of values translated to Python's standard (e.g., %b %d, %Y)
• Simplified usage of the add_says filter
  • Filter now accepts only two arguments: the date and an integer

Deprecated

• v2.2.x usage of the format_datetime and add_days filters is deprecated in v2.3.0
  • Both filters will no longer accept Python-style strftime strings
  • Both filters no longer needs or accepts the current_format and format_str parameters
  • Templates using the old style will fail linting

Removed

• Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information

Fixed

• Bumped djangorestframework-api-key to v2.2.0 to fix REST API key creation (closes Unable to create oplogs (error in creating a new API key) #197)
• Overrode Django's get_full_name() method used for the admin site so the user's proper full name is displayed in history logs
• Fixed project dashboard's "Import Oplog" button not pointing to the correct URL
• Fixed URL conflicts with export links for domains, servers, and findings

Security

• Restricted edit and delete actions

[codecov-commenter]

Codecov Report

Merging #206 (3a4cbfd) into master (3969bc8) will increase coverage by 4.57%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #206      +/-   ##
==========================================
+ Coverage   76.96%   81.53%   +4.57%     
==========================================
  Files          38       38              
  Lines        4961     5096     +135     
==========================================
+ Hits         3818     4155     +337     
+ Misses       1143      941     -202     

Impacted Files	Coverage Δ
ghostwriter/home/views.py	100.00% <ø> (+46.21%)	⬆️
ghostwriter/reporting/views.py	71.25% <100.00%> (+3.61%)	⬆️
ghostwriter/rolodex/models.py	100.00% <100.00%> (ø)
ghostwriter/rolodex/views.py	42.02% <100.00%> (+6.54%)	⬆️
ghostwriter/shepherd/views.py	71.09% <100.00%> (+4.21%)	⬆️
ghostwriter/users/views.py	100.00% <100.00%> (+27.64%)	⬆️
ghostwriter/utils.py	100.00% <100.00%> (+78.37%)	⬆️
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3969bc8...3a4cbfd. Read the comment docs.