Skip to content

v1.1.0 — stable release

Latest
Latest

Choose a tag to compare

View all tags
@Vasco0x4 Vasco0x4 released this 15 Apr 16:24
· 31 commits to main since this release
v1.1.0
5b985b4

What's new in v1.1.0

This release marks the end of the alpha phase. The platform is significantly more stable, secure, and feature-complete than the initial release.

Security

  • Full JWT authentication system — admin/user roles, first-run setup wizard, force password change on first login
  • API key for CLI/MCP — login once, reuse until expiry
  • Auto-generated SECRET_KEY on first launch (no more hardcoded default)
  • Docker socket proxy — restricts container API access, prevents escape
  • PostgreSQL bound to localhost only
  • Path traversal prevention on assessment names
  • shlex.quote sanitization on all shell commands
  • CORS tightened — wildcard * rejected at startup

Features

  • PDF report generation — export any assessment as a professional report
  • CVSS 4.0 scoring — automatic score calculation on findings cards
  • Attack timeline — auto-generated event log per assessment
  • Notifications — Telegram, Slack, Email with optional PDF attachment
  • Assessment templates — start from predefined methodologies
  • aida-pentest container — built-in lightweight pentesting environment (~2 GB), no Exegol required
  • LAN / production mode — Nginx reverse proxy via ./start.sh --lan
  • Docker Hub imagesdocker-compose.hub.yml for zero-build installs
  • python_exec MCP tool — run Python directly in the container
  • http_request MCP tool — structured HTTP requests from AI workflows
  • Duplicate assessment — clone with granular copy options
  • Kimi CLI support — alternative to Claude in aida.py
  • User management — admin-only page, password reset, role toggle
  • Alembic migrations — proper DB schema versioning

Fixes

  • Pydantic validation errors displayed in modals (not swallowed)
  • Real-time WebSocket updates on Dashboard and Commands page
  • Container discovery fallback when configured container is unavailable
  • CORS configuration for LAN/network access
  • Various UI polish (focus rings, filter resets, popup close on outside click)

Deployment note

Run locally or on your LAN. Do not expose the web interface to the public internet without HTTPS, a firewall, and strong credentials in .env.

What's Changed

  • feat: replace Exegol with lightweight aida-pentest container by @Vasco0x4 in #7
  • feat: add Qwen Code CLI support to AIDA launcher by @Hatook257 in #6
  • auth hardening, user roles, timeline, notifications, templates & search by @Vasco0x4 in #16
  • feat: platform enhancements — timeline, notifications, templates, search filters by @kuffsit in #8
  • chore(deps): bump axios from 1.12.2 to 1.15.0 in /frontend by @dependabot[bot] in #17

New Contributors

Contributors

dependabot, Vasco0x4, and 2 other contributors
Assets 2
Loading
0 Join discussion