4 April 2022, v2.3.0-rc1
v2.3.0
This is the first release candidate for v2.3.0 which features the GraphQL API for testing and feedback.
Added
User profiles now have a
role
field for managing permissions in the upcoming GraphQL APIAdded components for upcoming GraphQL API that are only available with local.yml for testing in development environments
New Docker container for Hasura GraphQL engine
Work-in-progress Hasura metadata for the GraphQL API
New
HASURA_ACTION_SECRET
environment variable in env templatesNew utilities for generating and managing JSON Web Tokens for the GraphQL API
Added support for block quotes in report templates and WYSIWYG editor
Added
ProjectInvite
andClientInvite
models to support upcoming role-based access controlsAdded a menu option to export a project scope to a text file from the project dashboard
Exports only the scope list for easy use with other tools–e.g., Nmap
Changed
Disabled
L10N
by default in favor of usingDATE_FORMAT
for managing the server's preferred date format (closes #193)Updated env templates with a
DATE_FORMAT
configuration for managing your preferred formatSee updated installation documentation on ghostwriter.wiki
User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
Updated nginx.conf to align it with Mozilla's recommendations for nginx v1.21.1 and OpenSSL 1.1.1l
Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
Domain list table now shows an "Expiry" column and "Categories" column now parses the new
categorization
JSON field dataDomain list filtering now includes a "Filter Expired" toggle that is on by default
Filters out domains with expiration dates in the past and
auto_renew
set toFalse
even if the status is set to "Available"
The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
Simplified usage of the
format_datetime
filterFilter now accepts only two arguments: the date and the new format string
The format string should use Django values (e.g.,
M d, Y
) instead of values translated to Python's standard (e.g.,%b %d, %Y
)
Simplified usage of the
add_says
filterFilter now accepts only two arguments: the date and an integer
Deprecated
v2.2.x usage of the
format_datetime
andadd_days
filters is deprecated in v2.3.0Both filters will no longer accept Python-style
strftime
stringsBoth filters no longer needs or accepts the
current_format
andformat_str
parametersTemplates using the old style will fail linting
Removed
Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information
Fixed
Bumped
djangorestframework-api-key
to v2.2.0 to fix REST API key creation (closes #197)Overrode Django's
get_full_name()
method used for the admin site so the user's proper full name is displayed in history logsFixed project dashboard's "Import Oplog" button not pointing to the correct URL
Fixed URL conflicts with export links for domains, servers, and findings
Security
Restricted edit and delete actions on notes to close possibility of other users editing or deleting notes they do not own
Last updated