1.7.0

More info in our blog: https://medium.com/@we-are-faction/owasp-faction-1-7-major-updates-for-enterprise-security-teams-aa205cef68e7

🚀 Upgrades 🚀

• Added the manager dashboard
• Expanded the Markdown Syntax
• Added the ${Figure#.#} variable for captions
• Automatically add borders to images
• Added CVE Searching
• Updated the Status Workflow
• Expanded the REST API

🐛 Bugfixes 🐛

• Fixed issue with vulnerability severities getting replaced when CVSS was not suppoed via the API #110
• Fixed issues with custome variable updating via the API (#113 , #114 )
• Generated report would add extra spaces around images
• Fixed Chart colors shown incorrectly in Assessments
• Fixed App Extensions running after they were disabled
• Fixed Reports breaking when remediation user was removed
• Fixed issue with editing assessments
• Fixed Permission issue where users in the teamOnly and assessmentOnly roles could download reports ( #111 )

New Contributors

• @skit-cyber-security made their first contribution in #110

Full Changelog: 1.6.8...1.7.0

1.6.8

🚀 Upgrades 🚀

• Adding UserDefined Variables to Vulnerability Templates
• Improved Calendar Features for Report Outs

🐛 Bugfixes 🐛

• Report generation was not fully working in 1.6.7
• User-defined variables not saving when a new vuln is created
• Som features were broken for the manager role
• Fixing hyperlink issues in report generation
• Fixed CVSS Scoring issue #108

Full Changelog: 1.6.7...1.6.8

1.6.7

🚀 Upgrades 🚀

• More reliable centering of images
  🐛 Bugfixes 🐛
• Manager Role was not able to properly view assessments
• Editing an assessment after it was created would wipe out preset custom variables.
• Fixing extra space around images

Fixed an issue where variables in hyperlink text would not properly link when replaced
Fixed issue where variables that contain special chars could break the report generation by placing bad chars in xml tags.

1.6.6

🚀 Upgrades 🚀

• Added Custom Date formatting to variables. ${today} can now be ${today dd/MM/yyyy}. This applies to all built in date variables in faction. (today, asmtStart, asmtEnd)
• Added Better hyper link functionality. If you want a custom variable to be a link you must put it in a hyperlink field in the template and append "link" to the variable. Example: ${cfAffectedURL link}
• Added automatic linking for CVSS Vectors to first.org. To use this change the variable ${cvssString} to ${cvssString link}. Depending on your choose in Faction of CVSS 3.1 or CVSS 4.0, it will automatically link the CVSS string.

Full Changelog: 1.6.4...1.6.6

1.6.4

🚀 Upgrades 🚀

• Allow Editing of Custom Variables after they have been created.
• Better handling of deleted Custom Variables

🐛 Bugfixes 🐛

• Fixed an issue where variables in hyperlink text would not properly link when replaced
• Fixed issue where variables that contain special chars could break the report generation by placing bad chars in xml tags.

Full Changelog: 1.6.3...1.6.4

1.6.2

🐛 Bugfixes 🐛

• Fixed bug Introduced in 1.6.1 that prevented custom variables from rendering in paragraphs

Full Changelog: 1.6.1...1.6.2

1.6.1

🚀 Upgrades 🚀

• Custom URLs for SSO
• Cleaned up how Custom Variables show in assessments
• Adding 'Underline' to Text Editors and custom markdown to support 'Underlines'
• Dynamic Saving of Custom Fields on the Summary pages
• Added ability to clear all notifications
• Added an additional REST API endpoint for getting assessment stats.

🐛 Bugfixes 🐛

• Fixed issues with output encoding on some pages
• Fixed issue in custom fields that would break JSON when a double quote was added
• Fixed issue where Custom Fields not working correctly with extensions

Full Changelog: 1.5.2...1.6.1

1.5.2

🚀 Upgrades 🚀

• SAML Single Sign On Integration
• Short links instead of base64 image blobs in the markdown editors

🐛 Bugfixes 🐛

• Some report generation edge cases would break the UI and prevent scheduling or editing the assessment.

Full Changelog: 1.5.1...1.5.2

1.5.1

🐛 Bugfixes 🐛

• Fixed reporting issue introduced in v1.5.0 that would break reports if smaller report was generated after a large report on the same assessment

Full Changelog: 1.5.0...1.5.1

1.5.0

🐛 Bugfixes 🐛

• Possible Breaking Change: Fixed an issue where large reports would fail due to a limitation in the size of BSON objects in Mongo. This fix was made to be backwards compatible but there may be some edge cases we did not test.

Full Changelog: 1.4.4...1.5.0