16 February 2022, v2.2.3
This is the final release of v2.2.3. This release contains everything from the release candidates with the addition of some minor changes. This page contains a complete changelog from v2.2.3-rc1, v2.2.3-rc2, and v2.2.3.
- Expanded user profiles for project management and planning
- Now visible to all users under /users/
- Include timezone and phone number fields -Users can now edit their profiles to update their preferred name, phone, timezone, and email address
- Fixed display of minutes for project working hours
- Fixed "incomplete file" issue when attempting to download a report template
- Fixed report archiving failing to write zip file
- Fixed toast messages not showing up when swapping report templates
- Fixed sidebar tab appearing below delete confirmations
- Fixed cloud server forms requiring users to fill in all auxiliary IP addresses
- Fixed project serialization issue that prevented project data from loading automatically for domain and server checkout forms
- Fixed active project filtering for the list in the sidebar so it will no longer contain some projects marked as completed
- Fixed a rare reporting error that could occur if the WYSIWYG editor created a block of nested HTML tags with no content
- Fixed ignore tags not working for Digital Ocean assets
- Fixed an error caused by cascading deletes when deleting a report under some circumstances
- Fixed template linter not recognizing phone numbers for project team members as valid (Fixes #190)
- Fixed a rare reporting issue related to nested lists that could occur if a nested list existed below an otherwise blank list item
- Updated project list filtering
- Added client name as a filter field
- Changed default display filter to only show active projects
- Adjusted project status filter to have three options: all projects, active projects, and completed projects
- Updated dashboard and calendar to show past and current events for browsing history within the calendar
- Past events marked as completed will appear dimed with a strikethrough and
: Completeadded to the end
- Upgraded dependencies to their latest versions (where possible)
- Django v3.1.13 -> v3.2.11
- Did not upgrade
docxtpl- Not upgrading from 0.12 to the latest 0.15.2 has no effect on Ghostwriter at this time
- Collapsed the
Domainmodel's various categorization fields into a singlecategorizationfield with PostgreSQL'sJSONFieldtype- An important milestone/change for the upcoming GraphQL API
- Categorization is no longer limited to specific vendors
- Going forward, the field can be manually updated with valid JSON
- Ghostwriter will look for JSON formatted as a series of keys and values:
{"COMPANY": "CATEGORY", "COMPANY": "CATEGORY",}
- Converted the
ReportTemplatemodel'slint_resultfield to a PostgreSQLJSONField- An important milestone/change for the upcoming GraphQL API
- This change increases reliability and performance by removing any need to transform a string representation back into a
dict - Little to no impact on users but templates may need to be linted again after the upgrade
- If a template is affected, the status will change to "Unknown" with a single warning note: "Need to re-run linting following your Ghostwriter upgrade"
- Converted the
Domainmodel'sdns_recordfield to a PostgreSQLJSONFieldand renamed it todnsfor simplicity- An important milestone/change for the upcoming GraphQL API
- This change increases reliability and performance by removing any need to transform a string representation back into a
dict - This field was always intended to be edited only by the server, so this change should not require any actions before or after upgrading
- If an existing record's DNS data cannot be converted to JSON it will be cleared and user's can re-run the DNS update task
- Added a "sticky" sidebar tracker to user sessions so the sidebar will stay open or closed between visits and page changes
- Removed the legacy
health_dnsfield from theDomainmodel- This field was part of the original Shepherd project and was an interesting experiment in using passive DNS monitoring to try to determine if a domain was "burned"
- It became mostly irrelevant when services that supported this feature (e.g., eSentire's Cymon) were retired
- Changed some code that will be deprecated in future versions of Django v4.x and Python Faker
- Made it possible to sort the report template list
- Sorting on this table is reversed so clicking "Status" once will sort templates with passing linter checks first
- Updated the admin panel to make it easier to manage domains for those who prefer the admin panel
- Projects now sort in reverse so the most recent projects appear first
- Updated the report selection section of the sidebar to make it easier to switch reports when working on multiple and navigate to your current report
- The logging API key message now includes the project ID to make it easier to set up a tool like mythic_sync
- Removed the "Upload Evidence" button from editors where it does not apply (e.g., in the Finding Library outside of a report) (Fixes #185)
- Updated the Namecheap sync task to use paging so Namecheap libraries with more than 100 domains can be fully synced (Fixes #188)
- Dashboard once again has a "Project Assignments" card to make it easier to see and click projects
- The calendar remains on the dashboard and is still clickable, but some people found it less intuitive as a shortcut
- Some general code clean-up for maintainability
- Updated Django to v3.2.11 as v3.1 is no longer supported and considered "insecure" going forward
- Fixed unauthenticated access to domain and server library exports
- Updated TinyMCE to v5.10.1 to address several moderate security issues with <5.10