4 April 2022, v2.3.0-rc1
This is the first release candidate for v2.3.0 which features the GraphQL API for testing and feedback.
- User profiles now have a
role
field for managing permissions in the upcoming GraphQL API - Added components for upcoming GraphQL API that are only available with local.yml for testing in development environments
- New Docker container for Hasura GraphQL engine
- Work-in-progress Hasura metadata for the GraphQL API
- New
HASURA_ACTION_SECRET
environment variable in env templates - New utilities for generating and managing JSON Web Tokens for the GraphQL API
- Added support for block quotes in report templates and WYSIWYG editor
- Added
ProjectInvite
andClientInvite
models to support upcoming role-based access controls - Added a menu option to export a project scope to a text file from the project dashboard
- Exports only the scope list for easy use with other tools–e.g., Nmap
- Disabled
L10N
by default in favor of usingDATE_FORMAT
for managing the server's preferred date format (closes #193) - Updated env templates with a
DATE_FORMAT
configuration for managing your preferred format- See updated installation documentation on ghostwriter.wiki
- User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
- Updated nginx.conf to align it with Mozilla's recommendations for nginx v1.21.1 and OpenSSL 1.1.1l
- Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
- Domain list table now shows an "Expiry" column and "Categories" column now parses the new
categorization
JSON field data - Domain list filtering now includes a "Filter Expired" toggle that is on by default
- Filters out domains with expiration dates in the past and
auto_renew
set toFalse
even if the status is set to "Available"
- The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
- Simplified usage of the
format_datetime
filter- Filter now accepts only two arguments: the date and the new format string
- The format string should use Django values (e.g.,
M d, Y
) instead of values translated to Python's standard (e.g.,%b %d, %Y
)
- Simplified usage of the
add_says
filter- Filter now accepts only two arguments: the date and an integer
- v2.2.x usage of the
format_datetime
andadd_days
filters is deprecated in v2.3.0- Both filters will no longer accept Python-style
strftime
strings - Both filters no longer needs or accepts the
current_format
andformat_str
parameters - Templates using the old style will fail linting
- Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information
- Bumped
djangorestframework-api-key
to v2.2.0 to fix REST API key creation (closes #197) - Overrode Django's
get_full_name()
method used for the admin site so the user's proper full name is displayed in history logs - Fixed project dashboard's "Import Oplog" button not pointing to the correct URL
- Fixed URL conflicts with export links for domains, servers, and findings
- Restricted edit and delete actions on notes to close possibility of other users editing or deleting notes they do not own