4 April 2022, v2.3.0-rc1

v2.3.0

Release Ghostwriter v2.3.0-rc1 · GhostManager/Ghostwriter
GitHub
This is the first release candidate for v2.3.0 which features the GraphQL API for testing and feedback.

Added

  • User profiles now have a role field for managing permissions in the upcoming GraphQL API
  • Added components for upcoming GraphQL API that are only available with local.yml for testing in development environments
    • New Docker container for Hasura GraphQL engine
    • Work-in-progress Hasura metadata for the GraphQL API
    • New HASURA_ACTION_SECRET environment variable in env templates
    • New utilities for generating and managing JSON Web Tokens for the GraphQL API
  • Added support for block quotes in report templates and WYSIWYG editor
  • Added ProjectInvite and ClientInvite models to support upcoming role-based access controls
  • Added a menu option to export a project scope to a text file from the project dashboard
    • Exports only the scope list for easy use with other tools–e.g., Nmap

Changed

  • Disabled L10N by default in favor of using DATE_FORMAT for managing the server's preferred date format (closes #193)
  • Updated env templates with a DATE_FORMAT configuration for managing your preferred format
    • See updated installation documentation on ghostwriter.wiki
  • User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
  • Updated nginx.conf to align it with Mozilla's recommendations for nginx v1.21.1 and OpenSSL 1.1.1l
  • Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
  • Domain list table now shows an "Expiry" column and "Categories" column now parses the new categorization JSON field data
  • Domain list filtering now includes a "Filter Expired" toggle that is on by default
    • Filters out domains with expiration dates in the past and auto_renew set to False even if the status is set to "Available"
  • The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
  • Simplified usage of the format_datetime filter
    • Filter now accepts only two arguments: the date and the new format string
    • The format string should use Django values (e.g., M d, Y) instead of values translated to Python's standard (e.g., %b %d, %Y)
  • Simplified usage of the add_says filter
    • Filter now accepts only two arguments: the date and an integer

Deprecated

  • v2.2.x usage of the format_datetime and add_days filters is deprecated in v2.3.0
    • Both filters will no longer accept Python-style strftime strings
    • Both filters no longer needs or accepts the current_format and format_str parameters
    • Templates using the old style will fail linting

Removed

  • Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information

Fixed

  • Bumped djangorestframework-api-key to v2.2.0 to fix REST API key creation (closes #197)
  • Overrode Django's get_full_name() method used for the admin site so the user's proper full name is displayed in history logs
  • Fixed project dashboard's "Import Oplog" button not pointing to the correct URL
  • Fixed URL conflicts with export links for domains, servers, and findings

Security

  • Restricted edit and delete actions on notes to close possibility of other users editing or deleting notes they do not own
Copy link
On this page
v2.3.0
Added
Changed
Deprecated
Removed
Fixed
Security