4 April 2022, v2.3.0-rc1

v2.3.0
Release Ghostwriter v2.3.0-rc1 · GhostManager/Ghostwriter
GitHub
This is the first release candidate for v2.3.0 which features the GraphQL API for testing and feedback.
Added
User profiles now have a role field for managing permissions in the upcoming GraphQL API
Added components for upcoming GraphQL API that are only available with local.yml for testing in development environments
New Docker container for Hasura GraphQL engine
Work-in-progress Hasura metadata for the GraphQL API
New HASURA_ACTION_SECRET environment variable in env templates
New utilities for generating and managing JSON Web Tokens for the GraphQL API
Added support for block quotes in report templates and WYSIWYG editor
Added ProjectInvite and ClientInvite models to support upcoming role-based access controls
Added a menu option to export a project scope to a text file from the project dashboard
Exports only the scope list for easy use with other tools–e.g., Nmap
Changed
Disabled L10N by default in favor of using DATE_FORMAT for managing the server's preferred date format (closes #193)
Updated env templates with a DATE_FORMAT configuration for managing your preferred format
See updated installation documentation on ghostwriter.wiki
User profiles now only show the user's role, groups, and Ghostwriter user status to the profile owner
Updated nginx.conf to align it with Mozilla's recommendations for nginx v1.21.1 and OpenSSL 1.1.1l
See config: https://ssl-config.mozilla.org/#server=nginx&version=1.21.1&config=intermediate&openssl=1.1.1l&ocsp=false&guideline=5.6​
Toast messages for errors are no longer sticky so they do not have to be manually dismissed when covering UI elements
Domain list table now shows an "Expiry" column and "Categories" column now parses the new categorization JSON field data
Domain list filtering now includes a "Filter Expired" toggle that is on by default
Filters out domains with expiration dates in the past and auto_renew set to False even if the status is set to "Available"
The table on the domain list page and the menu on the domain details page will no longer disable the check out option if a domain's status is set to "Burned"
Simplified usage of the format_datetime filter
Filter now accepts only two arguments: the date and the new format string
The format string should use Django values (e.g., M d, Y) instead of values translated to Python's standard (e.g., %b %d, %Y)
Simplified usage of the add_says filter
Filter now accepts only two arguments: the date and an integer
Deprecated
v2.2.x usage of the format_datetime and add_days filters is deprecated in v2.3.0
Both filters will no longer accept Python-style strftime strings
Both filters no longer needs or accepts the current_format and format_str parameters
Templates using the old style will fail linting
Removed
Removed "WHOIS Privacy" column on domain list page to make room for more pertinent information
Fixed
Bumped djangorestframework-api-key to v2.2.0 to fix REST API key creation (closes #197)
Overrode Django's get_full_name() method used for the admin site so the user's proper full name is displayed in history logs
Fixed project dashboard's "Import Oplog" button not pointing to the correct URL
Fixed URL conflicts with export links for domains, servers, and findings
Security
Restricted edit and delete actions on notes to close possibility of other users editing or deleting notes they do not own
Last modified 1yr ago