v1.1.0
Introduction
Welcome to the first release of OpenKAT after we let her play out in the real world under the EU PL 1.2 license. The response has been fantastic, many thanks for this.
The goal of this release is to give OpenKAT nice and round edges in many areas that were a bit rough, reduce dependencies, make Octopoes persistent, introduce the debian packages etc: basically to improve OpenKAT in all corners. Also, OpenKAT now uses Manon open for the front end design.
It also includes some fixes that should warrant a more smooth installation. Please share your experience @ [email protected]
Before you upgrade your current installation please follow the advice below:
IMPORTANT
Make sure that your DB has no users with the same email address before migrating.
Delete your .env file in the main directory before making, or make sure that your .env contains all new variables. SCHEDULER_DB_DSN and SCHEDULER_API are new, rockydb credentials are renamed, see .env-dist.
To use email password recovery, make sure to set the SMTP env variables.
Summary
Debian installer and security improvements
Debian packages arrived! Some notes:
Rocky works out of the box due to a self-signed certificate. This certificate does have to be replaced by the user. Secondly, the default configuration of Nginx is strict. For example it sets the client body limits to protect against DoS attacks and only allows strong TLS ciphers and protocols. The installer also generates a random password for the RabbitMQ user.
Login has been changed internally. Instead of using the Django user model with a username field, we now use the email field for logging in. Also first and last name are changed to full name. The database will automatically enforce these changes while migrating. Therefore, the migration will fail when the database contains two users with the same email address.
When using docker containers, the Rocky user now owns the application directory so that it is able to write yarn error logs.
The UID and GID of the host in the containers is used to resolve permission errors caused by mounting the application code in the containers, which changes permission levels to the host UID and GID.
For end-users
Octopoes is now persistent, which means that data will not be lost after an update or reboot. To get a new version of KAT without cleaning all data, "make update" is now available which skips the cleaning step. This will pull new versions, do all necessary database migrations and spin all containers back up.
As usual, Rocky got a lot of small UI improvements, but most noticeably, Rocky now forces users to set the correct clearance level before running a boefje. Before, on an object without a clearance level when running a boefje, a clearance level would be set. Now, this is not possible anymore. Rocky also migrated to use open Manon which was previously open-sourced.
Flower and celery are now not dependencies of Rocky anymore. This means that when manually running a boefje, a call will be made to a new scheduler API which will schedule that job with a high priority. All jobs (boefjes and normalizers) are now shown in Rocky with that same scheduler API, not only those that are run manually.
Full Changelog
Coordination
What's Changed
- Update README.adoc by @ring-ring-ring
- Pinned RabbitMQ version by @ammar92
- .dockerignore by @Donnype
- use persistent xtdb by @noamblitz
- Correct LinkedIn url in link to openKAT by @reincode050
- Provide current user id to docker builds, defaulting to 1000 by @Donnype
- make update by @noamblitz
- Add SCHEDULER_DB_DSN by @jpbruinsslot
- fix makefile for macos by @noamblitz
- add scheduler api endpoint in env-dist by @noamblitz
New Contributors
- @reincode050 made their first contribution
Rocky
What's Changed
- Github workflow for creating .deb installer by @errieman
- Add robots.txt by @Rieven
- Upgrade requirements to use django 3.2.14 by @TwistMeister
- fix description kat-581 by @noamblitz
- Hide CVSS link in report when 0 findings by @TwistMeister
- Change crisis room total findings list to table by @TwistMeister
- Add temporary classes to fix recommendation labels by @TwistMeister
- Fix/graph ooi by @Rieven
- Bump lxml from 4.6.5 to 4.9.1 by @dependabot
- Delete ro-logo.svg by @TwistMeister
- Update manon-dev.css, by removing the reference to deleted icons by @TwistMeister
- Remove hyperlink on bit name on object detail by @TwistMeister
- Add formatter by @ppvg
- Temporarily hide add indemnification button by @TwistMeister
- Clearance level form initial value for declared levels by @ammar92
- Hide "scan object" form from boefje detail when no scannable objects by @TwistMeister
- Fix exported migrations to match migrate by @dekkers
- Feature/user model and auth by @Rieven
- Bump terser from 5.14.1 to 5.14.2 by @dependabot
- Fix shebang in run_rock.sh CI script by @dekkers
- Move mixins by @Rieven
- Set permissions for organization view and members by @Rieven
- Chown app dir to rocky user by @Donnype
- Add .editorconfig by @ppvg
- Fix for make build by @Rieven
- Configure rabbitmq user and pass by @errieman
- Fix/django bump by @underdarknl
- Increase items per page for oois and findings lists by @TwistMeister
- use repository name in deb changelog by @errieman
- Login and recovery by @Rieven
- Feature/objects filter on boefje detail jesse by @Lisser
- Provide current user id to docker builds and bump node version by @Donnype
- generate self-signed cert on install by @errieman
- Use manon from npm by @ppvg
- NL + PAP translations before release by @Rieven
- Feature/scheduler client by @Lisser
New Contributors
- @errieman made their first contribution
- @ppvg made their first contribution
- @dekkers made their first contribution
Mula
What's Changed
- Boefje error handling by @jpbruinsslot
- Update docs for job status endpoints by @jpbruinsslot
- Feature/error handling by @jpbruinsslot
Bytes
What's Changed
- Debian installer for bytes by @errieman
- Small docs update by @Donnype
- configure rabbitmq user on deb install by @errieman
- Add event for received normalizer_meta and fix Makefile issue by @Donnype
- Provide current user id to docker builds, defaulting to 1000 by @Donnype
New Contributors
- @errieman made their first contribution
Boefjes
What's Changed
- remove SPF boefje tests by @errieman
- Fix/better caching of boefjes requirements by @Donnype
- Debian installer by @errieman
- add manual trigger to deb build by @errieman
- fix version number on manual build by @errieman
- Catch boefje errors by @ammar92
Octopoes
What's Changed
- Debian installer for octopoes by @errieman
- temp fix for hostname objects from server headers by @noamblitz
- Configure rabbitmq user and pass on install by @errieman
- templated repos url in changelog by @errieman
- Provide current user id to docker builds, defaulting to 1000 by @Donnype
New Contributors
- @errieman made their first contribution
