Skip to content

Latest commit

 

History

History
260 lines (153 loc) · 10.8 KB

CHANGELOG.md

File metadata and controls

260 lines (153 loc) · 10.8 KB
Raw

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.6.6] - 2024-04-25

Fixed

  • Incompatibility issue between data from PostgreSQL 16.x and PostgreSQL 15.x in Rekono Desktop (#310)

[1.6.5] - 2024-03-29

Fixed

Security

  • Upgrade Django version to 3.2.25 (#286)
  • Upgrade pycryptodome version to 3.19.1 (#286)
  • Upgrade axios version to 0.28.0 (#286)

[1.6.4] - 2023-11-07

Security

  • Upgrade Django version to 3.2.23 (#252)

[1.6.3] - 2023-07-25

Fixed

  • Upgrade pyyaml version to 6.0.1 (#240)

[1.6.2] - 2023-07-08

Security

  • Upgrade Django version to 3.2.20 (#233)

[1.6.1] - 2023-05-31

Security

  • Upgrade requests version to 2.31.0 (#224)
  • Pin tornado version to 6.3.2 (#223)

[1.6.0] - 2023-05-07

Added

  • Link to Rekono Bot in profile page when it is configured (#198)
  • New standalone desktop app that can be installed using a DEB package (#203)

Fixed

  • Allow some special characters in authentication username values (#192)
  • Allow some special characters in authentication credential values (#194)
  • Fix warnings showed when access API documentation (#201)
  • Increase Redis queues timeout to prevent failures in large tasks (#206)

Security

  • Remove X-XSS-Protection header as it could introduce other vulnerabilities (#195)
  • Upgrade Django version to 3.2.19 (#209)

[1.5.1] - 2023-03-10

Fixed

  • Error during executions-worker build in Docker (#184)
  • Error during database migration in Docker (#183)

[1.5.0] - 2023-03-08

Added

  • New Rekono Desktop applications for Linux, MacOS and Windows (#131)
  • Support for Rekono deployments under specific web path via configuration (#161)
  • Support for TLS customization in Docker environments (#156)

Fixed

  • Unexpected error during Metasploit execution due to bad quote management (#172)
  • Allow SMTP configuration in Docker environments via configuration file (#158)
  • Change wordlists endpoint from /api/resources/wordlists/ to /api/wordlists/ (#151)
  • Increase logos quality and improve user experience in login page for some browsers (#133)

Security

  • Upgrade node Docker image version to 19.6.1-alpine (#163)
  • Fix some low risk issues reported by Semgrep (#140)

[1.4.3] - 2023-02-23

Fixed

  • Replace kalilinux/kali-rolling by kalilinux/kali-last-release as base Docker image (#167)

[1.4.2] - 2023-02-16

Fixed

  • Prevent overriding of user data with default data after execute migrate command (#149)

[1.4.1] - 2023-02-15

Fixed

  • Upgrade node-ipc to version 9.2.6 to fix incompatibilities with Node 19 (#138)
  • Upgrade psycopg2 to version 2.9.5 to fix incompatibilities with Python 3.11 (#142)

Security

  • Upgrade Django to version 3.2.18 (#143)

[1.4.0] - 2023-01-11

Added

  • Support for authenticated scans using different authentication types (#95)
  • Replace TargetTechnology and TargetVulnerability entities by InputTechnology and InputVulnerability entities (#97)
  • New popup for the management of target details: target ports, authentication, input technologies and vulnerabilities (#97)
  • Support for Nuclei tool (#100)
  • Support for Spring4Shell Scan tool (#102)
  • Support for Gobuster tool (#106)
  • New default wordlists (#109)
  • Save default wordlists size after database migration (#109)
  • Save the reason of skipped executions in output_plain field (#121)

Changed

  • Remove TargetEndpoint entity because they are useless for all tools (#92)
  • Optimize API handlers to reduce duplicated code (#96)
  • Remove password wordlists because they are useless for all tools (#101)
  • Replace cisagov/log4j-scanner tool by fullhunt/log4j-scan (#103)
  • Move stage parameter from Tool entity to Configuration to allow configurations of the same tool to belong to different stages (#108)
  • Improve favourities filters on web interface (#110)
  • Upgrade requests to version 2.28.1 (#114)

Fixed

  • Deploy Telegram bot automatically after configuring the Telegram token (#93)
  • Allow the creation of tasks without specific wordlist from the Telegram bot (#98)
  • Only apply input parameters for tool executions (#99)
  • Filter host inputs by distinct address type to prevent errors in tool configurations (#107)
  • Fix icon size and resolution to improve user experience on web interface (#111)
  • Configure CMSeeK to don't ask user about anything (#115)
  • Fix usage of specific environment variables for tool executions (#119)

Security

  • Validate target addresses to prevent scannings of the internal Rekono infrastructure (#94)
  • Upgrade setuptools to version 65.6.3 (#105)

[1.3.0] - 2022-11-19

Added

  • Popup to manage the target ports details (#87)
  • Improve user experience while the findings are obtained via API Rest (#88)

Security

  • Upgrade node Docker image version to 19.0.1-alpine (#85)
  • Upgrade djangorestframework-simplejwt version to 5.2.2 (#84)

[1.2.0] - 2022-11-01

Added

  • Settings page to configure Defect-Dojo, Telegram and security properties (#71)

Fixed

  • Docker environment deployment using privileged users (#71)
  • Optimize the frontend build in Docker environment (#72)

Security

  • Use sessionStorage to store access and refresh tokens in the frontend (#74)
  • Upgrade node Docker image version to 18.9.1-alpine (#72)

[1.1.0] - 2022-10-16

Added

  • Create multiple targets at the same time (#49)
  • Execute tasks against multiple targets at the same time (#55)
  • Show executions duration in task page (#54)

Fixed

  • Show Defect-Dojo fields only when it is configured (#53)

Changed

  • Upgrade axios version to 0.27.2 (#62)
  • Upgrade vue-router version to 3.6.5 (#61)
  • Upgrade core-js version to 3.25.2 (#60)
  • Upgrade vue version to 2.7.10 (#59)
  • Upgrade sass version to 1.55.0 (#58)

Security

  • Upgrade Django version to 3.2.16 (#50)

[1.0.1] - 2022-09-20

Fixed

  • Retry requests to Defect-Dojo API after unexpected errors (#39)
  • Retry requests to NVD NIST API to avoid blocks by the API rate limit and after unexpected errors (#39)
  • Save unique exploits based on its reference instead of edb_id (#30)
  • Prevent unexpected errors parsing malformed Sslscan reports (#27)

Changed

  • Optimize calculation of executions from previous findings to make process executions faster (#27)
  • Allow parentheses in text values like names and descriptions (#29)

Security

[1.0.0] - 2022-08-19

Added

  • Execution of hacking tools
  • Execution of pentesting processes combining different hacking tools automatically
  • Execution of scheduled tasks
  • Search of projects and processes by tags
  • Like features for tools, processes and wordlists
  • Defect-Dojo integration to import findings from Rekono
  • User notifications by email and Telegram
  • Management of Projects, Targets, Wordlist and Users
  • Execution of tools and processes from Telegram Bot
  • Initial web UI