Ghostwriter v4.0.0-rc1
Pre-release
Pre-release
b055d8d
This commit was signed with the committer’s verified signature.
The key has expired.
chrismaddalena
Christopher Maddalena
Summary
This is the first release candidate for Ghostwriter v4.0.0. The most substantial change is the application of Role-Based Access Controls to the user interface. This version has been stable for 30 days and is ready for testing and feedback.
CHANGELOG
[4.0.0-beta] - 30 June 2023
Added
- Added the option for admins to control who can create, edit, and delete findings in the global library
- Admins can control each of these permissions separately via the admin panel
Changed
- Applied the authorization model to the user interface for role-based access control
- Accounts with the
managerrole will not notice a difference - For more information: https://www.ghostwriter.wiki/features/graphql-api/authorization
- When viewing server and domain history, if a user does not have access to the client or project, the client and project names will be hidden
- Accounts with the
- Changed the activity log import to make it possible to select the log to update
- The
oplog_idheader is no longer required in the csv and will be ignored
- The
- Refined the domain and server view pages to match the user interface and experience of the project dashboard
- Updated the Hasura GraphQL Engine to v2.28.0
Removed
- Removed the legacy REST API endpoints for activity logs
- The GraphQL API has been the primary API for activity logs since v3.0.0
- Legacy API keys will no longer work for activity logs
- The current release of the
cobalt_syncproject will not work with Ghostwriter v4.0.0-beta (look forcobalt_syncv2.0 to be released later this year)
Security
- Increased the versions of several dependencies to address security vulnerabilities in these packages