Releases: NUWCDIVNPT/stig-manager
Releases · NUWCDIVNPT/stig-manager
1.5.3
What's Changed
- (API/UI/DB) The Collection Grants system has been significantly reworked to allow for more dynamic and flexible Grant management. The new Grant system also allows for "Read Only" access to Collection Reviews. Details of the new Role-Based Access Control system are found in the STIG Manager documentation.
- (API/UI/DB) New User Groups feature.
- (UI) The Collection Review Workspace has been reworked to give more room to Checklist statistics columns and enable future expansion. The display should now be significantly less constrained, especially when viewing extra columns that are usually hidden by default.
- (OAS/API) Updates to the OpenAPI definition.
- (API) Refactoring of API token validation processing.
- (Docs) Updated sphinx and other documentation build dependencies.
- (Build) Fixed issue preventing binary versions from creating POA&M.
- (Workflows) Automated testing of linux binaries.
NOTES:
- This release includes a database migration to support new features.
- This release changes the minimum required MySQL version from 8.0.21 => 8.0.24
- This migration will convert any existing "Asset-STIG" style assignments for Restricted Users to the equivalent Access Control List style Grants under the new system. After migration, you may want to remove the granular Access Control Rules and create new ones with the more flexible system (for example, creating one Access Control Rule granting access to an entire Asset, rather than each individual Asset-STIG).
- This release introduces "breaking" changes to the API and STIG Manager OpenAPI definition. If you have custom integrations or clients that rely on the STIG Manager API, you may need to update them to accommodate these changes. Check the rbac v2 implementation Pull Request for details of the changes to the API with this release.
STIGMan Watcher
- STIGMan Watcher 1.5.1 has been released with changes to accommodate the new Grant system introduced in STIGMan v1.5.3.
Watcher 1.5.1 is backwards compatible with older API releases >=1.2.7, so feel free to update Watcher first.
Full Changelog: 1.5.2...1.5.3
1.5.2
What's Changed
- (UI) fix: Meta-Collection Dashboard Asset labels now display properly.
- (UI) fix: Meta-Collection Dashboard correctly handles double-click action on Collections rows.
- (API/DB) fix: Change review_history.historyId to a bigint to support deployments that have created large numbers of history records.
- (Workflows) Publish containers to Docker Hub for both AMD64 and ARM64 platforms.
NOTE: This release includes a database migration that changes the data type of the review_history.historyId column to a bigint. This migration may take quite some time to complete on deployments maintaining large numbers of Review History records.
Full Changelog: 1.5.1...1.5.2
1.5.1
1.5.0
What's Changed
- (API) chore: Update dependencies
- (UI) Update stigman-client-modules to 1.5.0
- (UI) provide detailed status during web app bootstrap; handle token errors; test oidc state before token request
- (Docs) Update license/contributors for 2025
- (Docs) Update build dependency
Full Changelog: 1.4.19...1.5.0
1.4.19
What's Changed
- (API) chore: Update dependency Cross-Spawn
- (API) fix: Allow for use and proper handling of backslashes in metadata values
Full Changelog: 1.4.18...1.4.19
1.4.18
What's Changed
- (UI) feat: Support for importing Evaluate-STIG style XCCDF test results.
- (UI) fix: Ensure integer size when fractional scaling is applied to UI
- (UI) fix: Column filters for CCIs in STIG Library
- (API) feat: XCCDF exports now pass NIST XCCDF validation
- (API) feat: Avoid incrementing userIds when updating existing user_data records
- (tests) fix: Use UUIDs when generating test data to avoid collisions
- (API) Dependency updates
Full Changelog: 1.4.17...1.4.18
1.4.17
What's Changed
- (UI/API) feat: New, more capable App Data Export/Import feature
- (API) feat: Handle duplicate CCI elements in Rules from latest DISA Reference STIGs
- (API) feat: add index for asset/collection state columns in database for better performance
- (docs) Clarifications and updates for new feature
NOTE: This release includes a database migration that adds an index for the state columns in the asset and collection tables.
Full Changelog: 1.4.16...1.4.17
1.4.16
What's Changed
- (UI/API) feat: New enhanced Application Info report available to Application Managers
- (API) feat: support custom jwt assertion claim (#1401)
- (API) feat: handle ported MySQL version string when enforcing minimum version (#1398)
- (docs) Clarifications and updates
- (tests) New testing framework implemented with Mocha/Chai
- (API) chore: dependency updates
- (build) refactor: simplified workflow names
- (info) New contact information for Application Info and Security Policy reports: [email protected]
- NOTE: The "Experimental" Export/Import Data feature that used to share the "App Info" tab must now be enabled explicitly with an Environment Variable (
STIGMAN_EXPERIMENTAL_APPDATA=true). When enabled, it will have its own node in the Application Management NavTree. See the documentation for more details.
Full Changelog: 1.4.15...1.4.16
1.4.15
What's Changed
- (API) fix: further improved performance for endpoints that call getCollection (#1363)
- (API) fix: ensure updateDefaultRev is called as part of a transaction (#1370)
- (UI) feature: enhanced column filters (#1367 )
- (API) chore: dependency updates
Full Changelog: 1.4.14...1.4.15
1.4.14
What's Changed
- (UI/API) feat: USMC MCCAST formatted POAM export option (#1345, thank you, @whalenda and NIWC/MCBOSS)
- (API) fix: pass collectionId to getCollectionLabels() when known for better performance (#1363)
- (API) fix: metadata query param parsing (#1359)
- (API) fix: getStigById/getUserByUserId return 404 for nonexistent resources (#1358)
- (API) enhancement: updated contribution guide
- (build) enhancement: skips sonarcloud actions when PR form fork (#1351)
- (API) chore: update mysql init scripts
- (API) chore: dependency updates
New Contributors
Full Changelog: 1.4.13...1.4.14
Contributors
whalenda