diff --git a/CHANGELOG b/CHANGELOG index a6b832513..02e851096 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,31 +1,15 @@ -[v#.#.#] ([month] [YYYY]) - - Tylium: Consolidate sidebars +v4.10.0 (September 2023) + - Tylium: + - Consolidate sidebars + - Add issue.author to liquid issue drop - Upgraded gems: - font-awesome-sass, nokogiri, puma, rails, sanitize, selenium-webdriver - Bugs fixes: - - QA: - - Enable @mentions and formatting toolbar for comments in QA show views - - Updated link to QA guide - - [entity]: - - [future tense verb] [bug fix] - - Bug tracker items: - - [item] - - New integrations: - - [integration] - - Integration enhancements: - - [integration]: - - [future tense verb] [integration enhancement] - - [integration bug fixes]: - - [future tense verb] [integration bug fix] - - Reporting enhancements: - - [report type]: - - [future tense verb] [reporting enhancement] + - QA: Enable @mentions and formatting toolbar for comments in QA show views - REST/JSON API enhancements: - Boards, Lists, Cards: add initial implementation - Security Fixes: - - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description] - - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description] - - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description] + - Medium: Authenticated (author) broken access control: read access to system files v4.9.0 (June 2023) - Tylium: Extend support for Liquid Dynamic Content @@ -219,6 +203,8 @@ v4.1.0 (November 2021) - Remove orphaned tags - Security Fixes: - High: Authenticated author broken access control: read access to issue content + - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description] + - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description] v4.0.0 (July 2021) * Dynamic content across the app diff --git a/Gemfile b/Gemfile index 6fb2c4ad6..51653073d 100644 --- a/Gemfile +++ b/Gemfile @@ -215,12 +215,12 @@ end # # Base framework classes required by other plugins -gem 'dradis-plugins', '~> 4.9.0' +gem 'dradis-plugins', '~> 4.10.0' gem 'dradis-api', path: 'engines/dradis-api' # Import / export project data -gem 'dradis-projects', '~> 4.9.0' +gem 'dradis-projects', '~> 4.10.0' plugins_file = 'Gemfile.plugins' if File.exists?(plugins_file) @@ -232,33 +232,32 @@ end # ----------------------------------------------------------------- Calculators -# Update these to v4.10.0 before release -gem 'dradis-calculator_cvss', github: 'dradis/dradis-calculator_cvss' -gem 'dradis-calculator_dread', github: 'dradis/dradis-calculator_dread' +gem 'dradis-calculator_cvss', '~> 4.10.0' +gem 'dradis-calculator_dread', '~> 4.10.0' # ---------------------------------------------------------------------- Export -gem 'dradis-csv_export', '~> 4.9.0' -gem 'dradis-html_export', '~> 4.9.1' +gem 'dradis-csv_export', '~> 4.10.0' +gem 'dradis-html_export', '~> 4.10.1' # ---------------------------------------------------------------------- Import -gem 'dradis-csv', '~> 4.9.0' +gem 'dradis-csv', '~> 4.10.0' # ---------------------------------------------------------------------- Upload -gem 'dradis-acunetix', '~> 4.9.0' -gem 'dradis-brakeman', '~> 4.9.0' -gem 'dradis-burp', '~> 4.9.0' -gem 'dradis-coreimpact', '~> 4.9.0' -gem 'dradis-metasploit', '~> 4.9.0' -gem 'dradis-nessus', '~> 4.9.0' -gem 'dradis-netsparker', '~> 4.9.0' -gem 'dradis-nexpose', '~> 4.9.0' -gem 'dradis-nikto', '~> 4.9.0' -gem 'dradis-nipper', '~> 4.9.0' -gem 'dradis-nmap', '~> 4.9.0' -gem 'dradis-ntospider', '~> 4.9.0' -gem 'dradis-openvas', '~> 4.9.0' -gem 'dradis-qualys', '~> 4.9.0' -gem 'dradis-saint', '~> 4.9.0' -gem 'dradis-veracode', '~> 4.9.0' -gem 'dradis-wpscan', '~> 4.9.0' -gem 'dradis-zap', '~> 4.9.0' +gem 'dradis-acunetix', '~> 4.10.0' +gem 'dradis-brakeman', '~> 4.10.0' +gem 'dradis-burp', '~> 4.10.0' +gem 'dradis-coreimpact', '~> 4.10.0' +gem 'dradis-metasploit', '~> 4.10.0' +gem 'dradis-nessus', '~> 4.10.0' +gem 'dradis-netsparker', '~> 4.10.0' +gem 'dradis-nexpose', '~> 4.10.0' +gem 'dradis-nikto', '~> 4.10.0' +gem 'dradis-nipper', '~> 4.10.0' +gem 'dradis-nmap', '~> 4.10.0' +gem 'dradis-ntospider', '~> 4.10.0' +gem 'dradis-openvas', '~> 4.10.0' +gem 'dradis-qualys', '~> 4.10.0' +gem 'dradis-saint', '~> 4.10.0' +gem 'dradis-veracode', '~> 4.10.0' +gem 'dradis-wpscan', '~> 4.10.0' +gem 'dradis-zap', '~> 4.10.0' diff --git a/Gemfile.lock b/Gemfile.lock index b91cd60bc..8706e96de 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,21 +1,7 @@ -GIT - remote: https://github.com/dradis/dradis-calculator_cvss.git - revision: 8d2ffb5047b03b1ef015c450597a4828f80209b5 - specs: - dradis-calculator_cvss (4.9.0) - dradis-plugins (~> 4.0) - -GIT - remote: https://github.com/dradis/dradis-calculator_dread.git - revision: 241855179610221f021d065427515e4df7057f22 - specs: - dradis-calculator_dread (4.9.0) - dradis-plugins (~> 4.0) - PATH remote: engines/dradis-api specs: - dradis-api (4.9.0) + dradis-api (4.10.0) jbuilder GEM @@ -131,67 +117,71 @@ GEM date (3.3.3) diff-lcs (1.5.0) differ (0.1.2) - dradis-acunetix (4.9.0) + dradis-acunetix (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-brakeman (4.9.0) + dradis-brakeman (4.10.0) dradis-plugins (~> 4.0) - dradis-burp (4.9.0) + dradis-burp (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-coreimpact (4.9.0) + dradis-calculator_cvss (4.10.0) + dradis-plugins (~> 4.0) + dradis-calculator_dread (4.10.0) + dradis-plugins (~> 4.0) + dradis-coreimpact (4.10.0) dradis-plugins (~> 4.0) - dradis-csv (4.9.0) + dradis-csv (4.10.0) dradis-plugins (~> 4.0) - dradis-csv_export (4.9.0) + dradis-csv_export (4.10.0) dradis-plugins (>= 4.8.0) - dradis-html_export (4.9.1) + dradis-html_export (4.10.1) RedCloth (~> 4.3.2) dradis-plugins (>= 4.8.0) rails_autolink (~> 1.1) - dradis-metasploit (4.9.0) + dradis-metasploit (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-nessus (4.9.0) + dradis-nessus (4.10.0) dradis-plugins (~> 4.0) nokogiri - dradis-netsparker (4.9.0) + dradis-netsparker (4.10.0) dradis-plugins (~> 4.0) nokogiri (>= 1.12.5) - dradis-nexpose (4.9.0) + dradis-nexpose (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-nikto (4.9.0) + dradis-nikto (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-nipper (4.9.0) + dradis-nipper (4.10.0) dradis-plugins (~> 4.0) - dradis-nmap (4.9.0) + dradis-nmap (4.10.0) dradis-plugins (~> 4.0) ruby-nmap (~> 0.7) - dradis-ntospider (4.9.0) + dradis-ntospider (4.10.0) dradis-plugins (~> 4.0) - dradis-openvas (4.9.0) + dradis-openvas (4.10.0) dradis-plugins (~> 4.0) - dradis-plugins (4.9.0) - dradis-projects (4.9.0) + dradis-plugins (4.10.0) + dradis-projects (4.10.0) dradis-plugins (>= 4.8.0) rubyzip - dradis-qualys (4.9.0) + dradis-qualys (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) - dradis-saint (4.9.0) + dradis-saint (4.10.0) combustion (~> 0.6.0) dradis-plugins (~> 4.0) nokogiri rake (~> 13.0) rspec-rails - dradis-veracode (4.9.0) + dradis-veracode (4.10.0) dradis-plugins (~> 4.0) - dradis-wpscan (4.9.0) + dradis-wpscan (4.10.0) dradis-plugins (~> 4.0) multi_json - dradis-zap (4.9.0) + dradis-zap (4.10.0) dradis-plugins (~> 4.0) nokogiri (~> 1.3) erubi (1.12.0) @@ -530,32 +520,32 @@ DEPENDENCIES coffee-rails (~> 5.0) database_cleaner differ (~> 0.1.2) - dradis-acunetix (~> 4.9.0) + dradis-acunetix (~> 4.10.0) dradis-api! - dradis-brakeman (~> 4.9.0) - dradis-burp (~> 4.9.0) - dradis-calculator_cvss! - dradis-calculator_dread! - dradis-coreimpact (~> 4.9.0) - dradis-csv (~> 4.9.0) - dradis-csv_export (~> 4.9.0) - dradis-html_export (~> 4.9.1) - dradis-metasploit (~> 4.9.0) - dradis-nessus (~> 4.9.0) - dradis-netsparker (~> 4.9.0) - dradis-nexpose (~> 4.9.0) - dradis-nikto (~> 4.9.0) - dradis-nipper (~> 4.9.0) - dradis-nmap (~> 4.9.0) - dradis-ntospider (~> 4.9.0) - dradis-openvas (~> 4.9.0) - dradis-plugins (~> 4.9.0) - dradis-projects (~> 4.9.0) - dradis-qualys (~> 4.9.0) - dradis-saint (~> 4.9.0) - dradis-veracode (~> 4.9.0) - dradis-wpscan (~> 4.9.0) - dradis-zap (~> 4.9.0) + dradis-brakeman (~> 4.10.0) + dradis-burp (~> 4.10.0) + dradis-calculator_cvss (~> 4.10.0) + dradis-calculator_dread (~> 4.10.0) + dradis-coreimpact (~> 4.10.0) + dradis-csv (~> 4.10.0) + dradis-csv_export (~> 4.10.0) + dradis-html_export (~> 4.10.1) + dradis-metasploit (~> 4.10.0) + dradis-nessus (~> 4.10.0) + dradis-netsparker (~> 4.10.0) + dradis-nexpose (~> 4.10.0) + dradis-nikto (~> 4.10.0) + dradis-nipper (~> 4.10.0) + dradis-nmap (~> 4.10.0) + dradis-ntospider (~> 4.10.0) + dradis-openvas (~> 4.10.0) + dradis-plugins (~> 4.10.0) + dradis-projects (~> 4.10.0) + dradis-qualys (~> 4.10.0) + dradis-saint (~> 4.10.0) + dradis-veracode (~> 4.10.0) + dradis-wpscan (~> 4.10.0) + dradis-zap (~> 4.10.0) factory_bot_rails font-awesome-sass (~> 6.4.0) foreman diff --git a/app/drops/issue_drop.rb b/app/drops/issue_drop.rb index ab018ad07..9fc7bfdd2 100644 --- a/app/drops/issue_drop.rb +++ b/app/drops/issue_drop.rb @@ -1,5 +1,5 @@ class IssueDrop < BaseDrop - delegate :fields, :text, :title, to: :@record + delegate :author, :fields, :text, :title, to: :@record def affected @affected ||= @record.affected.map { |node| NodeDrop.new(node) } diff --git a/app/views/export/_no_templates.html.erb b/app/views/export/_no_templates.html.erb new file mode 100644 index 000000000..f65442d0b --- /dev/null +++ b/app/views/export/_no_templates.html.erb @@ -0,0 +1,11 @@ +
+

+ This exporter doesn't have any report templates yet. + <% if current_user.respond_to?(:role?) && current_user.role?(:admin) %> + <%= link_to 'Upload a template', main_app.admin_templates_reports_path(tab: plugin_name) %>, then try again. + <% else %> + Please contact your administrator. + <% end %> +

+

Read more about <%= link_to 'report templates', 'https://dradisframework.com/support/guides/administration/report_templates.html', target: '_blank' %>.

+
diff --git a/lib/dradis/ce/version.rb b/lib/dradis/ce/version.rb index 4935e1839..3145a37ef 100644 --- a/lib/dradis/ce/version.rb +++ b/lib/dradis/ce/version.rb @@ -2,7 +2,7 @@ module Dradis module CE #:nodoc: module VERSION #:nodoc: MAJOR = 4 - MINOR = 9 + MINOR = 10 TINY = 0 PRE = nil