GitLab

Asqatasun 4.1.0-rc.1, 2019-03-29

Thanks:

• @Barogthor for PR #228
• @Grey360 for PR #227
• @tyraelium for PR #226
• @mickaeldicurzio for PR #224
• @Haradwaith for PR #236
• @allrib for PR #223 and PR #231
• @selfthinker - Feature request #202
• @jeremychauvet - Bug report: #239
• @mgifford - User feedback: #205, #206 and #208
• Asqatasun team: @dzc34, @jkowalczyk, @mfaure

Added

For users:

• New grade (Asqatasun meter) made of A, B, C, D, E, F instead of 0-100% #252, #248
• SQL procedure: Add option to choose the contract duration #213
• I18N: Add german translation #172

For developers and ops:

• Enhanced pre-requisites to allow database name containing hyphen "-"
• #215 - SQL procedure / CONTRACT_create: increase the default contract duration (3 years instead of 1 years)
• #213 - SQL procedure / CONTRACT_create: add option to choose the contract duration in year, month or day
• #139 - Install.sh - Added new SQL procedures: list_running_acts + Last_audits
• added code quality tools
  • #185 - Unit tests coverage report (Jacocoo)
  • #155 - OWASP Dependency-Check
  • #198 - Checkstyle
  • #156 - Javadoc
• build_and_run-with-docker.sh script:
  • #182 - Added --krash-test option
  • #169 - Added --log-build option
  • #145 - Added --build-only-* options
  • #144 - Added option to skip unit tests
• Documentation :
  • #222 - Have CONTRIBUTING.md more friendly and explicit for beginners
  • #147 - Added documentation on how to run a krashtest campaign
  • Added "howto configuring Apache frontend with AJP connector and HTTPS Let's Encrypt"
  • Added "Crawler management" with howto increase maxDocuments in site-audit

Changed

• JDK upgraded from Java7 to Java8 #253
• DB character encoding is now utf8mb4 #255
• Build - Maven 3.1 is required (needed for org.owasp:dependency-check-maven) #154
• #202 - Changed the default to only show "failed" and "pre-qualified" results)

Fixed

For users:

• Incorrect string value: '\xF0\x9F\x99\x82" ...' for column 'Source', aka utf8mb4 should default encoding to be able to deal with smileys #123
• #137 - Fixed Rgaa 3.2016, 8.9.1: unit tests fail
• #126 - Create a contract pointing to an internal URL, even if the domain does not end with a valid gTLD
• #119 - contrast ratio link: fixed ratio parameter
• #146 - site-audit in error: added "check for redirection" as possible explanation
• #179 - site-audit in error: fixed the robots.txt URL in error message
• #203 - No allow starting an audit if no referential is activated for the current project
• #204 - No allow starting website audit if URL is not defined for the current project
• #216 - I18N: standardize "project" and "contract" naming (en/fr/es)
• #208 - Webapp UX - Admin user can quickly add a new project to his account
• #211 - Webapp UX - Admin user can quickly update his expired contract
• #27 - Contract creation: verify at least one referential is selected
• #28 - Contract creation: forbid contract without URL and with website audit enabled

For developers and ops:

• #138 - <form:errors path="scenarioFile">, allowed <abbr> in error message

• #200 - Prerequisites : libspring-instrument-java is no more needed
• #127 - Unit tests : replaced tgqa.org domain name by asqatasun.ovh

• I18N:
  • #170 - webapp + rules: converted i18n files in UTF8 character encoding
  • #173 - webapp / i18n files: converted all HTML entities to their applicable UTF-8 characters
  • #174 - webapp / i18n files: removing unnecessary escaped characters

Upgrade-o-meter

The recommended upgrade path consists in exporting Asqatasun data, installing v4.1.0 as a new intance (along Java8) and re-importing data.

We are aware that this may be difficult to some installations, but contributions are welcomed and we are always happy to bring in new contibutors :)