Tags

v3.18.1

Fix CVE issue

v3.18.0

 * Remove attachments in vulns filter endpoint
 * Add open and confirmed vulns in workspace stats
 * Add migration disabling several notifications.
 * Add user id to session API endpoint
 * Add cve to vulnerability model
 * Change funcs to views
 * FIX report import
 * Add `last_run_agent_date` field to workspace endpoint
 * Fix cve parsing in `vulnerability create` and `bulk create`
 * ADD check if postgres db is running during server start
 * Fix order_by in filters api
 * Fix 500 status code with invalid executor arguments

v3.17.1

 * FIX bug when starting the server, creates a pool for reporting that breaks.

v3.17.0

 * ADD `--data` parameter to `faraday-manage settings`
 * MOD Process report files in a separate process
 * MOD Make `bulk_create` requests asynchronous

v3.16.1

 * MOD only show settings of this version in faraday-manage settings
 * FIX update minimum version of click dependency

v3.16.0

 * BREAKING CHANGE: API V2 discontinued
 * BREAKING CHANGE: Changed minimum version of python to 3.7
 * ADD agent parameters has types (protocol with agent and its APIs)
 * ADD move settings from `server.in` to a db model
 * ADD (optional) query logs
 * MOD new threads management
 * MOD vulnerabilities' endpoint no longer loads evidence unless requested with `get_evidence=true`
 * FIX now it is not possible to create workspace of name "filter"
 * FIX bug with dates in the future
 * FIX bug with click 8
 * FIX bug using --port command
 * FIX endpoints returning 500 as status code
 * REMOVE the need tom CSRF token from evidence upload api

v3.15.0

 * ADD `Basic Auth` support
 * ADD support for GET method in websocket_tokens, POST will be deprecated in the future
 * ADD CVSS(String), CWE(String), CVE(relationship) columns to vulnerability model and API
 * ADD agent token's API says the renewal cycling duration
 * MOD Improve database model to be able to delete workspaces fastly
 * MOD Improve code style and uses (less flake8 exceptions, py3 `super` style, Flask app as singleton, etc)
 * MOD workspaces' names regex to verify they cannot contain forward slash (`/`)
 * MOD Improve bulk create logs
 * FIX Own schema breaking Marshmallow 3.11.0+
 * UPD flask_security_too to version 4.0.0+

v3.14.4

 * Updated plugins package, which update appscan plugin

v3.14.3

v3.14.2

 * ADD New plugins:
    * microsoft baseline security analyzer
    * nextnet
    * openscap
 * FIX old versions of Nessus plugins bugs

v3.14.1

 * ADD forgot password
 * ADD update services by bulk_create
 * ADD FARADAY_DISABLE_LOGS varibale to disable logs to filesystem
 * ADD security logs in `audit.log` file
 * UPD security dependency Flask-Security-Too v3.4.4
 * MOD rename total_rows field in filter host response
 * MOD improved Export cvs performance by reducing the number of queries
 * MOD sanitize the content of vulns' request and response
 * MOD dont strip new line in description when exporting csv
 * MOD improved threads management on exception
 * MOD improved performance on vulnerability filter
 * MOD improved [API documentation](www.api.faradaysec.com)
 * FIX upload a report with invalid custom fields
 * ADD v3 API, which includes:
    * All endpoints ends without `/`
    * `PATCH {model}/id` endpoints
    * Bulk update via PATCH `{model}` endpoints
    * Bulk delete via DELETE `{model}` endpoints
    * Endpoints removed:
      * `/v2/ws/<workspace_id>/activate/`
      * `/v2/ws/<workspace_id>/change_readonly/`
      * `/v2/ws/<workspace_id>/deactivate/`
      * `/v2/ws/<workspace_name>/hosts/bulk_delete/`
      * `/v2/ws/<workspace_name>/vulns/bulk_delete/`
    * Endpoints updated:
      * `/v2/ws/<workspace_name>/vulns/<int:vuln_id>/attachments/` => \
        `/v3/ws/<workspace_name>/vulns/<int:vuln_id>/attachment`

v3.14.0

 * ADD RESTless filter to multiples views, improving the searchs
 * ADD "extras" modal in options menu, linking to other Faraday resources
 * ADD `import vulnerability templates` command to faraday-manage
 * ADD `generate nginx config` command to faraday-manage
 * ADD vulnerabilities severities count to host
 * ADD Active Agent columns to workspace
 * ADD critical vulns count to workspace
 * ADD `Remember me` login option
 * ADD distinguish host flag
 * ADD a create_date field to comments
 * FIX to use new webargs version
 * FIX Custom Fields view in KB (Vulnerability Templates)
 * FIX bug on filter endpoint for vulnerabilities with offset and limit parameters
 * FIX bug raising `403 Forbidden` HTTP error when the first workspace was not active
 * FIX bug when changing the token expiration change
 * FIX bug in Custom Fields type Choice when choice name is too long.
 * FIX Vulnerability Filter endpoint Performance improvement using joinedload. Removed several nplusone uses
 * MOD Updating the template.ini for new installations
 * MOD Improve SMTP configuration
 * MOD The agent now indicates how much time it had run (faraday-agent-dispatcher v1.4.0)
 * MOD Type "Vulnerability Web" cannot have "Host" type as a parent when creating data in bulk
 * MOD Expiration default time from 1 month to 12 hour
 * MOD Improve data reference when uploading a new report
 * MOD Refactor Knowledge Base's bulk create to take to take also multiple creation from vulns in status report.
 * MOD All HTTP OPTIONS endpoints are now public
 * MOD Change documentation and what's new links in about
 * REMOVE Flask static endpoint
 * REMOVE of our custom logger

v3.12

 * Now agents can upload data to multiples workspaces
 * Add agent and executor data to Activity Feed
 * Add session timeout configuration to server.ini configuration file
 * Add hostnames to already existing hosts when importing a report
 * Add new faraday background image
 * Display an error when uploading an invalid report
 * Use minimized JS libraries to improve page load time
 * Fix aspect ratio distortion in evidence tab of vulnerability preview
 * Fix broken Knowledge Base upload modal
 * Fix closing of websocket connections when communicating with Agents
 * Change Custom Fields names in exported CSV to make columns compatible with
   `faraday_csv` plugin
 * Fix import CSV for vuln template: some values were overwritten with default values.
 * Catch errors in faraday-manage commands when the connection string is not
   specified in the server.ini file
 * Fix bug that generated a session when using Token authentication
 * Fix bug that requested to the API when an invalid filter is used
 * Cleanup old sessions when a user logs in
 * Remove unmaintained Flask-Restless dependency
 * Remove pbkdf2\_sha1 and plain password schemes. We only support bcrypt

v3.11.1

v3.11

Release v3.11

 * Move GTK client to [another repository](https://github.com/infobyte/faraday-client) to improve release times.
 * Fix formula injection vulnerability when exporting vulnerability data to CSV. This was considered a low impact vulnerability.
 * Remove "--ssl" parameter. Read SSL information from the config file.
 * Add OpenAPI autogenerated documentation support
 * Show agent information in command history
 * Add bulk delete endpoint for hosts API
 * Add column with information to track agent execution data
 * Add tool attribute to vulnerability to avoid incorrectly showing "Web UI" as creator tool
 * Add sorting by target in credentials view
 * Add creator information when uploading reports or using de bulk create api
 * Add feature to disable rules in the searcher
 * Add API endpoint to export Faraday data to Metasploit XML format
 * Use run date instead of creation date when plugins report specifies it
 * Improve knowledge base UX
 * Improve workspace table and status report table UX.
 * Improve format of exported CSV to include more fields
 * Sort results in count API endpoint
 * Limit description width in knowledge base
 * Change log date format to ISO 8601
 * Fix parsing server port config in server.ini
 * Fix bug when \_rev was send to the hosts API
 * Send JSON response when you get a 500 or 404 error
 * Fix bug parsing invalid data in NullToBlankString

Changes in plugins (only available through Web UI, not in GTK client yet):

New plugins:

* Checkmarx
* Faraday\_csv (output of exported Faraday csv)
* Qualyswebapp
* Whitesource

Updated plugins:

* Acunetix
* AppScan
* Arachni
* Nessus
* Netspaker
* Netspaker cloud
* Nexpose
* Openvas
* QualysGuard
* Retina
* W3af
* WPScan
* Webinspect
* Zap

v3.10.2

v3.10.1

v3.10.0

v3.9.3

Release v3.9.3 WHITE

3.9.2