- Do not automatically log in (e.g. via OIDC) after logout
- OIDC: use preferred_username as login_hint for re-authentication
- Accept username from env variable in createorupdateuser command
- Render markdown preview in web worker
- Show tooltips on list actions for missing permissions
- Project Design selection improvements: order by usage count
- Improvements of sharing notes and reports
- Plugin projectnumber: Add manage.py command to reset projectnumber
- Add plugin: renderfindings - Render single finding to PDF
- Update and optimize designs: demo, HTB and OffSec designs
- Add design for HTB CAPE certification
- Warn about relative URLs in PDFs during rendering
- Add button to generate random password to password fields
- Shared notes: Default to markdown preview mode for readonly shares
- Shared notes: Autofocus root note
- Fix DB connection cleaned up in background tasks
- Increase DB connection pool size
- UI: Hide markdown toolbar in preview mode
- UI: Update UI to switch markdown editor view mode
- Plugin: webhooks at certain events
- Plugin: automatically assign project numbers
- Run periodic tasks in background
- Add user option to force password change on next login
- Fix finding.created not included in design preview data
- Allow marking resolved comments as open
- UI: Create comments with Ctrl+Alt+M
- UI: Save comment texts with Ctrl+Enter
- UI: fix line break in logo text on Firefox
- Introduce a plugin system (experimental)
- Add plugins: CyberChef, GraphQL Voyager, Hash Identifier
- Disable static file compression
- Allow to cancel PDF rendering requests
- Enforce PDF rendering timeout in self-hosted installations (default: 5 min)
- Show PDF render timing information
- Always remove PDF metadata
- Add button to download preview PDF
- Fix error while updating user fields via REST API
- Update HTB designs to improve table rendering performance
- Fix mermaid diagram labels not rendered
- Disable CSP trusted types enforcement because of incompatibilities
- Autofocus TOTP input field in login form
- Add more granular file storage settings
- Add trusted types configuration to Content Security Policy
- Markdown editor: Add toolbar button to reference findings
- Markdown editor: Show markdown snippet in markdown image preview dialogs
- Bugfixes in note sharing
- Fix race condition when creating comments for text selection
- Reset DB sequences on restore backup to prevent ID conflicts
- Public note sharing
- Add permission Project Admin
- Update ghostscript to fix multiple bugs in pdf post-processing
- Set custom database credentials in languagetool container
- Fix bug when using custom CA
- Fix install and update procedures
- Fix error importing designs without ordering fields
- Rename version history close button
- Rework field definition data format. Warning: breaking API changes
- Allow custom order of object field properties
- Allow sorting combobox suggestions
- More settings for guest user permissions: GUEST_USERS_CAN_EDIT_PROJECTS, GUEST_USERS_CAN_SEE_ALL_USERS
- Improve error messages for decryption errors
- Fix user.is_active checkbox not reactive in edit user page
- Fix checkboxes not rendered as checked in PDF
- Provide prebuilt Docker images
- Fix chromium error while rendering PDFs
- Allow searching notes in frontend
- Retry redis commands on connection errors
- Fix mermaid init blocks not applied in PDF rendering
- Fix class paths of S3 storage backends
- Fix SPELLCHECK_URL not set in docker-compose
- Fix permission denied when user is superuser and guest
- Fix error in update.sh script for languagetool and caddy updates
- Fix prebuilt frontend JS files not used in docker image
- Rework install.sh
- Set restart policy for redis docker container
- Add setting to disable websockets and always use HTTP for collaborative editing
- Fix error while sorting finding templates by created/updated date
- Fix create template from finding changes not saved
- Fix API token authentication in community edition
- Fix set assignee in notes, findings and sections
- Fix error when setting note checkboxes
- Suggest values used in other findings in combobx fields
- Navigate through images in enlarged markdown image preview dialog
- Allow commenting finding and section fields and markdown text
- Create backups via web interface
- Show backup history in web interface
- Store last usage date for API tokens
- Allow duplicating findings
- Compress PDFs to reduce file sizes
- Use redis as channels layer instead of postgres for collaborative editing
- Fix template pagination error for templates without CVSS score
- Fix multiple bugs in collaborative editing over websockets
- UI: Add button to copy confirm text in delete confirm dialogs
- UI: Fix create finding dialog searchbar cleared on click outside
- UI: Sticky toolbar in markdown editor
- Enable fontconfig cache in docker container
- Respect verbosity option in
backup
andrestorebackup
commands - Immediately create new templates in API to allow image uploads on first editing
- Fix importing of non-empty note assignees
- Collaborative editing: Sync pending changes on reconnect
- Fix collaborative editing updates applied out-of-order because of MDE update throttling
- Set
Secure
flag for cookies when settingSECURE_SSL_REDIRECT=on
- Add sorting options to projects, templates, designs and users lists
- Collaborative editing in project history diff views
- Project history diff views: add revert changes button to markdown editor
- Send update_text events with text diff when updating text fields via API instead of overwriting the whole text
- Fix MDE preview layout break on zoom out
- Throttle MDE update events to prevent browser from hanging
- Fix elastic APM tracing middleware always enabled
- Collaborative editing in project findings and sections
- Collaborative editing: update notes list when import new notes
- Collaborative editing: HTTP fallback if no WebSocket connection can be established
- Fix slot data items
.length
property undefined<list-of-figures>
,<list-of-tables>
and<table-of-contents>
components - Fix CSRF vulnerability for WebSocket connections
- Introduce
ALLOWED_HOSTS
setting for request host and origin validation
- Update dependencies to fix request-smuggling vulnerabilities in gunicorn (CVE-2024-1135)
- Collaborative editing in notes
- Show cursor position and selection of other users for collaborative editing in notes
- Remember "Encrypt PDF" setting in browser's local storage
- Fix force change design API request not sent
- Add Content Security Policy directive form-action
- Strengthen Content Security Policy: remove script-src unsafe-inline
- Fix API token expiring today shown as expired in UI
- Fix squished buttons on publishing project page
- Markdown editor: Improve vue template variable handling
- Markdown editor: Allow escaping curly braces
- Fix PDF rendering hanging on headless chromium startup
- Allow configuring the PDF rendering timeout (applies only when a separate worker is used)
- Add filename in markdown editor for uploaded files
- Move cursor after uploaded file/image in markdown editor
- Prevent cutting off spellcheck error underlines in string fields
- Add more language variants for spellcheck
- Allow duplicating finding templates
- Fix error in periodic task for automatic project archiving
- Add component for cover pages in PDF designer layout editor
- Reference
<figure>
tag instead of<figcaption>
in<ref />
component to jump to start of figure - Enable multi-selection in markdown editor
- Fix CWE field formatting for PDF rendering
- Add HackTheBox CWEE design
- Add CWE field type
- Break text in tables to prevent tables overflowing page in base styles
- Sync updated field default values to preview data fields
- Automatically close brackets and enclose selected text with brackets in markdown editor
- UI: Add hint how to add custom tags
- UI: Add buttons for task list and footnote to markdown editor toolbar
- Fix text selection in markdown preview focus changed to editor
- Fix object field properties not always sorted
- Fix newline not inserted at empty last line of markdown editor in Firefox
- Fix ID form field loses focus while writing in report field page
- Define initial note structure for projects in designs
- Allow exporting and importing notes
- Include project name in default PDF filename on puglish project page
- Fix chapter number always prepended to title in
<ref />
component - Fix attributes not inherited to nested input fields
- Fix readonly code editor in PDF designer still writable
- Diff-view for version history
- Set form fields readonly instead of disabled
- Update build system of Vue PDF rendering script from webpack to vite
- Improve template field overview UI
- Fix error while editing ID of nested field of report section in designer
- Add demo data archives as TOML files to repository
- Fix resizing PDF viewer loses mouse focus in Firefox
- Add raptor mascot images as to empty pages
- Increase contrast of nested form fields
- Show more detailed error messages in frontend
- Fix PDF viewer crash in Chrome with Bitwarden browser extension
- Design and UI rework
- Dark mode
- Disable buttons and menu entries when user does not have permissions
- Fix save error for user fields
- Ensure custom fonts are loaded before rendering charts and diagrams
- Remove status emoji of notes
- Separate settings for spellcheck and markdown preview mode in projects, notes, templates, designs
- Click to enlarge images in markdown preview
- Consolidated project history
- Fallback to severity if CVSS is undefined in template list
- Add status and tags to designs
- Add support for mermaid diagrams in markdown
- Fix arrow movement in fields inside lists to switch list item
- Fix guest restriction configuration loading
- Allow configuring regex patterns for list items
- Add scheme to predefined URL regex
- Fix list items not updated in design preview data form
- Prevent page offset jumping when switching markdown editor mode
- Allow sorting items of list fields in reports
- Support text input in date fields
- CVSS 4.0 support
- Allow requiring a specific CVSS version in CVSS fields
- Allow accessing designer assets in Chromium during PDF rendering
- Support validating string fields with RegEx patterns
- Add an API endpoint to retrieve project data with markdown fields rendered to HTML
- Do not send unreferenced images to PDF rendering task to reduce memory usage
- Do not export images that are not referenced in exported data
- Prevent migration errors caused by DB queries in license check
- Fix spellcheck returning no results for language=auto
- Fix markdown preview flappy scroll on typing in markdown editor when images are included
- Fix OIDC login for re-authentication not working
- Fix focus lost while editing object field property IDs in designer
- Update frontend tech stack to Vue3, Nuxt3, Vuetify3, Typescript
- Update weasyprint to v60
- Increase read timeout in example nginx config
- Prevent duplicate PDF warnings
- Prevent disabling current user
- Allow removing current user from project members
- Prevent footnotes from moving to next page by default in base.css styles
- Default to manual sorting if not finding ordering fields are defined in design
- Fix spellcheck errors when using per-user dictinaries
- Version history for projects, designs and templates
- UI: Decrease font size of note assignee in list to match finding/section assignee style
- UI: Autofocus note and finding title after create
- UI: More prominent translate template field button
- UI: Include more details on license errors
- Fix template appears multiple times in search result list when multiple languages match
- Assign notes to users
- Install more Noto Sans fonts to support more languages
- Ignore whitespaces in delete confirm dialogs
- Use proxy config of host in docker-compose containers
- UI: sticky header and searchbar in list views
- UI: increase file drop area for importing projects, designs and templates
- Configure finding sort order in design
- Allow manual ordering of findings by overriding the default sort order
- Allow ordering of enum choices in design field definition
- Search in all fields for template search
- Add shortcut for creating new findings and notes (Ctrl+J)
- Remove beta label and change versioning scheme
- Export notes as PDF
- Speed up unit tests for API
- Add CLI command to restore backups
- Sort users alphabetically in selection
- Clear user specific data from Vuex stores on logout
- Filter notifications in API when fetching instead of locally in instances
- Add datalabels plugin for Chart.js in designs
- Fix backward compatible import of templates with old format (format: templates/v1)
- Fix horizontal input field overflows in template editor
- Expose more CVSS information in designs (including CVSS version, base/temporal/environmental score, impact/exploitability subscores)
- Allow adding custom CA certificates to the docker containers during build
- Multilingual templates
- Support images in templates
- Support creating templates from findings
- UI: Move secondary toolbar actions to a dropdown menu
- UI: Sticky Add button in finding and note list sidebars
- Fix redirect after login for remoteuser default auth provider
- Fix serialization of project check messages
- Implement file upload in user notebook
- Optimize image loading in markdown preview
- Use Argon2 for hashing passwords instead of PBKDF2
- Authentication via API tokens
- Auto-generate OpenAPI schema
- Fix username/password auth not available in login form of community edition
- Store a reference to the original project/design when copying
- Add tags to projects
- UI: Add icons for tags/members/language in project and template list
- Add drag-and-drop PDF designer
- Support SSO via Remote-User HTTP header
- Allow disabling local authentication via username/password to force SSO
- Support configuring default authentication provider via setting DEFAULT_AUTH_PROVIDER
- Fix CSRF error during logout
- Support automatic archiving of finished projects via setting AUTOMATICALLY_ARCHIVE_PROJECTS_AFTER
- Support automatic deletion of old archived projects via setting AUTOMATICALLY_DELETE_ARCHIVED_PROJECTS_AFTER
- Allow importing private designs
- Show warnings and info messages in designer error list
- Log invalid or unsupported CSS rules in PDF designer
- Include font files in repository
- Update dependencies to fix vulnerabilities in python requests (CVE-2023-32681) and webpack (CVE-2023-28154)
- Prevent setting reference-type specific CSS classes to
<ref>
components with slot content - Prevent buffering full
StreamingHttpResponse
causing high memory load - Add fonts Roboto Flex, STIX Two Text and Arimo
- Remove non-variable fonts Roboto, Tinos, Lato and Courier Prime
- Configure fallback of common fonts to similar looking fonts (Arial, Helvetica, Times New Roman, Courier New, Verdana)
- Provide (optional) base styles in designer via
@import "/assets/global/base.css";
- Add
<ref>
component to designs to reference headings, figures, tables and findings - Support writing markdown inside design HTML templates via
<markdown>
component - Support markdown attrs for headings
- Allow
<u>
and<pagebreak />
in markdown - Provide lodash utility functions in design template
- The update script rebuilds Docker images every seven days to ensure dependencies are updated regularly
- Fix user type field formatting in design rendering
- Add settings for OIDC with Google
- Fix parsing of nested markdown labels (link in footnote in image caption)
- On file not found during PDF rendering: add reference to finding/section in error message
- Add more languages
- Allow confiuring languages via setting PREFERRED_LANGUAGES
- Show current software version in license page
- Allow deleting users via UI
- Fix markdown code block alignment
- Update django to 4.2.1 (security release)
- Release Community Edition
- Add license checks and enforce license limits
- Project archiving and encryption with 4-eye principle
- Improve list editing in markdown editor
- Add a refresh PDF button to the publish project page
- Add private designs visible only to your user
- Support Postgres with PgBouncer in LanguageTool
- Allow storing files in S3 buckets
- Fix backup restore failing for notifications
- Allow setting emojis as custom note icons
- Require re-authentication to enable admin permissions in user sessions
- Test and improve backup and restore logic
- Automatically cleanup unreferenced files and images
- Add words to spellcheck dictionary
- Allow removing and updating roles of imported project members
- Fix label not shown for number fields
- Use variable Open Sans font to fix footnote-call rendering ("font-variant-position: super" not applied)
- Personal and per-project notes
- Use asgi instead of wsgi to support async requests
- Async PDF rendering and spellcheck request
- Support Elastic APM for API and frontend monitoring
- Fetch and display notifications to users
- Add titles to pages in frontend
- Support login via OpenID Connect
- Support offloading PDF rendering to a pool of worker instances
- Spellchecking and highlighting TODOs in string fields
- Make toolbar sticky on top of finding, section and template editor
- Separate scrollbars for side menu and main content
- Rework PDF Viewer
- Data-at-rest encryption for files and sensitive DB data
- Use Session cookies instead of JWT tokens
- Support two factor authentication with FIDO2, TOTP and Backup Codes
- Add user role and permissions for system users
- Support encrypting backups
- Add logo and favicon
- Add per-project user tags
- UI Improvement: create finding dialog: reset template search input after closing dialog, set search query as finding title for new empty findings
- UI Improvement: allow text selection in Markdown editor preview area
- Provide some standard fonts in the docker container
- Customize designs per project
- Allow force changing designs of projects if the old and new design are incompatible
- Update Chromium to fix CVE-2022-4262 (high)
- Compress images to reduce storage size and PDF size
- Manual highlighting of text in markdown code blocks
- Add review status to sections, findings and templates
- UI improvements: rework texts, add icons, more detailed error messages, group warnings by type in the publish page
- Fix rendering of lists of users containing imported project users
- Begin of changelog
- Collaboratively write pentesting reports
- Render reports to PDF
- Customize report designs to your needs
- Finding Template library
- Export and import designs/templates/projects to share data
- Multi Language support: Engilsh and German
- Spell checking
- Edit locking
- Drag-and-drop image upload
- PDF encryption
- and many more features