Ghostwriter v4.3.10

Summary

This release includes the latest Ghostwriter CLI with minor updates and bug fixes.

CHANGELOG

[4.3.10] - 3 January 2025

Added

• Added a HASURA_GRAPHQL_SERVER_HOSTNAME for the DotEnv file to allow for setting the Hasura server hostname (Fixes #566)
  • This is available for Kubernetes deployments (see issue #566)
  • For all other deployments, the Hasura server hostname should be left set to graphql_engine by default

Changed

• The linter now checks if the list styles are of type PARAGRAPH in the Word template
• The archived reports page now displays the project name for each report to help with identification
• Updated the pre-built Ghostwriter CLI binaries to v0.2.21

Ghostwriter v4.3.9

Summary

This release contains some minor changes related to evidence.

CHANGELOG

[4.3.9] - 10 December 2024

Changed

• Evidence previews for custom fields and evidence detail pages now display evidence at 6.5" wide to mimic the standard full-width seen in a Word document

Fixed

• Fixed an issue that could cause improper casing for the first word in a caption

Ghostwriter v4.3.8

Summary

This release addresses user feedback for minor enhancements and fixes an issue we identified with filtering activity logs containing substantial data (e.g., lenghty command output).

CHANGELOG

[4.3.8] - 6 December 2024

Added

• Added buttons to jump to a selected template from the report dashboard

Changed

• Enabled pasting with formatting in the WYSIWYG editor
  • This change allows you to paste formatted text from other sources (e.g., Word documents) into the editor
  • This caused issues in the past when pasting from Word, some terminals, and some websites, but the reporting engine seems to handle the formatting well now
  • Note: Pasting with formatting may not work as expected in all cases, so please check your pasted content in the editor before generating a report
• Increased the auto-complete list's maximum items from 10 to 20 to show more evidence files
• Using the "Upload Evidence" button in the editor now pushes a ref version of the auto-complete entry to the auto-complete list upon successful upload

Fixed

• Fixed activity log filtering not working correctly when very large log entries were present (PR #558)

Ghostwriter v4.3.7

Summary

This release fixes some issues with custom fields and cross-references in Word documents.

CHANGELOG

[4.3.7] - 25 November 2024

Fixed

• Fixed forms not accepting decimal values for extra fields (PR #554)
• Fixed cross-references not working when the reference name contained spaces (PR #556)

Ghostwriter v4.3.6

Summary

This release adds functionality for tables and captions in Word reports, addresses list formatting in Word reports, and reduces exposed services in production environments.

CHANGELOG

[4.3.6] - 14 November 2024

Added

• Added support for table captions in the WYSIWYG editor (PR #547)
  • Caption text can be customized by right-clicking on the table > Table Properties > General > Show caption
• Added report configuration options for figure and table caption placement (above or below) for Word

Changed

• Production deployments now default to only exposing PostgreSQL and Hasura ports to internal services (PR #551)
  • This change is to improve security by limiting the number of exposed ports on the server
  • If you need direct access to PostgreSQL or Hasura, you can adjust the Docker Compose file to expose the ports on the host system or run a utility like psql inside the container

Fixed

• Fixed observations not being cloned when cloning a report (PR #548)
• Fixed lists being styled as List Paragraph in Word instead of with user-defined Bullet List or Number List styles (PR #550)

Ghostwriter v4.3.5

Summary

This is a minor release that adjusts the linter and report context.

CHANGELOG

[4.3.5] - 30 October 2024

Changed

• The added_as_blank attribute for findings is now included in the template linter

Fixed

• Fixed false values appearing as "" in the report template context after release v4.3.4

Ghostwriter v4.3.4

Summary

This is a minor release to patch an issue with the cloud server creation and update checks for duplicate IP addresses added in a previous release.

CHANGELOG

[4.3.4] - 24 October 2024

Changed

• Adjusted the duplicate IP address checks for cloud servers on a project to make them more robust to catch more edge cases

Fixed

• Fixed an issue with creating a new cloud server on a project

Ghostwriter v4.3.3

Summary

This release includes some enhancements for the CVSS calculator and referencing CVSS information in reports.

CHANGELOG

[4.3.3] - 21 October 2024

Added

• Added display for the temporal and environmental scores on the CVSS v3.1 calculator (Closes #536)
• Added a cvss_data key to the report context that includes the CVSS data for each finding
  • The key is a list that includes four items: the CVSS version, score(s), severity, and your configured color for the severity
  • The score and severity data includes the temporal and environmental scores for CVSS v3.1, so those scores, severities, and colors are lists (base, temporal, environmental)
  • The data is available for use in the report template

Fixed

• Fixed values of zero (e.g., 0 or 0.0) displaying as "No Value Set" for extra fields (Closes #541)
• Fixed a minor style issue with the sidebar

Ghostwriter v4.3.2

Summary

This release includes some quality-of-life improvements and a reworked CVSS calculator.

CHANGELOG

[4.3.2] - 30 Sep 2024

Added

• Add a severities key to the report context that includes a list of all severity categories in the database (Closes #427)
  • Each severity category includes the category's name, color as a hex value, color as an RGB value, color as a hex tuple, and the category's weight
  • Each entry also has a severity_rt RichText object for Word that places the severity in a font color that matches the severity's color
    • This object is identical to the severity_rt object on findings

Changed

• Reworked the CVSS calculators on findings to allow switching between CVSS v3/3.1 and v4 (Closes #232, #356, #387, and #509)
  • Changes include the addition of the "modified" metrics like temporal, environmental, threat, and supplemental sections
• Changed autocomplete suggestions in the WYSIWYG editor to no longer be case-sensitive (Fixes #440)

Fixed

• Fixed archive report generation failing due to the Word template used for the PowerPoint report (PR #528)

Ghostwriter v4.3.1

Summary

This release includes some minor changes requested by the community.

CHANGELOG

[4.3.1] – 25 Sep 2024

Added

• Added a replace_blanks filter to the report template engine to replace blank values in a dictionary with a specified string
  • This filter is useful when sorting a list of dictionaries with an attribute that may have a blank value
• Added an option in the change search in the findings library to search findings attached to reports (Closes #400)
  • Instead of matches from the library, the search will return results for findings attached to reports to which the user has access

Changed

• Changed the serializer for report context to replace null values with a blank string ("") to help prevent errors when generating reports
  • Note: This change may affect templates that rely on null values to trigger conditional logic, but most conditional statements should not be affected
  • Example: The condition {% if not X %} will evaluate to True if X is None or ""
• Changed the report form to allow users with the admin or manager roles to change the report's project (Closes #368)
  • This change allows a report to be moved from one project to another (e.g., you make a copy for a follow-up assessment)
  • This feature is only available to users with the admin or manager roles to prevent accidental data leaks

Fixed

• Fixed an edge case with the Namecheap sync task that could lead to a domain remaining marked as expired after re-purchasing it or renewing it during the grace period