v3.16.0

• BREAKING CHANGE: API V2 discontinued
• BREAKING CHANGE: Changed minimum version of python to 3.7
• ADD agent parameters has types (protocol with agent and its APIs)
• ADD move settings from server.in to a db model
• ADD (optional) query logs
• MOD new threads management
• MOD vulnerabilities' endpoint no longer loads evidence unless requested with get_evidence=true
• FIX now it is not possible to create workspace of name "filter"
• FIX bug with dates in the future
• FIX bug with click 8
• FIX bug using --port command
• FIX endpoints returning 500 as status code
• REMOVE the need tom CSRF token from evidence upload api

v3.15.0

• ADD Basic Auth support
• ADD support for GET method in websocket_tokens, POST will be deprecated in the future
• ADD CVSS(String), CWE(String), CVE(relationship) columns to vulnerability model and API
• ADD agent token's API says the renewal cycling duration
• MOD Improve database model to be able to delete workspaces fastly
• MOD Improve code style and uses (less flake8 exceptions, py3 super style, Flask app as singleton, etc)
• MOD workspaces' names regex to verify they cannot contain forward slash (/)
• MOD Improve bulk create logs
• FIX Own schema breaking Marshmallow 3.11.0+
• UPD flask_security_too to version 4.0.0+

v3.14.4

3.14.4 [Apr 15th, 2021]:

• Updated plugins package, which update appscan plugin

v3.14.3

3.14.3 [Mar 30th, 2021]:

• MOD MAYOR Breaking change: Use frontend from other repository
• ADD last_run to executors and agents
• ADD ignore info vulns option (from faraday-plugins 1.4.3)
• ADD invalid logins are registered in audit.log
• ADD agent registration tokens are now 6-digit short and automatically regenerated every 30 seconds
• MOD Fix logout redirect loop
• REMOVE support for native SSL

v3.14.2

3.14.2 [Feb 26th, 2021]:

• ADD New plugins:
  • microsoft baseline security analyzer
  • nextnet
  • openscap
• FIX old versions of Nessus plugins bugs

v3.14.1

3.14.1 [Feb 17th, 2021]:

• ADD forgot password
• ADD update services by bulk_create
• ADD FARADAY_DISABLE_LOGS varibale to disable logs to filesystem
• ADD security logs in audit.log file
• UPD security dependency Flask-Security-Too v3.4.4
• MOD rename total_rows field in filter host response
• MOD improved Export cvs performance by reducing the number of queries
• MOD sanitize the content of vulns' request and response
• MOD dont strip new line in description when exporting csv
• MOD improved threads management on exception
• MOD improved performance on vulnerability filter
• MOD improved API documentation
• FIX upload a report with invalid custom fields
• ADD beta v3 API, which includes:
  • All endpoints ends without /
  • PATCH {model}/id endpoints
  • Bulk update via PATCH {model} endpoints
  • Bulk delete via DELETE {model} endpoints
  • Endpoints removed:
    • /v2/ws/<workspace_id>/activate/
    • /v2/ws/<workspace_id>/change_readonly/
    • /v2/ws/<workspace_id>/deactivate/
    • /v2/ws/<workspace_name>/hosts/bulk_delete/
    • /v2/ws/<workspace_name>/vulns/bulk_delete/
  • Endpoints updated:
    • /v2/ws/<workspace_name>/vulns/<int:vuln_id>/attachments/ =>
      /v3/ws/<workspace_name>/vulns/<int:vuln_id>/attachment

Release 3.14.0

• ADD RESTless filter to multiples views, improving the searchs
• ADD "extras" modal in options menu, linking to other Faraday resources
• ADD import vulnerability templates command to faraday-manage
• ADD generate nginx config command to faraday-manage
• ADD vulnerabilities severities count to host
• ADD Active Agent columns to workspace
• ADD critical vulns count to workspace
• ADD Remember me login option
• ADD distinguish host flag
• ADD a create_date field to comments
• FIX to use new webargs version
• FIX Custom Fields view in KB (Vulnerability Templates)
• FIX bug on filter endpoint for vulnerabilities with offset and limit parameters
• FIX bug raising 403 Forbidden HTTP error when the first workspace was not active
• FIX bug when changing the token expiration change
• FIX bug in Custom Fields type Choice when choice name is too long.
• FIX Vulnerability Filter endpoint Performance improvement using joinedload. Removed several nplusone uses
• MOD Updating the template.ini for new installations
• MOD Improve SMTP configuration
• MOD The agent now indicates how much time it had run (faraday-agent-dispatcher v1.4.0)
• MOD Type "Vulnerability Web" cannot have "Host" type as a parent when creating data in bulk
• MOD Expiration default time from 1 month to 12 hour
• MOD Improve data reference when uploading a new report
• MOD Refactor Knowledge Base's bulk create to take to take also multiple creation from vulns in status report.
• MOD All HTTP OPTIONS endpoints are now public
• MOD Change documentation and what's new links in about
• REMOVE Flask static endpoint
• REMOVE of our custom logger

Release v3.12

• Now agents can upload data to multiples workspaces
• Add agent and executor data to Activity Feed
• Add session timeout configuration to server.ini configuration file
• Add hostnames to already existing hosts when importing a report
• Add new faraday background image
• Display an error when uploading an invalid report
• Use minimized JS libraries to improve page load time
• Fix aspect ratio distortion in evidence tab of vulnerability preview
• Fix broken Knowledge Base upload modal
• Fix closing of websocket connections when communicating with Agents
• Change Custom Fields names in exported CSV to make columns compatible with
  faraday_csv plugin
• Fix import CSV for vuln template: some values were overwritten with default values.
• Catch errors in faraday-manage commands when the connection string is not
  specified in the server.ini file
• Fix bug that generated a session when using Token authentication
• Fix bug that requested to the API when an invalid filter is used
• Cleanup old sessions when a user logs in
• Remove unmaintained Flask-Restless dependency
• Remove pbkdf2_sha1 and plain password schemes. We only support bcrypt

Release v3.11.1

• Fix missing shodan icon and invalid link in dashboard and hosts list
• Upgrade marshmallow, webargs, werkzeug and flask-login dependencies to
  latest versions in order to make packaging for distros easier

Release v3.11

• Move GTK client to another repository to improve release times.
• Fix formula injection vulnerability when exporting vulnerability data to CSV. This was considered a low impact vulnerability.
• Remove "--ssl" parameter. Read SSL information from the config file.
• Add OpenAPI autogenerated documentation support
• Show agent information in command history
• Add bulk delete endpoint for hosts API
• Add column with information to track agent execution data
• Add tool attribute to vulnerability to avoid incorrectly showing "Web UI" as creator tool
• Add sorting by target in credentials view
• Add creator information when uploading reports or using de bulk create api
• Add feature to disable rules in the searcher
• Add API endpoint to export Faraday data to Metasploit XML format
• Use run date instead of creation date when plugins report specifies it
• Improve knowledge base UX
• Improve workspace table and status report table UX.
• Improve format of exported CSV to include more fields
• Sort results in count API endpoint
• Limit description width in knowledge base
• Change log date format to ISO 8601
• Fix parsing server port config in server.ini
• Fix bug when _rev was send to the hosts API
• Send JSON response when you get a 500 or 404 error
• Fix bug parsing invalid data in NullToBlankString

Changes in plugins (only available through Web UI, not in GTK client yet):

New plugins:

• Checkmarx
• Faraday_csv (output of exported Faraday csv)
• Qualyswebapp
• Whitesource

Updated plugins:

• Acunetix
• AppScan
• Arachni
• Nessus
• Netspaker
• Netspaker cloud
• Nexpose
• Openvas
• QualysGuard
• Retina
• W3af
• WPScan
• Webinspect
• Zap