ce-9.4.0

🐛 Bug Fixes

• Fixed issue in GraphQL test case mutations where test case automation arguments were not saving.
• Fixed issue when importing a defense tool from the content library did not copy over associated defense layer information.
• On Resilience Trending report page, fixed issue where configuration buttons on heatmap sub-chart were invisible.

🔒 Security Maintenance

• Addressed application vulnerabilities reported by @ameerpornillos.

ce-9.3.3

🚀 VECTR Enterprise

• VECTR 9.3 marks the launch of our premium offering "VECTR Enterprise". VECTR Enterprise introduces premium reporting features and integrated benchmark data to help you tell the story of your adversary management / purple teams program. Learn more about VECTR Enterprise. Community edition will continue to be available and receive updates.

👀 UI Updates

• 🌒Dark mode is here! This is still in beta, but you can preview it from your profile menu. We're looking forward to releasing tweaks and fine tuning of the color theme in future versions.
• Continued transition of our frontend stack to Vue.js with a redesigned Assessment Library page.

🔒 Security Maintenance

• Dependency updates to address CVE's

ce-9.2.1

🚀 Improvements

• VECTR 9.2 represents a significant update to the backend stack and system architecture. We've migrated to a Spring Boot API layer and have added a gateway and static UI containers to offload some responsibilities from the "tomcat" container, including TLS termination and the frontend SPA application, respectfully. Please see our upgrade guide to update your existing deployment.

🐞 Bug Fixes

• A lot of bug fixes, including addressing the following issues: #262, #263, #267, #268, #269, #270

🔒 Security Maintenance

• Dependency updates to address CVE's.

ce-9.0.2

🚀 VECTR 9.0

• We are pleased to announce the next generation of the VECTR Purple Team platform! VECTR 9.0 brings an entirely new relational (SQL) data model with backend services completely rewritten for this. The shift to SQL has laid the ground work to enable us to bring new features and capabilities into the platform that will further enhance your Purple Team experience in VECTR.

⚒ SQL Migration Tool

• To transition your data from 8.9.x to 9.0, we have created a migration tool that converts the MongoDB based data to SQL based data. If you have existing data you MUST run this tool to upgrade to 9.0. Please be sure to read the directions and notes in the README carefully. https://github.com/SecurityRiskAdvisors/vectr-sql-migration
• For any issues migrating data please open an issue on the migration tool GitHub Page.
• For issues importing data or with the 9.0 Release please open them on the VECTR GitHub Page.

GraphQL API Changes

• With the 9.0 Release we have made some changes to the API. See our documentation page for this here.
• We've also updated out VECTR-Tools project to reflect these changes to see updated working examples here.

ce-8.9.4

🔒 Security Maintenance

• Dependency updates to address multiple CVEs.

🚀 Next Release

• Starting with VECTR 9.0, VECTR's data and service layers have been completely reworked to support a new relational data model and will no longer use MongoDB. VECTR ce-8.9.4 will likely be the last MongoDB-based release. Future 8.9.x MongoDB-based releases will be determined based on criticality of future CVEs and the adoption rate of VECTR 9.0. Please note that no new features will be released on the 8.9.x branch. If you want to continue receiving new features and updates, upgrade to VECTR 9.0 when it is released.

⚒ SQL Migration Tool

• To transition your data from 8.9.x to 9.0, we have created a migration tool that converts the MongoDB based data to SQL based data. We recommend running the migration tool prior to the official VECTR 9.0 release, as you will be able to report any issues you encounter so we can address them prior to the launch. Please be sure to read the directions and notes in the README carefully. https://github.com/SecurityRiskAdvisors/vectr-sql-migration

ce-8.9.3

🔒 Security Maintenance

• Dependency updates to address CVE-2023-46589

ce-8.9.2

✨ Enhancements

• MITRE ATT&CK v14 support

🔒 Security Maintenance

• Dependency updates to address CVE's

ce-8.9.1

ℹ NOTE: The RTA containers in addition to the Tomcat have been updated for this release. When upgrading change your container versions accordingly.

🚀 Improvements

• This release is another milestone in our transition from AngularJS to Vue.js. While these release notes are not exhaustive, note many smaller UI elements are being converted. If you experience any issues or have any feedback, feel free to open an issue or join our Discord to discuss.

👀 New Features

• New Assessments Screen: Groups together assessments from our Industry Indexes templates. It also included reporting shortcuts and additional data fields for ease of use.
• Resilience Trending: New report which should be a better fit for most Historical Trending use cases. The Resilience Trending screen is used to plot threat resiliency over time.

🔒 Security Maintenance

• Dependency updates to address CVE's

ce-8.8.1

✨ Enhancements

• Updated Mitre ATT&CK TTPs for enterprise-attack, ics-attack, and mobile-attack to v13.1
• Moved the "Export to CSV" functionality under the environment navigation menu
• Enhanced the administration cog to be more contextual to a logged in users' permissions

🔒 Security Maintenance

• Dependency updates to address CVE's

🐞 Bug Fixes

• Fixed issue where it's possible to get stuck taking a tour
• Fixed issue where users were unable to add new metadata in the Test Case panel Red/Blue team details. Addresses #230

ce-8.8.0

👀 New Features

• Redesigned VECTR Navigation to better align with user flow of the application.
• Test Case Drilldown table has improved searchability with a global search input, and additional columns have been added for display. Addresses #223
• Data Integrity report now includes Test Cases where the MITRE ATT&CK Tactic (Phase) selected is not mapped to the selected Technique ID
• GraphQL API Improvements
  • Add Tags / Remove Tags when Updating Test Cases
  • Filter Test Cases, Campaigns, and Assessments by Tags

✨ Enhancements

• Tweaks to the Tag select & create UI
• Continual improvements to the UI for usability

🔒 Security Maintenance

• VECTR container image updated to Tomcat 10.1.x and Java 17
• Dependency updates to address CVE's

🐞 Bug Fixes

• Filtering Test Cases by Outcome parent will now also show the Outcome children. For example: Filtering by "Alerted" will also show Test Cases with "Alerted – High", "Alerted – Medium", and "Alerted – Low" Outcomes
• Fixed issue sorting Test Cases by Tags in the Campaign Dashboard which resulted in unintended Data Conflict display. Addresses #216
• GraphQL API:
  • Fixed issue with filtering Test Cases by MITRE Technique ID. Addresses #211
  • Fixed non-working Test Case Description filter
• Attack Automation:
  • Fixed issue with local variables included in all Test Cases. Addresses #215
  • Changed behavior of execution delay to occur between test cases instead of between commands within a test case. Addresses #227
• Raised default application API rate limits – settings defaulted too low causing throttling issues for some users