Releases: SecurityRiskAdvisors/VECTR
Releases · SecurityRiskAdvisors/VECTR
ce-8.7.2
ce-8.7.1
ce-8.7.0
👀 New Features
- Added a 'Tagging Favorites' feature to allow users to quickly find commonly used tags
- New installations will come shipped with demo Assessments aligned to SRA's Financial Service and Health Threat Simulation Indexes
- More information on Indexes here
- Added additional GraphQL mutations to allow for creation of Target/Source assets
✨ Enhancements
- Updated Mitre ATT&CK TTPs for enterprise-attack, ics-attack, and mobile-attack to v12.1
- Updated UI of several screens (Tagging Administration, Phases, Platforms/Tools)
- Better error codes when configuring SSO
🔒 Security Maintenance
- Dependency updates to address outstanding CVE's
ce-8.6.2
ce-8.6.1
👀 New Features
- Redesigned Platforms & Tools page
- Updated Test Case Drilldown report with configurable columns and CSV export features
- Update Test Case mutation added to GraphQL API
✨ Enhancements
- Additional data available in GraphQL query. Addresses #184
- Added phase to the
TestCase
type - Added kill chain to the
Assessment
type
- Added phase to the
🔒 Security Maintenance
vectr_tomcat
image patched with OpenSSL3.0.2-0ubuntu1.7
to address CVE-2022-3602 and CVE-2022-3786- Dependency updates to address outstanding CVE's
ℹ NOTE: We've updated a bunch of front-end dependencies. After upgrading, perform a full browser refresh (CTRL+F5) or clear out your browser cache.
🐞 Bug Fixes
- User management feature updated to resolve conflicts between same-named local and SSO accounts. Documentation for federating a user account. Addresses #191
ce-8.5.1
👀 New Features
- Redesigned automation runtime configuration screen
- Redesigned tagging component
🔒 Security Maintenance
- Dependency updates to address outstanding CVE's
🐞 Bug Fixes
- Fixed membership count on IAM groups page. #166
- Fixed issue when deleting an assessment group template. #183
- Fixed issue when the MongoDB connection password contained special characters. #189
- Fixed UTF-8 character encoding issue when generating ATTiRE logs from VXF executables
- Report download now correctly exports just the selected assessment or campaign
ce-8.4.3
🐞 Bug Fixes
- Fixed issue where adding a Defensive Layer from the Administration page was not getting added
- Fixed issue where a SAML2 identity provider could not be added due to an error when generating signing certificates
ce-8.4.2
👀 New Features
- New Outcomes and Sub-Outcomes to provide more granularity on reporting and detection status, with the ability to customize colors and text. Documentation on new mapping will be available very soon!
- Ability to configure SSL certificates by GUI or .env file (https://docs.vectr.io/VECTR-Installation-Configuration-ENV-File-Description/#optional-variables)
- Ability to spin up a "blank" instance controlled by .env file (https://docs.vectr.io/VECTR-Installation-Configuration-ENV-File-Description/#optional-variables)
- MITRE ATT&CK v11.1 support
🔒 Security Maintenance
- Update to latest Pac4j version
- Update to Spring 5.3.19 to address CVE-2022-22968
✨ Enhancements
- Continued migration to VueJS:
- Additional CRUD screens
- Several Reporting screens
- Database Selection widget
🐞 Bug Fixes
- Fixed Assessment status if entire Campaign has all Test Cases set to "Abandoned"
- Set correct offset in table when creating new Campaigns and Test Cases
- Fixed issue where uBlock Origin was blocking metrics reporting screen
🚀 Improvements
- Adjust the Assessment create date when cloned
- Reordering of Columns in Tools screens
⚒ Integrations
- ATTiRe Structured Logging Format integration with Atomic Operator as a default logging format. Check out pending PR for details on the integration: swimlane/atomic-operator#52
- Shout out to @antman1p for writing a converter that takes output from Recorded Future and uses VECTR's GraphQL API to record Test Cases. Check out their project here: https://github.com/antman1p/RecodedFuture-to-ATTCK
📒 Documentation
- Check out new additions to https://docs.vectr.io
ce-8.3.2
🔒 Security Maintenance
- Upgrade Spring libraries to address CVE-2022-22965
ce-8.3.1
🐞 Bug Fixes
- Fixed an issue on the Campaign Dashboard where the delete button did not work. This was a UI bug and did not affect your data or the backend