ce-8.7.2

🐞 Bug Fixes

• Security Updates

ce-8.7.1

It is highly recommended everyone update to this release due to the potential severity of this bug.

🐞 Bug Fixes

• Fixed a bug with the Database Rename functionality that could result in data loss.

ce-8.7.0

👀 New Features

• Added a 'Tagging Favorites' feature to allow users to quickly find commonly used tags
• New installations will come shipped with demo Assessments aligned to SRA's Financial Service and Health Threat Simulation Indexes
  • More information on Indexes here
• Added additional GraphQL mutations to allow for creation of Target/Source assets

✨ Enhancements

• Updated Mitre ATT&CK TTPs for enterprise-attack, ics-attack, and mobile-attack to v12.1
• Updated UI of several screens (Tagging Administration, Phases, Platforms/Tools)
• Better error codes when configuring SSO

🔒 Security Maintenance

• Dependency updates to address outstanding CVE's

ce-8.6.2

🐞 Bug Fixes

• Fixed API key migration that prevented the ability to use API keys in 8.6.1. Addresses #200
• Fixed issue when generating an Assessment or Campaign downloadable report. Addresses #199

🔒 Security Maintenance

• Dependency updates to address outstanding CVE's

ce-8.6.1

👀 New Features

• Redesigned Platforms & Tools page
• Updated Test Case Drilldown report with configurable columns and CSV export features
• Update Test Case mutation added to GraphQL API

✨ Enhancements

• Additional data available in GraphQL query. Addresses #184
  • Added phase to the TestCase type
  • Added kill chain to the Assessment type

🔒 Security Maintenance

• vectr_tomcat image patched with OpenSSL 3.0.2-0ubuntu1.7 to address CVE-2022-3602 and CVE-2022-3786
• Dependency updates to address outstanding CVE's

ℹ NOTE: We've updated a bunch of front-end dependencies. After upgrading, perform a full browser refresh (CTRL+F5) or clear out your browser cache.

🐞 Bug Fixes

• User management feature updated to resolve conflicts between same-named local and SSO accounts. Documentation for federating a user account. Addresses #191

ce-8.5.1

👀 New Features

• Redesigned automation runtime configuration screen
• Redesigned tagging component

🔒 Security Maintenance

• Dependency updates to address outstanding CVE's

🐞 Bug Fixes

• Fixed membership count on IAM groups page. #166
• Fixed issue when deleting an assessment group template. #183
• Fixed issue when the MongoDB connection password contained special characters. #189
• Fixed UTF-8 character encoding issue when generating ATTiRE logs from VXF executables
• Report download now correctly exports just the selected assessment or campaign

ce-8.4.3

🐞 Bug Fixes

• Fixed issue where adding a Defensive Layer from the Administration page was not getting added
• Fixed issue where a SAML2 identity provider could not be added due to an error when generating signing certificates

ce-8.4.2

👀 New Features

• New Outcomes and Sub-Outcomes to provide more granularity on reporting and detection status, with the ability to customize colors and text. Documentation on new mapping will be available very soon!
• Ability to configure SSL certificates by GUI or .env file (https://docs.vectr.io/VECTR-Installation-Configuration-ENV-File-Description/#optional-variables)
• Ability to spin up a "blank" instance controlled by .env file (https://docs.vectr.io/VECTR-Installation-Configuration-ENV-File-Description/#optional-variables)
• MITRE ATT&CK v11.1 support

🔒 Security Maintenance

• Update to latest Pac4j version
• Update to Spring 5.3.19 to address CVE-2022-22968

✨ Enhancements

• Continued migration to VueJS:
  • Additional CRUD screens
  • Several Reporting screens
  • Database Selection widget

🐞 Bug Fixes

• Fixed Assessment status if entire Campaign has all Test Cases set to "Abandoned"
• Set correct offset in table when creating new Campaigns and Test Cases
• Fixed issue where uBlock Origin was blocking metrics reporting screen

🚀 Improvements

• Adjust the Assessment create date when cloned
• Reordering of Columns in Tools screens

⚒ Integrations

• ATTiRe Structured Logging Format integration with Atomic Operator as a default logging format. Check out pending PR for details on the integration: swimlane/atomic-operator#52
• Shout out to @antman1p for writing a converter that takes output from Recorded Future and uses VECTR's GraphQL API to record Test Cases. Check out their project here: https://github.com/antman1p/RecodedFuture-to-ATTCK

📒 Documentation

• Check out new additions to https://docs.vectr.io

ce-8.3.2

🔒 Security Maintenance

• Upgrade Spring libraries to address CVE-2022-22965

ce-8.3.1

🐞 Bug Fixes

• Fixed an issue on the Campaign Dashboard where the delete button did not work. This was a UI bug and did not affect your data or the backend