1.2.9

Changes:

• (App) Preview of Batch Edit feature in the Collection Review Workspace.
• (App) Resolved an issue that could cause error pop-ups when tabs were closed.
• (App) Adjusted expected Eval STIG info elements.
• (API) Updated dependencies (multer and express-openapi-validator) to resolve vulnerability found in one of their dependencies (dicer).
• (API) Log response bodies for elevated requests.

Full Changelog: 1.2.8...1.2.9

1.2.8

Changes:

• (App) Added "What's New" pop-up feature

• (App) Added "Dark Mode" preview feature

• (App) Added Import Options to Collection Settings for granular control over the way Reviews imported from files are posted to the API.

• (API/OAS) Adjusted API and OAS to bring them into agreement.

• (App) Added "Accept" button to Asset Review Workspace

• (App) Updated fast-xml-parser to 4.0.7

• (App) Created common Parser file that can be shared across the UI and stigman-watcher

• (App) Updates to parser to support processing of Evaluate STIG comments, used to populate ResultEngine data.

• (DB) Includes a MySQL migration that:

  • Adds indexes to resultEngine JSON properties.
  • Removes data in column resultEngine of review and review_history tables where it was automatically populated in previous migration.

  We recommend backing up your database before updating to any release with a database migration.

Full Changelog: 1.2.7...1.2.8

1.2.7

Changes:

• (API) Update dependency minimist to address a High severity vulnerability
• (API/Tests) Review History endpoint fixes and new CI tests
• (App) In the Collection/STIG Review checklist grid, the columns that count O, NF, NA, and NR were expanded to accommodate up to 4 digits. These columns remain fixed width and are not re-sizable by the user.
• (App) In both the Asset/STIG Review and Collection/STIG Review checklist grids, the default visible columns were changed from "Group ID and Group Title" to "Group ID and Rule Title". This more closely reflects the observed preferences of many users.
• (API) resultEngine property added to Review schema. This property is intended to hold data about automated sources of the Review Results. See the API Specification for more details.
• (DB) Includes a MySQL migration that:
  • Adds JSON column resultEngine to review and review_history tables.
  • Where autoResult column is set to 1, sets value of resultEngine to {type: "scap", product: "scc"}

We recommend backing up your database before updating to any release with a database migration.

Commits:

• 9936c15 refactor: remove references to globalAccess and unneeded try/catch (#632)
• 428784e feat: widen columns; default to groupId/ruleTitle (#640)
• 99e6e17 feat: resultEngine property added to Review schema (#638)
• 070b060 docs: include stub html directory (#639)
• 62011d8 build: add doc build; build images on commit and tag (#637)
• 4b2d0b9 mixed: Review History tests and fixes to structure and calculation dates (#631)
• a6b1c0c chore(deps): bump minimist from 1.2.5 to 1.2.6 in /api/source (#630)

Full Changelog: 1.2.6...1.2.7

1.2.6

Changes:

• (App) Rows in the Status and Finding report link to the corresponding Review tabs
• (API/App) CKL filenames contain the STIG revision string
• (App) Ensure the Label icon in the NavTree displays in all deployments

Commits:

• 3ad3f21 fix: modify path to label.svg in NavTree (#626)
• 17c4705 fix: provide specific revision string in suggested filename, in place of "latest" (#623)
• ec8ebde feat: dblclick on a Status/Finding row opens the corresponding Review tab (#616)

1.2.5

Changes:

• (API/App) Release of new Asset Labelling feature. Tag Assets in a Collection with Labels
• (App) Navigation Tree filtering on Asset Labels.
• (App) Asset Labels are now displayed in various places in UI.
• (Docs) Documentation for new Asset Label feature available. See sections on the Navigation Tree and Collection Management - Labels.
• (App) Adjusted language used in Review Panel Attribution box for clarity.
• (App) Restricted Collection modification options available in Application Management interface to better reflect overall application security approach.
• (App) Adjusted line spacing to loosen up grid views a little.

Includes a MySQL migration that:

• Adds tables collection_label and collection_label_asset_map

We recommend backing up your database before updating to any release with a database migration.

Commits:

• b662de4 feat: Collection labels (#605)
• 78b8db6 fix: remove listeners on destroy (#606)

1.2.4

Changes:

• (API/App) Endpoint and UI for deployment-wide usage statistics
• (App) CKL export fixes
• (App) Changed incorrectly named column headers on the Collection Manage workspace
• (API/App) Require a compliance result (pass, fail, notapplicable) to submit a Review
• (Docs) Updates regarding "submit" status requirements

Commits:

• 8f0905f docs: updates regarding "submit" status requirements (#595)
• 86a9890 fix: require a compliance result to submit review (#594)
• b506920 fix: headers don't match API (#592)
• 0c7ecf5 fix: CKL export fails to include all rules (#591)
• 98025ce feat: endpoint and ui for /op/details (#570)

1.2.3

Changes:

• (App) Trim white space from exported CSV values
• (API) Include request body when logging at level 4
• (App) Corrected web app logic for XCCDF imports

Commits:

• a93f6fe fix: web app xccdf import logic (#582)
• 22cbfe7 feat: log request body when logLevel = 4 (#581)
• 4319979 feat: ExportButton trims values (#576)

1.2.2

Changes:

• Fix a UI regression that incorrectly hides the "Accept" button and disables the "Reject" feature
• The experimental AppData feature now supports Review history items

Commits:

• fix: accept button incorrectly hidden (#571)
• feat: include review history in appdata export/import (#562)
• remove: CORS proxy for OIDC (#558)
• refactor: fetchStig/Scap logging (#557)
• chore: Build updates (#556)
• doc: remove videos from source and build

1.2.1

Changes:

• BREAKING API CHANGE: The OpenAPI schema for Collection was revised. Collection.workflow was removed. Collection.settings was introduced and is mandatory for POST/PUT requests.
• Resolved a bug where Collection.description was not being saved (#547)
• CI pipeline modified to detect bugs such as the above

Includes a MySQL migration that:

• Drops column collection.workflow
• Adds column collection.settings as type JSON
• Sets the value of column settings for each record in table collection based on the value of metadata.fieldSettings if it exists, and metadata.statusSettings if it exists. If those values do not exist, then the default value of settings is used.

    {
      "fields": {
        "detail": {
          "enabled": "findings",
          "required": "findings"
        },
        "comment": {
          "enabled": "always",
          "required": "always"
        }
      },
      "status": {
        "canAccept": true,
        "minAcceptGrant": 3,
        "resetCriteria": "result"
      }
    }

• Removes the keys fieldSettings and statusSettings from the value of column metadata for each record in table collection

We recommend backing up your database before updating to any release with a database migration.

Commits:

• 6622d39 test: collection settings; object creation (#550)
• 675e031 feat: adds Collection.settings (#548)
• fa55151 doc: synchronize build with source (#543)
• 9c071ff fix: add additional images to client dist (#544)

1.2.0

Introduces:

• structured logging output from the API as a JSON stream
• build script to generate a minimized client distrubution
• build script to generate signed binaries of the API for Windows and Linux
• updates to the CD workflows
• dependency updates which resolve recently reported security vulnerabilities
• minor bug fixes

Commits:

• 13e4d1a dev: api distribution build script (#541)
• 434e984 refactor: remove client from event path (#540)
• b1903c6 fix: register xtype for STIG revision grid (#539)
• bb374d1 fix: escape quotes in Welcome title and message (#538)
• 459ef3e refactor: JSON_EXTRACT() instead of JSON_VALUE() (#537)
• 19892dc chore: increment copyright year (#536)
• d93bb4d chore: update node modules (#535)
• 7fad835 dev: client distribution build script (#534)
• dff8a9e feat: JSON logging and supporting code (#530)
• 3ac29a5 docs: updated Logging, Environment Variables, Setup and Deployment docs. (#524)