1.1.0

Commits:

• ui: styling tweaks (#517)
• docs: consolidated some redundant docs, added info about collection settings, updated screenshots (#514)
• feat: update UI labels (#513)
• feat: review status handling (#511)

Includes breaking changes to the OpenAPI definition that affect clients such as STIG Manager Watcher. Some properties of the schemas for Review... and ReviewHistory... have been changed, renamed or removed:

• resultComment is renamed to detail
• actionComment is renamed to comment
• action is removed
• status value can be either a string or an object. See the definition for details.

Includes a MySQL migration that changes the schema for tables review and reviewHistory.

• The running time of the migration depends on the number of records in those tables.
• The migration also drops the small, static table action.
• We recommend backing up the database before updating to any release with a database migration.

1.0.42

• fix: CKL comments restored (#505)
• oas: Various OAS changes to enable better response validation (#500)
• fix: always sort Collection Review to top (#501)

1.0.41

• fix: filter grid on asset name (#498)
• feat: UI support for STIG/revision delete (#491)
• refactor: unhandled rejections (#490)
• doc: Additional documentation updates, links. (#489)
• doc: Added project security policy, security docs, docker trust public key, stigman sample .ckl (#486)
• feat: choice to export mono- or multi-STIG CKLs (#480)
• refactor: await _migrations table (#476)

1.0.40

fix: allowReserved for office query param (#474)
deps: rm connect,compression, request; update xlsx-template (#473)
feat: STIG Library feature introduced (#472)
refactor: ui rendering (#471)
refactor: reduce web client smells (#470)
feat: column filters (#469)
chore: fictionalize appdata city (#468)
chore: remove unused client dockerfile (#467)
fix: encode office query param (#466)
feat: userObject.display tries username or servicename (#463)

1.0.0-beta.39

This is the last release to have a beta designation. Several UI enhancements are introduced, including:

• New names for the Review commentary fields
• New settings for Reviews in Collection Management
• Ability to display a custom image and text in the Home tab Welcome panel

There is a database migration included in this release that moves the data in table stats_asset_stig to stig_asset_map.

• feat: Welcome message enhancements (#461)
• feat: experimental CORS proxy for OIDC (#460)
• docs: updated screenshots, added care and feeding, autoresult, and CORS sections, updated terminology, many other small fixes. (#462)
• feat: welcome widget icon/text can be customized (#458)
• feat: UI support for rejectedCount, minTs, maxTs (#456)
• feat: updated loading screen for the UI (#457)
• feat: statusStats with rejectCount, minTs, maxTs (#454)
• fix: query param inadvertently marked as path param in Asset/getChecklistByAsset (#453)
• feat: GET /op/definition endpoint with JSONPath (#452)
• feat: Web app updates (#442)
• feat: relaxed CKL revision checks by default (#450)
• deps: remove unused patch-package (#449)
• test: limit bootstrap wait to 45 seconds (#448)
• deps: updating jwks-rsa to 2.0.4 removes axios (#446)
• refactor: move stats to stig_asset_map (#431)
• refactor: reduce duplicated code for data migrations (#433)
• feat: adds new review-history endpoints (#417)

1.0.0-beta.38

• fix: don't sort for history projection (#419)
• doc: include build in Docker image and serve with express (#414)
• fix: setting stig-asset access was generating 404 incorrectly (#416)
• fix: don't sort reviews to workaround MySQL bug (#411)
• feat: deleting a STIG updates related tables (#409)
• feat: UI keeps tokens refreshed (#408)

1.0.0-beta.37

• feat: support generic OIDC providers (#403)
• fix: cci param, added checks for projections to tests (#404)
• feat: Adds metadata handling for Assets and Collections (#396)
• feat: STIGMAN_DEV_RESPONSE_VALIDATION environment variable (#398)
• fix: access control checks for assets (#400)
• chore: update sample appdata (#394)
• fix: implement delete STIG revision (#383)
• feat: Removed global_access privilege (#386)
• feat: UI for asset transfers (#385)
• feat: switched OpenAPI validation/router library to express-openapi-validator (#382)
• feat: continue on corrupted member of STIG zip (#377)
• feat: continue on error when importing zips of STIGs (#376)
• feat: All users can access Collection Review (#375)
• fix: use promise interface for conn.query() (#372)
• fix: implement CCI endpoints (#363)
• fix: recalculate stats on Review delete (#367)
• feat: add name and email to User object (#369)
• fix: UI sends correct projections (#368)
• fix: implement GET /stigs/rules/{ruleId} (#354)

Introduced new envvars, which deprecate existing envvars in some cases:

• STIGMAN_OIDC_PROVIDER deprecates STIGMAN_API_AUTHORITY
• STIGMAN_CLIENT_EXTRA_SCOPES is new
• STIGMAN_CLIENT_ID deprecates STIGMAN_CLIENT_KEYCLOAK_CLIENTID
• STIGMAN_CLIENT_OIDC_PROVIDER deprecates STIGMAN_CLIENT_KEYCLOAK_AUTH and STIGMAN_CLIENT_KEYCLOAK_REALM
• STIGMAN_JWT_PRIVILEGES_CLAIM deprecates STIGMAN_JWT_ROLES_CLAIM
• STIGMAN_SWAGGER_OIDC_PROVIDER deprecates STIGMAN_SWAGGER_AUTHORITY

1.0.0-beta.36

• fix: UI now handles missing vulnDiscussion (#361)
• doc: Fixed link to create new github issues (#358)

1.0.0-beta.35

• doc: document Attachment feature; reorganize with minor terminology changes. (#357)
• feat: Review metadata and attachments (#353)
• fix: implement MySQL deleteReviewByAssetRule method (#351)
• chore: remove CKL/SCAP import endpoint (#343)
• doc: Updates to contribution docs, node.js envvar setting (#339)
• fix: Format roles claim for optional chaining (#338)

There is a database migration included in this release that adds a metadata column to the review table with a default value of {}. No other changes are made to the schemas and no data is moved, modified, or deleted.

1.0.0-beta.34

• fix: Refactor Env.js/keycloak.json handling (#335)
• feat: SCAP benchmarkId Map (#329)
• feat: History -> Log, include current Review (#328)
• feat: Dynamically generate Env.js and keycloak.json (#327)
• feat: Verbose logging of AUTH bootstrap errors (#325)
• docs: contributing information updated (#326)
• deps: bump urllib3 from 1.26.4 to 1.26.5 in /docs (#321)
• docs: Updates to project Contributing docs (#318)
• chore: Matched workflow name and job name
• feat: gave Iron Bank its own workflow file so it can be run independently (#315)