Recent releases for faraday

faraday v1.0.10

2015-05-05T06:02:21+00:00

Release.md updated

faraday v1.0.14

2015-09-10T15:56:04+00:00

faraday v1.0.15

2015-10-09T18:39:49+00:00

faraday v1.0.16

2015-12-18T21:50:02+00:00

faraday v1.0.17

2016-02-26T18:04:04+00:00

faraday v1.0.18

2016-04-05T19:05:38+00:00

faraday v1.0.19

2016-05-03T17:47:43+00:00

faraday v1.0.20

2016-05-26T15:19:13+00:00

faraday v1.0.21

2016-06-14T15:14:38+00:00

faraday v1.0.22

2016-07-04T17:40:12+00:00

faraday v2.0.0

2016-08-17T17:01:59+00:00

faraday v2.0

2016-08-19T00:25:32+00:00

faraday v2.1.0

2016-09-21T18:10:26+00:00

faraday v2.2.0

2016-11-21T16:40:24+00:00

faraday v2.3.1

2017-02-08T22:29:04+00:00

faraday v2.3.0

2017-02-08T22:41:10+00:00

faraday v2.4.0

2017-03-20T17:25:30+00:00

* Added link to name column in Hosts list * Created a requirements_extras.txt file to handle optional packages for specific features * Fixed bug in SQLMap plugin that made the client freeze * Fixed bug when creating/updating Credentials * Fixed bug in the WEB UI - menu explanation bubbles were hidden behind inputs * Fixed conflict resolution when the object was deleted from another client before resolving the conflict * Improved fplugin * Improved the installation process * Improved SQLMap plugin to support --tables and --columns options * Improved navigation in Web UI * Merged PR #137 - CScan improvements: bug fixing, change plugin format and removed unnecessary file output * Merged PR #173 - Hostnames: added hostnames to plugins * Merged PR #105 - OSint: added the possibility of using a DB other than Shodan * The Status Report now remembers the sorting column and order

faraday v2.5.0

2017-05-26T18:50:10+00:00

* Fixed bug when editing workspaces created in GTK * Improved host search in the WEB UI * Extended the config to support different searching engines in the WEB UI * Check that client and server versions match when connecting * Adds the 'v' and 'version' argument for both the server and the client * Fixed "refresh" button in the Web UI * Fix API on /ws/ with duration object None * Added a CRUD for Credentials to the Web UI * Bug fixes on the Burp Online Plugin * Added a script to connect with Reposify * Fixed Hostname import in Nessus Plugin * Make plugin methods log() and devlog() work again * Fixed bug in SQLMap plugin that made the client freeze * Improved SQLMap plugin to support more options and to show errors in GTK log console * Fixed bug when creating/updating Credentials * Improve plugins usage of vulnweb URL fields * Fixed order of Report Plugins in the GTK import list

faraday v2.6.0

2017-07-24T19:32:41+00:00

* Added the ability to select more than one target when creating a vuln in the Web UI * Merged PR #182 - problems with zonatransfer.me * Fixed bug in Download CSV of Status report with old versions of Firefox. * Fixed formula injection vulnerability in export to CSV feature * Fixed DOM-based XSS in the Top Services widget of the dashboard * Fix in AppScan plugin. * Fix HTML injection in Vulnerability template. * Add new plugin: Junit XML * Improved pagination in new vuln modal of status report * Added "Policy Violations" field for Vulnerabilities

faraday v2.6.1

2017-08-08T20:57:03+00:00

* Updated Core Impact plugin to be compatible with 2016 version * Improved loading of fields request and website in Burp Plugin * Improved Nexpose Full plugin * Improved Acunetix plugin to avoid conflicts and missing imported data, and to correctly parse URLs and resolutions

faraday v2.6.2

2017-08-09T21:41:44+00:00

faraday v2.6.3

2017-10-17T18:28:51+00:00

faraday v2.7

2017-11-08T22:05:22+00:00

* Added "Last modified" and "Created" in Hosts view * Fixed bug when trying to run Faraday as second process and closing the terminal (&!) * Fixed bug where it asked for dependencies eternally when you have a different version than the one required * Fixed small bug in the update_from_document method * Fixed bug, makes the python library dependencies specific to the desired version * Fixed GitHub language bar to reflect real code percentage * Merge PR #195: Create gentoo_requirements_extras.txt (New Github wiki page) * Merge PR #225: Add references to found vulnerabilities in nmap plugin * New plugin: Netsparker cloud * New plugin: Lynis (Winner of Faraday Challenge 2017) * New Fplugin: changes the status of all vulnerabilities of an specific workspace to closed * New Fplugin: combines the "create_interface" and "create_host" scripts into one (create_interface_and_host script) * New Fplugin: import_csv , now you can import Faraday objects from a CSV

faraday v2.7.1

2017-11-17T22:19:05+00:00

November 17, 2017: * Fix bug with tags in models.

faraday v2.7.2

2018-04-10T21:46:38+00:00

April 10, 2018: * Fix bug with tornado version 5.0 and GTK client.

faraday v3.0

2018-07-26T20:00:29+00:00

July 26, 2018: --- * Interface removed from model and from persistence server lib (fplugin) * Performance iprovements on the backend * Add quick change workspace name (from all views) * Changed the scope field of a workspace from a free text input to a list of targets * New faraday styles in all webui views * Add search by id for vulnerabilities * Add new plugin sslyze * Add new plugin wfuzz * Add xsssniper plugin * Fix W3af, Zap plugins * Add brutexss plugin * Allow to upload report file from external tools from the web * Fix sshcheck import file from GTK * Add reconng plugin * Add sublist3r plugin * Add HP Webinspect plugin * Add dirsearch plugin * Add ip360 plugin * CouchDB was replaced by PostgreSQL :) * Host object changed, now the name property is called ip * Interface object was removed * Note object was removed and replaced with Comment * Communication object was removed and replaced with Comment * Show credentials count in summarized report on the dashboard * Remove vuln template CWE fields, join it with references * Allow to search hosts by hostname, os and service name * Allow the user to specify the desired fields of the host list table * Add optional hostnames, services, MAC and description fields to the host list * Workspace names can be changed from the Web UI * Exploitation and severity fields only allow certain values. CWE CVEs were fixed to be valid. A script to convert custom CSVs was added. * Web UI path changed from /_ui/ to / (_ui has now a redirection to / for keeping backwards compatibility) * dirb plugin creates an informational vulnerability instead of a note. * Add confirmed column to exported csv from webui * Fixes in Arachni plugin * Add new parameters --keep-old and --keep-new for faraday CLI * Add new screenshot fplugin which takes a screenshot of the ip:ports of a given protocol * Add fix for net sparker regular and cloud fix on severity * Removed Chat feature (data is kept inside notes) * Add CVSS score to reference field in Nessus plugin. * Fix unicode characters bug in Netsparker plugin. * Fix qualys plugin. * Fix bugs with MACOS and GTK.

faraday v3.0.1

2018-08-27T18:45:13+00:00

Updated code to use Flask 1.0 Add threadfix integration (corp only) Fix create_service fplugin Executive report bug fix on tags Persistence server bug fix on impact and ease of resolution Fix unicode error bug on executive reports Updated code to support latest Twisted version Updated all requirements to use >= Fix dry run on create_host fplugin Fixed del_all_vulns_with and del_all_hosts Improved executive reports status update refresh Websocket port is configurable now Change minimum font size in tag cloud Fixed a problem with shodan icon on dashboard Updated license check on deleted users Users with role client was not able to change password, bug fixed Updated code to support pip 10 Added ldap to status check Credentials icon aligned Deamon now allows to execute faraday sever in more than one port and more than one process for multiplexation All views now check for permissions on workspace Pull requests #229, #231, #239 and #240 are merged Avoid polling deleted executive reports Added documentation to project Fix self xss on webshell Add postgres locks check on status_check Vuln counter fix when confirmed is on

faraday v3.1

2018-09-20T19:19:46+00:00

*Fix get exploits API *New searcher feature *Added host_os column to status report *Fix and error while trying to execute server with --start *Added option --choose-password to initdb *Continous scan updated for Nessus 7 *Refactor on server.config to remove globals *Added a directory for custom templates for executive reports (pro and corp) *Activity feed shows more results and allows to filter empty results *Allow ot create workspace that start with numbers *Added more variables to executive reports (pro and corp) *Fixed some value checking on tasks api (date field) *OpenVas plugin updated *Appscan plugin update *Added no confirmed vulns to report api *Fixed a bug on workspace API when the workspace already exists on database *Fix owner filter on status report *Fixes on import_csv fplugin when the api returned 409 *Fixes on status_check *Fixed a bug on webui when workspace permission was changed (pro and corp) *Update nexpose plugin *Ugrid library updated to latest version *Bug fix on plugin automatic detection *Fixed a bug on executive reports when multiple reports were scheduled *Avoid closing the executive report and new vuln modal when the form has data *Status report open new tab for evidence *Added change_password to manage.py *Update wapiti plugin *Fixed vuln count on executive report (pro and corp) *Fixed css align in some tables *Fixed No ports available error on the client

faraday v3.1.1

2018-09-24T18:40:40+00:00

* Fix bug: manage.py status_check * Fix bug: manage.py initdb

faraday v3.2

2018-10-23T21:13:46+00:00

* Added logical operator AND to status report search * Restkit dependency removed. * Improvement on manage.py change-password * Add feature to show only unconfirmed vulns. * Add ssl information to manage.py status-check * Update wpscan plugin to support latest version. * Allow workspace names starting with numbers.

faraday v3.3

2018-11-21T17:22:29+00:00

* Add workspace disable feature * Add mac vendor to host and services * Fix typos and add sorting in workspace name (workspace list view) * Improve warning when you try to select hosts instead of services as targets of a Vulnerability Web * Deleted old Nexpose plugin. Now Faraday uses Nexpose-Full. * Update sqlmap plugin * Add updated zap plugin * Add hostnames to nessus plugin * Python interpreter in SSLCheck plugin is not hardcoded anymore. * Fix importer key error when some data from couchdb didn't contain the "type" key * Fix AttributeError when importing vulns without exploitation from CouchDB * Fix KeyError in importer.py. This issue occurred during the import of Vulnerability Templates * Fix error when file config.xml doesn't exist as the moment of executing initdb * Improve invalid credentials warning by indicating the user to run Faraday GTK with --login option * Fix typos in VulnDB and add two new vulnerabilities (Default Credentials, Privilege Escalation) * Improved tests performance with new versions of the Faker library * `abort()` calls were checked and changed to `flask.abort()`

faraday v3.4

2018-12-11T14:44:48+00:00

* In GTK, check active_workspace its not null * Add fbruteforce services fplugin * Attachments can be added to a vulnerability through the API. * Catch gaierror error on lynis plugin * Add OR and NOT with parenthesis support on status report search * Info API now is public * Web UI now detects Appscan plugin * Improve performance on the workspace using cusotm query * Workspaces can be set as active/disable in welcome page. * Change Nmap plugin, response field in VulnWeb now goes to Data field. * Update code to support latest SQLAlchemy version * Fix `create_vuln` fplugin bug that incorrectly reported duplicated vulns

faraday v3.5.0

2019-01-18T18:02:28+00:00

* Redesgin of new/edit vulnerability forms * Add new custom fields feature to vulnerabilities * Add ./manage.py migrate to perform alembic migrations * Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2 * New system for online plugins using Threads, a few fixes for metasploit plugin online also. * Fix Command "python manage.py process-reports" now stops once all reports have been processed * Fix bug in query when it checks if a vulnerability or a workspace exists * Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/ * The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue * Status-check checks PostgreSQL encoding * Fix a bug when fail importation of reports, command duration say "In Progress" forever. * Fix confirmed bug in vulns API * Update websockets code to use latest lib version * bootstrap updated to v3.4.0 * Manage.py support now throws a message once it finishes the process. * Update Lynis to its version 2.7.1 * Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0 * OpenVAS Plugin now supports OpenVAS v-9.0.3

faraday v3.6.0

2019-02-21T19:23:00+00:00

3.6 [Feb 21th, 2019]: --- * Fix CSRF (Cross-Site Request Forgery) vulnerability in vulnerability attachments API. This allowed an attacker to upload evidence to vulns. He/she required to know the desired workspace name and vulnerability id so it complicated the things a bit. We classified this vuln as a low impact one. * Readonly and disabled workspaces * Add fields 'impact', 'easeofresolution' and 'policyviolations' to vulnerability_template * Add pagination in 'Command history', 'Last Vulnerabilities', 'Activity logs' into dashboard * Add status_code field to web vulnerability * Preserve selection after bulk edition of vulnerabilities in the Web UI * Faraday's database will be created using UTF-8 encoding * Fix bug of "select a different workspace" from an empty list loop. * Fix bug when creating duplicate custom fields * Fix bug when loading in server.ini with extra configs * Fix `./manage.py command`. It wasn't working since the last schema migration * `./manage.py createsuperuser` command renamed to `./manage.py create-superuser` * Fix bug when non-numeric vulnerability IDs were passed to the attachments API * Fix logic in search exploits * Add ability to 'Searcher' to execute rules in loop with dynamic variables * Send searcher alert with custom mail * Add gitlab-ci.yml file to execute test and pylint on gitlab runner * Fix 500 error when updating services and vulns with specific read-only parameters set * Fix SQLMap plugin to support newer versions of the tool * Improve service's parser for Lynis plugin * Fix bug when parsing URLs in Acunetix reports * Fix and update NetSparker Plugin * Fix bug in nessus plugin. It was trying to create a host without IP. Enabled logs on the server for plugin processing (use --debug) * Fix bug when parsing hostnames in Nessus reports * Fix SSLyze report automatic detection, so reports can be imported from the web ui * Update Dnsmap Plugin

faraday v3.7.0

2019-04-04T14:35:51+00:00

* New feature vulnerability preview to view vulnerability data. * Update Fierce Plugin. Import can be done from GTK console. * Update Goohost plugin and now Faraday imports Goohost .txt report. * Update plugin for support WPScan v-3.4.5 * Update Qualysguard plugin to its 8.17.1.0.2 version * Update custom fields with Searcher * Update Recon-ng Plugin so that it accepts XML reports * Add postresql version to status-change command * Couchdb configuration section will not be added anymore * Add unit test for config/default.xml

faraday v3.8.0

2019-06-06T19:11:15+00:00

* Refactor the project to use absolute imports to make the installation easier (with a setup.py file). This also was a first step to make our codebase compatible with python 3. * Change the commands used to run faraday. `./faraday-server.py`, `./manage.py`, `./faraday.py` and `bin/flugin` are replaced for `faraday-server`, `faraday-manage`, `faraday-client` and `fplugin` respectively * Changed suggested installation method. Now we provide binary executables with all python dependencies embedded into them * Add admin panel to the Web UI to manage custom fields * Fix slow host list when creating vulns in a workspace with many hosts * Usability improvements in status report: change the way vulns are selected and confirmed * Improve workspace workspace creation from the Web UI * Fix attachment api when file was not found in .faraday/storage * Fix visualization of the fields Policy Violations and References. * Add a setting in server.ini to display the Vulnerability Cost widget of the Dashboard * Fix status report resize when the browser console closes. * Fix severity dropdown when creating vulnerability templates * Update OS icons in the Web UI. * Fix bug when using custom fields, we must use the field\_name instead of the display\_name * Prevent creation of custom fields with the same name * Add custom fields to vuln templates. * Fix user's menu visibily when vuln detail is open * Remove "show all" option in the status report pagination * The activity feed widget of the dashboard now displays the hostname of the machine that runned each command * Add loading spinner in hosts report. * Fix "invalid dsn" bug in sql-shell * Fix hostnames bug in Nikto and Core Impact plugins * Change Openvas plugin: Low and Debug threats are not taken as vulnerabilities. * Add fplugin command to close vulns created after a certain time * Add list-plugins command to faraday-manage to see all available plugins * Fix a logging error in PluginBase class * Fix an error when using NexposePlugin from command line. * Add CSV parser to Dnsmap Plugin * Fix bug when creating web vulnerabilities in dirb plugin * Change Nexpose Severity Mappings.

faraday 3.9.2

2019-10-08T19:15:47+00:00

Changelog: --- * Add agents feature for distributed plugin execution * Add an API endpoint to to perform a bulk create of many objects (hosts, services, vulns, commands and credentials). This is used to avoid doing a lot of API requests to upload data. Now one request should be enough * Major style and color changes to the Web UI * Add API token authentication method * Use server side stored sessions to properly invalidate cookies of logged out users * Add "New" button to create credentials without host or service assigned yet * Allow filtering hosts by its service's ports in the Web UI * Performance improvements in vulnerabilities and vulnerability templates API (they were doing a lot of SQL queries because of a programming bug) * Require being in the faraday-manage group when running faraday from a .deb or .rpm package * Change the first page shown after the user logs in. Now it displays a workspace selection dialog * Add API endpoint to import Vuln Templates from a CSV file * Create the exported CSV of the status report in the backend instead of in the problem, which was much slower * Add API endpoint to import hosts from a CSV file * Add `faraday-manage rename-user` command to change a user's username * Allow resizing columns in Vulnerability Templates view * Avoid copying technical details when a vuln template is generated from the status report * Use exact matches when searching vulns by target * Add API endpoint to get which tools impacted in a host * Add pagination to activity feed * Add ordering for date and creator to vuln templates view * Modify tabs in vuln template, add Details tab * Add copy IP to clipboard button in hosts view * Add creator and create date columns to vuln template view * When a plugin creates a host with its IP set to a domain name, resolve the IP address of that domain * Add support for logging in RFC5254 format * Add active filter in workspaces view. Only show active workspaces in other parts of the Web UI * Enforce end date to be greater than start date in workspaces API * Fix bug in `faraday-manage create-tables` that incorrectly marked schema migrations as applied * Fix bug in many plugins that loaded hostnames incorrectly (one hostname per chararcter) * Improve references parsing in OpenVAS plugin * Fix a bug in Nessus plugin when parsing reports without host\_start * Fix bug hostname search is now working in status-report * Fix showing of services with large names in the Web UI * Fix broken select all hosts checkbox * Fix bug viewing an attachment/evidence when its filename contained whitespaces * Fix "Are you sure you want to quit Faraday?" dialog showing twice in GTK

faraday v3.9.3

2019-11-15T20:14:58+00:00

* Fix unicode error when exporting vulns to CSV * Add vuln attributes to CSV * Fix hostname parsing and add external ID to Qualys plugin

faraday v3.10.0

2019-12-19T14:43:29+00:00

* Use Python 3 instead of Python 2 in the Faraday Server * Add ability to manage agents with multiple executors * Agents can be run with custom arguments * Improved processing of uploaded reports. Now it is much faster! * Add custom fields of type choice * Fix vuln status transition in bulk create API (mark closed vulns as re-opened when they are triggered again) * Fix bug when using non-existent workspaces in Faraday GTK Client * Set service name as required in the Web UI * Validate the start date of a workspace is not greater than the end date * Fix command API when the year is invalid * When SSL misconfigurations cause WebSockets to fails it doesn't block the server from starting * Check for invalid service port number in the Web UI * Fix dashboard tooltips for vulnerability * Fix bug when GTK client lost connection to the server * Fix style issues in "Hosts by Service" modal of the dashboard * Add API for bulk delete of vulnerabilities * Add missing vuln attributes to exported CSV * faraday-manage support now displays the Operating System version * Notify when faraday-manage can't run because of PostgreSQL HBA config error

faraday v3.10.1

2020-01-30T21:17:58+00:00

* Fix installation with `pip install --no-binary :all: faradaysec` * Force usage of webargs 5 (webargs 6 broke backwards compatibility) * Use latest version of faraday-plugins * Fix broken "Faraday Plugin" menu entry in the GTK client * Extract export csv to reuse for reports

faraday v3.10.2

2020-01-30T21:19:08+00:00

* Fix Cross-Site Request Forgery (CSRF) vulnerability in all JSON API endpoints. This was caused because a third-party library doesn't implement proper Content-Type header validation. To mitigate the vulnerability, we set the session cookie to have the `SameSite: Lax` property. * Fix Faraday Server logs were always in debug * Add update date column when exporting vulnerabilities to CSV * Fix unicode error when exporting vulnerabilities to CSV

faraday v3.11

2020-04-21T19:27:39+00:00

* Move GTK client to [another repository](https://github.com/infobyte/faraday-client) to improve release times. * Fix formula injection vulnerability when exporting vulnerability data to CSV. This was considered a low impact vulnerability. * Remove "--ssl" parameter. Read SSL information from the config file. * Add OpenAPI autogenerated documentation support * Show agent information in command history * Add bulk delete endpoint for hosts API * Add column with information to track agent execution data * Add tool attribute to vulnerability to avoid incorrectly showing "Web UI" as creator tool * Add sorting by target in credentials view * Add creator information when uploading reports or using de bulk create api * Add feature to disable rules in the searcher * Add API endpoint to export Faraday data to Metasploit XML format * Use run date instead of creation date when plugins report specifies it * Improve knowledge base UX * Improve workspace table and status report table UX. * Improve format of exported CSV to include more fields * Sort results in count API endpoint * Limit description width in knowledge base * Change log date format to ISO 8601 * Fix parsing server port config in server.ini * Fix bug when \_rev was send to the hosts API * Send JSON response when you get a 500 or 404 error * Fix bug parsing invalid data in NullToBlankString Changes in plugins (only available through Web UI, not in GTK client yet): New plugins: * Checkmarx * Faraday\_csv (output of exported Faraday csv) * Qualyswebapp * Whitesource Updated plugins: * Acunetix * AppScan * Arachni * Nessus * Netspaker * Netspaker cloud * Nexpose * Openvas * QualysGuard * Retina * W3af * WPScan * Webinspect * Zap

faraday v3.11.1

2020-06-04T19:38:15+00:00

* Fix missing shodan icon and invalid link in dashboard and hosts list * Upgrade marshmallow, webargs, werkzeug and flask-login dependencies to latest versions in order to make packaging for distros easier

faraday v3.12

2020-09-03T23:13:40+00:00

* Now agents can upload data to multiples workspaces * Add agent and executor data to Activity Feed * Add session timeout configuration to server.ini configuration file * Add hostnames to already existing hosts when importing a report * Add new faraday background image * Display an error when uploading an invalid report * Use minimized JS libraries to improve page load time * Fix aspect ratio distortion in evidence tab of vulnerability preview * Fix broken Knowledge Base upload modal * Fix closing of websocket connections when communicating with Agents * Change Custom Fields names in exported CSV to make columns compatible with `faraday_csv` plugin * Fix import CSV for vuln template: some values were overwritten with default values. * Catch errors in faraday-manage commands when the connection string is not specified in the server.ini file * Fix bug that generated a session when using Token authentication * Fix bug that requested to the API when an invalid filter is used * Cleanup old sessions when a user logs in * Remove unmaintained Flask-Restless dependency * Remove pbkdf2\_sha1 and plain password schemes. We only support bcrypt

faraday v3.14.0

2020-12-24T04:02:14+00:00

* ADD RESTless filter to multiples views, improving the searchs * ADD "extras" modal in options menu, linking to other Faraday resources * ADD `import vulnerability templates` command to faraday-manage * ADD `generate nginx config` command to faraday-manage * ADD vulnerabilities severities count to host * ADD Active Agent columns to workspace * ADD critical vulns count to workspace * ADD `Remember me` login option * ADD distinguish host flag * ADD a create_date field to comments * FIX to use new webargs version * FIX Custom Fields view in KB (Vulnerability Templates) * FIX bug on filter endpoint for vulnerabilities with offset and limit parameters * FIX bug raising `403 Forbidden` HTTP error when the first workspace was not active * FIX bug when changing the token expiration change * FIX bug in Custom Fields type Choice when choice name is too long. * FIX Vulnerability Filter endpoint Performance improvement using joinedload. Removed several nplusone uses * MOD Updating the template.ini for new installations * MOD Improve SMTP configuration * MOD The agent now indicates how much time it had run (faraday-agent-dispatcher v1.4.0) * MOD Type "Vulnerability Web" cannot have "Host" type as a parent when creating data in bulk * MOD Expiration default time from 1 month to 12 hour * MOD Improve data reference when uploading a new report * MOD Refactor Knowledge Base's bulk create to take to take also multiple creation from vulns in status report. * MOD All HTTP OPTIONS endpoints are now public * MOD Change documentation and what's new links in about * REMOVE Flask static endpoint * REMOVE of our custom logger

faraday v3.14.1

2021-02-18T16:35:52+00:00

3.14.1 [Feb 17th, 2021]: --- * ADD forgot password * ADD update services by bulk_create * ADD FARADAY_DISABLE_LOGS varibale to disable logs to filesystem * ADD security logs in `audit.log` file * UPD security dependency Flask-Security-Too v3.4.4 * MOD rename total_rows field in filter host response * MOD improved Export cvs performance by reducing the number of queries * MOD sanitize the content of vulns' request and response * MOD dont strip new line in description when exporting csv * MOD improved threads management on exception * MOD improved performance on vulnerability filter * MOD improved [API documentation](www.api.faradaysec.com) * FIX upload a report with invalid custom fields * ADD beta v3 API, which includes: * All endpoints ends without `/` * `PATCH {model}/id` endpoints * Bulk update via PATCH `{model}` endpoints * Bulk delete via DELETE `{model}` endpoints * Endpoints removed: * `/v2/ws//activate/` * `/v2/ws//change_readonly/` * `/v2/ws//deactivate/` * `/v2/ws//hosts/bulk_delete/` * `/v2/ws//vulns/bulk_delete/` * Endpoints updated: * `/v2/ws//vulns//attachments/` => \ `/v3/ws//vulns//attachment`

faraday v3.14.2

2021-02-26T17:42:54+00:00

3.14.2 [Feb 26th, 2021]: --- * ADD New plugins: * microsoft baseline security analyzer * nextnet * openscap * FIX old versions of Nessus plugins bugs

faraday v3.14.3

2021-03-31T05:16:07+00:00

3.14.3 [Mar 30th, 2021]: --- * MOD MAYOR Breaking change: Use frontend from other repository * ADD `last_run` to executors and agents * ADD ignore info vulns option (from faraday-plugins 1.4.3) * ADD invalid logins are registered in `audit.log` * ADD agent registration tokens are now 6-digit short and automatically regenerated every 30 seconds * MOD Fix logout redirect loop * REMOVE support for native SSL

faraday v3.14.4

2021-04-16T17:19:20+00:00

3.14.4 [Apr 15th, 2021]: --- * Updated plugins package, which update appscan plugin

faraday v3.15.0

2021-05-18T12:46:22+00:00

* ADD `Basic Auth` support * ADD support for GET method in websocket_tokens, POST will be deprecated in the future * ADD CVSS(String), CWE(String), CVE(relationship) columns to vulnerability model and API * ADD agent token's API says the renewal cycling duration * MOD Improve database model to be able to delete workspaces fastly * MOD Improve code style and uses (less flake8 exceptions, py3 `super` style, Flask app as singleton, etc) * MOD workspaces' names regex to verify they cannot contain forward slash (`/`) * MOD Improve bulk create logs * FIX Own schema breaking Marshmallow 3.11.0+ * UPD flask_security_too to version 4.0.0+

faraday v3.16.0

2021-06-30T05:03:57+00:00

* BREAKING CHANGE: API V2 discontinued * BREAKING CHANGE: Changed minimum version of python to 3.7 * ADD agent parameters has types (protocol with agent and its APIs) * ADD move settings from `server.in` to a db model * ADD (optional) query logs * MOD new threads management * MOD vulnerabilities' endpoint no longer loads evidence unless requested with `get_evidence=true` * FIX now it is not possible to create workspace of name "filter" * FIX bug with dates in the future * FIX bug with click 8 * FIX bug using --port command * FIX endpoints returning 500 as status code * REMOVE the need tom CSRF token from evidence upload api

faraday v3.16.1

2021-07-02T17:05:15+00:00

* MOD only show settings of this version in faraday-manage settings * FIX update minimum version of click dependency

faraday v3.17.0

2021-08-10T22:57:27+00:00

3.17.0 [Aug 10th, 2021]: --- * ADD `--data` parameter to `faraday-manage settings` * MOD Process report files in a separate process * MOD Make `bulk_create` requests asynchronous

faraday v3.17.1

2021-08-20T20:49:20+00:00

3.17.1 [Aug 20th, 2021]: --- * FIX bug when starting the server, creates a pool for reporting that breaks.

faraday v3.18.0

2021-10-22T15:03:29+00:00

3.18.0 [Oct 21st, 2021]: --- * Remove attachments in vulns filter endpoint * Add open and confirmed vulns in workspace stats * Add user id to session API endpoint * Add cve to vulnerability model * Change funcs to views * FIX report import * Add `last_run_agent_date` field to workspace endpoint * Fix cve parsing in `vulnerability create` and `bulk create` * Fix order_by in filters api * Fix 500 status code with invalid executor arguments

faraday v3.18.1

2021-11-05T15:21:57+00:00

3.18.1 [Nov 5th, 2021]: --- Fix CVE issue

faraday v3.19.0

2022-01-10T15:24:52+00:00

3.19.0 [Dec 27th, 2021]: --- * ADD v3 bulks endpoints DELETE and EDIT (PATCH) * Add logs of loggin, logout and log error to main log * Fix bug in bulk update for m2m fields * ADD clear settings command * Add open medium, high and critical vulns histogram * Fix integrity constraint error on cve update * FIX static content for react * Add cvss within vulnerability model * add check to see if workspace name is longer than 250 characters. In that case raises an error * change concat in urlstrings for join or urljoin * Add cve to csv export

faraday v4.0.4

2022-08-02T18:17:03+00:00

* Remove workspaces agents relationship an now agent can run to multiple workspaces * Fix migration f82a9136c408 checking if index and constrains exist before deleting * Added count to vulns closed * Fix order_by `cve_instances__name` when no filter was provided * Add index into vulnerability

faraday v4.1.0

2022-09-12T19:57:51+00:00

* Now error 403 will respond a json, not a html * [FIX] Change resolve_hotname for resolve_hostname in agents * Add filters as params for bulk_update * Add Swagger view * Modify way of filtering dates with `filters`. Now only 'YYYYMMDD' format supported. * Add cvss v2 and v3 into model and api * [ADD] Now if command_id is sent in a post for hosts, services or vulns, the created object is associated with that command_id if exist * Add support for tagging when running an agent * Clean up of commented code that's not needed anymore * [FIX] Change dns_resolution to resolve_hostname * Add CWE into model and api

faraday v4.2.0

2022-10-28T19:11:09+00:00

* Add `stats` param in hosts endpoint. * [FIX] Now get agents dosent returns tokens * [FIX] Now when a constrain is violated faraday use the actual object to query if there is another object * [MOD] Improve agents logs * Add global commands and summary field in command's model

faraday v4.3.0

2022-12-06T15:34:00+00:00

* [FIX] Update the associated command when a agent execution return empty * [ADD] cvss3 scope field to vulnerability schema * [ADD] Add cvss2/3 and cwe to export_csv * Improve command object creation in bulk create. * Fix open and closed stats in ws filter endpoint. * Add error command status in every validation of reports upload process * [ADD] BulkDelete with filters * Change filter logic on numeric fields.

faraday v4.3.1

2022-12-15T20:37:43+00:00

* [ADD] Workspace api stats refactor

faraday v4.3.2

2023-01-04T19:56:20+00:00

* Change column type of advanced field in executive reports

faraday v4.3.3

2023-02-16T20:44:12+00:00

* [FIX] Add tags columns in AgentSchedule model in white version. #7341 * [FIX] Now sending a patching a vuln with empty list will remove all the relationships with all references. #7405 * [FIX] Migration cascade on KB #7396

faraday v4.3.4

2023-04-11T18:24:46+00:00

* [FIX] Fix bandit vulns. #7430 * [FIX] Return public IP when behind a proxy. #7417 * [ADD] Add report_template as an object type. #7463

faraday v4.3.5

2023-04-12T22:42:40+00:00

* [FIX] Modify migration with autocommit. #7487

faraday v4.4.0

2023-06-01T21:03:50+00:00

* [ADD] Now it's possible to modify the host or service assigned of a vulnerability. #7476 * [MOD] Now `/get_manifest` separates the optional environment variables from the rest. #7481 * [FIX] Add `not_any` filter operator which will retrieve results that not contains the value requested. #7394 * [FIX] Make `get_manifest` compatible with all versions of dispatcher. #7500

faraday v4.5.0

2023-07-13T20:37:09+00:00

* [MOD] Upgrade nixpkgs version to 23.05. Also update version of packages in requirements. #7518 * [FIX] Add missing `scope` cvss3 field. #7493 * [FIX] Improve performance in `hosts` and `hosts/filter` views. #7501

faraday v4.5.1

2023-07-15T15:28:41+00:00

* [FIX] Fix pillow version to 9.4.0. #7531

faraday v4.6.0

2023-09-06T23:31:39+00:00

* [FIX] Delete Cascade from KB. #7569

faraday v4.6.1

2023-10-19T17:45:30+00:00

* [MOD] Optimize hosts API when stats aren't needed. #7596 * [ADD] New `exclude_stats` query param in workspace endpoint. #7595 * [FIX] Filter .webp files in vulns attachment endpoint because CVE-2023-4863. #7603

faraday v4.6.2

2023-11-14T15:56:14+00:00

* [ADD] Exclude unnecessary fields from VulnerabilitySchema in filter endpoint. #7608

faraday v5.0.0

2023-12-13T17:21:29+00:00

* [ADD] **Breaking change** We now use Celery as the main way to import reports. In addition, we have removed twisted and replaced raw websockets with socket.io. #7352 * [ADD] Added option to faraday-server to run workers. #7623

faraday v5.0.1

2024-01-02T18:44:37+00:00