Add 1.10 release notes and document new features

Fixes #1180

docs/source/release_notes/1.10.rst

@@ -0,0 +1,59 @@
+============
+OpenKAT 1.10
+============
+
+The most visible change is that the user interface got major improvements and
+uses the latest version of Manon. There are still some minor issues left that
+will be fixed in upcoming releases.
+
+Finding types have been moved from Rocky database to Octopoes/XTDB and types are
+an OOI now. Having the findings together with finding types in XTDB means that
+we can query, aggregate and/or filter the findings based on findingtypes or
+severity in XTDB. By doing those queries completely in XTDB we fixed several
+performance issues. Finding types are added by boefjes which will also give more
+flexibility adding/changing/updating finding types in the future.
+
+The Python version used in the container images have been updated to 3.11.
+Python 3.11 is a lot faster so this should also make OpenKAT faster. Django
+version has also been updated to version 4.2.
+
+This release also provides packages for Debian 12 (bookworm). We recommend
+everyone to upgrade their machines to Debian 12 because the included Python 3.11
+will give a big performance boost. Debian 11 packages will still be provided
+until December 2023 as described in :ref:`Supported distributions`.
+
+New Features
+============
+
+ * Two factor auth can be disabled. We recommend that this only be used for
+   development/test installations or when external authentication is in use.
+ * External authentication support using Django's standard middleware that uses
+   REMOTE_USER. See :ref:`External Authentication` how to configure this.
+ * The used signing provider is stored alongside rawfiles to make it possible to
+   switch providers and still check older rawfiles.
+ * The task list has better filters.
+
+Bug fixes
+=========
+
+ * Sleeping is only done when all queues are empty. This makes it possible to
+   increase the boefjes/normalizer poll interval without a decrease in
+   throughput.
+ * The Fierce boefje got some fixes.
+ * A number of bugs in the scheduler have been fixed.
+
+Upgrading
+=========
+
+Django 4.2 requires that the trusted origins for CSRF protection is set. This
+can be done using the `DJANGO_CSRF_TRUSTED_ORIGINS` variable. It is a good idea
+to also set `DJANGO_ALLOWED_HOSTS` to the used hostnames, detailed instructions
+are written in the :ref:`Hardening<Production: Hardening OpenKAT>` section.
+
+The normal instructions for upgrading :ref:`Debian packages<Upgrading Debian>`
+or upgrading :ref:`containers <Upgrading_Containers>` should be followed.
+
+Full Changelog
+==============
+
+The full changelog can be found on `Github <https://github.com/minvws/nl-kat-coordination/releases/tag/v1.10.0>`_.

docs/source/release_notes/index.rst

@@ -5,6 +5,7 @@ Release notes
    :maxdepth: 1
    :caption: Releases
 
+   1.10
    1.9
    1.8
    1.7

docs/source/technical_design/debianinstall.rst

@@ -8,6 +8,16 @@ An installation of KAT can be done on a single machine or spread out on several
 machines for a high availability setup. This guide will take you through the
 steps for installing it on a single machine.
 
+Supported distributions
+=======================
+
+We provide Debian packages for Debian and Ubuntu. We support only Debian stable
+and Ubuntu LTS releases and stop supporting the previous version 6 months after
+the release. Currently this means we support Debian 11 (bullseye) and 12
+(bookworm) and Ubuntu 22.04. Debian 12 has been released on 10th of June so we
+will stop providing packages for Debian 11 in December 2023. After Ubuntu 24.04
+is releases we will provide Ubuntu 22.02 packages until October 2024.
+
 Prerequisites
 =============
 

docs/source/technical_design/externalauthentication.rst

@@ -0,0 +1,32 @@
+=======================
+External authentication
+=======================
+
+OpenKAT supports external authentication using Django's built-in `remote user
+authentication <https://docs.djangoproject.com/en/4.2/howto/auth-remote-user/>`__.
+Make sure that you read the warning in the Django documentation before you
+configure this.
+
+Configuration of this can be done using two environments variables. The
+`REMOTE_USER_HEADER` variable specifies the header that has the e-mail address
+that is used as username in OpenKAT. Setting this variable will also enable the
+remote user backend. The `REMOTE_USER_DEFAULT_ORGANIZATIONS` variable is
+optional and is a comma separated list of "organisation:group" items and
+configures which organisation every remote user get access to by default. The
+value of `REMOTE_USER_DEFAULT_ORGANIZATIONS` will override any changes made and
+if someone is removed from a group that is listed they will automatically be
+added back the next time they use OpenKAT using remote user authentication.
+
+Example configuration:
+
+.. code-block:: sh
+
+    REMOTE_USER_HEADER=HTTP_X_EMAIL
+    REMOTE_USER_DEFAULT_ORGANIZATIONS=org1:admin,org2:client
+
+This will use the value of `X-Email` HTTP header as the e-mail address for the
+user account. Every user will be added to org1 with admin permissions and to org
+with client permissions.
+
+An easy solution for configuring single-sign on using OAuth is `oauth2-proxy
+<https://oauth2-proxy.github.io/oauth2-proxy/>`__.

docs/source/technical_design/index.rst

@@ -16,3 +16,4 @@ Contains documentation for developers and contributors.
    nginx
    debuggingtroubleshooting
    latex
+   externalauthentication