-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add 1.10 release notes and document new features
Fixes #1180
- Loading branch information
Showing
5 changed files
with
103 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
============ | ||
OpenKAT 1.10 | ||
============ | ||
|
||
The most visible change is that the user interface got major improvements and | ||
uses the latest version of Manon. There are still some minor issues left that | ||
will be fixed in upcoming releases. | ||
|
||
Finding types have been moved from Rocky database to Octopoes/XTDB and types are | ||
an OOI now. Having the findings together with finding types in XTDB means that | ||
we can query, aggregate and/or filter the findings based on findingtypes or | ||
severity in XTDB. By doing those queries completely in XTDB we fixed several | ||
performance issues. Finding types are added by boefjes which will also give more | ||
flexibility adding/changing/updating finding types in the future. | ||
|
||
The Python version used in the container images have been updated to 3.11. | ||
Python 3.11 is a lot faster so this should also make OpenKAT faster. Django | ||
version has also been updated to version 4.2. | ||
|
||
This release also provides packages for Debian 12 (bookworm). We recommend | ||
everyone to upgrade their machines to Debian 12 because the included Python 3.11 | ||
will give a big performance boost. Debian 11 packages will still be provided | ||
until December 2023 as described in :ref:`Supported distributions`. | ||
|
||
New Features | ||
============ | ||
|
||
* Two factor auth can be disabled. We recommend that this only be used for | ||
development/test installations or when external authentication is in use. | ||
* External authentication support using Django's standard middleware that uses | ||
REMOTE_USER. See :ref:`External Authentication` how to configure this. | ||
* The used signing provider is stored alongside rawfiles to make it possible to | ||
switch providers and still check older rawfiles. | ||
* The task list has better filters. | ||
|
||
Bug fixes | ||
========= | ||
|
||
* Sleeping is only done when all queues are empty. This makes it possible to | ||
increase the boefjes/normalizer poll interval without a decrease in | ||
throughput. | ||
* The Fierce boefje got some fixes. | ||
* A number of bugs in the scheduler have been fixed. | ||
|
||
Upgrading | ||
========= | ||
|
||
Django 4.2 requires that the trusted origins for CSRF protection is set. This | ||
can be done using the `DJANGO_CSRF_TRUSTED_ORIGINS` variable. It is a good idea | ||
to also set `DJANGO_ALLOWED_HOSTS` to the used hostnames, detailed instructions | ||
are written in the :ref:`Hardening<Production: Hardening OpenKAT>` section. | ||
|
||
The normal instructions for upgrading :ref:`Debian packages<Upgrading Debian>` | ||
or upgrading :ref:`containers <Upgrading_Containers>` should be followed. | ||
|
||
Full Changelog | ||
============== | ||
|
||
The full changelog can be found on `Github <https://github.com/minvws/nl-kat-coordination/releases/tag/v1.10.0>`_. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,7 @@ Release notes | |
:maxdepth: 1 | ||
:caption: Releases | ||
|
||
1.10 | ||
1.9 | ||
1.8 | ||
1.7 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
======================= | ||
External authentication | ||
======================= | ||
|
||
OpenKAT supports external authentication using Django's built-in `remote user | ||
authentication <https://docs.djangoproject.com/en/4.2/howto/auth-remote-user/>`__. | ||
Make sure that you read the warning in the Django documentation before you | ||
configure this. | ||
|
||
Configuration of this can be done using two environments variables. The | ||
`REMOTE_USER_HEADER` variable specifies the header that has the e-mail address | ||
that is used as username in OpenKAT. Setting this variable will also enable the | ||
remote user backend. The `REMOTE_USER_DEFAULT_ORGANIZATIONS` variable is | ||
optional and is a comma separated list of "organisation:group" items and | ||
configures which organisation every remote user get access to by default. The | ||
value of `REMOTE_USER_DEFAULT_ORGANIZATIONS` will override any changes made and | ||
if someone is removed from a group that is listed they will automatically be | ||
added back the next time they use OpenKAT using remote user authentication. | ||
|
||
Example configuration: | ||
|
||
.. code-block:: sh | ||
REMOTE_USER_HEADER=HTTP_X_EMAIL | ||
REMOTE_USER_DEFAULT_ORGANIZATIONS=org1:admin,org2:client | ||
This will use the value of `X-Email` HTTP header as the e-mail address for the | ||
user account. Every user will be added to org1 with admin permissions and to org | ||
with client permissions. | ||
|
||
An easy solution for configuring single-sign on using OAuth is `oauth2-proxy | ||
<https://oauth2-proxy.github.io/oauth2-proxy/>`__. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters