Merge pull request #1152 from dradis/release-4.9.0

[main] Release 4.9.0
dradis · Jun 1, 2023 · 07282cb · 07282cb
2 parents b2d58f6 + 83d67fd
commit 07282cb
Show file tree

Hide file tree

Showing 159 changed files with 1,855 additions and 1,706 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -55,8 +55,8 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           bundler-cache: true
-      - name: Load database schema
-        run: bundle exec rails db:schema:load
+      - name: Prepare database
+        run: bundle exec rails db:prepare
       - name: Precompile assets
         run: bundle exec rails assets:precompile
       - name: Run tests

diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,53 @@
+[v#.#.#] ([month] [YYYY])
+  - [entity]:
+    - [future tense verb] [feature]
+  - Upgraded gems:
+    - [gem]
+  - Bugs fixes:
+    - QA:
+      - Enable @mentions and formatting toolbar for comments in QA show views 
+      - Redirect to correct view when changing states on QA edit views
+    - [entity]:
+      - [future tense verb] [bug fix]
+    - Bug tracker items:
+      - [item]
+  - New integrations:
+    - [integration]
+  - Integration enhancements:
+    - [integration]:
+      - [future tense verb] [integration enhancement]
+      - [integration bug fixes]:
+        - [future tense verb] [integration bug fix]
+  - Reporting enhancements:
+    - [report type]:
+      - [future tense verb] [reporting enhancement]
+  - REST/JSON API enhancements:
+    - [API entity]:
+      - [future tense verb] [API enhancement]
+  - Security Fixes:
+    - High: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Medium: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+    - Low: (Authenticated|Unauthenticated) (admin|author|contributor) [vulnerability description]
+
+v4.9.0 (June 2023)
+  - Tylium: Extend support for Liquid Dynamic Content
+  - QA: Show state changes in activity feed
+  - Upgraded gems:
+    - bootstrap, popper_js, simple_form
+  - Bugs fixes:
+    - QA: Redirect to correct view when changing states on QA edit views
+  - Integration enhancements:
+    - Acunetix: Parse inline code, not just code blocks
+    - Burp: Adds strong and code tags parsing
+    - CSV: Fix CSV Upload for files with special characters
+    - Nessus:
+      - Parse code tags as inline code
+      - Add plugin_type as an available Issue field
+    - Nexpose:
+      - Parse inline code, not just code blocks
+      - Wrap ciphers in the `ssl-weak-message-authentication-code-algorithms` finding
+    - Qualys: Adds Request/Response Evidence fields for Web Application Scans (WAS)
+
 v4.8.0 (April 2023)
   - Sessions: Store :secret_key_base in encrypted configuration file
   - Quality Assurance: Review/approve Issues and Content Blocks before including them in reports

diff --git a/Gemfile b/Gemfile
@@ -10,8 +10,8 @@ gem 'rails', '~> 6.1.7.3'
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 6.0'
 
-# Use Uglifier as compressor for JavaScript assets
-gem 'uglifier', '>= 1.3.0'
+# Use ruby-terser as compressor for JavaScript assets
+gem 'terser', '~> 1.1'
 
 # See https://github.com/rails/execjs#readme for more supported runtimes
 gem 'mini_racer', platforms: :ruby
@@ -35,7 +35,7 @@ gem 'jbuilder', '~> 2.7'
 gem 'bootsnap', '>= 1.12.0', require: false
 
 # ---------------------------------------------------- Dradis Community Edition
-gem 'bootstrap', '~> 4.3.1'
+gem 'bootstrap', '~> 5.2.3'
 gem 'jquery-rails'
 gem 'jquery-ui-rails'
 gem 'jquery-fileupload-rails', '~> 0.3.4'
@@ -214,12 +214,12 @@ end
 #
 
 # Base framework classes required by other plugins
-gem 'dradis-plugins', '~> 4.8.0'
+gem 'dradis-plugins', '~> 4.9.0'
 
 gem 'dradis-api', path: 'engines/dradis-api'
 
 # Import / export project data
-gem 'dradis-projects', '~> 4.8.0'
+gem 'dradis-projects', '~> 4.9.0'
 
 plugins_file = 'Gemfile.plugins'
 if File.exists?(plugins_file)
@@ -230,32 +230,32 @@ end
 # effective.
 
 # ----------------------------------------------------------------- Calculators
-gem 'dradis-calculator_cvss', '~> 4.8.0'
-gem 'dradis-calculator_dread', '~> 4.8.0'
+gem 'dradis-calculator_cvss', '~> 4.9.0'
+gem 'dradis-calculator_dread', '~> 4.9.0'
 
 # ---------------------------------------------------------------------- Export
-gem 'dradis-csv_export', '~> 4.8.0'
-gem 'dradis-html_export', '~> 4.8.0'
+gem 'dradis-csv_export', '~> 4.9.0'
+gem 'dradis-html_export', '~> 4.9.0'
 
 # ---------------------------------------------------------------------- Import
-gem 'dradis-csv', '~> 4.8.0'
+gem 'dradis-csv', '~> 4.9.0'
 
 # ---------------------------------------------------------------------- Upload
-gem 'dradis-acunetix', '~> 4.8.0'
-gem 'dradis-brakeman', '~> 4.8.0'
-gem 'dradis-burp', '~> 4.8.0'
-gem 'dradis-coreimpact', '~> 4.8.0'
-gem 'dradis-metasploit', '~> 4.8.0'
-gem 'dradis-nessus', '~> 4.8.0'
-gem 'dradis-netsparker', '~> 4.8.0'
-gem 'dradis-nexpose', '~> 4.8.0'
-gem 'dradis-nikto', '~> 4.8.0'
-gem 'dradis-nipper', '~> 4.8.0'
-gem 'dradis-nmap', '~> 4.8.0'
-gem 'dradis-ntospider', '~> 4.8.0'
-gem 'dradis-openvas', '~> 4.8.0'
-gem 'dradis-qualys', '~> 4.8.0'
-gem 'dradis-saint', '~> 4.8.0'
-gem 'dradis-veracode', '~> 4.8.0'
-gem 'dradis-wpscan', '~> 4.8.0'
-gem 'dradis-zap', '~> 4.8.0'
+gem 'dradis-acunetix', '~> 4.9.0'
+gem 'dradis-brakeman', '~> 4.9.0'
+gem 'dradis-burp', '~> 4.9.0'
+gem 'dradis-coreimpact', '~> 4.9.0'
+gem 'dradis-metasploit', '~> 4.9.0'
+gem 'dradis-nessus', '~> 4.9.0'
+gem 'dradis-netsparker', '~> 4.9.0'
+gem 'dradis-nexpose', '~> 4.9.0'
+gem 'dradis-nikto', '~> 4.9.0'
+gem 'dradis-nipper', '~> 4.9.0'
+gem 'dradis-nmap', '~> 4.9.0'
+gem 'dradis-ntospider', '~> 4.9.0'
+gem 'dradis-openvas', '~> 4.9.0'
+gem 'dradis-qualys', '~> 4.9.0'
+gem 'dradis-saint', '~> 4.9.0'
+gem 'dradis-veracode', '~> 4.9.0'
+gem 'dradis-wpscan', '~> 4.9.0'
+gem 'dradis-zap', '~> 4.9.0'