v1.22.0rc1 Luna

What's Changed

• Update Docker image tags to include 'openkat-' prefix by @underdarknl in #5038
• Handle OOI's that have no schedule in the boefjes elligeble OOI list there where currently missing by @underdarknl in #5031
• Optimize use of TypeAdapters in the octopoes client. by @underdarknl in #5020
• Order organizations by name in models.py by @underdarknl in #4983
• Adds some new endpoints to the xtdb cli and client by @underdarknl in #4975
• add ignore stanza for boefje.json.tmp files existing after a test run by @underdarknl in #5019
• Feat/bytes normalizer metas endpoint by @underdarknl in #4994
• Include User-Agent header in HTTP requests by @underdarknl in #5044
• Skip Docker registry login for fork PRs by @hasecon in #5047
• Add Optional sync flags to octopoes service, router and xtdbclient by @underdarknl in #5046
• Remove CSS/JS compressor. Its not compatible with JS modules by @underdarknl in #5032
• Fix nikto boefje: bug fixes and performance improvements by @hasecon in #4943
• Use the newly available sync param in rocky by @underdarknl in #5049
• Move scanprofile propagation from celery to daemon, and use xtdb's la… by @underdarknl in #5039
• Bump pyasn1 from 0.6.2 to 0.6.3 in /bytes by @dependabot[bot] in #5050
• Bump sphinxcontrib-mermaid from 1.2.3 to 2.0.0 by @dependabot[bot] in #5014
• make paginator smarter, avoid double lookups, cache results on page. by @underdarknl in #5040
• optimize various parts of the scheduler by @underdarknl in #5007
• Make error handling more robust, we saw some some crashes around reconnects by @underdarknl in #5051
• Change cve-finding-types default to public API by @hasecon in #5053
• Use existing organization property on request.user, and dont filter i… by @underdarknl in #5054
• Bump pydicom from 2.4.4 to 2.4.5 in /boefjes/boefjes/plugins/kat_dicom by @dependabot[bot] in #5058
• Add a bit more clarification to the scan profile propagation table by @underdarknl in #5056
• Use the new Deschedule mimetype to signal jobs that never need a new run again. by @underdarknl in #5055
• Update schema.json, fix max/maximum by @underdarknl in #5063
• Fix invalid JSON Schema keywords in kat_rpki schema by @hasecon in #5064
• Upgrade actions to node24 variants and version pin all actions by @underdarknl in #5065
• Replace pika with aio-pika in Bytes service by @hasecon in #5061
• Refactor observed_at handling / forms by @underdarknl in #5057
• Fix check_requirements workflow for fork PRs by @hasecon in #5078
• Update django.pot after observed_at refactoring by @hasecon in #5077
• Fix LeakIX boefje to only return results for scanned asset by @hasecon in #4944
• Add proper task list filtering, and refactor the all organizations task lists by @underdarknl in #5083
• Upgrade requests, pyjwt, cryptography, boto3, pygments by @underdarknl in #5082
• Fix nuclei boefjes crashing on HostnameHTTPURL inputs by @hasecon in #5052
• Feat/raw files in tasklist by @underdarknl in #4190
• Bump actions/configure-pages from 5.0.0 to 6.0.0 by @dependabot[bot] in #5098
• Bump dorny/paths-filter from 3.0.2 to 4.0.1 by @dependabot[bot] in #5097
• update a few dependencies, and also bump pytest by @underdarknl in #5092
• Bump picomatch from 2.3.1 to 2.3.2 in /rocky by @dependabot[bot] in #5066
• Bump actions/deploy-pages from 4.0.5 to 5.0.0 by @dependabot[bot] in #5096
• Bump softprops/action-gh-release from 2.5.0 to 2.6.1 by @dependabot[bot] in #5094
• Bump github/codeql-action from 4.32.4 to 4.35.1 by @dependabot[bot] in #5095
• Since 'sync' is optional since a while, a few propagation tests failed in robot testing by @underdarknl in #5101
• Add optimizations to various querys, shortcut when count is already available, etc by @underdarknl in #5088
• Bump cryptography from 46.0.6 to 46.0.7 in /boefjes by @dependabot[bot] in #5106
• Bump cryptography from 46.0.6 to 46.0.7 in /bytes by @dependabot[bot] in #5105
• Bump attrs from 25.4.0 to 26.1.0 by @dependabot[bot] in #5102
• Fix/octopoes rtest by @underdarknl in #5107
• Refactor SSH command execution to use subprocess by @underdarknl in #5104
• Update various dependencies (wrapt, opentelemetry), pin attrs by @underdarknl in #5110

Full Changelog: v1.21.0...v1.22.0rc1

What's Changed

• Update Docker image tags to include 'openkat-' prefix by @underdarknl in #5038
• Handle OOI's that have no schedule in the boefjes elligeble OOI list there where currently missing by @underdarknl in #5031
• Optimize use of TypeAdapters in the octopoes client. by @underdarknl in #5020
• Order organizations by name in models.py by @underdarknl in #4983
• Adds some new endpoints to the xtdb cli and client by @underdarknl in #4975
• add ignore stanza for boefje.json.tmp files existing after a test run by @underdarknl in #5019
• Feat/bytes normalizer metas endpoint by @underdarknl in #4994
• Include User-Agent header in HTTP requests by @underdarknl in #5044
• Skip Docker registry login for fork PRs by @hasecon in #5047
• Add Optional sync flags to octopoes service, router and xtdbclient by @underdarknl in #5046
• Remove CSS/JS compressor. Its not compatible with JS modules by @underdarknl in #5032
• Fix nikto boefje: bug fixes and performance improvements by @hasecon in #4943
• Use the newly available sync param in rocky by @underdarknl in #5049
• Move scanprofile propagation from celery to daemon, and use xtdb's la… by @underdarknl in #5039
• Bump pyasn1 from 0.6.2 to 0.6.3 in /bytes by @dependabot[bot] in #5050
• Bump sphinxcontrib-mermaid from 1.2.3 to 2.0.0 by @dependabot[bot] in #5014
• make paginator smarter, avoid double lookups, cache results on page. by @underdarknl in #5040
• optimize various parts of the scheduler by @underdarknl in https://github.com/SSC-ICT-...

v1.21.0

OpenKAT 1.21 - Lapjeskat

In this release we have primarily focused on patching dependencies, and fixing all issues related to our move from MinVWS to SSC-ICT-Innovatie.
Our last release from MinVWS was 1.20 in August, and since then many of our dependencies required patching, either because of security issues (so we do strongly recommend upgrading), or because of other general improvements. The move from one Github Repository, while being gracefully supported on both sides, did still create a series of issues regarding naming and container storage.
While we have finished all those steps, it would be great to make those naming issues disappear altogether by making them dynamic. This would allow other forks of OpenKAT to also seamlessly build packages
and containers, which in turn makes it easier to collaborate and keep in sync with others (and this repo).
Besides these changes, we have also included a new docker container that sets up a local (automatically updating) CVE API. This service makes sure you never leak any discovered CVEs from your assets to an outside party or even continent.
Work on a Performance release, addressing many of the localized issues is well underway and will be released as 1.22 soon.

New Features

• Fix backup and restore scripts for cross-platform support and correctness by @hasecon in #5013
• Remove url input for kat_nuclei_cve, It was adding no value over scanning the website/host by @ammar92 in #4761
• Rewrite user manual by @madelondohmen in #4752
• Support multiple ROAs in RPKI boefjes by @dekkers in #4780
• Move to prek for precommit checks by @underdarknl in #5003

Bug fixes

• Dont crash on worker threads that have no PID, when reporting on stopped workers. by @underdarknl in #4803
• Fix command substitution syntax in systemd service files by @underdarknl in #5022
• Pass katalogus settings to containerized boefjes and add local CVE API by @hasecon in #5017
• Fix observed_at in dashboard items and modal error handling by @madelondohmen in #4770
• Fix styling issues by @stephanie0x00 in #4584
• Fix DKIM false positives by reverting PR 3997 by @dekkers in #4775
• Fix HTTPError handling in Octopoes connector by @dekkers in #4793
• Fix DNSSEC boefje for CNAME / AAAA records by @dekkers in #4767

Upgrading

The normal instructions for upgrading Debian packages or upgrading containers should be followed.

There is a migration script available in the scripts folder named migrate-openkat.sh which will migrate any data on your system from the older docker volumes into the new volumes required by the new openkat packages.
More in depth details can be found in its documentation.

https://github.com/SSC-ICT-Innovatie/nl-kat-coordination/blob/main/scripts/migrate.md

Be sure to use the backup option and dry-run options before attempting a full migration.

Boefje container images

The boefje container images of 1.20 are still hosted by MinVWS, and as such can still be reached on their original URIs.
They are also compatible, but might miss out on some dependency upgrades. To upgrade to the new container registry their urls need to be changed in the katalogus database.
Docker will then subsequently download the new images. Older images can be deleted by telling docker to do so using a command similar to the one below.

docker images | grep 'ghcr.io/minvws/openkat' | awk '{print $3}' | xargs -r docker rmi
# optionally remove dangling layers to free up disk-space
docker image prune -f

Full Changelog

The full changelog can be found on Github v1.20.1...v1.21.0

New Contributors

• @reinschaap made their first contribution in #4937
• @cookiemonster made their first contribution in #4938
• @hasecon made their first contribution in #4960

What's Changed

• Rewrite user manual by @madelondohmen in #4752
• Updated requirements by @ammar92 in #4758
• Update check_requirements.yml workflow by @ammar92 in #4759
• Fixed broken link by @ammar92 in #4760
• Remove url input for kat_nuclei_cve by @ammar92 in #4761
• Fix docker warning on mixed case by @dekkers in #4768
• Fixed broken links in PR template by @ammar92 in #4769
• Fix DNSSEC boefje for CNAME / AAAA records by @dekkers in #4767
• Update task list icons by @madelondohmen in #4772
• Remove dropdown from PDF by @madelondohmen in #4773
• Fix observed_at in dashboard items and modal error handling by @madelondohmen in #4770
• Fix styling issues by @stephanie0x00 in #4584
• Fix DKIM false positives by reverting PR 3997 by @dekkers in #4775
• Updated packages by @ammar92 in #4779
• Support multiple ROAs in RPKI boefjes by @dekkers in #4780
• Updated packages by @ammar92 in #4786
• Fix HTTPError handling in Octopoes connector by @dekkers in #4793
• Updated packages by @ammar92 in #4796
• Updated packages and actions by @ammar92 in #4809
• Translations update from Hosted Weblate by @weblate in #4774
• Updated packages by @ammar92 in #4816
• Updated packages by @ammar92 in #4868
• Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in #4894
• Updated packages and actions by @ammar92 in #4896
• Updated Django to 5.1.14 by @ammar92 in #4897
• Package updates by @ammar92 in #4908
• Fix image path and update repository links in README after migration to SSC-ICT by @reinschaap in #4937
• Update contribution guidelines and contact links after migration to SSC-ICT by @reinschaap in #4936
• Update CODEOWNERS to include new owners by @cookiemonster in #4938
• Update CODEOWNERS to include hasecon by @hasecon in #4960
• Bump pyasn1 from 0.6.1 to 0.6.2 in /bytes by @dependabot[bot] in #4959
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes/boefjes/plugins/kat_security_txt_downloader by @dependabot[bot] in #4953
• Bump django from 5.1.14 to 5.1.15 in /rocky by @dependabot[bot] in #4969
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4952
• Bump urllib3 from 2.5.0 to 2.6.3 in /octopoes by @dependabot[bot] in #4964
• Bump urllib3 from 2.5.0 to 2.6.3 by @dependabot[bot] in #4965
• Bump webtest from 3.0.6 to 3.0.7 by @dependabot[bot] in #4921
• Bump fonttools from 4.60.1 to 4.60.2 in /rocky by @dependabot[bot] in #4966
• Bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in #4949
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4971
• Bump actions/cache from 4 to 5 by @dependabot[bot] in https://github.com/SSC-...

v1.21.0rc1

This release brings a large number of dependency updates, and also some other minor fixes. It also takes into account the move from the previous MinVWS github repoitory to SSC-ICT and the related changes required regarding naming and container registries.

What's Changed

• Rewrite user manual by @madelondohmen in #4752
• Updated requirements by @ammar92 in #4758
• Update check_requirements.yml workflow by @ammar92 in #4759
• Fixed broken link by @ammar92 in #4760
• Remove url input for kat_nuclei_cve by @ammar92 in #4761
• Fix docker warning on mixed case by @dekkers in #4768
• Fixed broken links in PR template by @ammar92 in #4769
• Fix DNSSEC boefje for CNAME / AAAA records by @dekkers in #4767
• Update task list icons by @madelondohmen in #4772
• Remove dropdown from PDF by @madelondohmen in #4773
• Fix observed_at in dashboard items and modal error handling by @madelondohmen in #4770
• Fix styling issues by @stephanie0x00 in #4584
• Fix DKIM false positives by reverting PR 3997 by @dekkers in #4775
• Updated packages by @ammar92 in #4779
• Support multiple ROAs in RPKI boefjes by @dekkers in #4780
• Updated packages by @ammar92 in #4786
• Fix HTTPError handling in Octopoes connector by @dekkers in #4793
• Updated packages by @ammar92 in #4796
• Updated packages and actions by @ammar92 in #4809
• Translations update from Hosted Weblate by @weblate in #4774
• Updated packages by @ammar92 in #4816
• Updated packages by @ammar92 in #4868
• Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in #4894
• Updated packages and actions by @ammar92 in #4896
• Updated Django to 5.1.14 by @ammar92 in #4897
• Package updates by @ammar92 in #4908
• Fix image path and update repository links in README after migration to SSC-ICT by @reinschaap in #4937
• Update contribution guidelines and contact links after migration to SSC-ICT by @reinschaap in #4936
• Update CODEOWNERS to include new owners by @cookiemonster in #4938
• Update CODEOWNERS to include hasecon by @hasecon in #4960
• Bump pyasn1 from 0.6.1 to 0.6.2 in /bytes by @dependabot[bot] in #4959
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes/boefjes/plugins/kat_security_txt_downloader by @dependabot[bot] in #4953
• Bump django from 5.1.14 to 5.1.15 in /rocky by @dependabot[bot] in #4969
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4952
• Bump urllib3 from 2.5.0 to 2.6.3 in /octopoes by @dependabot[bot] in #4964
• Bump urllib3 from 2.5.0 to 2.6.3 by @dependabot[bot] in #4965
• Bump webtest from 3.0.6 to 3.0.7 by @dependabot[bot] in #4921
• Bump fonttools from 4.60.1 to 4.60.2 in /rocky by @dependabot[bot] in #4966
• Bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in #4949
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4971
• Bump actions/cache from 4 to 5 by @dependabot[bot] in #4948
• Bump softprops/action-gh-release from 2.4.1 to 2.5.0 by @dependabot[bot] in #4950
• Bump SonarSource/sonarqube-scan-action from 6.0.0 to 7.0.0 by @dependabot[bot] in #4947
• Bump granian from 2.5.6 to 2.5.7 by @dependabot[bot] in #4923
• Bump annotated-doc from 0.0.3 to 0.0.4 by @dependabot[bot] in #4922
• Bump faker from 37.4.0 to 38.2.0 by @dependabot[bot] in #4920
• Update workflow references to SSC-ICT-Innovatie by @underdarknl in #4962
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes/boefjes/plugins/kat_webpage_analysis by @dependabot[bot] in #4972
• Bump filelock from 3.18.0 to 3.20.3 in /octopoes by @dependabot[bot] in #4968
• Bump filelock from 3.18.0 to 3.20.3 in /boefjes by @dependabot[bot] in #4973
• Bump pynacl from 1.5.0 to 1.6.2 in /bytes by @dependabot[bot] in #4974
• Change DESTINATION_BRANCH to github.head_ref by @underdarknl in #4961
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #4946
• Remove commit and push step for Dependabot by @underdarknl in #4981
• Bump python-multipart from 0.0.20 to 0.0.22 in /bytes by @dependabot[bot] in #4982
• Bump botocore from 1.40.46 to 1.40.76 by @dependabot[bot] in #4979
• Bump phonenumbers from 9.0.17 to 9.0.22 by @dependabot[bot] in #4976
• Fix/repo links docs by @underdarknl in #4939
• Bump sqlparse from 0.5.3 to 0.5.5 by @dependabot[bot] in #4991
• Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #4986
• Bump github/codeql-action from 4.31.9 to 4.32.0 by @dependabot[bot] in #4988
• Bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in #4985
• Feat/container registry by @underdarknl in #4956
• Bump docker/metadata-action from 5.8.0 to 5.10.0 by @dependabot[bot] in #4987
• Bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #4989
• fix UV call, and upgrade various dependencies and lock files by @underdarknl in #5000
• Add setup_test_org management command for development by @hasecon in #4998
• add sync to octopoes ci tests. by @underdarknl in #5004
• disable sonarcloud untill we get the accounts sorted again by @underdarknl in #5001
• Bump cryptography from 46.0.4 to 46.0.5 in /boefjes by @dependabot[bot] in #5008
• Bump pillow from 12.1.0 to 12.1.1 in /rocky by @dependabot[bot] in #5010
• Bump cryptography from 46.0.4 to 46.0.5 in /bytes by @dependabot[bot] in #5011
• Move to prek for precommit checks by @underdarknl in #5003
• Upgrade dependencies by @underdarknl in #5012
• update container urls for boefjes by @underdarknl in https://github.com/SSC-ICT-Innovatie/nl-kat...

v1.20.1

What's Changed

• Bump docker/metadata-action from 5.7.0 to 5.8.0 by @dependabot[bot] in #4716
• Bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in #4714
• Bump SonarSource/sonarqube-scan-action from 5.2.0 to 5.3.0 by @dependabot[bot] in #4715
• Fix for SSL and DNSSEC plugins by @ammar92 in #4733
• Updated packages by @ammar92 in #4734
• Fix aggregate report sections by @madelondohmen in #4735
• Remove scheduler_pq_maxsize setting by @dekkers in #4736
• Translations update from Hosted Weblate by @weblate in #4738
• Remove missing certificate bit by @dekkers in #4737
• Fix translations by @dekkers in #4742
• Translations update from Hosted Weblate by @weblate in #4739
• Translations update from Hosted Weblate by @weblate in #4743
• Make it possible to configure logging using ROCKY_LOG_CFG by @dekkers in #4744
• Updated packages by @ammar92 in #4751

Full Changelog: v1.20.0...v1.20.1

v1.20.0

https://docs.openkat.nl/about-openkat/release-notes/1.20.html

What's Changed

• Update scheduler to shutdown when external services are not reachable by @jpbruinsslot in #4410
• Check member permissions instead of user permissions for recalculating bits by @dekkers in #4477
• Stop hardcoding internet by @originalsouth in #4481
• Add observed_at to recipe href in report task list by @madelondohmen in #4485
• Update organization_crisis_room_header.html by @underdarknl in #4487
• Remove can_access_all_organizations User property and use has_perm() by @dekkers in #4478
• Order organizations by name by @dekkers in #4479
• Clearance level permission warnings for object detail by @Rieven in #4378
• Fix crisis room code missing in Debian package by @dekkers in #4491
• Updated packages by @ammar92 in #4504
• Multi report fixes by @madelondohmen in #4494
• Set ordering task stats count in scheduler by @jpbruinsslot in #4503
• Add organisation queryparameter for tasks endpoint in scheduler by @jpbruinsslot in #4509
• Check HTTP repsonse status code in boefje OCI adapter by @dekkers in #4507
• Translations update from Hosted Weblate by @weblate in #4513
• use the available info when checking hostnames that are cnames by @underdarknl in #4511
• Updated packages and actions by @ammar92 in #4524
• Build containerized boefjes in CI by @dekkers in #4501
• Feature/boefjes deduplication by @Donnype in #4482
• Funny "bug" with the limit/offset parameters by @Donnype in #4528
• Fix potential unbound variable in scheduler by @jpbruinsslot in #4522
• Fix/observed at in report href by @madelondohmen in #4489
• Package updates by @ammar92 in #4542
• Fix filters at Members list by @Rieven in #4490
• Feature/frontend design updates by @madelondohmen in #4525
• Updated requests package by @ammar92 in #4546
• Fix pushing non-deduplicated tasks by @Donnype in #4547
• Dashboard findings list by @madelondohmen in #4506
• XTDB-CLI examples by @underdarknl in #4315
• Update Django by @ammar92 in #4561
• Updated packages by @ammar92 in #4571
• Add 1.19 release notes by @dekkers in #4568
• Update scheduler load script by @jpbruinsslot in #4548
• Fix dashboard migrations by @dekkers in #4573
• Fix missing crisis room files in Debian package by @dekkers in #4574
• Make sure multiple deduplicated tasks are popped by @jpbruinsslot in #4555
• Scheduler documentation updates by @jpbruinsslot in #4575
• Translations update from Hosted Weblate by @weblate in #4578
• Updated urllib3 by @ammar92 in #4581
• Translations update from Hosted Weblate by @weblate in #4586
• Updated packages by @ammar92 in #4596
• Bind to 127.0.0.1 explicitly for monitoring containers by @Donnype in #4593
• Handle normalizer configs as well when cloning settings between organizations by @Donnype in #4592
• Portable workers and a generic boefje image by @Donnype in #4304
• Build the RDO packages for Python 3.11 only by @dekkers in #4600
• Fix outdated requirements by @dekkers in #4602
• Fix introduction-header styling by @madelondohmen in #4595
• Move mute findings button by @madelondohmen in #4594
• Make it possible to use SSL with PostgreSQL without client certificate by @dekkers in #4064
• Feature/raw migrations 1.19 by @Donnype in #4608
• Update human readable for Report and HydratedReport by @madelondohmen in #4617
• Implement uv by @ammar92 in #4583
• Bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in #4611
• Remove setup_test_users management command by @dekkers in #4620
• Bump softprops/action-gh-release from 2.2.2 to 2.3.2 by @dependabot[bot] in #4613
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot[bot] in #4612
• Translations update from Hosted Weblate by @weblate in #4626
• Feature/deduplicate docker boefjes by @Donnype in #4554
• Fix bugs where some OCI boefjes were not found anymore due to import errors by @Donnype in #4618
• Translations update from Hosted Weblate by @weblate in #4635
• Improve performance for muting findings by @madelondohmen in #4629
• Add close_old_connections calls before running a job by @Donnype in #4636
• Update packages by @ammar92 in #4647
• Update django-compressor to latest git and pin hash by @dekkers in #4645
• Feature/raw migrations 1.20 by @Donnype in #4650
• Translations update from Hosted Weblate by @weblate in #4652
• RFD 0003: Deduplication of boefjes between organization by @dekkers in #4051
• Dashboarding report section by @madelondohmen in #4597
• Change variable name because we already have a data variable by @Donnype in #4655
• Feat/mula optimize calls by @underdarknl in #4631
• Hide more settings and env variables in debug mode by @Donnype in #4648
• Hotfix crisis room for all organizations by @madelondohmen in #4659
• Feature/scoped auth token only for api by @Donnype in #4649
• Retrieve current value from config by @originalsouth in #4628
• Use uv when building Debian packages by @dekkers in #4646
• Translations update from Hosted Weblate by @weblate in #4661
• Translations update from Hosted Weblate by @weblate in #4662
• Update onboarding by @stephanie0x00 in #4397
• Updated requirements and fixed requirements make target by @ammar92 in #4669
• Only Containerized Boefjes by @Donnype in #4644
• Use pinned requirements for base image by @Donnype in #4673
• Update consumes for normalizers of OCI boefjes so they work on copied OCI boefjes as well by @Donnype in #4674
• Docs/logging event ids by Bram by @underdarknl in #4460
• Fix: AttributeError in onboarding fetching web_url by @Rieven in #4484
• Add nmap ip range back as a bare definition file for backward compatibility by @Donnype in #4672
• Fix onboarding hea...

v1.20.0rc2

https://docs.openkat.nl/about-openkat/release-notes/1.20.html

What's Changed

• Update scheduler to shutdown when external services are not reachable by @jpbruinsslot in #4410
• Check member permissions instead of user permissions for recalculating bits by @dekkers in #4477
• Stop hardcoding internet by @originalsouth in #4481
• Add observed_at to recipe href in report task list by @madelondohmen in #4485
• Update organization_crisis_room_header.html by @underdarknl in #4487
• Remove can_access_all_organizations User property and use has_perm() by @dekkers in #4478
• Order organizations by name by @dekkers in #4479
• Clearance level permission warnings for object detail by @Rieven in #4378
• Fix crisis room code missing in Debian package by @dekkers in #4491
• Updated packages by @ammar92 in #4504
• Multi report fixes by @madelondohmen in #4494
• Set ordering task stats count in scheduler by @jpbruinsslot in #4503
• Add organisation queryparameter for tasks endpoint in scheduler by @jpbruinsslot in #4509
• Check HTTP repsonse status code in boefje OCI adapter by @dekkers in #4507
• Translations update from Hosted Weblate by @weblate in #4513
• use the available info when checking hostnames that are cnames by @underdarknl in #4511
• Updated packages and actions by @ammar92 in #4524
• Build containerized boefjes in CI by @dekkers in #4501
• Feature/boefjes deduplication by @Donnype in #4482
• Funny "bug" with the limit/offset parameters by @Donnype in #4528
• Fix potential unbound variable in scheduler by @jpbruinsslot in #4522
• Fix/observed at in report href by @madelondohmen in #4489
• Package updates by @ammar92 in #4542
• Fix filters at Members list by @Rieven in #4490
• Feature/frontend design updates by @madelondohmen in #4525
• Updated requests package by @ammar92 in #4546
• Fix pushing non-deduplicated tasks by @Donnype in #4547
• Dashboard findings list by @madelondohmen in #4506
• XTDB-CLI examples by @underdarknl in #4315
• Update Django by @ammar92 in #4561
• Updated packages by @ammar92 in #4571
• Add 1.19 release notes by @dekkers in #4568
• Update scheduler load script by @jpbruinsslot in #4548
• Fix dashboard migrations by @dekkers in #4573
• Fix missing crisis room files in Debian package by @dekkers in #4574
• Make sure multiple deduplicated tasks are popped by @jpbruinsslot in #4555
• Scheduler documentation updates by @jpbruinsslot in #4575
• Translations update from Hosted Weblate by @weblate in #4578
• Updated urllib3 by @ammar92 in #4581
• Translations update from Hosted Weblate by @weblate in #4586
• Updated packages by @ammar92 in #4596
• Bind to 127.0.0.1 explicitly for monitoring containers by @Donnype in #4593
• Handle normalizer configs as well when cloning settings between organizations by @Donnype in #4592
• Portable workers and a generic boefje image by @Donnype in #4304
• Build the RDO packages for Python 3.11 only by @dekkers in #4600
• Fix outdated requirements by @dekkers in #4602
• Fix introduction-header styling by @madelondohmen in #4595
• Move mute findings button by @madelondohmen in #4594
• Make it possible to use SSL with PostgreSQL without client certificate by @dekkers in #4064
• Feature/raw migrations 1.19 by @Donnype in #4608
• Update human readable for Report and HydratedReport by @madelondohmen in #4617
• Implement uv by @ammar92 in #4583
• Bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in #4611
• Remove setup_test_users management command by @dekkers in #4620
• Bump softprops/action-gh-release from 2.2.2 to 2.3.2 by @dependabot[bot] in #4613
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot[bot] in #4612
• Translations update from Hosted Weblate by @weblate in #4626
• Feature/deduplicate docker boefjes by @Donnype in #4554
• Fix bugs where some OCI boefjes were not found anymore due to import errors by @Donnype in #4618
• Translations update from Hosted Weblate by @weblate in #4635
• Improve performance for muting findings by @madelondohmen in #4629
• Add close_old_connections calls before running a job by @Donnype in #4636
• Update packages by @ammar92 in #4647
• Update django-compressor to latest git and pin hash by @dekkers in #4645
• Feature/raw migrations 1.20 by @Donnype in #4650
• Translations update from Hosted Weblate by @weblate in #4652
• RFD 0003: Deduplication of boefjes between organization by @dekkers in #4051
• Dashboarding report section by @madelondohmen in #4597
• Change variable name because we already have a data variable by @Donnype in #4655
• Feat/mula optimize calls by @underdarknl in #4631
• Hide more settings and env variables in debug mode by @Donnype in #4648
• Hotfix crisis room for all organizations by @madelondohmen in #4659
• Feature/scoped auth token only for api by @Donnype in #4649
• Retrieve current value from config by @originalsouth in #4628
• Use uv when building Debian packages by @dekkers in #4646
• Translations update from Hosted Weblate by @weblate in #4661
• Translations update from Hosted Weblate by @weblate in #4662
• Update onboarding by @stephanie0x00 in #4397
• Updated requirements and fixed requirements make target by @ammar92 in #4669
• Only Containerized Boefjes by @Donnype in #4644
• Use pinned requirements for base image by @Donnype in #4673
• Update consumes for normalizers of OCI boefjes so they work on copied OCI boefjes as well by @Donnype in #4674
• Docs/logging event ids by Bram by @underdarknl in #4460
• Fix: AttributeError in onboarding fetching web_url by @Rieven in #4484
• Add nmap ip range back as a bare definition file for backward compatibility by @Donnype in #4672
• Fix onboarding hea...

v1.20.0rc1

https://docs.openkat.nl/about-openkat/release-notes/1.20.html

What's Changed

• Update scheduler to shutdown when external services are not reachable by @jpbruinsslot in #4410
• Check member permissions instead of user permissions for recalculating bits by @dekkers in #4477
• Stop hardcoding internet by @originalsouth in #4481
• Add observed_at to recipe href in report task list by @madelondohmen in #4485
• Update organization_crisis_room_header.html by @underdarknl in #4487
• Remove can_access_all_organizations User property and use has_perm() by @dekkers in #4478
• Order organizations by name by @dekkers in #4479
• Clearance level permission warnings for object detail by @Rieven in #4378
• Fix crisis room code missing in Debian package by @dekkers in #4491
• Updated packages by @ammar92 in #4504
• Multi report fixes by @madelondohmen in #4494
• Set ordering task stats count in scheduler by @jpbruinsslot in #4503
• Add organisation queryparameter for tasks endpoint in scheduler by @jpbruinsslot in #4509
• Check HTTP repsonse status code in boefje OCI adapter by @dekkers in #4507
• Translations update from Hosted Weblate by @weblate in #4513
• use the available info when checking hostnames that are cnames by @underdarknl in #4511
• Updated packages and actions by @ammar92 in #4524
• Build containerized boefjes in CI by @dekkers in #4501
• Feature/boefjes deduplication by @Donnype in #4482
• Funny "bug" with the limit/offset parameters by @Donnype in #4528
• Fix potential unbound variable in scheduler by @jpbruinsslot in #4522
• Fix/observed at in report href by @madelondohmen in #4489
• Package updates by @ammar92 in #4542
• Fix filters at Members list by @Rieven in #4490
• Feature/frontend design updates by @madelondohmen in #4525
• Updated requests package by @ammar92 in #4546
• Fix pushing non-deduplicated tasks by @Donnype in #4547
• Dashboard findings list by @madelondohmen in #4506
• XTDB-CLI examples by @underdarknl in #4315
• Update Django by @ammar92 in #4561
• Updated packages by @ammar92 in #4571
• Add 1.19 release notes by @dekkers in #4568
• Update scheduler load script by @jpbruinsslot in #4548
• Fix dashboard migrations by @dekkers in #4573
• Fix missing crisis room files in Debian package by @dekkers in #4574
• Make sure multiple deduplicated tasks are popped by @jpbruinsslot in #4555
• Scheduler documentation updates by @jpbruinsslot in #4575
• Translations update from Hosted Weblate by @weblate in #4578
• Updated urllib3 by @ammar92 in #4581
• Translations update from Hosted Weblate by @weblate in #4586
• Updated packages by @ammar92 in #4596
• Bind to 127.0.0.1 explicitly for monitoring containers by @Donnype in #4593
• Handle normalizer configs as well when cloning settings between organizations by @Donnype in #4592
• Portable workers and a generic boefje image by @Donnype in #4304
• Build the RDO packages for Python 3.11 only by @dekkers in #4600
• Fix outdated requirements by @dekkers in #4602
• Fix introduction-header styling by @madelondohmen in #4595
• Move mute findings button by @madelondohmen in #4594
• Make it possible to use SSL with PostgreSQL without client certificate by @dekkers in #4064
• Feature/raw migrations 1.19 by @Donnype in #4608
• Update human readable for Report and HydratedReport by @madelondohmen in #4617
• Implement uv by @ammar92 in #4583
• Bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in #4611
• Remove setup_test_users management command by @dekkers in #4620
• Bump softprops/action-gh-release from 2.2.2 to 2.3.2 by @dependabot[bot] in #4613
• Bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot[bot] in #4612
• Translations update from Hosted Weblate by @weblate in #4626
• Feature/deduplicate docker boefjes by @Donnype in #4554
• Fix bugs where some OCI boefjes were not found anymore due to import errors by @Donnype in #4618
• Translations update from Hosted Weblate by @weblate in #4635
• Improve performance for muting findings by @madelondohmen in #4629
• Add close_old_connections calls before running a job by @Donnype in #4636
• Update packages by @ammar92 in #4647
• Update django-compressor to latest git and pin hash by @dekkers in #4645
• Feature/raw migrations 1.20 by @Donnype in #4650
• Translations update from Hosted Weblate by @weblate in #4652
• RFD 0003: Deduplication of boefjes between organization by @dekkers in #4051
• Dashboarding report section by @madelondohmen in #4597
• Change variable name because we already have a data variable by @Donnype in #4655
• Feat/mula optimize calls by @underdarknl in #4631
• Hide more settings and env variables in debug mode by @Donnype in #4648
• Hotfix crisis room for all organizations by @madelondohmen in #4659
• Feature/scoped auth token only for api by @Donnype in #4649
• Retrieve current value from config by @originalsouth in #4628
• Use uv when building Debian packages by @dekkers in #4646
• Translations update from Hosted Weblate by @weblate in #4661
• Translations update from Hosted Weblate by @weblate in #4662
• Update onboarding by @stephanie0x00 in #4397
• Updated requirements and fixed requirements make target by @ammar92 in #4669
• Only Containerized Boefjes by @Donnype in #4644
• Use pinned requirements for base image by @Donnype in #4673
• Update consumes for normalizers of OCI boefjes so they work on copied OCI boefjes as well by @Donnype in #4674
• Docs/logging event ids by Bram by @underdarknl in #4460
• Fix: AttributeError in onboarding fetching web_url by @Rieven in #4484
• Add nmap ip range back as a bare definition file for backward compatibility by @Donnype in #4672
• Fix onboarding hea...

v1.19.1

What's Changed

• Fix dashboard migrations (1.19) by @dekkers in #4572
• Fix missing crisis room files in Debian package (1.19) by @dekkers in #4576
• (1.19) Updated urllib3 by @ammar92 in #4582
• Handle normalizer configs as well when cloning settings between organizations (1.19) by @dekkers in #4598
• Build the RDO packages for Python 3.11 only (1.19) by @dekkers in #4601

Full Changelog: v1.19.0...v1.19.1

v1.19.0

https://docs.openkat.nl/about-openkat/release-notes/1.19.html

What's Changed

• fix logout and styling by @Rieven in #4080
• Translations update from Hosted Weblate by @weblate in #4085
• Lock down codeowner edit rights to operations by @nicktencate in #4086
• Update build-rdo-package.yml by @sigio in #4081
• optimize various bits around scan profiles by @underdarknl in #4050
• Hotfix for empty report in history table by @madelondohmen in #4087
• remove inline styling / svg graph as not compatible with out CSP by @underdarknl in #4075
• Combined schedulers by @jpbruinsslot in #3839
• add 1.18 release notes by @underdarknl in #4083
• Remove unused queue_uri from boefje settings by @dekkers in #4068
• 1.18 release notes improvements by @dekkers in #4109
• Remove the empty keiko package and container by @dekkers in #4110
• Updated testcase for Schedule should result in schedule_id of Task to be set to None by @jpbruinsslot in #4104
• fix task list for boefjes, normalizer and ooi detail by @Rieven in #4115
• Updated packages by @ammar92 in #4114
• Updated cryptography by @ammar92 in #4121
• Update client.py, relfect earlier changes in katalogus api by @underdarknl in #4107
• Pin Ubuntu runners to version 24.04 by @ammar92 in #4120
• Remove deprecated queryparams by @jpbruinsslot in #4117
• Fix 'created by' in report and add 'created from recipe' by @madelondohmen in #4094
• Update disallowed_csp_hostnames.py, also trigger on higher level denied domains by @underdarknl in #3980
• Fix ssl certificates boefje scan level by @dekkers in #4127
• Add Nikto boefje that scans for outdated software by @Souf149 in #3409
• Delete Report Schedules by @Rieven in #4089
• Add missing locks in scheduler by @jpbruinsslot in #4130
• Remove block-all-mixed-content by @underdarknl in #4073
• Fix/side scrolling paginators by @underdarknl in #4076
• Create qa-test-plan.rst by @stephanie0x00 in #4113
• Fix ooi detail scan warnings by @Rieven in #4112
• Multi report fixes by @madelondohmen in #4125
• Bump settings-doc from 4.3.1 to 4.3.2 by @dependabot in #4006
• Update mixins.py, make sure findingsTypes are present in tree for OOI detail page by @underdarknl in #4139
• Ci python 3.12 3.13 by @dekkers in #3951
• Call python3 instead of python in Makefile by @dekkers in #4148
• Trim blocktranslates by @madelondohmen in #4154
• Add CodeQL Scan by @BramVWS in #4078
• Translations update from Hosted Weblate by @weblate in #4151
• Remove robotframework-tidy from rocky dev dependencies by @dekkers in #4155
• Fix spf with identifier by @noamblitz in #4145
• Remove caches for the KATalogus in the scheduler by @jpbruinsslot in #4108
• Add logging configuration for celery.worker in case of a crash by @Donnype in #4153
• Add permissions for RDO Build workflow Closes #4156 by @BramVWS in #4157
• fix template tag for unknown user by @Rieven in #4150
• Report notification for empty live set by @madelondohmen in #4152
• Moved the RabbitMQ installation and configuration section by @ammar92 in #4161
• Updated Django and Jinja2 by @ammar92 in #4162
• Translations update from Hosted Weblate by @weblate in #4163
• Add a cli command to evict reports due to a bug when upgrading from v1.17.0 to 1.18.0 by @Donnype in #4169
• Implement/refactor fastapi 'extra models' in scheduler api by @jpbruinsslot in #4165
• Add indices for task table by @jpbruinsslot in #4179
• Better findings table by @noamblitz in #4172
• Fixes dl behaviour within the findings table by @HeleenSG in #4181
• Update docker-compose.release-example.yml by @underdarknl in #4183
• Fix redirect after editing boefje variant by @madelondohmen in #4170
• Remove count from queue popping by @jpbruinsslot in #4177
• Update text "Enable plugins" button in report flow by @stephanie0x00 in #4186
• Fix documentation URL in Makefile by @stephanie0x00 in #4207
• make sure we can link to the plugins section from the report sidemenu by @underdarknl in #4185
• Use TaskPush model for scheduling tasks in rocky by @jpbruinsslot in #4192
• Add relationship filtering in the scheduler by @jpbruinsslot in #4136
• Correctly check if list empty by @jpbruinsslot in #4206
• Updated some packages by @ammar92 in #4209
• Fix: commit read-only transactions as well and do not loop into 10k requests by @Donnype in #4194
• Some refactoring and set the poll interval back by @Donnype in #4213
• Add docstrings to Octopoes models by @stephanie0x00 in #4038
• Fix possible html reinterpretation issues in javascript files by @underdarknl in #4221
• Disable rich tracebacks by @ammar92 in #4218
• Allow filter on multiple organizations in bytes API by @Donnype in #4215
• Updated some packages by @ammar92 in #4245
• Updated structlog by @ammar92 in #4251
• Add missing report_type field in report recipe serializer by @dekkers in #4258
• Add Octopoes bulk reports API by @Donnype in #4219
• Do not compress modal JS by @dekkers in #4262
• Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @dependabot in #4256
• Bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #4255
• Bump docker/build-push-action from 6.13.0 to 6.15.0 by @dependabot in #4254
• Bump docker/metadata-action from 5.6.1 to 5.7.0 by @dependabot in #4253
• Bump github/codeql-action from 3.28.10 to 3.28.13 by @dependabot in #4252
• Dont allow open redirect in plugin_enable_disable.py by @underdarknl in #4250
• Add oci attributes to scheduler by @jpbruinsslot in #4257
• Remove compress from javascript in report_history_table.html by @dekkers in #4266
• Translations update from Hosted Weblate by @weblate in #4261
• Allow tls reports on hostname and ipaddresses by @noamblitz in #4188
• Change default password policy to be compliant with ASVS 2.1.9 by @BramVWS in https://github.com/minvws/nl-kat-...

v1.19.0rc1

https://docs.openkat.nl/about-openkat/release-notes/1.19.html

What's Changed

• fix logout and styling by @Rieven in #4080
• Translations update from Hosted Weblate by @weblate in #4085
• Lock down codeowner edit rights to operations by @nicktencate in #4086
• Update build-rdo-package.yml by @sigio in #4081
• optimize various bits around scan profiles by @underdarknl in #4050
• Hotfix for empty report in history table by @madelondohmen in #4087
• remove inline styling / svg graph as not compatible with out CSP by @underdarknl in #4075
• Combined schedulers by @jpbruinsslot in #3839
• add 1.18 release notes by @underdarknl in #4083
• Remove unused queue_uri from boefje settings by @dekkers in #4068
• 1.18 release notes improvements by @dekkers in #4109
• Remove the empty keiko package and container by @dekkers in #4110
• Updated testcase for Schedule should result in schedule_id of Task to be set to None by @jpbruinsslot in #4104
• fix task list for boefjes, normalizer and ooi detail by @Rieven in #4115
• Updated packages by @ammar92 in #4114
• Updated cryptography by @ammar92 in #4121
• Update client.py, relfect earlier changes in katalogus api by @underdarknl in #4107
• Pin Ubuntu runners to version 24.04 by @ammar92 in #4120
• Remove deprecated queryparams by @jpbruinsslot in #4117
• Fix 'created by' in report and add 'created from recipe' by @madelondohmen in #4094
• Update disallowed_csp_hostnames.py, also trigger on higher level denied domains by @underdarknl in #3980
• Fix ssl certificates boefje scan level by @dekkers in #4127
• Add Nikto boefje that scans for outdated software by @Souf149 in #3409
• Delete Report Schedules by @Rieven in #4089
• Add missing locks in scheduler by @jpbruinsslot in #4130
• Remove block-all-mixed-content by @underdarknl in #4073
• Fix/side scrolling paginators by @underdarknl in #4076
• Create qa-test-plan.rst by @stephanie0x00 in #4113
• Fix ooi detail scan warnings by @Rieven in #4112
• Multi report fixes by @madelondohmen in #4125
• Bump settings-doc from 4.3.1 to 4.3.2 by @dependabot in #4006
• Update mixins.py, make sure findingsTypes are present in tree for OOI detail page by @underdarknl in #4139
• Ci python 3.12 3.13 by @dekkers in #3951
• Call python3 instead of python in Makefile by @dekkers in #4148
• Trim blocktranslates by @madelondohmen in #4154
• Add CodeQL Scan by @BramVWS in #4078
• Translations update from Hosted Weblate by @weblate in #4151
• Remove robotframework-tidy from rocky dev dependencies by @dekkers in #4155
• Fix spf with identifier by @noamblitz in #4145
• Remove caches for the KATalogus in the scheduler by @jpbruinsslot in #4108
• Add logging configuration for celery.worker in case of a crash by @Donnype in #4153
• Add permissions for RDO Build workflow Closes #4156 by @BramVWS in #4157
• fix template tag for unknown user by @Rieven in #4150
• Report notification for empty live set by @madelondohmen in #4152
• Moved the RabbitMQ installation and configuration section by @ammar92 in #4161
• Updated Django and Jinja2 by @ammar92 in #4162
• Translations update from Hosted Weblate by @weblate in #4163
• Add a cli command to evict reports due to a bug when upgrading from v1.17.0 to 1.18.0 by @Donnype in #4169
• Implement/refactor fastapi 'extra models' in scheduler api by @jpbruinsslot in #4165
• Add indices for task table by @jpbruinsslot in #4179
• Better findings table by @noamblitz in #4172
• Fixes dl behaviour within the findings table by @HeleenSG in #4181
• Update docker-compose.release-example.yml by @underdarknl in #4183
• Fix redirect after editing boefje variant by @madelondohmen in #4170
• Remove count from queue popping by @jpbruinsslot in #4177
• Update text "Enable plugins" button in report flow by @stephanie0x00 in #4186
• Fix documentation URL in Makefile by @stephanie0x00 in #4207
• make sure we can link to the plugins section from the report sidemenu by @underdarknl in #4185
• Use TaskPush model for scheduling tasks in rocky by @jpbruinsslot in #4192
• Add relationship filtering in the scheduler by @jpbruinsslot in #4136
• Correctly check if list empty by @jpbruinsslot in #4206
• Updated some packages by @ammar92 in #4209
• Fix: commit read-only transactions as well and do not loop into 10k requests by @Donnype in #4194
• Some refactoring and set the poll interval back by @Donnype in #4213
• Add docstrings to Octopoes models by @stephanie0x00 in #4038
• Fix possible html reinterpretation issues in javascript files by @underdarknl in #4221
• Disable rich tracebacks by @ammar92 in #4218
• Allow filter on multiple organizations in bytes API by @Donnype in #4215
• Updated some packages by @ammar92 in #4245
• Updated structlog by @ammar92 in #4251
• Add missing report_type field in report recipe serializer by @dekkers in #4258
• Add Octopoes bulk reports API by @Donnype in #4219
• Do not compress modal JS by @dekkers in #4262
• Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 by @dependabot in #4256
• Bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot in #4255
• Bump docker/build-push-action from 6.13.0 to 6.15.0 by @dependabot in #4254
• Bump docker/metadata-action from 5.6.1 to 5.7.0 by @dependabot in #4253
• Bump github/codeql-action from 3.28.10 to 3.28.13 by @dependabot in #4252
• Dont allow open redirect in plugin_enable_disable.py by @underdarknl in #4250
• Add oci attributes to scheduler by @jpbruinsslot in #4257
• Remove compress from javascript in report_history_table.html by @dekkers in #4266
• Translations update from Hosted Weblate by @weblate in #4261
• Allow tls reports on hostname and ipaddresses by @noamblitz in #4188
• Change default password policy to be compliant with ASVS 2.1.9 by @BramVWS in https://github.com/minvws/nl-kat-...