v1.21.0

OpenKAT 1.21 - Lapjeskat

In this release we have primarily focused on patching dependencies, and fixing all issues related to our move from MinVWS to SSC-ICT-Innovatie.
Our last release from MinVWS was 1.20 in August, and since then many of our dependencies required patching, either because of security issues (so we do strongly recommend upgrading), or because of other general improvements. The move from one Github Repository, while being gracefully supported on both sides, did still create a series of issues regarding naming and container storage.
While we have finished all those steps, it would be great to make those naming issues disappear altogether by making them dynamic. This would allow other forks of OpenKAT to also seamlessly build packages
and containers, which in turn makes it easier to collaborate and keep in sync with others (and this repo).
Besides these changes, we have also included a new docker container that sets up a local (automatically updating) CVE API. This service makes sure you never leak any discovered CVEs from your assets to an outside party or even continent.
Work on a Performance release, addressing many of the localized issues is well underway and will be released as 1.22 soon.

New Features

• Fix backup and restore scripts for cross-platform support and correctness by @hasecon in #5013
• Remove url input for kat_nuclei_cve, It was adding no value over scanning the website/host by @ammar92 in #4761
• Rewrite user manual by @madelondohmen in #4752
• Support multiple ROAs in RPKI boefjes by @dekkers in #4780
• Move to prek for precommit checks by @underdarknl in #5003

Bug fixes

• Dont crash on worker threads that have no PID, when reporting on stopped workers. by @underdarknl in #4803
• Fix command substitution syntax in systemd service files by @underdarknl in #5022
• Pass katalogus settings to containerized boefjes and add local CVE API by @hasecon in #5017
• Fix observed_at in dashboard items and modal error handling by @madelondohmen in #4770
• Fix styling issues by @stephanie0x00 in #4584
• Fix DKIM false positives by reverting PR 3997 by @dekkers in #4775
• Fix HTTPError handling in Octopoes connector by @dekkers in #4793
• Fix DNSSEC boefje for CNAME / AAAA records by @dekkers in #4767

Upgrading

The normal instructions for upgrading Debian packages or upgrading containers should be followed.

There is a migration script available in the scripts folder named migrate-openkat.sh which will migrate any data on your system from the older docker volumes into the new volumes required by the new openkat packages.
More in depth details can be found in its documentation.

https://github.com/SSC-ICT-Innovatie/nl-kat-coordination/blob/main/scripts/migrate.md

Be sure to use the backup option and dry-run options before attempting a full migration.

Boefje container images

The boefje container images of 1.20 are still hosted by MinVWS, and as such can still be reached on their original URIs.
They are also compatible, but might miss out on some dependency upgrades. To upgrade to the new container registry their urls need to be changed in the katalogus database.
Docker will then subsequently download the new images. Older images can be deleted by telling docker to do so using a command similar to the one below.

docker images | grep 'ghcr.io/minvws/openkat' | awk '{print $3}' | xargs -r docker rmi
# optionally remove dangling layers to free up disk-space
docker image prune -f

Full Changelog

The full changelog can be found on Github v1.20.1...v1.21.0

New Contributors

• @reinschaap made their first contribution in #4937
• @cookiemonster made their first contribution in #4938
• @hasecon made their first contribution in #4960

What's Changed

• Rewrite user manual by @madelondohmen in #4752
• Updated requirements by @ammar92 in #4758
• Update check_requirements.yml workflow by @ammar92 in #4759
• Fixed broken link by @ammar92 in #4760
• Remove url input for kat_nuclei_cve by @ammar92 in #4761
• Fix docker warning on mixed case by @dekkers in #4768
• Fixed broken links in PR template by @ammar92 in #4769
• Fix DNSSEC boefje for CNAME / AAAA records by @dekkers in #4767
• Update task list icons by @madelondohmen in #4772
• Remove dropdown from PDF by @madelondohmen in #4773
• Fix observed_at in dashboard items and modal error handling by @madelondohmen in #4770
• Fix styling issues by @stephanie0x00 in #4584
• Fix DKIM false positives by reverting PR 3997 by @dekkers in #4775
• Updated packages by @ammar92 in #4779
• Support multiple ROAs in RPKI boefjes by @dekkers in #4780
• Updated packages by @ammar92 in #4786
• Fix HTTPError handling in Octopoes connector by @dekkers in #4793
• Updated packages by @ammar92 in #4796
• Updated packages and actions by @ammar92 in #4809
• Translations update from Hosted Weblate by @weblate in #4774
• Updated packages by @ammar92 in #4816
• Updated packages by @ammar92 in #4868
• Bump actions/download-artifact from 4 to 6 by @dependabot[bot] in #4894
• Updated packages and actions by @ammar92 in #4896
• Updated Django to 5.1.14 by @ammar92 in #4897
• Package updates by @ammar92 in #4908
• Fix image path and update repository links in README after migration to SSC-ICT by @reinschaap in #4937
• Update contribution guidelines and contact links after migration to SSC-ICT by @reinschaap in #4936
• Update CODEOWNERS to include new owners by @cookiemonster in #4938
• Update CODEOWNERS to include hasecon by @hasecon in #4960
• Bump pyasn1 from 0.6.1 to 0.6.2 in /bytes by @dependabot[bot] in #4959
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes/boefjes/plugins/kat_security_txt_downloader by @dependabot[bot] in #4953
• Bump django from 5.1.14 to 5.1.15 in /rocky by @dependabot[bot] in #4969
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4952
• Bump urllib3 from 2.5.0 to 2.6.3 in /octopoes by @dependabot[bot] in #4964
• Bump urllib3 from 2.5.0 to 2.6.3 by @dependabot[bot] in #4965
• Bump webtest from 3.0.6 to 3.0.7 by @dependabot[bot] in #4921
• Bump fonttools from 4.60.1 to 4.60.2 in /rocky by @dependabot[bot] in #4966
• Bump github/codeql-action from 4.31.2 to 4.31.9 by @dependabot[bot] in #4949
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes by @dependabot[bot] in #4971
• Bump actions/cache from 4 to 5 by @dependabot[bot] in #4948
• Bump softprops/action-gh-release from 2.4.1 to 2.5.0 by @dependabot[bot] in #4950
• Bump SonarSource/sonarqube-scan-action from 6.0.0 to 7.0.0 by @dependabot[bot] in #4947
• Bump granian from 2.5.6 to 2.5.7 by @dependabot[bot] in #4923
• Bump annotated-doc from 0.0.3 to 0.0.4 by @dependabot[bot] in #4922
• Bump faker from 37.4.0 to 38.2.0 by @dependabot[bot] in #4920
• Update workflow references to SSC-ICT-Innovatie by @underdarknl in #4962
• Bump urllib3 from 2.5.0 to 2.6.3 in /boefjes/boefjes/plugins/kat_webpage_analysis by @dependabot[bot] in #4972
• Bump filelock from 3.18.0 to 3.20.3 in /octopoes by @dependabot[bot] in #4968
• Bump filelock from 3.18.0 to 3.20.3 in /boefjes by @dependabot[bot] in #4973
• Bump pynacl from 1.5.0 to 1.6.2 in /bytes by @dependabot[bot] in #4974
• Change DESTINATION_BRANCH to github.head_ref by @underdarknl in #4961
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by @dependabot[bot] in #4946
• Remove commit and push step for Dependabot by @underdarknl in #4981
• Bump python-multipart from 0.0.20 to 0.0.22 in /bytes by @dependabot[bot] in #4982
• Bump botocore from 1.40.46 to 1.40.76 by @dependabot[bot] in #4979
• Bump phonenumbers from 9.0.17 to 9.0.22 by @dependabot[bot] in #4976
• Fix/repo links docs by @underdarknl in #4939
• Bump sqlparse from 0.5.3 to 0.5.5 by @dependabot[bot] in #4991
• Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #4986
• Bump github/codeql-action from 4.31.9 to 4.32.0 by @dependabot[bot] in #4988
• Bump actions/upload-artifact from 4 to 6 by @dependabot[bot] in #4985
• Feat/container registry by @underdarknl in #4956
• Bump docker/metadata-action from 5.8.0 to 5.10.0 by @dependabot[bot] in #4987
• Bump docker/login-action from 3.6.0 to 3.7.0 by @dependabot[bot] in #4989
• fix UV call, and upgrade various dependencies and lock files by @underdarknl in #5000
• Add setup_test_org management command for development by @hasecon in #4998
• add sync to octopoes ci tests. by @underdarknl in #5004
• disable sonarcloud untill we get the accounts sorted again by @underdarknl in #5001
• Bump cryptography from 46.0.4 to 46.0.5 in /boefjes by @dependabot[bot] in #5008
• Bump pillow from 12.1.0 to 12.1.1 in /rocky by @dependabot[bot] in #5010
• Bump cryptography from 46.0.4 to 46.0.5 in /bytes by @dependabot[bot] in #5011
• Move to prek for precommit checks by @underdarknl in #5003
• Upgrade dependencies by @underdarknl in #5012
• update container urls for boefjes by @underdarknl in #5002
• move octopoes Ci to new multinode image by @underdarknl in #4999
• Fix backup and restore scripts for cross-platform support and correctness by @hasecon in #5013
• Update Python interpreter trigger to use python3 instead of specific … by @underdarknl in #4970
• Dont crash on worker threads that have no PID, when reporting on stopped workers. by @underdarknl in #4803
• Update migrate-openkat.sh by @underdarknl in #4997
• Fix command substitution syntax in systemd service files by @underdarknl in #5022
• Bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #5025
• Bump github/codeql-action from 4.32.1 to 4.32.4 by @dependabot[bot] in #5028
• Bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #5026
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @dependabot[bot] in #5029
• Bump actions/checkout from 5 to 6 by @dependabot[bot] in #5027
• Fix/boefje oci paths as required since the new registry naming was used by @underdarknl in #5024
• add distro version id to build matrix by @underdarknl in #5016
• Pass katalogus settings to containerized boefjes and add local CVE API by @hasecon in #5017
• Bump immutable from 4.1.0 to 4.3.8 in /rocky by @dependabot[bot] in #5034
• Release notes for OpenKAT 1.21 - Lapjeskat by @underdarknl in #5035
• Bump svgo from 2.8.0 to 2.8.2 in /rocky by @dependabot[bot] in #5033

New Contributors

• @reinschaap made their first contribution in #4937
• @cookiemonster made their first contribution in #4938
• @hasecon made their first contribution in #4960

Full Changelog: v1.20.1...v1.21.0