3.1.7
Bug
[CAN-2359] - Tinymce XSS via embed elements
[CAN-2360] - API sorting doesn't reset existing sorts
[CAN-2364] - Jira authentication fails
3.1.6
Bug
[CAN-2272] - Qualys importer does not wrap examples in pre block
[CAN-2311] - OpenVAS v9 importer error: TypeError: unhashable type: 'dict'
[CAN-2340] - KB import fails with exception when references are present
...
Added Ubuntu 18.04 support.
Bug
[CAN-2238] - SoW Reference column has incorrect formatting
[CAN-2240] - Scope revenue field has incorrect formatting
[CAN-2262] - xlsx export should use primary findings by default
[CAN-2263] - PhaseContact edit dialog incorrect detects modifications upon close
[CAN-2281] - Methodology phase view doesn't show description/guides/references in an obvious way
[CAN-2282] - Filter phases from the project view results in http 500
[CAN-2291] - Tool importer fails when examples contain NUL characters when using postgresql
[CAN-2296] - Some canopy settings are not available via the UI without manual creation from command line
...
[CAN-2294] - Additional cross-reference types in report xml
3.1.4
Bug
[CAN-2236] - Non-admins cannot view message templates when attempting to send emails from phase view when using dummy data
...
- [CAN-2219] - XSS in project access control dialog
- XSS via project name in scheduler
- XSS in custom roles membership list in admin section
Bug
[CAN-1479] - Tinymce editor does not show field errors
[CAN-1848] - Rich text in report tables not displaying
[CAN-1849] - Rich text in report tables not saved in some cases
[CAN-2021] - Report row renderer handles long lines poorly
[CAN-2043] - Breadcrumbs do not handle selection of records duplicated titles
[CAN-2122] - Scheduler modifies records on render resulting in dirty records
[CAN-2141] - Message preview error when formatting does not encapsulate the entire template variable
[CAN-2164] - Authors Autocomplete on report properties doesn't work
[CAN-2189] - XML Postprocessors do not run when mapping xml is generated
[CAN-2200] - Possible bug in email generation when using PR workflow
[CAN-2201] - report.type validation failure leads to general error in the UI
[CAN-2208] - Message template: daily summary includes ignored and group members in default list
[CAN-2209] - nmap importer fails with "add() takes only one argument"
[CAN-2210] - Permissions take too long to propagate to the frontend in certain circumstances
[CAN-2211] - Portals list's primary and selection toolbars visible with selection
[CAN-2213] - Email preview permissions misalignment
[CAN-2218] - DATA_PATH does not get created with fresh installations
[CAN-2220] - Phase uploads with a comma in the name breaks downloading and insertion into findings
[CAN-2225] - User email changes are not reflected in user role slugs
[CAN-2231] - File ID prefixed to downloaded documents
...
[CAN-2010] - Clarify custom field field names in admin UI
[CAN-2224] - Message templates should support custom fields
[CAN-2226] - Allow filtering on phase fields from project list
[CAN-2228] - Allow users to close main menu by clicking outside of it
3.1.2
Bug
[CAN-1411] - Comments component lacks mask and error handling
[CAN-1479] - Tinymce editor does not show field erros
[CAN-1480] - Many grids and comboboxes are missing the `emptyText` property
[CAN-1495] - Missing renderers for activity log entries
[CAN-1520] - Incorrect multi character usage of strip()/lstrip()/rstrip()
[CAN-1679] - Tool files that fail to import does not report failure in UI
[CAN-1730] - Reports 'kanban' should sort by report_due_date
[CAN-1805] - Comments endpoint doesn't do sufficient permission checking
[CAN-1854] - PDF generation should be async
[CAN-1889] - Rich text custom fields should always be content fields
[CAN-1904] - UI exception (being investigated)
[CAN-1919] - Unable to Delete Multiple Reference From a Finding
[CAN-1992] - Long project/phase titles push buttons off viewport
[CAN-2030] - Modifying the content/structure of a document template should update the last modified date
[CAN-2044] - Report generation retry doesn't update status on generated reports
[CAN-2132] - Total finding status counts not output in XML
[CAN-2142] - Project creation dialog lists SoWs from all clients when opened from client view
[CAN-2143] - No way to link/unlink findings and assets from asset view
[CAN-2144] - Activity log entry creation fails when adding multiple findings from the KB
[CAN-2148] - RelatedObjectDoesNotExist: UserProfile has no prbac_role.
[CAN-2164] - Authors Autocomplete on report properties doesn't work
[CAN-2175] - Disable DRF web API browser
[CAN-2178] - Exception in scheduler events endpoint
[CAN-2181] - Ticket creation window doesn't handle typing into container combo
[CAN-2195] - "Further Reading" section is not populated when a Nessus finding is inserted
[CAN-2197] - Django doesn't handle certain Oracle connection states
[CAN-2198] - Celery doesn't honour CONN_MAX_AGE
...
[CAN-1870] - Standardise on capitalisation throughout Canopy
[CAN-1954] - Schedule project view should show client
[CAN-2072] - Handle missing email templates more gracefully
[CAN-2073] - Custom logic for upgrading data
[CAN-2177] - ical events should be processed by email clients for better calendaring integration
3.1.1
Bug
[CAN-2156] - Add asset window field not visible
[CAN-2161] - Incorrect RPM versioning
[CAN-2164] - Authors Autocomplete on report properties doesn't work
[CAN-2174] - Total days missing from phases / report
...
[CAN-1843] - Team support
[CAN-1938] - Assessment delivery workflow emails
Bug
[CAN-1366] - Re-auth login screen requires refactoring
[CAN-1806] - User access panel shows 'no-one' for disabled users
[CAN-1822] - /api/messaging/comment/count/ breaks on Oracle DB
[CAN-1855] - Notification's object representations should be generated at notification time
[CAN-1862] - User can be scheduled outside of phase dates
[CAN-1863] - Single day phases can't be scheduled
[CAN-1915] - Creating a user without a role fails without error displayed in UI
[CAN-1929] - Report workflow state changes generate duplicate grants
[CAN-1967] - Django 1.8 only supports cxOracle 5.x and we are installing latest
[CAN-1969] - Build server uses the wrong version of the scheduler for Canopy 3.1 builds
[CAN-1972] - Fix alignment of segmented time scale buttons in scheduler toolbar
[CAN-1973] - Various issues with scheduler's resource view
[CAN-1975] - Oracle compat: get_or_create and update_or_create should not have TextFields in their lookup values
[CAN-1976] - Schedule entry editing fails when triggered from resource view
[CAN-1978] - Scheduler performance: only load scheduler events for the current time period
[CAN-1989] - Admins should not be able to delete built-in custom roles
[CAN-1990] - PR/QA roles listed as custom roles and can be deleted
[CAN-2000] - Template finding ID missing from XML mapping path
[CAN-2008] - Workflows do not initialise on registration
[CAN-2013] - TemplateDocumentContent model has incorrect unique_together constraint
[CAN-2025] - XSS in profile image
[CAN-2026] - XSS in signature image
[CAN-2027] - XSS in login banner
[CAN-2031] - XLSX generation allows Excel functions and macros to be embedded in the generated file
[CAN-2037] - Auto-refresh grids: reports
[CAN-2038] - Auto-refresh grids: sows
[CAN-2050] - Edit Opportunity - description field height issue
[CAN-2056] - Possible emailling permissions bug
[CAN-2057] - Drag and dropped images fail due to invalid checksum saving
[CAN-2060] - Custom fields are mandatory in the UI
[CAN-2063] - Output start and end dates in SoW XML
[CAN-2064] - SoW lead author
[CAN-2066] - SoW templates list includes deleted templates
[CAN-2075] - Phase scope location field save error
[CAN-2079] - Description field is cut off in opportunity edit dialog
[CAN-2080] - Consistency: please change here finding into vulnerability
[CAN-2081] - Company custom fields not displaying in edit dialog
[CAN-2085] - Disabled custom fields not listed in admin section
[CAN-2090] - Email validation error not show in user add/edit form
[CAN-2094] - Chart plugin data mapping
[CAN-2097] - Email preview not working
[CAN-2098] - HttpMethodSerializer doesn't differentiate between listings and individual lookups
[CAN-2100] - EditWindow field change detection inaccurate
[CAN-2105] - UI border on reports
[CAN-2108] - "Reporter" not set for imported findings
[CAN-2110] - Benchmark not generating correctly
[CAN-2115] - Projects not shown for senior analysts
[CAN-2124] - References data missing from generated XML
[CAN-2125] - Sample category charts set incorrect data for category axis
[CAN-2131] - Client icon inconsistent use
[CAN-2136] - Message template migration (canopy/migrations/0066_auto_20180412_1505.py) doesn't handle changes in titles
[CAN-2139] - Notifications icon does not show the number of outstanding icons clearly
[CAN-2140] - Scheduler's team filtering generates exception
[CAN-2145] - collectstatic usage leads to incorrect static files in certain circumstances
[CAN-2151] - Split out KB admin permissions into a separate role
[CAN-2152] - Migrations do not run when upgrading from 3.0.7 to 3.1.0
[CAN-2153] - Report tables have incorrect field types in mapping xml
[CAN-2155] - SoW layout has no border width (spacing/padding)
[CAN-2157] - Re-test phase resets resolved finding status to open
[CAN-2158] - Out of scope flag missing from status list modifier
[CAN-2159] - pyc files are not properly removed/generated during package upgrades
...