Canopy
Canopy

Release notes for Canopy 3.2

3.2.0

Highlights

  • Implement finding tracking across phases via Project Findings
  • Major performance improvements in permissions subsystem
  • Ability to view Canopy logs and restart services from the admin section
  • Acutentix support
  • Many refinements around Knowledge Base(KB) entries
  • Includes all changes of previous Canopy release up to and including Canopy 3.1.7

Backward incompatible changes

Report XML

  • template_finding__id is now template_finding__reference
  • All retest related sections have been changed to accommodate project findings

Bug

  • [CAN-1496] - Total opportunities and total projects summary stats missing from Company dashboard
  • [CAN-1669] - SoW creation dialog doesn’t have reference field
  • [CAN-1702] - Document status not updated on page when workflow completed
  • [CAN-1832] - Tool parsers do not preserve all data during html to md conversion
  • [CAN-1841] - EditableTitle component doesn’t handle save failures correctly
  • [CAN-2034] - Email preview ajax call is slow
  • [CAN-2194] - Selectively run workflow initialisation code based on current management command
  • [CAN-2216] - Remove width/height dimensions from img tags
  • [CAN-2222] - Tinymce fullscreen button doesn’t work correctly inside editwindows
  • [CAN-2232] - Publish to portal should only be visible if a portal is configured for the client the report/sow belongs to
  • [CAN-2234] - Scope file upload fails
  • [CAN-2243] - Logo quality lost during admin upload
  • [CAN-2261] - Remove “invalid date” from phase row renderer
  • [CAN-2273] - Changed date is not saved
  • [CAN-2278] - Importer data cleanup adds unnecessary newlines in evidence blocks
  • [CAN-2280] - Opportunity creation fails
  • [CAN-2283] - Possible bug in paging where results overlap
  • [CAN-2288] - Missing activity renderer for USER_AUTH_TOKEN_CREATE
  • [CAN-2289] - Failed tool imports are not marked as failed for errors that leave the current transaction in an error state
  • [CAN-2293] - Example.url max length of 255 is too short
  • [CAN-2295] - markdown2html function generates possibly incorrect html5
  • [CAN-2297] - Stale data cause workflow permissions checks to fail
  • [CAN-2306] - Tool importing fails when tool mappings are applied
  • [CAN-2307] - Template finding save fails with HTTP 500
  • [CAN-2308] - Creating/Editing a KB entry so that it has an existing reference results in a generic error instead of a field error
  • [CAN-2310] - SAML SSO doesn’t re-enable disabled users
  • [CAN-2312] - Session timeout pop-up renders incorrectly
  • [CAN-2317] - Permission system is not performant with large amounts of phases and users
  • [CAN-2322] - Users with kb-add permission cannot add KB entries without the kb-edit permission
  • [CAN-2323] - Analysts can view Export KB button but don’t have permission to download
  • [CAN-2324] - canopy-manage templatedocument broken
  • [CAN-2325] - Add reference button is visible to users with kb-view permission but without kb-edit
  • [CAN-2326] - Analyst users cannot create reports
  • [CAN-2327] - SAML attribute mapping fails on is_admin field
  • [CAN-2331] - Deadlock in permission cache generation
  • [CAN-2332] - syncfixtures fails on settings with conflicting names (setting.setting)
  • [CAN-2333] - Canopy incorrectly assumes responseText is available on ajax response objects (Extjs > 6.2)
  • [CAN-2334] - Fix permissions for KB item reference permissions
  • [CAN-2335] - Project’s add contact window doesn’t show contacts for analyst users with admin on project
  • [CAN-2337] - Settings are only readable by admin users
  • [CAN-2341] - Project deletion fails when a ProjectFinding has multiple versions
  • [CAN-2351] - Email addresses are parsed incorrectly for to/cc/bcc recipients
  • [CAN-2353] - Opportunity list does not display date information
  • [CAN-2368] - KB endpoint returns HTTP 400 on creation/editing of KB entries
  • [CAN-2373] - SOW_DOCUMENT_STATUS field does not exist
  • [CAN-2377] - Single phase reference should not include the .1
  • [CAN-2378] - Creating a project from a SoW returns successful but fails to create due to reference uniqueness condition
  • [CAN-2380] - Phase contact UI shows role as required
  • [CAN-2388] - Custom xLSX template does not convert HTML for rendering in cells
  • [CAN-2403] - XSS in skills combobox on user profile view
  • [CAN-2406] - Email report notifications sent only for completed reports
  • [CAN-2407] - Notification message edits are not preserved during notification sending
  • [CAN-2408] - PR Required notification does not work when template is modified to include action.user_name field

New Feature

  • [CAN-1828] - Custom Classifications
  • [CAN-2101] - Previous findings in report XML
  • [CAN-2256] - Allow project findings in retest dialog to be filtered by phase
  • [CAN-2259] - Creation of retest phase from an existing phase’s view
  • [CAN-2260] - Allow copy of project finding(s) into the current phase
  • [CAN-2320] - Add ability to create/delete Canopy settings via admin UI
  • [CAN-2367] - Allow admin users to restart canopy commands and view/download canopy logs from the admin UI
  • [CAN-2372] - SoW file format synchronisation filter required

Improvement

  • [CAN-2251] - Rename message template email.phase_daily_update to email.phase_progress_update
  • [CAN-1572] - Support burp reference data
  • [CAN-1879] - Default phase creation
  • [CAN-1928] - Hide report workflow buttons for actions that a user is not authorised to take
  • [CAN-1935] - Migrate or remove Canopy 2 API endpoints
  • [CAN-1939] - Ability to set custom fields as required
  • [CAN-1949] - Warn before sending email before preview
  • [CAN-2163] - Add missing report/SoW substitution variables
  • [CAN-2165] - Add a reference field to KB to allow for unique ID assignment
  • [CAN-2166] - Mark KB findings as deprecated
  • [CAN-2233] - Publish to portal permission
  • [CAN-2257] - Retest dialog: Pre-filter project findings list to only open and partially resolved project findings
  • [CAN-2258] - Display project finding’s latest phase in project findings list
  • [CAN-2316] - Project findings XML should include the first and last phase info
  • [CAN-2318] - Project findings plugin order by CVSS
  • [CAN-2339] - Include more data in re-test finding copying
  • [CAN-2343] - Output template_finding__reference in Report XML
  • [CAN-2347] - Project centre column change to tabs
  • [CAN-2350] - Employee ID field on UserProfile and Contact models
  • [CAN-2352] - Users want to be able to determine which examples should be considered ‘primary’
  • [CAN-2355] - Expand KB item filter fields
  • [CAN-2356] - Display and order KB items by associated findings count
  • [CAN-2357] - Display user who created/approved KB item in KB item view
  • [CAN-2362] - Add KB filter button on approved status
  • [CAN-2363] - Add KB list column for date modified
  • [CAN-2365] - Automatically select search field in “Add from KB” dialog
  • [CAN-2375] - Map scope days to test days from phase_scope to phase
  • [CAN-2379] - Copy SoW contacts to phase contacts
  • [CAN-2387] - Report download XLSX option should use custom XLSX template