Release notes for Canopy 3.8

3.8.3 (2023-08-11)

Canopy 3.8.3 is a patch release. Updating is recommended.

This patch release addresses multiple front-end issues affecting the finding/phase editing experience.


  • [CAN-3244] Comment endpoint is slow

  • [CAN-3354] Custom rich text fields lose their edits when their custom fields store reloads

  • [CAN-3414] Pasting images from certain software triggers exception in TinyMCE

  • [CAN-3415] Multiselect custom fields do not handle being saved after custom fields store reloads

  • [CAN-3416] Permission changes could result in front-end errors

3.8.2 (2023-04-06)

Canopy 3.8.2 is a patch release. Updating is recommended.

This patch release improves the overall quality of the Canopy 3.8 release.

The most important issue relates to a deadlock scenario in the Report Workflow component. A number of improvements (both front-end and backend) have been made to ensure workflow requests are processed correctly.

A number of minor bugs were also addressed.


  • [CAN-3206] Activity log API endpoint fails when certain objects are deleted

  • [CAN-3212] Field configurations could not mark certain checkboxes as optional

  • [CAN-3228] Report workflow component doesn’t indicate that a request is in progress

  • [CAN-3229] Deadlock in report workflow when it was triggered concurrently

  • [CAN-3231] Contact importing doesn’t refresh contact list

  • [CAN-3236] Report PR/QA selection dialogs stays in loading state

  • [CAN-3237] Contact import dialog doesn’t handle import errors well

  • [CAN-3240] Report PR/QA searching breaks when a user has a NULL name

  • [CAN-3242] JSON Custom fields with invalid values break xlsx export and reports

3.8.1 (2022-12-16)

Canopy 3.8.1 is a patch release. Updating is recommended.

This patch release adds a number of minor, but useful, improvements. Notably:

  • Addition of a new port/protocol list for each asset in the report XML. You can use this to map port/protocol lists to report output, if required. The entries are called csv_ports_with_protocols in the template mapping XML (multiple locations).

  • The Reports Overview (/#reports) now shows the client name to make tracking easier.

  • Additional stats have been added to the report XML to cover counts for finding status and rating combinations. For example, you can now include the count of all Critical and Open findings on a per phase basis, this can be added via a simple content control insert into the docx template. The additional stats have been added to the following report sections:

    • Report level stats: /checksec/report/summary

    • Project level stats: /checksec/company/project

    • Phase level stats: /checksec/company/project/phases/phase

  • Popups (modal dialogues) in a number of places have been changed to use relative sizing. This will provide larger editing windows on certain displays. This will make working on forms, such as phase add/edit, easier; especially when multiple custom fields are in use.

A number of minor bugs were also addressed since the 3.8.0 release.


  • [CAN-3127] Opportunity creation from portal sync fails in Canopy 3.8.0

  • [CAN-3128] HOME environmental variable is not updated when dropping root privileges

  • [CAN-3131] Internal field name of custom field with a hyphen does not save/load field content

  • [CAN-3132] Finding history button shows scrollbar on Chrome

  • [CAN-3134] TinyMCE adds table height automatically which leads to incorrect rendering in Word documents

New Feature

  • [CAN-3133] Add port protocols to assets in the report XML


  • [CAN-3121] Show Client Name on ALL Reports Views (Main Report view and recent reports)

  • [CAN-3129] Add combination of finding Status and Rating counts to report XML output

  • [CAN-3130] Change modals around Company/Opportunity/Project/Phase sections to use relative sizing

Report XML Changes

  • Added csv_ports_with_protocols element next to existing csv_ports element on assets. It is a unique CSV list of port/protocol pairs.

  • csv_ports on assets are now sorted.

  • Added total_STATUS_RATING_findings elements where total_STATUS_findings elements existed.

3.8.0 (2022-11-09)

Note: Includes all changes from Canopy 3.7.4 and earlier.

The 3.8.0 release adds a number of new features and improvements, as follows:

Collaboration improvements: View History and Conflict Detection

Collaborative editing experiences are really important when working on write-ups and reports. In Canopy 3.8.0 we’ve improved collaboration for teams with the addition of two important features: View History and Conflict Detection.

Note: both of these features are currently available on the Reports section of Canopy. These features expanded to other sections of Canopy in the coming releases.

View History

View History provides users with a visual diff of how content and other settings have changed over time. This is especially useful when performing QA reviews on findings and reports before they are released.

Conflict Detection

Conflict Detection helps ensure that you don’t clobber your colleagues’ edits. Canopy will now check whether the content you are trying to save is the latest version, or not. If the server has new changes that occurred after you started editing, it will provide you with the option to overwrite with your changes, or to update to the latest version of the data so you can continue editing on the latest version.

Note: This feature is limited to the Report’s WYSIWYG fields and Edit window at the moment. Conflict Detection on Findings and other views will be added via an upcoming release.

Remote lookups for custom text fields

Remote lookups via custom fields is a feature that helps improve the experience around form completion, especially for more complex forms.

This new feature can be used to lookup data in custom backend services (via plugins), and also populate multiple fields in the form. For example, perhaps you have an asset inventory system that you want to lookup data from and use that to automatically populate several fields in the New/Edit Project workflow in Canopy, or the assessment request form in Canopy Portal.

Note: This feature is supported on both Canopy and Canopy Portal.

Multi-select field type support

This release adds support for a new custom field type: multi-select. This is a custom field type that allows you to select 1-more options. This feature was requested to help with building better user experiences for the request form in Canopy Portal, but is also useful within Canopy itself.

Note: This feature is supported on both Canopy and Canopy Portal.

Custom field groupings and ordering

Canopy’s flexibility with custom fields allows users to extend forms within Canopy. However, for larger forms, we noticed that it would be useful to have ways of grouping and ordering such fields. This is now possible in this release of Canopy and Canopy Portal.

Note: This feature is supported on both Canopy and Canopy Portal.


  • [CAN-3087] Importer maps tool results to template findings using incorrect tool identifiers

  • [CAN-3094] Report download dialog raises exception when there is no template

  • [CAN-3100] Default value for PHASE_XLSX_EXPORT_TEMPLATE_PATH is out of date

  • [CAN-3124] Project finding endpoint returns incorrect first_created value


  • [CAN-3071] Remove local canopy.ini config file preference

Breaking Changes

  • PHASE_XLSX_EXPORT_TEMPLATE_PATH and REPORT_XLSX_EXPORT_TEMPLATE_PATH setting defaults have changed. These should be double checked if they are in use.

  • canopy.ini file in the current directory is no longer used automatically. Use CONFIG_FILE environmental variable to specify a specific location.

Older releases