Merge branch 'update-docs' into 'main'

Update docs See merge request reportcreator/reportcreator!557
Syslifters · May 22, 2024 · 1c87849 · 1c87849
2 parents 66bc4fe + 8f0698a
commit 1c87849
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 3 deletions.
diff --git a/docs/docs/features-and-pricing.md b/docs/docs/features-and-pricing.md
@@ -13,6 +13,7 @@
 | [__MFA (FIDO/WebAuthn, TOTP)__](/show-and-tell/2023/06/12/2fa-for-all/){ target=_blank }      | <span style="color:green;font-weight:bold;">✓</span>                                                          | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
 | [__Note Taking__](/show-and-tell/2023/05/30/note-taking-included/){ target=_blank }           | <span style="color:green;font-weight:bold;">✓</span>                                                          | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
 | [__Version History__](/reporting/version-history/){ target=_blank }                                        | <span style="color:red;font-weight:bold;">X</span>                                                            | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
+| [__Concurrent Editing__](/show-and-tell/2024/05/22/concurrent-editing/){ target=_blank }                                        | <span style="color:red;font-weight:bold;">X</span>                                                            | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
 | [__Spell Check*__](/reporting/spell-check/){ target=_blank }                                  | <span style="color:red;font-weight:bold;">X</span>                                                            | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
 | [__Project Retention Times__](/setup/configuration/#archiving){ target=_blank }               | <span style="color:red;font-weight:bold;">X</span>                                                            | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |
 | [__Easy Backups__](/setup/backups/){ target=_blank }                                          | <span style="color:red;font-weight:bold;">X</span>                                                            | <span style="color:green;font-weight:bold;">✓</span>                                                                                                                  |

diff --git a/docs/docs/images/show/concurrent-editing.png b/docs/docs/images/show/concurrent-editing.png
diff --git a/docs/docs/insights/vulnerabilities.md b/docs/docs/insights/vulnerabilities.md
@@ -1,3 +1,15 @@
+## Cross-Site Websocket Hijacking in SysReptor (CVE-2024-36076)
+
+**CVSSv3.1:** Medium (6.8; CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)  
+**Affected versions** 2024.28 to 2024.30  
+**Fixed in 2024.40** (on 25 May 2024)  
+
+Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to gain read and write access to personal notes and project notes when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.
+
+Credits go to our colleague [Christoph Mahrl](https://docs.syslifters.com/en/christoph/){ target=_blank }.  
+Find more information in our [advisory](https://github.com/Syslifters/sysreptor/security/advisories/GHSA-2vfc-3h43-vghh){ target=_blank }.
+
+
 ## HTTP Request Smuggling in non-recommended configurations (CVE-2024-1135)
 
 **CVSSv3.1:** High (7.8; CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)  

diff --git a/docs/docs/reporting/markdown-features.md b/docs/docs/reporting/markdown-features.md
@@ -113,7 +113,7 @@ Content-Length: 33
 
 ![Manual Code Block Highlighting](/images/md_code_manual_highlight.png)
 
-If you need more advanced highlighting, you can place cutom HTML code inside the `§§` placeholders e.g. `§<mark><em><span class="custom-highlight">§`.
+If you need more advanced highlighting, you can place custom HTML code inside the `§§` placeholders e.g. `§<mark><strong><span class="custom-highlight">§Highlight this text.§§`.
 If your code snippet includes `§`-characters, you cannot use them as escape characters for manual highlighting. 
 It is possible to specify a different escaple character via the `highlight-manual="<escape-character>"` attribute.
 Make sure that the escape character is not present in the code block.

diff --git a/docs/docs/setup/configuration.md b/docs/docs/setup/configuration.md
@@ -59,10 +59,10 @@ DEBUG=off
 
 
 ### Allowed Hosts
-Allowed hostnames/domain names for this installation.
+Comma-separated allowed hostnames/domain names for this installation.
 
 ``` title="Example:"
-ALLOWED_HOSTS="sysreptor.example.com"
+ALLOWED_HOSTS="sysreptor.example.com,sysreptor.example.local"
 ```
 
 

diff --git a/docs/docs/show-and-tell/posts/concurrent-editing.md b/docs/docs/show-and-tell/posts/concurrent-editing.md
@@ -0,0 +1,10 @@
+---
+date: 2024-05-22
+---
+
+# Concurrent editing
+Multiple pentesters can now edit one finding or section concurrently.
+
+If you experience problems with WebSockets set the ALLOWED_HOSTS in app.env and make sure your reverse proxy allows the usage of WebSockets.
+
+![Concurrent editing in finding](/images/show/concurrent-editing.png)