Release v3.9.2

Changelog:

• Add agents feature for distributed plugin execution
• Add an API endpoint to to perform a bulk create of many objects (hosts,
  services, vulns, commands and credentials). This is used to avoid doing a lot
  of API requests to upload data. Now one request should be enough
• Major style and color changes to the Web UI
• Add API token authentication method
• Use server side stored sessions to properly invalidate cookies of logged out users
• Add "New" button to create credentials without host or service assigned yet
• Allow filtering hosts by its service's ports in the Web UI
• Performance improvements in vulnerabilities and vulnerability templates API (they
  were doing a lot of SQL queries because of a programming bug)
• Require being in the faraday-manage group when running faraday from a .deb or .rpm package
• Change the first page shown after the user logs in. Now it displays a workspace
  selection dialog
• Add API endpoint to import Vuln Templates from a CSV file
• Create the exported CSV of the status report in the backend instead of in the
  problem, which was much slower
• Add API endpoint to import hosts from a CSV file
• Add faraday-manage rename-user command to change a user's username
• Allow resizing columns in Vulnerability Templates view
• Avoid copying technical details when a vuln template is generated from the status report
• Use exact matches when searching vulns by target
• Add API endpoint to get which tools impacted in a host
• Add pagination to activity feed
• Add ordering for date and creator to vuln templates view
• Modify tabs in vuln template, add Details tab
• Add copy IP to clipboard button in hosts view
• Add creator and create date columns to vuln template view
• When a plugin creates a host with its IP set to a domain name,
  resolve the IP address of that domain
• Add support for logging in RFC5254 format
• Add active filter in workspaces view. Only show active workspaces
  in other parts of the Web UI
• Enforce end date to be greater than start date in workspaces API
• Fix bug in faraday-manage create-tables that incorrectly marked schema
  migrations as applied
• Fix bug in many plugins that loaded hostnames incorrectly (one hostname per chararcter)
• Improve references parsing in OpenVAS plugin
• Fix a bug in Nessus plugin when parsing reports without host_start
• Fix bug hostname search is now working in status-report
• Fix showing of services with large names in the Web UI
• Fix broken select all hosts checkbox
• Fix bug viewing an attachment/evidence when its filename contained whitespaces
• Fix "Are you sure you want to quit Faraday?" dialog showing twice in GTK

Release v3.8.0

• Refactor the project to use absolute imports to make the installation easier
  (with a setup.py file). This also was a first step to make our codebase
  compatible with python 3.
• Change the commands used to run faraday. ./faraday-server.py,
  ./manage.py, ./faraday.py and bin/flugin are replaced for faraday-server, faraday-manage,
  faraday-client and fplugin respectively
• Changed suggested installation method. Now we provide binary executables with all python dependencies
  embedded into them
• Add admin panel to the Web UI to manage custom fields
• Fix slow host list when creating vulns in a workspace with many hosts
• Usability improvements in status report: change the way vulns are selected and confirmed
• Improve workspace workspace creation from the Web UI
• Fix attachment api when file was not found in .faraday/storage
• Fix visualization of the fields Policy Violations and References.
• Add a setting in server.ini to display the Vulnerability Cost widget of the Dashboard
• Fix status report resize when the browser console closes.
• Fix severity dropdown when creating vulnerability templates
• Update OS icons in the Web UI.
• Fix bug when using custom fields, we must use the field_name instead of the display_name
• Prevent creation of custom fields with the same name
• Add custom fields to vuln templates.
• Fix user's menu visibily when vuln detail is open
• Remove "show all" option in the status report pagination
• The activity feed widget of the dashboard now displays the hostname of the
  machine that runned each command
• Add loading spinner in hosts report.
• Fix "invalid dsn" bug in sql-shell
• Fix hostnames bug in Nikto and Core Impact plugins
• Change Openvas plugin: Low and Debug threats are not taken as vulnerabilities.
• Add fplugin command to close vulns created after a certain time
• Add list-plugins command to faraday-manage to see all available plugins
• Fix a logging error in PluginBase class
• Fix an error when using NexposePlugin from command line.
• Add CSV parser to Dnsmap Plugin
• Fix bug when creating web vulnerabilities in dirb plugin
• Change Nexpose Severity Mappings.

Release v3.7.0

• New feature vulnerability preview to view vulnerability data.
• Update Fierce Plugin. Import can be done from GTK console.
• Update Goohost plugin and now Faraday imports Goohost .txt report.
• Update plugin for support WPScan v-3.4.5
• Update Qualysguard plugin to its 8.17.1.0.2 version
• Update custom fields with Searcher
• Update Recon-ng Plugin so that it accepts XML reports
• Add postresql version to status-change command
• Couchdb configuration section will not be added anymore
• Add unit test for config/default.xml

Release v3.6.0

3.6 [Feb 21th, 2019]:

• Fix CSRF (Cross-Site Request Forgery) vulnerability in vulnerability attachments API.
  This allowed an attacker to upload evidence to vulns. He/she required to know the
  desired workspace name and vulnerability id so it complicated the things a bit. We
  classified this vuln as a low impact one.
• Readonly and disabled workspaces
• Add fields 'impact', 'easeofresolution' and 'policyviolations' to vulnerability_template
• Add pagination in 'Command history', 'Last Vulnerabilities', 'Activity logs' into dashboard
• Add status_code field to web vulnerability
• Preserve selection after bulk edition of vulnerabilities in the Web UI
• Faraday's database will be created using UTF-8 encoding
• Fix bug of "select a different workspace" from an empty list loop.
• Fix bug when creating duplicate custom fields
• Fix bug when loading in server.ini with extra configs
• Fix ./manage.py command. It wasn't working since the last schema migration
• ./manage.py createsuperuser command renamed to ./manage.py create-superuser
• Fix bug when non-numeric vulnerability IDs were passed to the attachments API
• Fix logic in search exploits
• Add ability to 'Searcher' to execute rules in loop with dynamic variables
• Send searcher alert with custom mail
• Add gitlab-ci.yml file to execute test and pylint on gitlab runner
• Fix 500 error when updating services and vulns with specific read-only parameters set
• Fix SQLMap plugin to support newer versions of the tool
• Improve service's parser for Lynis plugin
• Fix bug when parsing URLs in Acunetix reports
• Fix and update NetSparker Plugin
• Fix bug in nessus plugin. It was trying to create a host without IP. Enabled logs on the server for plugin processing (use --debug)
• Fix bug when parsing hostnames in Nessus reports
• Fix SSLyze report automatic detection, so reports can be imported from the web ui
• Update Dnsmap Plugin

Release v3.5.0

• Redesgin of new/edit vulnerability forms
• Add new custom fields feature to vulnerabilities
• Add ./manage.py migrate to perform alembic migrations
• Faraday will use webargs==4.4.1 because webargs==5.0.0 fails with Python2
• New system for online plugins using Threads, a few fixes for metasploit plugin online also.
• Fix Command "python manage.py process-reports" now stops once all reports have been processed
• Fix bug in query when it checks if a vulnerability or a workspace exists
• Fix Once a workspace is created through the web UI, a folder with its name is created inside ~/.faraday/report/
• The manage.py now has a new support funtionality that creates a .zip file with all the information faraday's support team will need to throubleshoot your issue
• Status-check checks PostgreSQL encoding
• Fix a bug when fail importation of reports, command duration say "In Progress" forever.
• Fix confirmed bug in vulns API
• Update websockets code to use latest lib version
• bootstrap updated to v3.4.0
• Manage.py support now throws a message once it finishes the process.
• Update Lynis to its version 2.7.1
• Updated arp-scan plugin, added support in the Host class for mac address which was deprecated before v3.0
• OpenVAS Plugin now supports OpenVAS v-9.0.3

Release v3.4

• In GTK, check active_workspace its not null
• Add fbruteforce services fplugin
• Attachments can be added to a vulnerability through the API.
• Catch gaierror error on lynis plugin
• Add OR and NOT with parenthesis support on status report search
• Info API now is public
• Web UI now detects Appscan plugin
• Improve performance on the workspace using cusotm query
• Workspaces can be set as active/disable in welcome page.
• Change Nmap plugin, response field in VulnWeb now goes to Data field.
• Update code to support latest SQLAlchemy version
• Fix create_vuln fplugin bug that incorrectly reported duplicated vulns

Faraday v3.3

• Add workspace disable feature
• Add mac vendor to host and services
• Fix typos and add sorting in workspace name (workspace list view)
• Improve warning when you try to select hosts instead of services as targets of a Vulnerability Web
• Deleted old Nexpose plugin. Now Faraday uses Nexpose-Full.
• Update sqlmap plugin
• Add updated zap plugin
• Add hostnames to nessus plugin
• Python interpreter in SSLCheck plugin is not hardcoded anymore.
• Fix importer key error when some data from couchdb didn't contain the "type" key
• Fix AttributeError when importing vulns without exploitation from CouchDB
• Fix KeyError in importer.py. This issue occurred during the import of Vulnerability Templates
• Fix error when file config.xml doesn't exist as the moment of executing initdb
• Improve invalid credentials warning by indicating the user to run Faraday GTK with --login option
• Fix typos in VulnDB and add two new vulnerabilities (Default Credentials, Privilege Escalation)
• Improved tests performance with new versions of the Faker library
• abort() calls were checked and changed to flask.abort()

Faraday V3.2

• Added logical operator AND to status report search
• Restkit dependency removed.
• Improvement on manage.py change-password
• Add feature to show only unconfirmed vulns.
• Add ssl information to manage.py status-check
• Update wpscan plugin to support latest version.
• Allow workspace names starting with numbers.

Version 3.1.1

• Fix bug: manage.py status_check
• Fix bug: manage.py initdb

Version 3.1

• Fix get exploits API
• New searcher feature
• Added host_os column to status report
• Fix and error while trying to execute server with --start
• Added option --choose-password to initdb
• Continous scan updated for Nessus 7
• Refactor on server.config to remove globals
• Added a directory for custom templates for executive reports (pro and corp)
• Activity feed shows more results and allows to filter empty results
• Allow ot create workspace that start with numbers
• Added more variables to executive reports (pro and corp)
• Fixed some value checking on tasks api (date field)
• OpenVas plugin updated
• Appscan plugin update
• Added no confirmed vulns to report api
• Fixed a bug on workspace API when the workspace already exists on database
• Fix owner filter on status report
• Fixes on import_csv fplugin when the api returned 409
• Fixes on status_check
• Fixed a bug on webui when workspace permission was changed (pro and corp)
• Update nexpose plugin
• Ugrid library updated to latest version
• Bug fix on plugin automatic detection
• Fixed a bug on executive reports when multiple reports were scheduled
• Avoid closing the executive report and new vuln modal when the form has data
• Status report open new tab for evidence
• Added change_password to manage.py
• Update wapiti plugin
• Fixed vuln count on executive report (pro and corp)
• Fixed css align in some tables
• Fixed No ports available error on the client