Releases: CERTCC/VINCE
Releases · CERTCC/VINCE
VINCE v1.50.4
- UI improvements for vincetrack for search experience
- Performance tweaks for Tickets search use
$queryset.count()
instead oflen($queryset)
when pagination is used - Fix HTML injection vulnerabilities reported by Rapid7 researcher Nick Sanzotta (CVE-2022-40248, CVE-2022-40257)
What's Changed
- Fixes and Updates to 1.50.4 by @sei-vsarvepalli in #56
Full Changelog: v1.50.3...v1.50.4
VINCE v1.50.3
- Full support for CSAF 2.0 export of vulnerability Case
- Fix for a number of Views to avoid digit parameter confusion
- Add view CSAF and VINCE JSON to support download of Case data in machine-readable format
- If upgrading, make sure you verify
settings.py
has new variablesCONTACT_PHONE ORG_POLICY_URL
andORG_AUTHORITY
populated.
What's Changed
- Updates to support full CSAF capability by @sei-vsarvepalli in #53
Full Changelog: v1.50.2...v1.50.3
VINCE v1.50.2
- Resolves issue of enumerating user_id and group_id - reported by Sharon Brizinov of Claroty Research #51
- Removed lxml library no longer in use in requirements.txt - reported by dependabot via #38
- Add [DISABLED] Keyword for users in inactive status in vincetrack Teams menu view.
What's Changed
- mention the vuln that was fixed #transparency by @attritionorg in #50
- Resolves issue of privacy of URLs v1.50.2 by @sei-vsarvepalli in #52
New Contributors
- @attritionorg made their first contribution in #50
Full Changelog: v1.50.1...v1.50.2
VINCE v1.50.1
- BugFix for API key generation issue. The generate_key method was disabled accidentally
What's Changed
- BugFix for API key generation issue. The generate_key method was disa… by @sei-vsarvepalli in #44
- Errors in last PR #44 by @sei-vsarvepalli in #49
Full Changelog: v1.50.0...v1.50.1
VINCE v1.50.0
- New MFA reset workflow
- Allow comments when re-assigning tickets
- Sorting improvements on VINCEComm Dashboard
- Add Vul Note download button in VINCETrack
- Fixed open redirect vulnerability CVE-2022-25799 reported by Jonathan Leitschuh
- Bug Fixes
also includes changes from Version 1.49.0
- Contact Management Updates
- Dependency Upgrades
- Bug Fixes
Full Changelog: v1.48.0...v1.50.0
VINCE v1.48.0
Initial open source release of VINCE
Full Changelog: https://github.com/CERTCC/VINCE/commits/v1.48.0