Changelog
v2.1.9 (2025-06-13)
š Major Features:
- OIDC Auto-Discovery Enhancement (#672) - Automatic configuration discovery for OpenID Connect providers
- Comprehensive webpacker migration research and planning documents
- Enhanced Docker Compose configurations with production environment defaults
- Enterprise configuration management roadmap documentation
š§ Infrastructure & CI/CD Improvements:
- Add VULCAN_OIDC_DISCOVERY=true to CI/CD workflow
- Fix CI/CD and WebMock configuration for stable test runs
- Fix overcommit YarnInstall hook configuration
- Fix Anchore SBOM artifact naming issue (#668)
- Update GitHub Actions and dependencies to latest versions
š”ļø Security & Authentication Fixes:
- Fix critical OIDC authentication bug - case sensitivity issue
- Fix authentication test edge cases and mocking issues
- Fix critical authentication and authorization vulnerabilities
- Fix User effective_permissions method visibility
- Fix LDAP authentication in master branch (#669)
š Excel Export & Data Handling:
- Revised ordering of excel/csv output columns to align with DISA provided SRGTemplate spreadsheet (#660)
- Update CCI mappings to latest rev5 (#627)
š Bug Fixes:
- Fix Dockerfile legacy ENV format warnings
- Fix axios compatibility issues
- Remove problematic controller tests in favor of comprehensive model tests
- Fix RuboCop documentation warnings for test support modules
š Documentation & Project Management:
- Add organized documentation structure for decision records, guides, and architecture
- Track project CLAUDE.md as official project documentation
- Add comprehensive webpacker migration research and planning documents
- Enterprise configuration management to modernization roadmap
š Dependency Updates:
- Update workflow to use artifact actions v4 and update actions/cache from v2 to v4
- Bump ws from 6.2.2 to 6.2.3 in the npm_and_yarn group
- Various security-focused dependency updates
šļø Development Environment:
- Modernize Docker Compose configurations
- Fix overcommit issues and configuration
- Add production environment defaults to Docker configuration
š Notes:
- This is the final release using settingslogic for configuration management
- Next release (v2.2.0) will include migration to rails-settings-cached
- Rollback point for users who need the legacy configuration system
v2.1.8 (2024-06-28)
Closed issues:
- Update CCI mapping in Vulcan with the latest CCI list with Rev 5 mappings #626
v2.1.7 (2024-05-21)
Dependencies updates:
- Bump the npm_and_yarn group across 1 directory with 3 updates #623 (dependabot[bot])
- Bump the npm_and_yarn group across 1 directories with 1 update #620 (dependabot[bot])
- Bump the npm_and_yarn group across 1 directories with 1 update #619 (dependabot[bot])
- Bump axios from 0.21.4 to 1.6.0 #617 (dependabot[bot])
Merged pull requests:
v2.1.6 (2023-11-08)
Dependencies updates:
- Bump browserify-sign from 4.2.1 to 4.2.2 #614 (dependabot[bot])
- Bump @babel/traverse from 7.15.4 to 7.23.2 #613 (dependabot[bot])
Closed issues:
- Update image to not run as root #611
Merged pull requests:
v2.1.5 (2023-10-02)
Implemented enhancements:
- Enable user to select which component to excel export #610 (vanessuniq)
- Enabled viewing of related rules in read-only mode, but hiding the copy button #605 (vanessuniq)
Fixed bugs:
- Vulcan container crashes when exporting to excel #600
- Update inspec after copying or duplicate a component #598
- Ensure a ruleās inspec code is updated after establishing rule satisfaction or reverting change on a rule #609 (vanessuniq)
- Added fixref attribute to fixtext XML tag for compatibility with stig-viewer-3x #608 (smarlaku820)
Closed issues:
- Add fixref to XCCDF generation to be compatible with STIG Viewer 3.x #607
Merged pull requests:
- Removed Changelog from the landing page and have the app version on the top menu as a link directing to the changelog page #606 (vanessuniq)
v2.1.4 (2023-08-25)
Implemented enhancements:
- Give admins the ability to mark a project as āopenā #590
- Add constraint to satisfies workflow for configurable only requirements. #585
- Have Vulcan automatically list all available STIGs/SRGs #480
- STIG & Related Rules workflow #599 (vanessuniq)
- New Feature: Enable setting up Project visibility and Requesting access to a project #595 (vanessuniq)
- Notifications: Slack notification and SMTP Enhancement #594 (vanessuniq)
- VULCAN-528: Fix component admin on component cards #588 (vanessuniq)
- Constrain requirement for locking Applicable -Does Not Meet and Applicable - Inherently Meets controls #587 (vanessuniq)
- Constrain the selectable list to allow only Apllicable - Configurable controls to be satisfied by other #586 (vanessuniq)
Fixed bugs:
- Fix component_admin on component cards #528
- Fix Related Rules Grouping #604 (vanessuniq)
- Fix: Capture STIG Name on Upload #603 (vanessuniq)
- If null data just return for related info #602 (freddyfeelgood)
Dependencies updates:
- Bump puma from 4.3.12 to 5.6.7 #601 (dependabot[bot])
- Bump word-wrap from 1.2.3 to 1.2.4 #597 (dependabot[bot])
- Bump semver from 5.7.1 to 5.7.2 #596 (dependabot[bot])
- Bump audited from 5.0.2 to 5.3.3 #568 (dependabot[bot])
Closed issues:
- Extend email notifications to alert users when their role changes. #593
- Enable users to provide their own Slack user ID if they would like to receive Slack DMs (e.g. when added/removed from a project, role changes, review requests, etc). #592
- Enable users (admins) to provide the Slack channel they want to use for each project or component. This can be provided on project/component creation or edited in the project/component metadata. #591
- The Mitigation field must be populated if the requirement Status is āApplicable - Does Not Meetā #578
- Artifact Description is required and should only be visible in Status - Applicable - Inherently Meets #577
- Look into backup options for heroku deployment #458
v2.1.3 (2023-06-01)
Implemented enhancements:
- Implementing ActionMailer for sending email notifications #551
- Enabling SMTP feature to send emails via ActionMailer #584 (smarlaku820)
- Control View Only and Edit Mode UX refactor #583 (vanessuniq)
Fixed bugs:
- Import From a SpreadSheet does not work as expected when contains a rule that is satisfied by more than one other rules #581
- Bug: Vulcan project metadata update triggers project_rename slack notification #579
- VULCAN-581: Enhance Import from Spreadsheet workflow #582 (vanessuniq)
- fix project update logic for detecting name changes correctly #580 (smarlaku820)
Closed issues:
- Move user button in Find and Replace to top of the modal #576
- Update Find and Replace to search all fields #575
- Update Find and Replace to add case sensitive and non-sensitive #574
- Expose Requirement Satellites Nesting in Form feels and UX #571
- Refactor āMark As Duplicateā into original design of nested elements #570
v2.1.2 (2023-05-08)
Implemented enhancements:
- Add version info to UI #565
- Add description text to xccdf exports #556
- VULCAN- 565: Add latest release version tag to Navbar component #567 (vanessuniq)
- Adding the option to group/sort controls by SrG ID #566 (vanessuniq)
- VULCAN-563: Export/Import inspec control body #564 (vanessuniq)
- Group histories with the same name, created_at, and comment; add tooltip for rule status #562 (vanessuniq)
- Enabled editing component STIG ID prefix #558 (vanessuniq)
Fixed bugs:
- Support multiple cciās #559
- VULCAN-559: Support for Multiple CCIs #569 (vanessuniq)
Closed issues:
- Export/Import InSpec Control Body #563
v2.1.1 (2023-04-13)
Implemented enhancements:
- Add additional component question of URL type. #372
- 348 alternative testing #546 (vanessuniq)
Fixed bugs:
- customized parser to not interpret character/html entity #550 (vanessuniq)
Dependencies updates:
- Bump nokogiri from 1.14.2 to 1.14.3 #554 (dependabot[bot])
- Bump rack from 2.2.6.3 to 2.2.6.4 #548 (dependabot[bot])
Merged pull requests:
- use title for description if description blank #557 (rlakey)
- 372 add additional component question of url type #553 (freddyfeelgood)
- Up to deep linking #552 (vanessuniq)
v2.1.0 (2023-03-29)
Implemented enhancements:
- Add option to restrict project creation #538
- Populate gid/rid in InSpec body data #530
- Add āDISA Excel Exportā option #527
- Add SRG version (release/version) to SRG info on controls #517
- Output Vulcan logs to stdout #514
- Add button to component card to download a single component as an XCCDF file #499
- Allow export to excel for non-released components #496
- Add an icon to indicate a control has children #490
- Diff view swap comparison #410
- Diff comparison pulling in non-released components #408
- OIDC identity provider support to remove login friction with username/password. #390
- 389 Integrate Slack With Vulcan #389
- Account for controls marked as duplicate on existing SRG content import #362
- Fix search on āNew Componentā Dropdown #352
- Show āloadingā when uploading a new SRG #350
- Add deep linking to controls #348
- Add option to disable registration #338
- Add option to toggle sidebar between STIG ID and SRG ID #315
- Include version as part of the SRG Title on the āCreate a New Componentā page. #306
- Check if date in ārelease-infoā is consistent across all SRGs #305
- When uploading an SRG the application should show āLoadingā¦ā in place of the Upload Button #304
- SRG page enhancements #298
- Add support for upgrading between versions of SRGs #82
- 389 Integrate Slack With Vulcan #549 (smarlaku820)
- Added OIDC Integration capability for Vulcan #540 (smarlaku820)
- Disallow new project creation if not admin by default #539 (smarlaku820)
- Feature DISA Export Excel complete with tests #529 (smarlaku820)
- Completed #496 #523 (vanessuniq)
- Enable XCCDF export of a single component #511 (vanessuniq)
- 470 change the color of the mark as duplicate button #482 (vanessuniq)
Fixed bugs:
- Export to excel not sorted by SRG ID #536
- Mitigation text for DNM controls is not copied over on a copy component workflow with new SRG #531
- Copy/Duplicate Component creates additional_answers in the source component if they exist #524
- Copy Component corrupts SRG data when updating SRG version of the new SRG #515
- Copy Component fails when selecting a newer SRG version and a control has been previously deleted in the source component #501
- Export to Excel does not work if Components have the same name #495
- Troubleshoot editing a control #491
- Fix the display of the Github logo on the documentation page #483
- A user with the author role cannot revoke a review request they initiated. #479
- Change the color of the āmark as duplicateā button #470
- Project/Component authors and admins cannot mark/unmark controls as duplicates #449
- Project page component card control counts include deleted controls #433
- Deleting a control prevents the deleting of the component #429
- Sort tags in InSpec metadata #419
- Add Version and Release info when importing a released component into a project #415
- Sort Project Components by Name then Version/Release #414
- Some SRG XCCDF files fail to load #351
- 524 fix answer cloning issue #525 (rlakey)
- Properly using #dup method for expected behavior: #522 (vanessuniq)
- 495 export to excel does not work if components have the same name #505 (vanessuniq)
- 501 copy component fails when selecting a newer srg version and a control has been previously deleted in the source component #503 (vanessuniq)
- Debugged: added the missing currentUserId prop to RuleEditorHeader coā¦ #486 (vanessuniq)
Dependencies updates:
- Bump omniauth-rails_csrf_protection Gem #542
- Bump rack from 2.2.6.2 to 2.2.6.3 #545 (dependabot[bot])
- Bump omniauth-rails_csrf_protection Gem #543 (smarlaku820)
- Bump omniauth and gitlab_omniauth-ldap #541 (dependabot[bot])
- Bump globalid from 1.0.0 to 1.0.1 #521 (dependabot[bot])
- Bump rack from 2.2.4 to 2.2.6.2 #520 (dependabot[bot])
- Bump json5 from 1.0.1 to 1.0.2 #513 (dependabot[bot])
- Bump rails-html-sanitizer from 1.4.3 to 1.4.4 #510 (dependabot[bot])
- Bump loofah from 2.18.0 to 2.19.1 #509 (dependabot[bot])
- Bump nokogiri from 1.13.6 to 1.13.10 #508 (dependabot[bot])
- Bump minimatch from 3.0.4 to 3.1.2 #507 (dependabot[bot])
- Bump express from 4.17.1 to 4.18.2 #506 (dependabot[bot])
- Bump decode-uri-component from 0.2.0 to 0.2.2 #502 (dependabot[bot])
- Bump loader-utils from 1.4.0 to 1.4.2 #500 (dependabot[bot])
- Bump omniauth from 1.9.1 to 1.9.2 #466 (dependabot[bot])
- Bump moment from 2.29.2 to 2.29.4 #451 (dependabot[bot])
- Bump terser from 4.8.0 to 4.8.1 #450 (dependabot[bot])
- Bump rails-html-sanitizer from 1.4.2 to 1.4.3 #446 (dependabot[bot])
- Bump eventsource from 1.1.0 to 1.1.1 #440 (dependabot[bot])
- Bump rack from 2.2.3 to 2.2.3.1 #439 (dependabot[bot])
- Bump nokogiri from 1.13.5 to 1.13.6 #437 (dependabot[bot])
- Bump nokogiri from 1.13.4 to 1.13.5 #435 (dependabot[bot])
Closed issues:
- Typos #475
- Enable login via MITRE SSO #463
- Improve visibility of mark as duplicate feature #457
- Implement find and replace for rules across components #454
- Add concept of compensating controls and POA&M statuses to Applicable - Does Not Meet status #448
- Enable context-aware popover help icons, depending on Status field #447
- Title Box Visibility #445
- Adding new control should duplicate CCI-000366 #444
- Copy component timeout error #442
- Fix Heroku Deployment #425
Merged pull requests:
- Sorted excel output and misc bug fixes #537 (rlakey)
- Created an ENV variable for controlling USER registrations on Vulcan app (Enabled by Default) #535 (smarlaku820)
- 530 populate gid and rid in inspec body data #533 (rlakey)
- 531 fix for copy comp w new srg for vuln disc #532 (rlakey)
- Added Filtering capability to SRG dropdown #526 (freddyfeelgood)
- 517 update SRG info on control view #519 (rlakey)
- 315 added toggle for stig id to srg id #516 (rlakey)
- Update push-to-docker.yml #489 (vanessuniq)
- Fix GitHub logo in README #485 (ChrisHinchey)
- Add GitHub logo to README #481 (ChrisHinchey)
- fixes #475 #477 (wdower)
- VULCAN-448: mitigations are always shown #465 (timwongj)
- VULCAN-452: Review workflow improvements #464 (timwongj)
- VULCAN-448: Add concept of compensating controls and POA&M statuses to Applicable - Does Not Meet status #462 (timwongj)
- VULCAN-447: Enable context-aware popover help icons, depending on Status field #461 (timwongj)
- VULCAN-449: Fix mark as duplicate for proj/comp admin/authors #460 (timwongj)
- VULCAN-457: Add tooltip for mark as duplicate #459 (timwongj)
- VULCAN-445: Title box visibility #456 (timwongj)
- VULCAN-454: Implement find and replace #455 (timwongj)
- fix add new control #443 (timwongj)
- VULCAN-410: Swap diff view comparison #441 (sgober)
- VULCAN-415: Show version and release for overlaid components suggestions #438 (timwongj)
- VULCAN-433: Modify rules_count to exclude deleted rules #436 (timwongj)
- VULCAN-414: Sort displayed components #434 (timwongj)
- VULCAN-419: Sort Inspec tags #432 (timwongj)
- VULCAN-301: Display loadingā¦ when uploading SRG #431 (timwongj)
- VULCAN-429: Fix deleting a control prevents the deleting of the component #430 (timwongj)
- VULCAN-298: SRG page enhancements #428 (timwongj)
- VULCAN-362: Account for controls marked as duplicate on existing SRG content import #427 (timwongj)
* This Changelog was automatically generated by github_changelog_generator