Release e3.0.6

This is the first official release of version 3. To update from version 2 you need to do the follow this post.

Features:
Feature-Include LDAP changes done on a call also into eramba_v3
Feature-Asset Identification macros on notifications

Bugs:
Bug-Compliance by Status Chart - wrong numbers
Bug-Not possible to add new asset classification
Bug-Restore Database does not work
Bug-Date issue
Bug-Unable to add item with quick add
Bug-Charts on dashboards
Bug-Filter limit is set to 10 when new custom filter created
Bug-User unable to add attachments
Bug-Custom fields are not correctly exported with all items export
Bug-Proxy settings in new eramba
Bug-When eramba can not connect to support-v3 it shows ugly error
Bug-Policy portal does not allow ldap user
Bug-Update process
Bug-Starting OA gives you gray screen
Bug-Some vendor assessment undefined index
Bug-Some filter issue
Bug-Can not open modal for notification/comments and attachments
Bug-Click on disable debug mode is not working
Bug-Dynamic Status with planned date field not relaculated after daily cron

Core work:
Core-PHP CodeSniffer, PHP Stan, Basic Tests, Github workflows and Docker implementation
Core-More detailed mysql diagnostics
Core-Always run Access Control with --flush-invalid option
Core-Diagnostic’s Incident Feature
Core-Hourly cron CANNOT RUN at the same time as DAILY CRON at midnight
Core-Access Log for eramba to be part of diagnostics
Core-CustomRoles bugs getting a bit repetitive
Core-MissingControllerException must be separated from error log to its own log file
Core-Updater bug
Core-LOGS folder is not being checked if its writable or what during system health check
Vulnerabilities:
Vulnerability-Stored Cross-Site Scripting
Vulnerability-Cross-Site Request Forgery
Vulnerability-Insecure URL Redirection
Vulnerability-CSV Injection
Vulnerability-Insecure File Upload
Vulnerability-Bootstrap version
Vulnerability-Authorization Controls (Horizontal)
Vulnerability-Authorization Controls (Horizontal)
Vulnerability-SQL Injection
Vulnerability-Hide username in authentication.log file

We are now planning e3.0.7 and hopefully re’ll slowly resume to make a release ever 10 days or so. We track stats for our releases (in an effort to improve…ha ha) and as you can see for the most part we do bug work still.

image1894×846 90.4 KB

I’m curious how far you have gotten or waht you have done in this step: Github workflows and Docker implementation 3 seeing that your issue tickets are not public.

Would you mind sharing more info?

Hello,
For now it is only our internal CI/CD integration. So there is not public docker image available yet.

Is this just for your internal workigns or are you planning on a Docker Version?

I’m asking because we are using Eramba in a VM downloaded from you which is based on (based on memory without double checking) Ubuntu Xenial so we are looking into either getting it running on Docker ourselves, updating that VM to a newer Ubuntu version or wait until you release a Docker version.

I’m jsut trying to figure out which is my best option right now as we can’t update Eramba the usual way as we’re stuck with a very old PHP version inside that VM.

We use Dockers for development, not production systems. Yes, eventually we’ll release images for both community and enterprise, but not for a while. This will go at the time we release SaaS services.

Thats the way to go in our opinion, many of our customers have already done this alone or with our help (email support!)

Thanks for clarifying, I just didn’t want to invest effort into the wrong direction.