Version 0.10.x

What’s New in 0.10.x

Welcome to GovReady-q v0.10.0 “Aspen”.

The Aspen release provides major feature and stability improvements to the GovReady-Q GRC software.

Version 0.10 Aspen contains multiple, customer-driven improvements:

  • Over 150 sample components based on DOD STIGs and SRGs.

  • Private components, component usage approvals, and component responsible roles.

  • An integrations framework for interacting with third-party APIs including other GRC software.

  • Improved questionnaire editing screens.

  • Major bug fixes.

  • More generous MIT open source license.

    • IMPORTANT! RELEASES BETWEEN v0.9.11.2 and v0.10.0 CONTAIN BREAKING CHANGES! *

    • PLEASE READ CHANGELOGS FOR ALL VERSIONS! *

Feature changes

  • Support private components.

  • Assign responsible roles to components and appointing parties to roles.

  • Integrations framework for better inclusion of information from remote services.

  • Component usage approval workflow.

  • Single Sign On OIDC support.

  • New questionnaire authoring and editing interface.

  • Over 150 sample components created from DOD STIGS.

  • Add form to create system from string or URLs.

UI changes

  • Change label ‘certified statement’ to ‘reference statement’.

  • Warning Message appears at the top of home page and login page while using an Internet Explorer browser informing the user of Internet Explorer not being supported.

  • Indicate private components with lock icon.

  • Edit model for component in library supports marking component private.

  • Add React component UI widget for setting and editing permissions on component editing.

  • Add ability to change privacy of a component is given only to the owner of the component.

  • Added tabs for coponent requests.

  • Only Component owner can edit user permissions.

  • Display the control framework along side of controls in component control listing page.

  • Remove icons from project listing.

  • Add Component search filter to filter results to components owned by user.

  • Add form to create system from string or URLs.

  • Change language in interface to ‘system, systems’ instead of ‘project, projects’.

  • Navigate users to new system form page as starting point to creating new systems.

Developer changes

  • Add support for OIDC SSO configuration separate from OKTA SSO configuration.

  • Update Django, libraries.

  • Remove debug-toolbar.

  • Support for private components by adding ‘private’ boolean field to controls.models.Element.

  • Support for hidden components by adding ‘hidden’ boolean field to controls.models.Element.

  • Support for requiring approval components by adding ‘require_approval’ boolean field to controls.models.Element.

  • Create new components as private and assign owner permissions to user who created the component.

  • Added extensible Integrations Django appplication to support communication with third-party services via APIs, etc.

  • Added initial support for DoJ’s CSAM integration.

  • Added ElementPermissionSerializer for component (element) permissions.

  • Add tests for component creation form user interface.

  • Add ElementPermissionSerializer, UpdateElementPermissionSerializer, RemoveUserPermissionFromElementSerializer for component (element) permissions.

  • Add ElementWithPermissionsViewSet for component (element) permissions.

  • Add more permission functions to element model: assigning a user specific permissions, removing all permissions from a user, and checking if a user is an owner of the element.

  • Updated User model to include search by ‘username’ and exclusion functionality to queryset.

  • Add model Roles, Party, and Appointments to siteapp to support identifying roles on Components (Element).

  • Assign owners to components imported via OSCAL. If no user is identified during component (element creation) assign first Superuser (administrator) as component owner.

  • Support navigating to specific tab on component library component page using URL hash (#) reference.

  • Protype integrations System Summary page.

  • Refactor and OIDC authentication for proper testing of admin and not admin roles.

  • Create a new system via name given by a string in URL.

  • Add a large set of sample components (150+) generated from STIGs.

  • Detect Apple ARM platform (e.g. ‘M1 chip’) and use alternate backend Dockerfile with Chromium install commented out.

  • Added SystemEvent object in controls to track system events.

Bug fixes

  • Fix permissions for non-admin members of projects to edit control implementation statements.

  • Fix User lookup to properly query search results and exclude specific users

  • Resolve components not displaying the tag widget by properly setting existingTags default for new component.

  • Footer fixes.

  • Assign owners to default components (elements) created during install first_run script.

  • Correctly display POA&M forms with left-side menu.

  • Refactor and OIDC authentication for proper testing of admin and not admin roles.

v0.9.13 (January 23, 2022)

UI changes

  • Add sign-in warning message to which users need to agree.

  • Reduce number of Group Django messages from question actions into single message for adding actions.

  • Simplify new authoring tool. Move prompt from right to left. Only show first line of question prompt.

  • Display all project modules in a single group on project.html.

  • Display project root_task’s module summary on project page.

  • Add ability to search projects.

Bug fixes

  • Properly close CSV export modal after exporting.

Developer changes

  • Comment out deprecated queries in SiteApp.models.Project.get_projects_with_read_priv.

  • Require login to view projects list.

v0.9.11.11 (January 15, 2022)

Feature changes

  • Ability to add modules in new authoring tool.

  • Allow deleting of questions, modules in new authoring tool by removing protection on foreign key references.

  • Superusers can see all projects.

UI changes

  • Simplify task progress history. Only display questions of current module. Only colorize to glyphicons.

  • Enable adding component control statement from System selected component.

  • Enable adding component control statement from System selected controls.

  • Switch to “I want to…” language on landing page.

  • Align module text left and add numbers to project page.

  • Add big button back to project home page on module summary page.

  • Edit AppVersion title, version, and description in new authoring tool.

  • Reinstate Database Administration opening in new browser tab.

  • Display pagination control btm of component page.

  • Add ‘Things to do’ text to project.html.

  • Display links to previous and next selected control on System selected control editor page.

  • Fix sizing of catalog listing panel in app store to keep rows clean.

Bug fixes

  • Stop scrunching of progress-project-area-wrapper on question page.

  • Always make sure output param exists in all modules that get edited.

  • Fix adding statements to components in library.

  • Correctly escape carriage returns in multi-line component descriptions in edit component modal.

Developer changes

  • Superusers can see all projects.

v0.9.11.10-dev (December 14, 2021)

Introuduce new authoring tool. Remove authoring tool modal from task question page.

Feature changes

  • Enabling batch viewing of questions for easier questionnaire authoring.

  • Enable editing of artifacts.

  • Enabling cloning entire templates in template library.

Developer changes

  • Add Django nlp app to system to support Natural Language Processing of SSPs and statements.

  • Include spaCy libraries as part of build.

  • Include initial, simplified candidate entity recognition script.

  • Remove full text search of statements from component library search because it was slow and returned to many results.

  • Add serializers for Modules and ModuleQuestions.

  • Refactor siteapp.views.project and templates/project.html to remove vestigial column vs row layout code and previous authoring tools.

  • Remove authoring tool modal from task question page.

UI changes

  • Use left side vertical React navigation menu for project.

  • Improve toast message appearance by limiting width.

  • Improve styling of project page rollovers make module actions clearer

  • Improve styling of template library. Use bootstrap panels for each item.

  • Remove authoring tool modal from task question page.

Bug fixes

  • Fix permissions to allow non-administrator to clone project templates in project template.

  • Fix crash when restoring a previous version of a statement.

  • Fix setting control baseline by proper use of update_or_create in System.set_security_impact_level.

v0.9.11.6 (October 13, 2021)

Remove GPL3 License from repository.

UI changes

  • Use left side vertical nav menu for project.

  • Improve appearance of statement editing forms: better shading, better setting of textarea height, overall appearance.

  • Remove adding component or new control from a project’s control listing.

v0.9.11.5 (October 9, 2021)

Merge and synchronize api-tag work and supporting REACT structures from GovReady-Q-SPA into latest version GovReady-Q-Private (0.9.11.3)

Feature changes

  • Enable REACT-based api-tags.

Developer changes

  • Switch from ElementRole to Tag as value for dynamic actions in questions.

  • Provide root_element information for System SimpleSystemSerializer to make it easier to identify systems by name.

Data changes

  • Add created, updated fields to controls.System to better align with base serializer.

v0.9.11.4.2 (October 8, 2021)

UI changes

  • Fix component status and type to be set only in library rather than in systems.

  • Hide impact levels, POA&M status box from project mini-dashboard until UI can be improved.

  • Improve look of modules.

v0.9.11.4.1 (October 7, 2021)

Feature changes

  • Insert new questions after current question in authoring tool.

v0.9.11.3 (September 28, 2021)

Feature changes

  • Add new question types choice-from-data and multiple-choice-from-data to get display choice with options created from dynamic data.

  • Enable downloading of a compliance app directory.

Developer changes

  • Add new question types choice-from-data and multiple-choice-from-data to get display choice with options created from dynamic data.

  • Improve DRY-ness of module serialization.

  • Enable downloading of a compliance app directory.