• The "Vulnerability Catalog" section has been implemented.
• The "Vulnerability Lifecycle Management" section has been added.
• The "Host Group Management" section has been added.
• New sections have been added to the entity basket.
• Added support for new tariff plans.
• New graphs and blocks have been added to the EASM dashboard.
• Added scoring and threat visibility management.

• Optimized report generation and opening.
• Improved vulnerability detection accuracy.
• Added new audit policies (Docker, K8c, Windows 10).
• The "Solution" field has been added to configuration audit reports.
• Host and port optimization is enabled by default.
• Added tooltips for blocked functions.
• Improved logic for generating targets for scan tasks.
• Added transition to scan from widget on dashboard.
• Improved EASM dashboard interface and logic.
• Expanded Logging of actions with audits and scans.
• Improved mechanism for connecting to Windows.
• Improved pre-check process before updates.
• Improved Dashboard page.

• Fixed statistics calculation in EASM and on dashboard.
• Fixed errors in report generation and display.
• Fixed logic for working with entities in the basket.
• Fixed data duplication in reports.
• Fixed errors in processing brute force results.
• Fixed checking for license restrictions.
• Improved data filtering on the audit page.
• Fixed errors in the audit creation/editing form.
• Fixed logic for updating vulnerability feeds.
• Fixed working with private keys in the interface.
• Fixed authentication errors in config audit.
• Fixed the DB backup process.
• Fixed display of statistics on audit pages.

• Added method for deleting reports by scanId
• Added "Configuration audit" section to cart
• Added "Target lists" section to cart
• Added EASM dashboard
• Reworked licensing system

• Reworked global statistics taking into account scoring
• Added findings field to configuration audit
• Host and port optimization enabled by default for all scans
• Removed restriction on changing administrator password
• Added ability to hide private key in UI
• Statistics now takes into account results of inactive scans
• Storage period for "raw" scan logs increased to 1 month
• Improved menu navigation for direct links
• Added creation and deletion of scans in DAST service
• Optimized launch logic for all types tasks
• Target optimization now takes into account exclusion lists
• Added loader to the feed update button
• Added timeouts for hanging processes
• Improved the process of connecting to Windows systems
• Improved output of access rights errors when connecting
• Added logging of scan deletion
• Improved output of errors for configuration audit
• Improvements for the WAF scanning block in reports

• Fixed search for targets when optimizing hosts
• Fixed empty header in audit checks
• Fixed mark for successful packet scanning
• Fixed display of empty web reports
• Changed command for enabling WinRM on Windows
• Fixed receiving data in the IT asset card.
• Improved processing of brute force results
• Fixed setting the start time of scanning in reports
• Fixed incorrect pagination request parameters
• Fixed packet audit for several identical hosts

• Added custom vulnerability scoring
• Added settings for filtering notifications for reports
• Added language selection for generated reports
• Integration with translated CWE vulnerability feeds
• Added a section for password policy settings
• Expanded the policy catalog for auditing Windows configurations

• Reworked reports on web scans and brute force attacks
• Improved vulnerability scoring logic and validation
• Improved operation of the scan and caching API
• Improved saving of host inventory results
• Addition of a new brute force vector (RDP)
• Improved the user password change form
• Expanded support for RHEL OS systems

• Fixed sorting of vulnerabilities taking into account scoring
• Fixed validation and formatting of user date
• Removed password transmission in notification data
• Fixed password update logic and error handling
• Updated ui-kit component library
• Fixed targetlist deletion
• Removed unused settings and summary objects
• Fixed severity display in IT assets and audits
• Fixed scan start/end time in reports
• Fixed dates (2024 to 2025) in scan templates

• SSH authorization by private key
• Password policy settings
• Updated host reports structure
• New password security policies

• Optimization of system resource usage
• Additional information in scan details
• Improved detection of Web services on open ports
• Optimization of the size of stored vulnerability information

• Sending notifications with reports
• Formation of targets for scanning
• Escape tags in reports
• Changing the password change trigger condition
• Fixed paths to report templates
• Changed error when report size is exceeded
• Fixed scan launch parameters

• Updating feeds from file
• Backup database
• Restoring data from backup

• Preserving spaces in token name
• Starting auto-cleanup of storage at startup
• Improved logging
• Updated healthcheck's
• Improved CLI
• Added the ability to restart services

• Fixed packet audit reports
• Problem accessing non-existent files
• Handling archive errors with feeds
• Fixed queue when running schedule
• Fixed configuration audit statuses
• Getting IP for Metasploit listener

• Report regeneration
• Report download notification page
• New licensing system
• Configuration audit form (create/edit)
• Integration of package audit
• Configuration audit planning with schedule
• Task queue for sequential audits
• Output of audit errors by hosts
• Asynchronous report upload
• New diagnostic logging system
• Parallelization of brute-force tasks

• Improved navigation through reports and scan pages
• Updated user interface design and theme
• Improved accuracy of displaying scan statuses
• Build and deployment are now faster and more reliable
• Added localization for comfortable use
• Navigation to scan details by clicking on the status
• Integrated translation of vulnerability descriptions
• Recording system logs in separate files
• Data attributes for the form for creating a list of goals
• Increased versions of used libraries
• Validation when deleting audit goals

• Fixed incorrect display of dashboard elements
• Address errors and search inaccuracies have been fixed
• Problems with saving and transferring data have been fixed
• Crashes when running audits have been fixed
• Fixed a problem with updating CVE
• Fixed report generation for Bruteforce
• Fixed synchronization of audit start and end dates
• Technical failures in assembling and running audits have been fixed
• Installing download permission for PDF reports
• Updating FSTEC feeds
• Checking for incomplete updates
• Fixed generation of scans with the % symbol in the name
• Transition to the configuration audit section by URL
• Displaying vulnerabilities when changing a page
• Header and pagination in audit reports

• Added the ability to hide threats in the IT asset card
• Improved search on pages

• Improved search on pages.
• Optimized report markup, added graphical display of statistics.
• Inverted the order of displaying vulnerabilities, unified severity types.
• Added new planning intervals, fixed task scheduler naming.
• Distinction between threat tables in scans, color indication for hidden vulnerabilities.

• Fixes in statistics and display in IT assets, including counting web vulnerabilities and host importance.
• Localization of descriptions (CVE, WAF Bypass, IT assets, PDF notifications).
• Fixed display of scans and audits on the dashboard (status filtering, number of hosts).
• Fixed notifications for large reports and generation of reports in different languages.
• Fixed errors in displaying web vulnerabilities and severity.
• Fixed indents and correct disclosure of FSTEC links.
• Added IP to Brief, implemented automatic substitution of importance in IT asset.
• Fixed logic of scan optimization and display of hidden brute threats.
• Correct redirection path after asset deletion.

• Highlighting of new IT assets in the IT assets and Targets section.
• Added mechanics for marking IT assets.
• New table for storing CVE descriptions.

• Added host creation and modification fields.
• Improved task scheduler operation.

• Fixed notification localization.
• Fixed vulnerability statistics calculation.
• Audit search fixes.
• Fixed threat display.
• Fixed host filtering.
• Fixed saving scan results.
• Fixes in Cron scan schedule.
• Fixed scan pagination.

• DAST AlphaSense: support for scanning and exporting data via API.
• New FSTEC BDU feeds and expanded work with CVE/CPE/CWE.
• Russian localization of the interface, localization of reports and language selection (Russian/English).
• API refinement for CI/CD integration.
• Adding authorization context (headers) for the WEB module.
• Host status and vulnerabilities by hosts have been added to reports and statistics.
• Task states have been added to scan details.

• Improved vulnerability detection and overall scan performance.
• Dividing scan progress by targets.
• Added Authentication section for WebApp Scan.
• Translated license page.
• Changed default scan status checkbox state.
• Improved localization (new connection format).
• Updated rtk library.
• Improved feed update mechanism.
• Added vulnerability data from the FSTEC BDU to reports.

• General interface fixes and system improvements.
• Eliminated browser selection in web scanning.
• Added a watchdog check for the process when stopping.
• Fixed processing and completion status of the WEB module.
• Fixed web scanning authorization parameters.
• Fixed report export and update check.
• Fixed scan search and filtering (by date, statistics, hosts, web threats).
• Fixed data and formatting in reports (hiding zero values, displaying host availability, Bruteforce Limit parameter).
• Fixed task states in scans, including when stopping and changing.
• Fixed display of links in feeds and localization of descriptions.
• Added a new command for processing exploits.

• Webhooks for sending reports
• Scheduler with CRON expressions

• Enhanced feed update mechanics
• Optimized CPE feed data retrieval
• Improved web and WAF scanning mechanics
• Updated approach for transitioning scans to IDLE status (only new scans that haven't run will transition)

• General improvements to feed update mechanics
• Fixed CWE update process
• Corrected scan status management
• Resolved CPE integration issues

• Transition to a new feed service (CVE, CWE, CPE).
• Support for new report formats: CSV and CSVZIP.
• New method for sending reports — Telegram bot.
• Built-in WAF testing module and added related blocks to reports and scan settings.

• Expanded recommendations and description for WAF payloads.
• Improved interface: expanded settings blocks, updated error page design, added informative messages and hiding empty statistics (Hide Zero Data).
• Optimized scanner, list of active tests and error handling.
• Updated user manual, CLI utility and Spring Boot version.
• More detailed reports and scans.

• Fixed processing and display of scan results, statuses and subtasks.
• Fixed errors with receiving and updating CVE, searching for feeds and saving duplicates.
• Fixed logic for displaying and calculating criticality for open ports and ciphers.
• Fixed LDAP validation, block numbering and continuous numbering, as well as indents and fonts in reports.
• Removed default avatar and fixed statistics output in WebApp/Web Threats.

• Transitioned to a new versioning system (0.0.73 -> 3.15.0.0)
• Added a platform loading screen
• Added a new attribute to the LDAP form (may require reconfiguration)
• Introduced an updater for software and service configuration updates, with a new update process screen

• Enhanced feed update mechanics
• Improved report display for open ports and general system updates
• Updated user manual

• Corrected license binding mechanism (product reactivation may be needed)
• Fixed task scheduling validation issues
• Resolved a login form vulnerability that allowed account enumeration
• Fixed validation of host/domain names when creating IT assets and scans
• Corrected issues with report export to PDF
• Fixed password masking in the LDAP form
• Improved scan sorting mechanics
• Corrected error messages
• Fixed licensing mechanism errors
• Improved scan list filtering, including in the dashboard widget
• Corrected vulnerability statistics calculation
• Ensured consistency of the CWE feed
• Fixed user creation during initial scanner deployment
• Improved scan result handling
• Resolved task history issues (removed duplicates, corrected final status settings)
• Fixed incorrect restart of active scans upon application reboot

• Preparation for transition to the new versioning system (0.0.72 -> 3.14.1.0)
• Redesigned product update mechanics
• Added additional info screens in scanning tasks
• Introduced diagnostic log collection on the About page
• Added an internal resource scheduler, improving performance and queue management
• Detailed scan stages added in History
• Enabled deletion of scan results
• Included certificate information in reports

• Optimized task scheduler forms
• Improved mechanism for deleting unnecessary IT assets
• Enhanced ARP scanning logic

• Fixed license exceedance errors
• Corrected report export mechanics
• Adjusted statistics display
• Improved error messaging
• Fixed status display issues
• Resolved user authentication problems
• General system improvements

• Added detailed view in History
• Implemented new certificate verification mechanics
• Expanded role-based access model for users
• Enabled mass deletion of dissociated IT assets

• Enhanced scan templates
• Optimized scanning mechanics of the WEB scanner module
• Updated CWE database parser to version 4.14
• Introduced a progress indicator for the scanning process

• Fixed WAF scan result data formation
• Corrected error in CWE list filtering
• Fixed progress reset issue at scan start
• Improved task scheduler functionality
• Resolved error during CPE update
• Fixed issue allowing users to delete their own accounts
• Corrected scan target validation
• Removed data duplication

• Added scanning template mechanics
• Introduced IT assets section
• Added modular reporting features
• Introduced a console utility for configuration

• Modified task creation forms
• Optimized scanning functions

• Resolved script processing errors
• Corrected dashboard statistics

Release Notes 0.6.10.0 - 03.09.2023

New Features:

• Introduced dashboard
• Developed perimeter scanning mechanics
• Added report export formats: HTML/PDF
• Implemented email report sending
• Enhanced user management
• Added trash bin feature

Improvements:

Fixes:

Release Notes 1.13.4.5 - 15.08.2024

• Fast discovery
• Discovery with authorization
• Inventory of installed software on IT assets
• Vulnerability analysis of installed software
• Configuration analysis of IT assets
• Added logging for the discovery process
• Added logging for the configuration auditing process

• Enhanced IT asset catalog
• Improved localization
• Redesigned menu
• Added IT asset cards

• Resolved issues in user management
• Fixed several stability issues in the discovery process
• Corrected issues with the IT asset catalog
• Fixed data validation problems
• Improved user interaction mechanics

Release Notes 1.6.0.0 - 19.03.2024

New Features:

• Core service (authorization, logging, licensing, user management)
• Asset catalog (global view, device attributes, physical devices, power devices, virtual devices, networks, services)
• Discovery service
• Localization module (Russian and English interfaces)
• Dashboard
• Basic configuration command-line utility

Improvements:

Fixes: