Skip to content

Commit 168ced7

Browse files
authored
Merge pull request #29 from CompassSecurity/doc/0.1.0-beta.4
Doc/0.1.0 beta.4
2 parents 3923169 + 2d761de commit 168ced7

8 files changed

Lines changed: 47 additions & 16 deletions

File tree

docs/docs/release-notes/index.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,36 @@
11
# Release Notes
22

3+
## 0.1.0-beta.4 (2026-06-17)
4+
5+
### New Features
6+
7+
- Redesigned asset display in the activity Detection section for a consistent look with the activity Details ([pull 26](https://github.com/CompassSecurity/raptr/pull/26))
8+
9+
### Fixes
10+
11+
- Blue Team members can now view and restore soft-deleted assets ([pull 26](https://github.com/CompassSecurity/raptr/pull/26))
12+
- Sandboxed the Jinja2 environment used to render report templates to prevent server-side template injection (SSTI), with clearer error handling and logging for rejected templates ([pull 22](https://github.com/CompassSecurity/raptr/pull/22))
13+
- Sanitized file names during assessment import and export to prevent path traversal (zip-slip) and `Content-Disposition` header injection ([pull 23](https://github.com/CompassSecurity/raptr/pull/23))
14+
- The activity `state` is now required on update, so a partial request can no longer silently reset the workflow state ([pull 24](https://github.com/CompassSecurity/raptr/pull/24))
15+
- Restricted Blue Team file upload and deletion behind the activity update permission (activity must be visible, not deleted, and in a Waiting state) ([pull 25](https://github.com/CompassSecurity/raptr/pull/25))
16+
- Hardened file upload against polyglot files by normalizing the stored file extension to the detected content type ([pull 27](https://github.com/CompassSecurity/raptr/pull/27))
17+
- Anaglyph mode improvements ([b7712db](https://github.com/CompassSecurity/raptr/commit/b7712db))
18+
- Removed a duplicate event binding surfaced by the updated Vue tooling ([pull 28](https://github.com/CompassSecurity/raptr/pull/28))
19+
- Fixed broken documentation links and anchors ([d279562](https://github.com/CompassSecurity/raptr/commit/d279562))
20+
21+
### Chore
22+
23+
- Updated frontend and backend dependencies ([pull 28](https://github.com/CompassSecurity/raptr/pull/28))
24+
- Biome → 2.5.0
25+
- vue → 3.5.38, vue-tsc → 3.3.5
26+
- tailwindcss / @tailwindcss/vite → 4.3.1
27+
- reka-ui → 2.9.10, @lucide/vue → 1.20.0
28+
- dompurify → 3.4.10, marked → 18.0.5, axios → 1.18.0
29+
- @hey-api/openapi-ts → 0.98.2, @types/node → 25.9.3
30+
- Earlier dependency and Biome version bumps ([6c2e2e7](https://github.com/CompassSecurity/raptr/commit/6c2e2e7), [3b08058](https://github.com/CompassSecurity/raptr/commit/3b08058))
31+
- Scoped the release and pull-request CI workflows with `paths-ignore` and removed the unused sandbox workflow ([8206d27](https://github.com/CompassSecurity/raptr/commit/8206d27), [00ae160](https://github.com/CompassSecurity/raptr/commit/00ae160))
32+
33+
334
## 0.1.0-beta.3 (2026-05-11)
435

536
### New Features

docs/docs/roadmap.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ Redesign the logging system to produce meaningful audit logs.
5858
<div class="timeline-card" markdown>
5959
<div class="timeline-card-header" markdown>
6060
### :rocket: Beta Release
61-
<span class="timeline-version">[v0.1.0.beta.1]</span>
61+
<span class="timeline-version">\[v0.1.0.beta.1\]</span>
6262
</div>
6363
Release of version 0.1.0.beta.1
6464
</div>
@@ -72,7 +72,7 @@ Release of version 0.1.0.beta.1
7272
<div class="timeline-card" markdown>
7373
<div class="timeline-card-header" markdown>
7474
### :rocket: Alpha Release
75-
<span class="timeline-version">[v0.1.0.alpha.1]</span>
75+
<span class="timeline-version">\[v0.1.0.alpha.1\]</span>
7676
</div>
7777
Release of version 0.1.0.alpha.1
7878
</div>

docs/docs/user-guide/activities.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ The sidebar offers a quick overview and access to all activities and activity gr
8484

8585
The activity header shows the name and current state. Admins and Red Team members can change the state from the header. Blue Team members can only toggle between **Waiting Blue** and **Waiting Red** (when the activity is in one of those states).
8686

87-
Admins and Red Teamers can also access the :lucide-book-open: [Knowledge Base](knowledge_base.md) and :lucide-history: [History](activities.md#history) sections from the header.
87+
Admins and Red Teamers can also access the :lucide-book-open: [Knowledge Base](knowledge_base.md) and :lucide-history: [History](activities.md#activity-history) sections from the header.
8888

8989
#### General Information
9090

@@ -107,7 +107,7 @@ This General section has three main purposes:
107107
- **Requirements**: Explain environmental prerequisites that must be in place before execution, see [overcoming requirements hell](getting_started.md#overcoming-requirements-hell). Supports [Markdown](#markdown-fields)
108108

109109
??? bug "Strict MITRE mapping"
110-
Currently the MITRE mapping is not strictly enforced in the backend. It is possible to create an activity with a MITRE mapping that is not valid. This will lead to the activity not being displayed in the [MITRE ATT&CK Heatmap](evaluation.md#mitre-attack-heatmap) or in the [MITRE ATT&CK Navigator](evaluation.md#export) export. The frontend enforces a strict mapping by only allowing or filtering techniques based on the chosen tactics, and vice versa.
110+
Currently the MITRE mapping is not strictly enforced in the backend. It is possible to create an activity with a MITRE mapping that is not valid. This will lead to the activity not being displayed in the [MITRE ATT&CK Heatmap](evaluation.md#mitre-attck-heatmap) or in the [MITRE ATT&CK Navigator](evaluation.md#mitre-navigator-layer) export. The frontend enforces a strict mapping by only allowing or filtering techniques based on the chosen tactics, and vice versa.
111111

112112
##### Expected Outcomes
113113

@@ -122,7 +122,7 @@ This section is used to set the expected outcomes of the activity. The settings
122122
!!! info "Alert and Stakeholder Notification terminology"
123123
The term `Alert` is used in RAPTR for any kind of automatic generated information that the Blue Team receives from the security stack. This can be a SIEM alert, an EDR alert, a firewall alert, etc.
124124

125-
`Stakeholder Notification` refers to any kind of notification sent to stakeholders. This term originates from the fact that we often test external MSSPs/SOCs on behalf of the customer, without informing the Blue Team about the test. As well as the SOC's detection capabilities, the customer is also interested in testing whether the SOC adheres to defined processes and procedures. For example, SLAs and escalation through defined channels. Using the [evaluation templates](templates.md#evaluation-templates), you can define any metric for stakeholder notifications. E.g. quality and correctness of the notification etc.
125+
`Stakeholder Notification` refers to any kind of notification sent to stakeholders. This term originates from the fact that we often test external MSSPs/SOCs on behalf of the customer, without informing the Blue Team about the test. As well as the SOC's detection capabilities, the customer is also interested in testing whether the SOC adheres to defined processes and procedures. For example, SLAs and escalation through defined channels. Using the [evaluation templates](templates.md#evaluation-template), you can define any metric for stakeholder notifications. E.g. quality and correctness of the notification etc.
126126

127127
??? bug "Only one expected severity"
128128
Currently there is only one expected severity for alerts and stakeholder notification. The assumption is that both notifications should have the same severity level.
@@ -203,7 +203,7 @@ The static evaluation section shows the following data:
203203

204204
##### Dynamic Evaluation Questions
205205

206-
You can either add new [evaluation template](evaluation#evaluation-templates) questions here or if you added them to the [default evaluation questions](assessments.md#lucide-settings-2-default-evaluation-templates) on the assessment level they will appear here as well.
206+
You can either add new [evaluation template](templates.md#evaluation-template) questions here or if you added them to the [default evaluation questions](assessments.md#default-evaluation-templates) on the assessment level they will appear here as well.
207207
The dynamic evaluation questions can be used for any kind of evaluation that is not covered by the static evalaution questions.
208208

209209
??? abstract "Working with dynamic evaluation questions"
@@ -237,7 +237,7 @@ All free text fields in the activity form support Markdown formating. Furthermor
237237

238238
You can change between UTC and your local time from the [toolbar](user_preferences_and_ui.md#toggle-utc-and-local-time).
239239

240-
The format used to display time (`24h` or `AM/PM`) and date format (e.g. `MM/DD/YYYY` or `DD/MM/YYYY`) can be configured in your [profile settings](user_preferences.md#timezone-and-date-format).
240+
The format used to display time (`24h` or `AM/PM`) and date format (e.g. `MM/DD/YYYY` or `DD/MM/YYYY`) can be configured in your [profile settings](user_preferences_and_ui.md#timezone-and-date-format).
241241

242242
Use the :lucide-calendar: calendar or the **now** button to set the date and time. You can also type a date and time directely into the field. RAPTR will do its best to parse the date and time you enter.
243243

docs/docs/user-guide/administration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ The user management page `/admin/users` displays all users in a filterable table
8383
[![Create a new user](../assets/admin-user-create.gif "Create a new user")](../assets/admin-user-create.gif){:target="_blank"}
8484

8585
??? info "User Invitation"
86-
RAPTR does not send any E-Mails. After user creation, share the credentials with the user. They can change their password from the [profile page](user_preferences.md#password).
86+
RAPTR does not send any E-Mails. After user creation, share the credentials with the user. They can change their password from the [profile page](user_preferences_and_ui.md#password).
8787

8888
??? Bug "Initial Password"
8989
At its current stage, it is not possible to set or mark a user's password so that it must be changed upon first login.

docs/docs/user-guide/evaluation.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ The static evaluation also tracks timing metrics:
4040
- **Event-to-Alert time**: How long between the activity execution (start time) and the first alert
4141
- **Alert-to-Stakeholder time**: How long between the alert time and the stakeholder notification
4242

43-
These fields are auto-calculated, but the evaluation result must be manually set. The following options exist `pass`, `fail`, and `N/A`. By default the `N/A` state is choosen. See [working with auto-calculated fields](#working-with-auto-calculated-fields).
43+
These fields are auto-calculated, but the evaluation result must be manually set. The following options exist `pass`, `fail`, and `N/A`. By default the `N/A` state is choosen.
4444

4545
### Severity Evaluations
4646

@@ -49,7 +49,7 @@ The system also compares expected vs. actual severity levels for alerts and stak
4949
- **Alert vs expected severity**: The expected severity of the alert vs the actual severity of the alert
5050
- **Stakeholder notification vs expected severity**: The expected severity of the stakeholder notification vs the actual severity of the stakeholder notification
5151

52-
These fields are auto-calculated, but the evaluation result must be manually set. The following options exist `pass`, `fail`, and `N/A`. By default the `N/A` state is choosen. See [working with auto-calculated fields](#working-with-auto-calculated-fields).
52+
These fields are auto-calculated, but the evaluation result must be manually set. The following options exist `pass`, `fail`, and `N/A`. By default the `N/A` state is choosen.
5353

5454
??? bug "Only one expected severity"
5555
Currently there is only one expected severity for alerts and stakeholder notification. The assumption is that both notifications should have the same severity level.
@@ -81,7 +81,7 @@ Each evaluation question which cannot be answered automatically must be manually
8181
[![Working with dynamic evaluation questions](../assets/eval-dynamic-questions.gif "Working with dynamic evaluation questions")](../assets/eval-dynamic-questions.gif){:target="_blank"}
8282

8383
??? bug "Auto-calculated fields"
84-
The timing and severity static evaluation questions text are auto-calculated. Nevertheless these fields support [Markdown](#markdown-fields). You can overwrite the fields. As long as the field ends in `(auto-calculated)` the field will be re-calculated on changes.
84+
The timing and severity static evaluation questions text are auto-calculated. Nevertheless these fields support [Markdown](activities.md#markdown-fields). You can overwrite the fields. As long as the field ends in `(auto-calculated)` the field will be re-calculated on changes.
8585

8686
??? abstract "Working with auto-calculated fields"
8787
[![Working with auto-calculated fields](../assets/eval-auto-calculated.gif "Working with auto-calculated fields")](../assets/eval-auto-calculated.gif){:target="_blank"}

docs/docs/user-guide/knowledge_base.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ Each knowledge base article has:
1616

1717
Articles are linked to activities in two ways:
1818

19-
- **By MITRE technique**: When an activity is mapped to a MITRE technique, all knowledge base articles linked to that technique are automatically available in the activity's [Knowledge Base section](activities.md#knowledge-base).
19+
- **By MITRE technique**: When an activity is mapped to a MITRE technique, all knowledge base articles linked to that technique are automatically available in the activity's knowledge base section.
2020
- **By activity template**: [Activity templates](templates.md#activity-template) can reference specific knowledge base articles by name. When imported into an assessment, these links are carried over to the created activity — allowing templates to point to articles beyond just the MITRE technique mapping.
2121

2222
## Variables

docs/docs/user-guide/user_preferences_and_ui.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ RAPTR supports time-based one-time password (TOTP) multi-factor authentication f
3333

3434
You can use the **Reset MFA** function to delete the current OTP secret. You will be logged out and can generate a new OTP secret on your next login.
3535

36-
An Administrator can also reset a users MFA. See [Administration](administration.md#lucide-shield-x-reset-mfa) for more information.
36+
An Administrator can also reset a users MFA. See [Administration](administration.md#reset-mfa) for more information.
3737

3838
??? bug "No optional MFA choice"
3939
The current RAPTR setup only support global MFA enforcement. Either it is required or not. There is no option to enable or allow MFA on a per user basis.
@@ -62,7 +62,7 @@ Some views, such as the assessments list or activity list, support auto-refreshi
6262
### Toggle UTC and Local Time
6363

6464
Toggle between UTC and local time using the :lucide-globe: icon in the top navigation bar. Your preference is saved locally in your browser. All times in RAPTR should display according to this setting.
65-
You can overwride your browser local time zone in the [profile settings](user_preferences.md#timezone-and-date-format).
65+
You can overwride your browser local time zone in the [profile settings](#timezone-and-date-format).
6666

6767
??? abstract "Toggle between UTC and local time"
6868
[![Toggle between UTC and local time](../assets/ui-toggle-utc-local.gif "Toggle between UTC and local time")](../assets/ui-toggle-utc-local.gif){:target="_blank"}

docs/docs/user-guide/visibility.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ The visibility of an activity is inherited from its parent activity group. If an
1818

1919
Visibility can be changed in several ways:
2020

21-
- Toggle visiblity of activities and activity groups from the [activity table](activities.md#activity-views)
22-
- Toggle visibility of activities in bulk from the [activity table](activities.md#activity-views)
21+
- Toggle visiblity of activities and activity groups from the [activity table](activities.md#activity-table-views)
22+
- Toggle visibility of activities in bulk from the [activity table](activities.md#activity-table-views)
2323
- Toggle visiblity of activities and activity groups from the [coresponding form](activities.md#general-information)
2424

2525
??? abstract "Toggle visibility in table view"

0 commit comments

Comments
 (0)