OpenKAT 1.14

Our final release for 2023 introduces a whole slew of report types build using our new reporting functionality. These specific (TLS, mail, basic security, etc.) reports can be combined into aggregated reports for one or multiple assets from a single organisation. Another great addition is the first steps into what we would like to call Federated OpenKAT. You can export reports of any kind and re-import these into another organisation for further processing, keeping in line with out usual process each of these imported reports is timestamped and stored in the bi-temporal storage paving the way to compliance over multiple organisations, assets or vendors. We are looking forward to providing easier user-interfaces and broader support for in future releases but we feel these first steps are a good start. Let us know if you have any feedback on what we have already implemented.

uWSGI has been replaced by Granian by default. See the 1.13 release notes release notes for more information. You can still switch back to uWSGI in 1.14 if Granian does not work. uWSGI support will be removed in 1.15.

The pydantic version used by OpenKAT has been updated to version 2. Pydantic v2 has big improvements in performance which should also result in OpenKAT speed improvements.

In line with our policy this will be the last release to have Debian 11 packages. If you are still running Debian 11 you need to upgrade to Debian 12 to be able to upgrade to 1.15.

New Features

  • RPKI boefje has been added.

  • The boefjes definitions has correct raw types they produce and those are listed in the KAT-alogus.

  • The object links on task list include the valid time now.

  • Secrets are hidden on boefje detail pages.

  • Nmap boefje has been split in a TCP and UDP boefje

  • Statistics has been added to the boefje and normalizer task pages.

  • The secheduler got less verbose logging and also structured logging.

  • Clearance level inheritance has been moved the clearance level tab.

  • Task details has been added to the task history tables on plugin and object detail pages.

Bug fixes

  • The wappalyzer boefje will yield redirect urls instead of wrong software instances.

  • HTML entities in the normalizer results are correctly escaped now.

  • The scheduler has got several fixes in threading, locking and other places.

  • Filtering objects with depth=1 for findings has been fixed.

  • Django admin correctly loads javascript now.

Upgrading

The normal instructions for upgrading Debian packages or upgrading containers should be followed.

Debian packages

Because of the switch to Granian, we can’t listen on both 8000 and 8443 anymore, and we will default listen only on port 8000 on 127.0.0.1. If you were previously accessing OpenKAT using https on port 8443 you need to change the configuration as described on the Debian installation page.

Full Changelog

The full changelog can be found on Github.