Dradis Framework is a collaboration and reporting tool for information security teams to manage and deliver the results of security assessments, in less time and with less frustration than manual methods.

Bug Fixes

Dradis v4.11.0 is full of bug fixes and technical updates. You may not see brand new features or changes to the UI but we fixed many, many different things behind the scenes. We also updated some behind-the-scenes aspects like the rails version.

Improved version history

We’ve improved the version history and the way that it displays. Previously, the entire line/paragraph would be marked as changed, even if a single word was changed. Check out the new and improved version!

Fixed liquid dynamic content preview in the editor

We’ve also improved the way that Liquid Dynamic Content previews in the editor

Fixed export crashing with links with trailing special character

Previously, exports would crash if you included a link with a trailing special character. No more!

Fixed link formatting for hyperlinks in inline code blocks

We’ve also fixed the formatting of links inside code blocks so that they appear in the report exactly how you’d expect them to appear.

Release Notes

• Assets: Add importmap-rails to handle js libraries
• Liquid: Add LiquidAssignsService
• nginx: Add HTTP/2 support
• Revision history: Improve version history for content with carriage return
• Tylium: Show liquid content in editor preview
• Web-server: Replace unicorn with puma in production
• Validation: Display attachment validator errors when viewing/editing a record
• Flash alert: Allow the ‘license about to expire’ alert to be dismissed for the session
• Upgraded gems:
  • rails, resque-scheduler
• Bug fixes:
  • Code blocks: Remove extra padding and background for code elements outside of projects
  • Contributors: Expire one time token after login
  • Evidence: Prevent loading old Evidence template content at the Issue level
  • Methodologies: validate presence of content
• Integration enhancements:
  • Authentication Integrations: Use the AuthenticationStrategies class for Rails 7 support
  • Burp: Fix compatibility with nokogiri >= 1.15
  • Nexpose:
    • Add port/protocol to evidences
    • Use the details in <os> as the OS node property
    • Import `vulnerability.risk_score` as a new Issue field
    • Allow multiple evidence with the same test id & node address
  • Qualys: Add support for the output for Qualys WAS API 3.13 and later
• Reporting enhancements:
  • Word:
    • Fix export crashing with links with trailing special characters
    • Skip link formatting for hyperlinks in inline code blocks
• Security Fixes:
  • Low: Authenticated (author) information disclosure
    • After a user has been removed from a project, they may still get notifications for Issues they were subscribed to, resulting in the disclosure of Issue titles.
  • Low: Information Disclosure in the Output Console of Upload Manager

Not using Dradis Pro?

• Automated reports, generate the same reports your clients know and love in a fraction of the time.
• Combine the output from 19+ different tools (including Qualys, Metasploit, Burp…) into a single report.
• Deliver consistent results. Never forget any steps, always know what has been covered and what is still ahead.
• Everyone on the same page: all information available across the team.
• Dradis Pro is reliable, with over 10 years of history, and has a top-notch dedicated support team.