We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.

Catch us here:

🧪 Dradis @ Black Hat Arsenal
📅 March 27, 15:30–17:50 SGT

Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.

📍 See our Arsenal session

When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.

Bug Fixes

Dradis v4.11.0 is full of bug fixes and technical updates. You may not see brand new features or changes to the UI but we fixed many, many different things behind the scenes. We also updated some behind-the-scenes aspects like the rails version.

Improved version history

We’ve improved the version history and the way that it displays. Previously, the entire line/paragraph would be marked as changed, even if a single word was changed. Check out the new and improved version!

Fixed liquid dynamic content preview in the editor

We’ve also improved the way that Liquid Dynamic Content previews in the editor

Fixed export crashing with links with trailing special character

Previously, exports would crash if you included a link with a trailing special character. No more!

Fixed link formatting for hyperlinks in inline code blocks

We’ve also fixed the formatting of links inside code blocks so that they appear in the report exactly how you’d expect them to appear.

Release Notes

• Assets: Add importmap-rails to handle js libraries
• Liquid: Add LiquidAssignsService
• nginx: Add HTTP/2 support
• Revision history: Improve version history for content with carriage return
• Tylium: Show liquid content in editor preview
• Web-server: Replace unicorn with puma in production
• Validation: Display attachment validator errors when viewing/editing a record
• Flash alert: Allow the ‘license about to expire’ alert to be dismissed for the session
• Upgraded gems:
  • rails, resque-scheduler
• Bug fixes:
  • Code blocks: Remove extra padding and background for code elements outside of projects
  • Contributors: Expire one time token after login
  • Evidence: Prevent loading old Evidence template content at the Issue level
  • Methodologies: validate presence of content
• Integration enhancements:
  • Authentication Integrations: Use the AuthenticationStrategies class for Rails 7 support
  • Burp: Fix compatibility with nokogiri >= 1.15
  • Nexpose:
    • Add port/protocol to evidences
    • Use the details in <os> as the OS node property
    • Import `vulnerability.risk_score` as a new Issue field
    • Allow multiple evidence with the same test id & node address
  • Qualys: Add support for the output for Qualys WAS API 3.13 and later
• Reporting enhancements:
  • Word:
    • Fix export crashing with links with trailing special characters
    • Skip link formatting for hyperlinks in inline code blocks
• Security Fixes:
  • Low: Authenticated (author) information disclosure
    • After a user has been removed from a project, they may still get notifications for Issues they were subscribed to, resulting in the disclosure of Issue titles.
  • Low: Information Disclosure in the Output Console of Upload Manager

Not using Dradis Pro?