We get many feature requests about the Business Intelligence Dashboard, and now the first batch is ready! You can now see year-over-year trends of activities and custom properties, and lists of your most common issues across projects. Get a clearer look at changes over time at a glance.
Copy existing mappings to new templates
The Mappings Manager lets you keep multiple different mappings for different templates across tools. Now we have also made it easier to copy existing template mappings to new or updated templates when you upload them. When you upload a new Kit, you can select the mappings to apply or copy:
When you upload a new template (e.g., when you have updated a template and you want to move to the newer version), you can choose to copy existing mappings or to create new ones:
This will get you up and running with updated templates quickly and easily!
Release Notes
Activities:
Include methodology name in all methodology actions
Business Intelligence:
Add Custom Properties view
Add Dashboard view with Year-Over-Year insights
Add sub-navigation
Font:
Improve font weight consistency for international characters
Layout:
Add custom error pages
Issuelib:
Update entry edit UI to match issue edit UI
Mappings:
Add an option to copy existing mappings when uploading kits or report templates
Rails:
Upgrade Rails version to 8.0.2.1
Ruby:
Upgrade Ruby version to 3.4.4
Upgraded gems:
resque, rexml, selenium-webdriver, thor
Bug fixes:
Combobox:
Prevent forcing the selection of the first available option for multi-select forms
Our designers have been working to completely overhaul the application interface to be more modern and integrated. Both the main interface and the individual projects view now use the same visual style, and you have access to all the application’s sections from the project view, so now you can go straight to your mappings or IssueLibrary from your project, rather than having to go through the Dashboard first.
Gateway Services and Questionnaires
As we continue to improve the features and possibilities of the Dradis Gateway, we have now created a new Services section of the portal. Here you can create questionnaires, which you can then send to Gateway Contributors. For example, you could use a questionnaire to establish the scope and goals of a penetration test before starting a Dradis project for them. On the basis of their responses, you can create a new project for their team right from the questionnaire results.
MFA with one-time passcodes
We have now created our own multi-factor authentication integration, Dradis OTP. You are no longer limited to using DuoWeb for free MFA in Dradis. With Dradis OTP, you can create and scan a QR code to use for MFA in whichever MFA app you prefer.
Audit logging
By popular request, we have created the Dradis Audit integration, which tracks activity in Dradis on a deeper level than the Recent Activity tabs and gathers it in one place. Your logs for the whole Dradis instance are now easily accessible for your security, compliance, and accountability needs.
Release Notes
Contributors:
Add an intermediate login page to prevent Microsoft Safe Links from consuming the one-time token
Add Notification Settings link
Forms: Add a combobox for selecting, filtering, and creating options
Hera: Add new layout with redesigned navigation
Navigation: Replace Turbolinks with Hotwire
QA:
Add project states and QA stats in the active projects card
Add View History link when viewing Issues/Content blocks
Add a ‘Reviewer’ role for publishing Issues/Content blocks
Automatically go to the next record after reviewing
Revisions: Show state changes in the revisions view
Usage Tracking: Track the choice of toggling on/off
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Cross-references in Word reports
A frequent report template request is being able to cross-reference Issues, so that you can have a summary table of issues in one part of the finished report that links to each full Issue description later in the report. Previously we have implemented this using VBA macros; now you can do it right in the Word template using content controls, no VBA needed!
You can create links in summary tables, or even refer to specific issues in other blocks of text (such as Content Blocks) with links directly to each individual issue you want to reference. For example, maybe you have a “Most urgent issues” content block? Now you can refer to those individual issues with links in text.
Reach out to us if you would like us to implement cross-referencing in your Word report templates, or if you currently have a VBA macro implementation of cross-referencing that you want to replace with the built-in cross-referencing feature.
Custom Tag Order
You have been able to customise tags in Dradis for a while; now you can sort them dynamically as well. For example, maybe you have your own custom “Resolved” tag as well as your typical High/Medium/Low tags, and you want Resolved issues sorted first. Now you can do that! Change your mind and want to see High issues first? Re-order the tags and you’re done.
Kit Updates
We refreshed our built-in Kits with updated templates for reports, projects, issues, and more. We also included integration mappings and rules, along with an OWASP Top 10 methodology update.
Kits can be deployed immediately on an instance (no upload required) and can be used immediately with some tool output for which mappings are included. Other tweaks like CVSSv4 support are also included.
Release Notes
Projects: Add `Owner` column to projects data table
Tags: Add custom ordering
Welcome Kit:
Add HTML report template
Add issue and evidence templates
Add integration mappings
Add project template
Add rules for Rules Engine
Update OWASP Top 10 methodology to latest version (2021)
Update report templates
Upgraded gems: net-scp, net-ssh, rexml
Bug fixes:
Dashboard: refresh cache on recent project changes
Word export: allow charts to be edited post-export
Integration enhancements:
Gateway: Process Liquid in content block, evidence, issue and note text by default when rendering template
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Liquid updates
Dradis v4.13.0 expands what you can do with Liquid content. Support for Liquid drops has been expanded so that they are available at more levels. For example, perhaps you want to have an auto-magically generated text in an Executive Summary ContentBlock that summarises recommendations for Issues and their respective Evidence locations, in order of severity? Now you can do that!
In addition, we have tweaked the Word exporter so that Liquid content is evaluated before Word filters. That means that you can use Liquid syntax to programmatically set filters. For example, perhaps you have filters in your Word template that separate Internal and External Issues. Now you can use Liquid to, for example, specify that if an Issue is found on a Node beginning in 192. then the Type should be set to “Internal”.
Or perhaps you want to select which ContentBlock sections to display based on the Project type as defined in a document property? Now, with some Liquid code in the relevant ContentBlock filter sections, you can do that!
Project Scheduler integration
The Project Scheduler is one of our most downloaded add-ons, and a frequently requested feature has been integrated with third-party calendars. This is now implemented in v4.13.0! The Scheduler now has a secure link to a .ics that will let you integrate the Dradis Project Scheduler with apps like Outlook, Thunderbird, and Apple Calendar. The .ics file can of course also be downloaded rather than linked.
Auto-generate Word report template properties
Correct configuration of Word templates’ Report Template Properties is essential to ensure that projects are correctly generated, validated, and exported. With our recent Mappings Manager overhaul with per-template mappings, the correct configuration of report template properties is also essential to tool uploads. To make this process easier for you, Dradis can now auto-detect report template properties when you upload a report template to your Dradis instance. If you create or tweak your own templates, and don’t want to go through a fiddly .rb file to configure a new Kit each time, this feature is for you!
Release Notes
Liquid: Make project-level collections available for Liquid syntax
Validations: Evaluate Liquid syntax before validating the fields
Upgraded gems: nokogiri, rails, redcloth, rexml
Bug fixes:
Business Intelligence:
Prevent the “Business Intelligence” navigation label overflowing (in Project and Team forms) on mid-size view ports
Prevent the “Compare” chart y-axis label from being covered by chart data
Navigation: Restore functionality of native browser back/forward buttons
Rules Engine: Prevent issues from getting multiple tags
Tables: Enable sorting by validation column status
Word: Prevent EvidenceCounter filters from being ignored
Integration enhancements:
Calculators: Add CVSS/Dread calculators to the Tools Manager
Rules Engine: Process Liquid syntax before matching field condition
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
New Mappings Manager
Dradis v4.12.0 contains a complete overhaul of how the Mappings Manager works. Mappings Manager configurations for each upload plugin (e.g. Nessus, Burp, Qualys…) are now directly associated with a particular report template and its associated report template properties. This means that you can have separate plugin mappings for separate report templates.
The editor itself has also been overhauled to be more user-friendly. Rather than having to manually type out the Dradis fields needed using their #[Field]# syntax, you can now pick “Source Fields” and “Dradis Fields” from dropdowns. Of course “Custom Text” and “Custom Field” options are also available.
This overhaul should also make it more straightforward to configure the Mappings Manager for report templates in Kits.
Your existing Mappings Manager configurations will be migrated to the new format on upgrade.
CVSSv4 Calculator
We heard you, now we support a CVSSv4 calculator right in the application!
Of course CVSSv3.0 and CVSSv3.1 are still supported as well. Pick your preferred version from the dropdown. You can have the outputs of multiple calculator versions in the same Issue if you like.
API Attachments
New funcionalities have been added to the API Attachments endpoint. You can now get the size, created_at, and (by popular request) a download link with an API call!
AWS and Azure images now officially supported
After a long time in Beta, we are now able to offer our Dradis images for AWS and Azure as officially supported by us, as long as our documented AWS or Azure deployment methods are followed.
Release Notes
Attachments: Add size, created_at, and download link to the API
Kits: Automate creating Mappings
Mappings Manager: Map fields from scanner integrations to Dradis fields
Upgraded gems:
nokogiri, rails
Bugs fixes:
Avatars: Allow both .jpg and .jpeg formats
Projects: Fix redirection when updating an issue or content block
Sidebar: Prevent version number from overlapping listed records
New integrations:
Pentera
Integration enhancements:
CVSS Calculator: Add CVSS v4 support
Integration Manager: Clarify integration status after enabling/disabling
Veracode:
Create evidence for every instance of <flaw>
Use cweid as the issue identifier
Reporting enhancements:
Word: Accept scope parameter in command line export
Excel: Accept scope parameter in command line export
Security Fixes:
High: Authenticated author path traversal on attachment rename
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Liquid Dynamic Content in Word and HTML reports
We have already supported Liquid content in Dradis Gateway templates for a while – now we are bringing Liquid Dynamic Content to Word and HTML reports as well.
Want to refer to document properties like dradis.client inside a ContentBlock? Want to show the count of evidence inside the text of an Issue? Want to use conditionals like “If this property is in Spanish, export this issue in Spanish instead of English”? Now you can! For example, the following will export into an Issue:
#[Description]#
Global:
{{ project.name }} for {{ team.name }} team
{{document_properties.available_properties}}
Tag Name:
{% for tag in issue.tags %} {{ tag.name}} {%endfor%}
CVSSv3 score:
{{ issue.fields['CVSSv3.BaseScore'] }}
Evidence:
{% for evidence in issue.evidence %} {{ evidence.fields["Label"] }} {%endfor%}
The {{ issue.title }} issue has {{ issue.evidence.size }} instances of Evidence
Evidence count per node:
{% for node in issue.affected %}
{{ node.label}} has {{node.evidence.size}} instances of evidence
{% endfor %}
It would give a result like the following:
Better filters in Word templates
We now have two more filtering options available in Word: Filters with spaces, and filters on Nodes.
Filtering with spaces means you can use double quotes in both field names and filter values. For example, you can filter by "CVSS Base"|(9.0..10.0) or Category|"A1 Injection".
Nodes can be filtered by Node Properties. For example, if you have a Node property for type with values of internal/external, you can filter a Node by type|internal to only see content for internal-type Nodes.
DuoWeb and ServiceNow support in the Integration Manager
We have changed the way our integrations work, so you can now install DuoWeb and ServiceNow right in the Integration Manager. No need to use the command line to install 2FA! You can also configure Duo and ServiceNow, as well as integrations like Azure DevOps, right in the Integration Manager.
Release Notes
AccessTokens: allow the storage of per-user encrypted tokens
QA: Show state changes in activity feed
Sessions: Store :secret_key_base in encrypted configuration file
Tylium: Extend support for Liquid Dynamic Content
Upgraded gems:
bootstrap, popper_js, simple_form
Bugs fixes:
Issue Library: Prevent rendering navbar over top of the fullscreen editor
QA: Redirect to correct view when changing states on QA edit views
Users: Force logout for users with locked accounts
Integration enhancements:
Acunetix: Parse inline code, not just code blocks
Burp: Adds strong and code tags parsing
CSV: Fix CSV Upload for files with special characters
Nessus:
Parse code tags as inline code
Add plugin_type as an available Issue field
Nexpose:
Parse inline code, not just code blocks
Wrap ciphers in the ssl-weak-message-authentication-code-algorithms finding
Qualys: Adds Request/Response Evidence fields for Web Application Scans (WAS)
Azure DevOps: Switch authentication from PAT to OAuth2
Duo 2FA:
Migrate to UI-based configuration
Add to Integrations Manager
ServiceNow:
Migrate to UI-based configuration
Add to Integrations Manager
Reporting enhancements:
Word
Add support for filtering nodes by properties
Add support for the notextile tag
Allow multi-word fields/values in the content control filters with double quotes
Extend support for liquid dynamic content in Word reports
Warn of missing blank lines around a screenshot only when it’s not the first or last item in a field
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Integration and Tool Manager
Now you can install and upgrade integrations (such as DuoWeb and Jira) and tools (such as the Gateway and the Remediation Tracker) directly in the Dradis application – no need to use ssh or the command line! Simply browse to the Integration and Tool Manager in Dradis v4.6, Get the tool, and then Enable it. Then you should be good to go!
Instance Dashboard
Want a better overview of what is going on in your Dradis instance after login? The new Instance Dashboard gives you an at-a-glance overview of Projects, Tickets, and Tasks assigned to you; a list of the newest unread notifications; and and overview of what’s new in the latest version of Dradis.
As a new feature, please do let us know if there are other things you would like to see or change on the instance dashboard once you start using it.
Permanently delete items in Trash
As of v4.2 of Dradis, you could soft-delete projects and teams so they end up in an Instance Trash. However, to permanently delete items in trash, you needed to use the command line. Not anymore! Now you can permanently delete items in Trash straight from the UI.
New Kits
We have long had a few templates and kits available for download at the Dradis Users Portal. We have overhauled some of these kits and made them available directly from the Dradis UI. Simply go to Templates –> Kit Upload, and either upload a kit file as you normally would, or click the Upload button under your preferred preinstalled testing kit.
Release Notes
Dashboard: See active projects, notifications, assignments, and what’s new in one view
Integration and Tool Manager: Add UI for installing and managing integrations
Kits:
Add selection of kits to choose from
Enable import of kit with no templates
Mintcreek: Adjust element contrast ratios to be WCAG 2.1 compliant
Navbar:
Split the Addons menu into Integrations and Tools menus
Remove inaccessible addon’s menu items for contributors
Notes: Remove category selection from form UI
Projects: Update active projects empty state
Trash: Delete projects and teams permanently
Rubocop: lint changed files since previous commit
Upgraded gems:
nokogiri
Bugs fixes:
Comments: Align comment header content in Safari
Content Blocks: Fix revision history links
New integrations:
Core Impact
Veracode
Integration enhancements:
Implement enable/disable feature for Gateway, JIRA, Remediation Tracker, Scheduler, and VSTS
JIRA:
Add view for editing configuration
Hide link in addons menu for contributors
VSTS:
Add view for editing configuration
Issues: add WorkItem Status and Comment feed
REST/JSON API: new v2 released
Projects: undiscard and permanently delete from trash.
Teams:
Undiscard and permanently delete from trash.
Deprecate the “/clients” endpoint, use “/teams”
Deprecate the “client_since” attribute, use “team_since”
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
CSV Importer
Dradis can now import CSV files into projects! Some vulnerability scanners produce output in CSV format rather than e.g. XML or JSON. You can now import these (and other) CSV files into Dradis, and configure which column to assign to which field in your Dradis projects on a per-file basis. Simply go to “Upload”, select the CSV importer, upload a file, and you will be redirected to an interface to assign data to fields. As with other plugins, you can create Issue, Evidence, or Node data and fields.
This is v1 of the CSV importer, so we look forward to your feedback on what works for you and what you would like to see in the future from this feature!
Note that for the sake of internal naming consistency, we have renamed the CSV exporter plugin with this change, so if you have the CSV exporter installed, you will need to reinstall the plugin as dradis-csv_export.
JIRA bulk send
Do you use our JIRA integration? If so, you can now bulk-send issues to JIRA. Simply select multiple issues from your project in the “All Issues” view, and click “Send to JIRA”:
That will send all your selected issues to the Dradis-JIRA interface. Pick the destination project, issue type, and other required fields for each item, and you’re done!
Bug fixes and quality-of-life improvements
Another focus of the v4.5 release is working through some bug reports and lower-level requests we have accumulated over time.
Bug fixes include multiple items relating to attachment validation and export, Node labels linking to external resources (so e.g. clicking on a Node label of “www.google.com” will no longer redirect you to Google instead of the Node in Dradis), and the Rules Engine matching against IssueLibrary entries without trailing empty lines.
Quality-of-life improvements include adding Revision History for Content Blocks and improved error messages in the Output Console on Word report export. Check our release notes for more detail!
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Auto-update Charts in Word
Previously, to include charts in Word templates, VBA macros were necessary to be able to update the charts in exported reports. This was a problem for the Mac users among us, as the relevant VBA is not supported in Office for Mac. We have now tweaked the reporting engine so that the source Excel sheets for charts in Word can be filled in with filters so they will auto-update during the export process from Dradis. The supported filters support the majority of use cases we have seen, such as issue counts by CVSS score, severity, type, category, host, etc.
Gateway comments
Do you use the Dradis Gateway? We have now improved this collaboration feature! Comments are already supported within Dradis projects, but now comments have reached the Gateway as well. If you are an Admin or Author on a project, you can choose to make a comment public (available on Gateway) or not (only visible to your team members within the project). Gateway contributors are able to view your public comments and submit their own comments on issues and other content inside the Gateway.
Qualys Asset Scans
Dradis now supports Qualys Asset Scans! This expands our Qualys coverage to include:
Qualys Vulnerability Scans (Vuln)
Qualys Web Application Scans (WAS)
Qualys Asset Scans (ASSET)
Release Notes
Comments: Show public comments for issues in a project
Mintcreek: Add breadcrumb navigation
Uploads: Allow subsequent file uploads from the same scanner without needing to re-select the scanner
Upgraded gems:
nokogiri, rails
Bugs fixes:
Document Properties: Set focus to property name/value inputs when clicking the edit icon
Editor:
Add keyboard shortcut support for windows and linux
Allow comparing document property values with “==” operator
Allow text selection expansion using shift-click
Issues: Show correct links in the “Send To” menu
Subscriptions: Show correct Subscribe/Unsubscribe link after a new comment is posted
Tables: Prevent columns state from resetting after 2 hours
Teams: Prevent displaying trashed projects
Tylium: Remove extra left padding from the first line of content in a code block
Upload: Show pre upload validation for Qualys
Integration enhancements:
Openvas: Update Node label parsing. Include :hostname and :asset_id properties.
Qualys: Add Qualys Asset Scanner (ASSET) support
Reporting enhancements:
Word: Charts in Word can now be exported without the need for macros
Security Fixes:
Low: Password reset token can be reused in a 5-minute window
We’re heading to Singapore for Black Hat Asia 2025, and we’ll be showing off the latest in streamlined reporting and collaboration at our Dradis Arsenal demo. We’re excited to be part of the Black Hat Arsenal, demoing how Dradis helps security teams collaborate and report more effectively.
Catch us here:
🧪 Dradis @ Black Hat Arsenal Business Hall – Arsenal Station 3 📅 April 3, 10:05am-11:20am
Learn how our most recent updates—which include in-app quality assurance workflows, easier deployment with Docker, and AI-driven enhancements—allow for the creation of reports faster and with greater quality.
When we’re not presenting, we’ll be diving into the briefings, trainings, and executive summits across AI, exploit development, cloud, and physical infrastructure. Here’s what we’re most excited about.
Project Soft-Delete and Instance Level Trash
Previously, once you deleted a project or a team, it was gone forever! We have now added soft-delete and an instance-level trash. So, if you delete a project or team, you can find it in your instance’s Trash, and you can recover it from there.
Choose Which Fields to Display by Default in Projects
In recent versions of Dradis, new projects will display all fields for Issues and Evidence in their respective tables by default. This can lead to a cluttered view. You can update which columns to display, but this is stored on a per-project basis. Now, you can select which Issue and Evidence fields to display by default in the Report Template Properties for your project’s associated report template in Templates –> Reports. Simply switch the toggle to “Show” to whichever fields you want to display by default, and that will apply instance-wide from then on. Of course, if you have project-specific preferences, or if you have multiple people working on the same project but with different preferences of which columns to display, each user can still manually set their preferences on a per-project basis as before.
Improved Evidence Creation from the Issue Level
Dradis lets you add Evidence directly from Issues by going to the Evidence tab of an Issue and hitting the “+ New Evidence” button. Previously that only allowed you to add a blank piece of Evidence or adding a Note template with no customised content. Now, you can customise the content right in the “Add New Evidence” form and choose where to put it, including in new nested Nodes.
Release Notes
Editor: Support fields with the same name in the Fields View
Increased table loading performance on Issues, Evidence, and Notes for
projects with a lot of issues, evidence, or notes
Issues:
Display evidence in a table
Load evidence tab content asynchronously
Multi-delete evidence at the issue level
Update evidence content while creating evidence records at the issue-level
Notifications Navbar Dropdown:
Improve font-sizes
Wrap long notifications links
Projects:
Generate default report content when updating the report template
Truncate long team name badges in active project cards
Report Templates: Add Show option to display certain evidence and issue fields by default in tables
Trash: Allow projects and teams to be soft deleted
Tylium:
Import CSS manifests from addons
Move ‘…’ (more actions) menu closer to the content affected by the actions of the menu
Move the ‘Edit’ action out of the ‘…’ (more actions) menu for issues, evidence, notes, etc.
Remove extra left padding from the first line of content in a code block
Remove height restriction from code blocks
Simplify issues table columns
Updates focus state outline color
Upgraded gems:
mini_racer, puma, rails
Bug fixes:
Comments: Show sticky toolbar when adding long comments
Issues: Send To menu updates when new plugins are installed
Fixes background services from not restarting after upgrades
Liquid drops: Allow author collection to be called in ProjectDrop
Methodology: Fix misformatted cards when saving a methodology as a template
Redirect back to issue when updating evidence from the issue level
Rules Engine: Allow authors with “update” permission to sort rules
Tables: Prevent the select all button from selecting filtered out rows when a filter is been applied
Subscriptions: Fixed a caching issue preventing users from subscribing or
unsubscribing after the first cache was stored
Integration enhancements:
Dradis Projects:
Fixes missing parent nodes during template and package imports
Fixes missing nodes for attachments during template and package imports
Gateway:
Bug fixes:
Fixes ‘authors’ call for the atlantia theme
Fixes missing attachments crashing Gateway
Select a default pane when Authors edit a Gateway project instead of
loading a mostly blank screen
Nexpose:
Add the Hostname Node property from the name rather than site-name tag
Nipper:
Add Nipperv1 fields to issues
PDF Export:
Add Thor task for console export
Add view hook for Export#index
Qualys:
Add ‘element.qualys_collection’ as issue field
Add Qualys Web Application Scanner (WAS) support
Remediation Tracker:
Bug fixes: Hide the tickets’ “edit” and “delete” buttons for unauthorized users
SAML:
Add PingIdentity support
Add SAML logo to Log in button
Increases log verbosity on errors
Scheduler
No longers shows disabled projects in the calendar
VSTS:
Format issue content when sending to VSTS
REST/JSON API enhancements:
Projects/Teams:
Discard Projects through the DELETE endpoint
Hide discarded projects/teams from endpoints
Security Fixes:
Low: Authenticated author broken access control: read access to screenshots
