jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1a6f956fb8eb1e7bd3fc11e4da7adb54115d30ed
cve-dashboard/CHANGELOG.md
Jordan Ramos 8d82245c86 Update CHANGELOG for v2.0.0 release
2026-05-26 14:10:42 -06:00

5.3 KiB
Raw Blame History

Changelog

All notable changes to the STEAM Security Dashboard are documented in this file.

Format follows Keep a Changelog and this project uses Semantic Versioning.

[2.0.0] — 2026-05-26

Breaking Changes

  • PostgreSQL migration — database engine switched from SQLite to PostgreSQL. Requires running deploy-postgres.sh, data migration, and DATABASE_URL env var. SQLite is no longer supported.
  • Multi-BU tenancy — data is now scoped per business unit with per-user team assignments. Replaces the previous binary scope toggle.
  • Raw Jira status display — removed Open/In Progress/Closed status mapping; shows the actual Jira status field everywhere.

Features

  • Jira integration overhaul
    • Flexible Jira ticket creation — CVE/Vendor fields optional, source context tracking
    • Multi-item Jira ticket creation from Ivanti Queue (consolidation modal)
    • Issue type dropdown and Save to Dashboard from Jira lookup
    • Success toast after consolidated ticket creation
    • Improved Jira lookup error messages
  • CCP Metrics page — multi-vertical VCL upload and cross-org compliance reporting
    • Metric-first hierarchy restructure with Jira cross-project sync
    • Per-metric forecast burndown chart
    • Aggregated burndown forecast on overview page
    • Sub-team drill-down with intermediate view and per-team breakdowns
    • Non-Compliant stat clickable with metric breakdown buttons
    • Compliant/total counts on metric summary cards
    • Per-metric remediation plans
    • VCL metric calculations guide
  • Exports page — Jira Tickets, CCP Metrics, and Remediation Status export cards
  • VCL compliance reporting — exec report page, device metadata fields, bulk upload
  • Data management panel — delete vertical, rollback upload, and reset all
  • In-app notification system — replaces Webex bot integration with native notifications
  • Remediation plan and resolution date history tracking
  • FP submissions cleanup — auto-clear approved, dismiss rejected, collapsible section
  • Re-queue findings from rejected FP submissions
  • DECOM workflow type — auto-note/hide on decom, show CVEs on CARD queue items
  • Interactive configuration wizard for deployment setup
  • Unified setup script (configure.js) merging deploy + config wizard
  • Per-BU trend lines in Ivanti counts history chart
  • Multi-select BU picker replacing binary scope toggle
  • Configurable IVANTI_MANAGED_BUS env var for multi-tenant drift classification
  • Pipeline-to-issue traceability via after_script comments in CI/CD
  • CI/CD pipeline with health endpoint and automated deploy stages
  • Docker Compose and deploy-postgres.sh for production cutover
  • Systemd service scripts for start/stop management
  • VCL vertical metadata — inline-editable team fields on compliance routes

Bug Fixes

  • Fix Clear Completed button failing on queue items with Jira ticket links (FK violation)
  • Fix status badge background making text invisible
  • Fix calendar SLA dates not highlighting after Postgres migration
  • Fix document View link using localhost instead of relative URL
  • Validate library doc file types before sending to Ivanti API
  • Improve FP workflow error messages — include Ivanti API response body
  • Fix forecast chart bar order and snapshot month derivation
  • Fix forecast deduplication for multi-vertical metrics
  • Fix CCP Metrics page crash for non-Admin users
  • Fix CCP Metrics crash when donut chart has zero non-compliant devices
  • Fix duplicate failing metrics on same asset across compliance endpoints
  • Fix duplicate chart entries on compliance page when multiple verticals share a report_date
  • Fix requeue inserting Postgres array literal instead of JSON into cves_json
  • Fix todo queue crash on malformed cves_json data
  • Fix AEO compliance page not showing metric health cards on dev
  • Fix double-counting in VCL multi-vertical stats — use only ALL: rollup rows
  • Fix compliance stats to use Summary sheet data instead of item counts
  • Fix route mount order: vcl-multi must precede general compliance router
  • Fix requeue: fallback to finding_ids_json when queue items are deleted or absent
  • Sync FP submission lifecycle_status from Ivanti currentState on fetch
  • Fix History tab crash: coerce Ivanti note fields to strings before rendering
  • Fix archive bar chart: fmtDate now handles ISO datetime strings from PostgreSQL
  • Fix Ivanti panel bugs: Invalid Date, wrong workflow count, crash on archive click
  • Fix BU drift checker: derive EXPECTED_BUS from IVANTI_BU_FILTER env var
  • Fix null bu_teams in postgres migration, add retry logic to deploy script
  • Fix missing created_by column in archer_tickets table
  • Fix FP workflow counts donut scoped by BU
  • Fix dotenv loading in db.js so DATABASE_URL is available on import

Maintenance

  • Track package-lock.json files for deterministic CI installs
  • Remove unused imports to satisfy ESLint thresholds
  • CI pipeline fixes: dependency installation, lint thresholds, test isolation
  • Auto-run migrations in pipeline
  • Strengthen migration registration hook
  • Documentation updates for PostgreSQL migration, systemd scripts, and reference manual

[1.0.0] — 2026-05-01

Initial release of the STEAM Security Dashboard.

Reference in New Issue View Git Blame Copy Permalink