jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cc8bd5a4cfde3fbe37e4740c76efa36c57aa62d
cve-dashboard/CHANGELOG.md
Jordan Ramos e4abf8dc9b Update CHANGELOG for v2.1.0 release 
Add Archer Template Library to the feature list.
2026-06-02 16:09:28 -06:00

6.9 KiB
Raw Blame History

Changelog

All notable changes to the STEAM Security Dashboard are documented in this file.

Format follows Keep a Changelog and this project uses Semantic Versioning.

[2.1.0] — 2026-06-06

Features

  • Archer Template Library — new template management system for Archer Risk Acceptance forms. Store static content (Environment Overview, Segmentation, Mitigating Controls) organized by Vendor > Platform > Model. Full CRUD with clone, search/filter, and per-section copy-to-clipboard. Accessible from the nav drawer (Template Mgr) and integrated into the Ivanti Queue for Archer workflow items.
  • Estimated resolution date per metric — the compliance asset sidebar now shows each noncompliant metric's estimated resolution date at the top of its section, in YYYY-MM-DD format, with placeholders for metrics that have no date set or an invalid date (closes #20)
  • CARD Action Modal with full owner context
  • Granite Loader Sheet generator with CARD enrichment, plus a Loader Sheet button on the Reporting page queue panel
  • Vendor-specific issue type dropdown for Jira ticket creation, with all vendor project keys
  • LIVE and LAST REPORT badges on the VCL compliance page
  • Collapsible sections on the Ivanti Queue page and side panel

Bug Fixes

  • Fix remediation plan and resolution date missing from the compliance table; format resolution_date as YYYY-MM-DD
  • Improve CARD action error messages and default loader columns
  • Fix CARD production timeout by forcing IPv4 (dns.setDefaultResultOrder('ipv4first'))
  • Add IP address validation to CARD confirm/decline/redirect actions
  • Auto-resolve bare IP to CARD asset ID with suffix lookup
  • Increase CARD API timeout from 15s to 30s
  • Rewrite CARD enrich-batch to use the team assets endpoint for full data

[2.0.0] — 2026-05-26

Breaking Changes

  • PostgreSQL migration — database engine switched from SQLite to PostgreSQL. Requires running deploy-postgres.sh, data migration, and DATABASE_URL env var. SQLite is no longer supported.
  • Multi-BU tenancy — data is now scoped per business unit with per-user team assignments. Replaces the previous binary scope toggle.
  • Raw Jira status display — removed Open/In Progress/Closed status mapping; shows the actual Jira status field everywhere.

Features

  • Jira integration overhaul
    • Flexible Jira ticket creation — CVE/Vendor fields optional, source context tracking
    • Multi-item Jira ticket creation from Ivanti Queue (consolidation modal)
    • Issue type dropdown and Save to Dashboard from Jira lookup
    • Success toast after consolidated ticket creation
    • Improved Jira lookup error messages
  • CCP Metrics page — multi-vertical VCL upload and cross-org compliance reporting
    • Metric-first hierarchy restructure with Jira cross-project sync
    • Per-metric forecast burndown chart
    • Aggregated burndown forecast on overview page
    • Sub-team drill-down with intermediate view and per-team breakdowns
    • Non-Compliant stat clickable with metric breakdown buttons
    • Compliant/total counts on metric summary cards
    • Per-metric remediation plans
    • VCL metric calculations guide
  • Exports page — Jira Tickets, CCP Metrics, and Remediation Status export cards
  • VCL compliance reporting — exec report page, device metadata fields, bulk upload
  • Data management panel — delete vertical, rollback upload, and reset all
  • In-app notification system — replaces Webex bot integration with native notifications
  • Remediation plan and resolution date history tracking
  • FP submissions cleanup — auto-clear approved, dismiss rejected, collapsible section
  • Re-queue findings from rejected FP submissions
  • DECOM workflow type — auto-note/hide on decom, show CVEs on CARD queue items
  • Interactive configuration wizard for deployment setup
  • Unified setup script (configure.js) merging deploy + config wizard
  • Per-BU trend lines in Ivanti counts history chart
  • Multi-select BU picker replacing binary scope toggle
  • Configurable IVANTI_MANAGED_BUS env var for multi-tenant drift classification
  • Pipeline-to-issue traceability via after_script comments in CI/CD
  • CI/CD pipeline with health endpoint and automated deploy stages
  • Docker Compose and deploy-postgres.sh for production cutover
  • Systemd service scripts for start/stop management
  • VCL vertical metadata — inline-editable team fields on compliance routes

Bug Fixes

  • Fix Clear Completed button failing on queue items with Jira ticket links (FK violation)
  • Fix status badge background making text invisible
  • Fix calendar SLA dates not highlighting after Postgres migration
  • Fix document View link using localhost instead of relative URL
  • Validate library doc file types before sending to Ivanti API
  • Improve FP workflow error messages — include Ivanti API response body
  • Fix forecast chart bar order and snapshot month derivation
  • Fix forecast deduplication for multi-vertical metrics
  • Fix CCP Metrics page crash for non-Admin users
  • Fix CCP Metrics crash when donut chart has zero non-compliant devices
  • Fix duplicate failing metrics on same asset across compliance endpoints
  • Fix duplicate chart entries on compliance page when multiple verticals share a report_date
  • Fix requeue inserting Postgres array literal instead of JSON into cves_json
  • Fix todo queue crash on malformed cves_json data
  • Fix AEO compliance page not showing metric health cards on dev
  • Fix double-counting in VCL multi-vertical stats — use only ALL: rollup rows
  • Fix compliance stats to use Summary sheet data instead of item counts
  • Fix route mount order: vcl-multi must precede general compliance router
  • Fix requeue: fallback to finding_ids_json when queue items are deleted or absent
  • Sync FP submission lifecycle_status from Ivanti currentState on fetch
  • Fix History tab crash: coerce Ivanti note fields to strings before rendering
  • Fix archive bar chart: fmtDate now handles ISO datetime strings from PostgreSQL
  • Fix Ivanti panel bugs: Invalid Date, wrong workflow count, crash on archive click
  • Fix BU drift checker: derive EXPECTED_BUS from IVANTI_BU_FILTER env var
  • Fix null bu_teams in postgres migration, add retry logic to deploy script
  • Fix missing created_by column in archer_tickets table
  • Fix FP workflow counts donut scoped by BU
  • Fix dotenv loading in db.js so DATABASE_URL is available on import

Maintenance

  • Track package-lock.json files for deterministic CI installs
  • Remove unused imports to satisfy ESLint thresholds
  • CI pipeline fixes: dependency installation, lint thresholds, test isolation
  • Auto-run migrations in pipeline
  • Strengthen migration registration hook
  • Documentation updates for PostgreSQL migration, systemd scripts, and reference manual

[1.0.0] — 2026-05-01

Initial release of the STEAM Security Dashboard.

Reference in New Issue View Git Blame Copy Permalink