Changelog

v1.22.1

2024-11-04

• Bug fixes:
  • Use relative URL instead of external URL defined in global settings to access integrated API documentation

v1.22.0

2024-10-30

• New features:
  • Integrated API documentation available at: https://{YOUR CTFREAK INSTANCE}/api/v1/doc/
  • Execution timeout can now be specified at the global or project level
    • Global execution timeout is mandatory (30 days default)
    • At the very least, the global execution timeout is used, so an execution always has a defined timeout.
• Enhancements:
  • Improve logs
  • Update dependencies
• FREE Edition’s sequential execution restriction also applies to sub-executions

v1.21.0

2024-10-18

• New features:
  • Local command tasks support per-second scheduling granularity via an optional parameter for their cron expression (e.g. 20 * * * * * for execution every minute at the 20th second)
• Enhancements:
  • When a local command execution is aborted under linux & freebsd, this abort also applies to child processes
  • Execution retention period can now be set to 0 days (for tasks where only the last execution status/date needs to be retained)
  • By default, the internal database stores its temporary data in memory. This can now be disabled in the configuration file via the new useMemoryTempStoreFg flag
• Bug fixes:
  • Fix timeout error when CTFreak is started as a service on Windows (time-consuming internal database maintenance operations are now performed just after the service is considered to have been started by windows)
  • Fix memory leak when deleting a project with scheduled tasks
  • On new project form
    • Add missing Disable task scheduling option
    • Project Id is editable again

v1.20.0

2024-10-10

• New features:
  • Task scheduling can be disabled at the project level
  • Task lists provide information on the last execution of each task
• Enhancements:
  • Projects containing scheduled tasks can be deleted
  • Add ended execution date to executions lists
  • Update dependencies
  • Back-end is built with Go 1.23.2
• Bug fixes:
  • Fix truncated logs issue on high-frequency local command execution
  • Check min/max values for execution retention period specified at the project or task level
  • When the SSH session handshake hangs, execution can now be aborted
  • Use SIGTERM instead of SIGHUP as the first attempt to abort an ssh session

v1.19.0

2024-09-29

• New features:
  • Local command task: execute a command directly on the server where CTFreak is installed
    • For those who need to schedule high-frequency command execution, local command task may be more suitable than command task, as it avoids SSH connection overload
    • Project constants and Task parameters can be used as environnement variables
    • Only an administrator can create this type of task
  • Log output task setting to define whether or not logs should be stored for local command, command, bash script, powershell script and sql script tasks
  • Global setting Disable project and task execution counters to prevents UI slowdowns when the execution history exceeds one million
  • Timeout task setting is available for all task types (it is no longer specific to http request tasks).
  • Task timeouts can be specified in seconds, minutes, hours or days
  • Advanced executor role to launch tasks associated with a project or view their executions including logs
• Enhancements:
  • When explicitly executing a task on all nodes or databases, Nodes/Databases Set filter must no longer be empty but contain the ‘*’ character
  • Optimized response times and refresh rate for retrieving execution lists
  • Execution lists can be restricted to aborted executions
  • When deleting a project, task or execution, the associated execution log folders are now deleted in the background
  • Aborting project, task or execution list retrieval immediately frees up resources
  • API Breaking change:
    • Reading/creating/updating tasks
    • Reading nodes
• Bug fixes:
  • Fix a race condition causing scheduling to stall (Happens when a change of execution state occurs at the same time as a cancellation of an execution list refresh in the web interface)
  • Prevents deletion of a project that still contains scheduled tasks
  • Fix minor memory leak from missing context cancellations
  • Multiple spaces are now preserved in log viewer

v1.18.1

2024-09-16

• Bug fixes:
  • Fix regression preventing bash script, powershell script, and sql report tasks creation

v1.18.0

2024-09-14

• New features:
  • Improved Workflow tasks:
    • Maximum number of concurrent child task executions is now configurable for workflow tasks that execute child tasks concurrently
    • Child tasks can be disabled/re-enabled (involves a breaking change in child task structure when reading/creating/updating workflow tasks through the API)
• Enhancements:
  • Drag & drop replaces move buttons to reorder Workflow Child tasks
  • Drag & drop completes move buttons to reorder:
    • SQL Report Charts
    • Task Parameters
  • Update dependencies
  • Use core24 base for snap build
• Bug fixes:
  • Remove unwanted child tasks deduplication displayed in Workflow task pages

v1.17.0

2024-08-26

• New features:
  • Execution retention period can now be specified at the project or task level
  • Files can be deleted in Node file explorer (requires at least STARTUP Edition)
• Enhancements:
  • Add a delay between failed login attempts to prevent brute-force attacks
  • Execution lists can be dynamically filtered by task name
  • Node lists can be dynamically filtered by node name
  • In SQL report tasks, chart base width becomes a minimum width: if the displayed width is less than the base/minimum width, a horizontal scroll bar appears rather than shrinking the chart
  • Add explicit Node unreachable error on failed SSH connection attempt
  • Revamp SSH connection management
  • Back-end is built with Go 1.23
• Bug fixes:
  • Removal of Windows Defender false positives with ctfreak.exe
  • Fix unreleased resources on failed Postgresql database connections over SSH tunneling
  • API execution creation now returns http code 201 instead of 200
  • Fix default submit button issues on task edition

v1.16.0

2024-07-30

• New features:
  • Node file explorer: CTFreak can now be used as a read-only SFTP web client for all your nodes
• Enhancements:
  • Smoother UI navigation with improved concurrent read-only access to backend database
  • Update dependencies
• Bug Fixes:
  • Fix saving of node filter tag exclusion when editing tasks

v1.15.0

2024-06-27

• New features:
  • Improved HTTP Request tasks:
    • Add optional HTTP response logging (status, headers and body)
    • JSON response body auto-prettifying
• Enhancements:
  • Add FreeBSD amd64 & arm64 build and install process
  • Add Linux arm64 build
  • Remove Linux arm32 build
  • Back-end is built with Go 1.22
  • Update dependencies
  • Update internal log timestamp format
• Reworking of FREE & STARTUP Edition license
• Bug Fixes:
  • Fix scrolling reset issues when editing large scripts
  • Remove redundant logs when executing SQL script task

v1.14.2

2024-05-12

• Bug Fixes:
  • Fix gitlab incoming webhook calls
  • Improve logs of failed incoming webhook calls

v1.14.0

2024-02-13

• New features:
  • Parameterizable tasks:
    • Define a list of parameters per task
    • Parameter types can be either Selector, Checkbox, Integer, Date, or Text
    • Each parameter has a default value
    • Set parameter values on new execution form
    • Use them in your Bash or Powershell script tasks as environment variables
    • Use them in your SQL report tasks as query parameters
    • Very useful to allow business users to execute a task with restricted options
• Project constants can now be used in your SQL report tasks as query parameters
• Enhancements:
  • !!Breaking change!!: the : symbols in SQL report task queries must now be doubled, so as not to be confused with a query parameter
  • CF_PC_ project constant prefixes have been renamed to CPC_ (renaming in existing bash and powershell scripts will be done automatically on CTFreak instance update)
  • Improve Rest API error messages
  • Update dependencies
• FREE Edition specs update and new BUSINESS Edition (see ctfreak.com homepage)
• Bug Fixes:
  • Fix default submit button issues on some forms
  • Use SMTP without authentication when SMTP Username is empty

v1.13.2

2024-01-10

• Bug Fixes:
  • Support LOGIN SMTP authentication method in addition to PLAIN to enable email notifications to be sent to MS Office 365 smtp server

v1.13.1

2023-12-28

• Enhancements:
  • Migrate to CodeMirror 6
  • Update dependencies
  • Reworking of license page
• Bug Fixes:
  • Fix line wrap overflow issue when editing scripts
  • Fix chart duplication issue on SQL report tasks

v1.13.0

2023-10-24

• New features:
  • Project constants:
    • Define a list of constants per project
    • Use them in your bash or powershell script tasks as environment variables
    • Update the value of your constants instead of updating your scripts
• Enhancements:
  • Replace deprecated dependency to manage OpenID Connect token
  • Migrate front-end to Svelte 4
  • Update dependencies
  • Reworking of demo project

v1.12.0

2023-09-21

• New features:
  • In SQL Report tasks:
    • Charts can be duplicated
    • New options to force axes to begin at zero
• Enhancements:
  • Improve UI:
    • Increase selection area size for links
    • Reduces footer refresh rate
    • Update colors
  • Add license alerting:
    • Remaining days before license expiration
    • License check issues
  • New About page with third-party software list
• Bug Fixes:
  • Reverse top and bottom axis for horizontal bar/line charts
  • Fix typo in sql report

v1.11.1

2023-08-13

• Enhancements:
  • List of notifiers now transitions from a table to a grid on mobile resolution
  • Back-end is now built with Go 1.21
• Bug Fixes:
  • Upon first startup, create the directory $HOME/.config if it is missing as needed

v1.11.0

2023-08-05

• New features:
  • New SQL Report task:
    • Generate a responsive report from SQL queries
    • Mix multiple data sources
    • Choose from various types of charts
    • The FREE Edition allows creating up to 2 SQL report tasks
  • New project viewer role:
    • A user with this role on a given project will only be able to view the execution results of the project’s tasks (not the log files)
    • This role is ideal for restricting business users to access only the reports generated by SQL Report task
• Enhancements:
  • Redesign of sub-execution database storage
  • New task type selector
  • Update dependencies
• FREE Edition specs update
• Bug Fixes:
  • Fix empty workflow edition issue
  • Remove Delete execution button for user with executor role
  • Fix cache issues on iOS

v1.10.1

2023-06-20

• Enhancements:
  • Add command line arguments to setup external url and main OpenID Connect auth provider at startup of CTFreak
  • Call OpenID Connect userinfo endpoint as fallback for missing claims in ID Token

v1.10.0

2023-06-18

• New features:
  • Maximum number of concurrent shell script/command executions is now configurable for dedicated tasks
• Enhancements:
  • A SQL script task can now be re-executed only on the failed databases of a previous execution
• Bug Fixes:
  • Add explicit OpenID Connect “Empty user name” error message
  • Fix Typo in SSH credentials
  • Fix node/database execution list refresh issues with active/failed executions filter

v1.9.2

2023-05-30

• Enhancements:
  • Retrieve mysql error number on failed database connection
• Bug Fixes:
  • Aborted SQL script task should return Aborted instead of Failed for final status
  • RAISE NOTICE commands now properly appear in logs of SQL Script tasks for Postgresql databases without SSH tunneling
  • Fix SQL Script Aborting for Postgresql databases with SSH tunneling

v1.9.0

2023-05-12

• New features:
  • CTFreak now manages databases (following the same principle as nodes) !
    • Mysql and Postgresql are the first supported types, with others being added in future updates
    • Nodes can be used to connect to databases via an SSH tunnel
  • New SQL script task: execute SQL or PL/SQL script on databases
  • New global settings option to disable task scheduling
• Enhancements:
  • !!Breaking change!!: node names are now unique. Any existing duplicates (if there are any) will therefore be given a new name “{old name}-1”, “{old name}-2”, … after the update.
  • Failed external node source syncs return more detailed errors
  • Node filters no longer exclude nodes without credential
  • Add all/active/failed executions filter for execution list
  • Update dependencies

v1.8.4

2023-04-11

• New features:
  • Custom logo displayed on the login page and in the header of the sidebar menu (PRO Edition only)
• Enhancements:
  • Perform a database vacuum when ctfreak starts

v1.8.3

2023-03-19

• Enhancements:
  • Redesigned notification conditions in task editor

v1.8.2

2023-03-11

• New features:
  • New Replacement multiple execution policy: when receiving an execution request while an execution is already running for a given task, abort the running one and chain a new execution

v1.8.1

2023-03-10

• New features:
  • New Smart chaining multiple execution policy: when receiving an execution request while an execution is already running for a given task, chain the new execution (this is particularly useful for setting up a CI/CD pipeline)
• Enhancements:
  • Requests for forbidden concurrent executions are rejected rather than resulting in a new failed execution
  • Project task lists can be dynamically filtered by task name
  • Add profile page
  • Use profile picture for OpenID Connect users
• Bug Fixes:
  • OpenID Connect users “Full name” field is not editable anymore
  • Fix the link that redirects to the cron format documentation

v1.7.2

2023-02-23

• Enhancements:
  • Use a darker theme color for better text readability
• Bug Fixes:
  • When requesting the aborting of the execution of a command or script task, a SIGHUP signal is now sent for a graceful shutdown

v1.7.1

2023-02-18

• New features:
  • Add Incoming Webhooks:
    • Generic webhook to execute a task with a simple HTTP POST request
    • Github/Gitlab webhook to execute a task after an event (push, …)
• Enhancements:
  • Add task type preselection page
  • Add notifier type preselection page
  • Schedule embedded database analyze once a day to improve performance
  • API return distinct error messages for missing discord/mattermost/slack/msteams notifier parameters
  • Update dependencies

v1.6.0

2023-01-31

• New features:
  • Add Telegram notifications
  • Add MS Teams notifications
• Enhancements:
  • Add a command line argument to bypass the http port stored in the config file

v1.5.2

2023-01-10

• Bug Fixes:
  • CTFreak can now be properly run as a Windows service

v1.5.1

2023-01-09

• New features:
  • New Powershell script task: execute powershell scripts on windows nodes through SSH
  • New node page with the list of tasks using the node (very useful for checking if there are still tasks related to the node before deleting it)
• Enhancements:
  • !!Breaking change!! for Windows CTFreak instances: CTFreak config folder is no longer %AppData%\ctfreak but %LocalAppData%\ctfreak (think of moving your folder before your upgrade)
  • Add pagination of the task list on project pages
  • All listings increase from 30 to 40 items per page
  • The execution of a task now systematically requires a confirmation and redirects to the execution page
  • Notifications previously sent only in case of failed executions are now also sent in case of aborted executions
• Bug Fixes:
  • Fix failed webhook call detection for Discord/Mattermost/Slack notifiers
  • Discord notifier name should not contain “discord”
  • Fix dead link in credential listing

v1.4.0

2023-01-04

• New features:
  • Node filters now handles tag or node name exclusions with ! prefix
• Enhancements:
  • Add a footer mention when a new ctfreak release is available to download
• Bug Fixes:
  • Add a link to execution page in email notifications

v1.3.2

2022-12-28

• Bug Fixes:
  • Fix Microsoft OpenID Connect preset
  • Add X-Accel-Buffering http header to prevent logs loading issues with nginx reverse-proxy

v1.3.1

2022-12-27

• Enhancements:
  • Add Salesforce & Onelogin OpenID Connect presets
• Bug Fixes:
  • Fix missing nodes menu for admin users without any project manager role

v1.3.0

2022-12-22

• New features:
  • Add SSO via OpenID Connect
  • Add user rights management
  • Users are deletable
• Enhancements:
  • Hide unassigned projects from non-admin users
  • Update dependencies
• Bug Fixes:
  • Fix for disabled users not being taken into account in some cases
  • Fix null error messages on user creation or update

v1.2.0

2022-10-25

• New features:
  • Add new Email Notifier
  • All notifiers can now be tested on demand
  • Add notifications for execution failures
• Enhancements:
  • Remove empty headers on HTTP Request task creation

v1.1.2

2022-10-18

• Bug Fixes:
  • Fix typo on Credential page
  • Fix OAuth Access Token

v1.1.1

2022-09-26

• New features:
  • New HTTP Request task type to call API endpoints (webhook, ping, …).
  • PRO Edition now unlocks concurrent task executions instead of concurrent SSH connections (In other words, the FREE Edition now allows for concurrent SSH connections within the same task).

v1.0.9

2022-09-14

• New features:
  • A task can now be re-executed only on the failed nodes of a previous execution.
• Enhancements:
  • Add failed nodes filter for node execution list.

v1.0.8

2022-09-04

• New features:
  • Add node attribute os family
• Enhancements:
  • Do not prevent the creation of forbidden concurrent executions, just mark them as failed.
  • Remove node attribute ssh shell

v1.0.7

2022-09-02

• Enhancements:
  • Client request a forced reload to clean browser cache when the client version does not match the server version.
  • Highlight nodes and external node sources with missing credential.
  • Typo: rename keys to credentials