Changelog

v1.28.0

2025-05-30

  • New features:
    • Add Teams to facilitate assignment of project roles to user groups
  • Enhancements:
    • Access to user information and their effective role in different projects is now restricted to administrators, which applies to:
      • The web UI: there is no longer Users menu for non-administrators
      • The API: the following routes can now only be called by administrators:
        • /projectUserReports (POST)
        • /userReports (POST)
        • /userReports/{userId} (GET)
    • Completion of the API doc for user management
    • Update dependencies
  • Bug fixes:
    • Fix missing import of login welcome message from old Sqlite backend when switching to Postgresql backend
    • Advanced executor project role now allows http response to be viewed for http request task executions
    • Fix failure to retrieve project list for non-admin users using CTFreak instance with postgresql backend
    • Fix failure to execute parameterizable tasks for Advanced executor & Executor project roles
    • Fix project role sorting
    • Fix modal form overflow

v1.27.1

2025-05-08

  • Enhancements:
    • Add login welcome message
    • Adjusting login page layout
    • Add explicit “Remove license” button
    • Improved Sqlite backend hot backup with:
      • Adding an optional timestamp to the backup file name
      • Setting the maximum number of backups to keep
  • Bug fixes:
    • Fix missing quotes style for Markdown text

v1.27.0

2025-05-04

  • New features:
    • At the end of an execution, a notification can now be sent only if its status differs from the previous execution. For high-frequency tasks (such as monitoring a website every 5 minutes), this prevents being flooded with notifications of consecutive failures.
  • Enhancements:
    • Update dependencies
  • Bug fixes:
    • Fix missing multiple execution policy default value
  • Reworking of FREE & BUSINESS Edition license

v1.26.0

2025-04-11

  • New features:
    • Auto import all data from the old Sqlite backend when switching to Postgresql backend
  • Enhancements:
    • Optimize nodes, databases and tasks storage
    • Update dependencies
  • Bug fixes:
    • Escape key support to exit modal boxes
    • Postgresql backend:
      • Fix sorting when displaying node and database tags
      • Fix database credential retrieval for sql script and sql report tasks
    • Fix gitlab incoming webhook secret field update

v1.25.1

2025-03-23

  • Enhancements:
    • Update dependencies
  • Bug fixes:
    • Add explicit message “Backup via CTFreak is only supported with a Sqlite backend” when using Postgresql backend

v1.25.0

2025-03-20

  • New features:
    • Incoming webhook: payload, query parameters and form data can be used to set task parameters
    • Postgresql can replace Sqlite backend in the new Business Edition license
  • Enhancements:
    • Update dependencies
  • Bug fixes:
    • Fixed missing “application/json” mimetype for some API request responses

v1.24.0

2025-03-07

  • New features:
    • Ansible playbook task: execute an ansible playbook
      • Manage playbook content in CTFreak or use a local playbook file
      • Dynamic ansible inventory generation from selected nodes
      • Generate a dedicated ansible log file per node
      • CTFreak project constants and task parameters can be used as ansible variables
      • Only available on Linux & FreeBSD manual installation
  • Enhancements:
    • Project lists can be dynamically filtered by project name
    • Back-end is built with Go 1.24.1
    • Use log/slog as internal logger instead of logrus
    • Support for ansible playbook and local command tasks can be disabled via dedicated command line parameters when CTFreak is started
    • Update dependencies

v1.23.1

2025-01-19

  • Bug fixes:
    • Fix empty tables and doughnut charts display in SQL report task execution

v1.23.0

2025-01-14

  • SQL report task improvements:
    • New features:
      • New Table chart type
      • Explicit row breaks added for better control of report layout
    • Enhancements:
    • Bug fixes:
      • Fix inverted vertical axis for horizontal bar/line charts
      • Fix chart display glitches on mobile resolution
      • Fix database name check
  • Enhancements:
    • Redirect to the page initially requested (rather than the home page) after logging in again via the internal authentication provider
    • SPA build: replace Rollup with Vite
    • Update dependencies

v1.22.1

2024-11-04

  • Bug fixes:
    • Use relative URL instead of external URL defined in global settings to access integrated API documentation

v1.22.0

2024-10-30

  • New features:
    • Integrated API documentation available at: https://{YOUR CTFREAK INSTANCE}/api/v1/doc/
    • Execution timeout can now be specified at the global or project level
      • Global execution timeout is mandatory (30 days default)
      • At the very least, the global execution timeout is used, so an execution always has a defined timeout.
  • Enhancements:
    • Improve logs
    • Update dependencies
  • FREE Edition’s sequential execution restriction also applies to sub-executions

v1.21.0

2024-10-18

  • New features:
    • Local command tasks support per-second scheduling granularity via an optional parameter for their cron expression (e.g. 20 * * * * * for execution every minute at the 20th second)
  • Enhancements:
    • When a local command execution is aborted under linux & freebsd, this abort also applies to child processes
    • Execution retention period can now be set to 0 days (for tasks where only the last execution status/date needs to be retained)
    • By default, the internal database stores its temporary data in memory. This can now be disabled in the configuration file via the new useMemoryTempStoreFg flag
  • Bug fixes:
    • Fix timeout error when CTFreak is started as a service on Windows (time-consuming internal database maintenance operations are now performed just after the service is considered to have been started by windows)
    • Fix memory leak when deleting a project with scheduled tasks
    • On new project form
      • Add missing Disable task scheduling option
      • Project Id is editable again

v1.20.0

2024-10-10

  • New features:
    • Task scheduling can be disabled at the project level
    • Task lists provide information on the last execution of each task
  • Enhancements:
    • Projects containing scheduled tasks can be deleted
    • Add ended execution date to executions lists
    • Update dependencies
    • Back-end is built with Go 1.23.2
  • Bug fixes:
    • Fix truncated logs issue on high-frequency local command execution
    • Check min/max values for execution retention period specified at the project or task level
    • When the SSH session handshake hangs, execution can now be aborted
    • Use SIGTERM instead of SIGHUP as the first attempt to abort an ssh session

v1.19.0

2024-09-29

  • New features:
    • Local command task: execute a command directly on the server where CTFreak is installed
      • For those who need to schedule high-frequency command execution, local command task may be more suitable than command task, as it avoids SSH connection overload
      • Project constants and Task parameters can be used as environnement variables
      • Only an administrator can create this type of task
    • Log output task setting to define whether or not logs should be stored for local command, command, bash script, powershell script and sql script tasks
    • Global setting Disable project and task execution counters to prevents UI slowdowns when the execution history exceeds one million
    • Timeout task setting is available for all task types (it is no longer specific to http request tasks).
    • Task timeouts can be specified in seconds, minutes, hours or days
    • Advanced executor role to launch tasks associated with a project or view their executions including logs
  • Enhancements:
    • When explicitly executing a task on all nodes or databases, Nodes/Databases Set filter must no longer be empty but contain the ‘*’ character
    • Optimized response times and refresh rate for retrieving execution lists
    • Execution lists can be restricted to aborted executions
    • When deleting a project, task or execution, the associated execution log folders are now deleted in the background
    • Aborting project, task or execution list retrieval immediately frees up resources
    • API Breaking change:
      • Reading/creating/updating tasks
      • Reading nodes
  • Bug fixes:
    • Fix a race condition causing scheduling to stall (Happens when a change of execution state occurs at the same time as a cancellation of an execution list refresh in the web interface)
    • Prevents deletion of a project that still contains scheduled tasks
    • Fix minor memory leak from missing context cancellations
    • Multiple spaces are now preserved in log viewer

v1.18.1

2024-09-16

  • Bug fixes:
    • Fix regression preventing bash script, powershell script, and sql report tasks creation

v1.18.0

2024-09-14

  • New features:
    • Improved Workflow tasks:
      • Maximum number of concurrent child task executions is now configurable for workflow tasks that execute child tasks concurrently
      • Child tasks can be disabled/re-enabled (involves a breaking change in child task structure when reading/creating/updating workflow tasks through the API)
  • Enhancements:
    • Drag & drop replaces move buttons to reorder Workflow Child tasks
    • Drag & drop completes move buttons to reorder:
      • SQL Report Charts
      • Task Parameters
    • Update dependencies
    • Use core24 base for snap build
  • Bug fixes:
    • Remove unwanted child tasks deduplication displayed in Workflow task pages

v1.17.0

2024-08-26

  • New features:
    • Execution retention period can now be specified at the project or task level
    • Files can be deleted in Node file explorer (requires at least STARTUP Edition)
  • Enhancements:
    • Add a delay between failed login attempts to prevent brute-force attacks
    • Execution lists can be dynamically filtered by task name
    • Node lists can be dynamically filtered by node name
    • In SQL report tasks, chart base width becomes a minimum width: if the displayed width is less than the base/minimum width, a horizontal scroll bar appears rather than shrinking the chart
    • Add explicit Node unreachable error on failed SSH connection attempt
    • Revamp SSH connection management
    • Back-end is built with Go 1.23
  • Bug fixes:
    • Removal of Windows Defender false positives with ctfreak.exe
    • Fix unreleased resources on failed Postgresql database connections over SSH tunneling
    • API execution creation now returns http code 201 instead of 200
    • Fix default submit button issues on task edition

v1.16.0

2024-07-30

  • New features:
    • Node file explorer: CTFreak can now be used as a read-only SFTP web client for all your nodes
  • Enhancements:
    • Smoother UI navigation with improved concurrent read-only access to backend database
    • Update dependencies
  • Bug Fixes:
    • Fix saving of node filter tag exclusion when editing tasks

v1.15.0

2024-06-27

  • New features:
    • Improved HTTP Request tasks:
      • Add optional HTTP response logging (status, headers and body)
      • JSON response body auto-prettifying
  • Enhancements:
    • Add FreeBSD amd64 & arm64 build and install process
    • Add Linux arm64 build
    • Remove Linux arm32 build
    • Back-end is built with Go 1.22
    • Update dependencies
    • Update internal log timestamp format
  • Reworking of FREE & STARTUP Edition license
  • Bug Fixes:
    • Fix scrolling reset issues when editing large scripts
    • Remove redundant logs when executing SQL script task

v1.14.2

2024-05-12

  • Bug Fixes:
    • Fix gitlab incoming webhook calls
    • Improve logs of failed incoming webhook calls

v1.14.0

2024-02-13

  • New features:
    • Parameterizable tasks:
      • Define a list of parameters per task
      • Parameter types can be either Selector, Checkbox, Integer, Date, or Text
      • Each parameter has a default value
      • Set parameter values on new execution form
      • Use them in your Bash or Powershell script tasks as environment variables
      • Use them in your SQL report tasks as query parameters
      • Very useful to allow business users to execute a task with restricted options
  • Project constants can now be used in your SQL report tasks as query parameters
  • Enhancements:
    • !!Breaking change!!: the : symbols in SQL report task queries must now be doubled, so as not to be confused with a query parameter
    • CF_PC_ project constant prefixes have been renamed to CPC_ (renaming in existing bash and powershell scripts will be done automatically on CTFreak instance update)
    • Improve Rest API error messages
    • Update dependencies
  • FREE Edition specs update and new BUSINESS Edition (see ctfreak.com homepage)
  • Bug Fixes:
    • Fix default submit button issues on some forms
    • Use SMTP without authentication when SMTP Username is empty

v1.13.2

2024-01-10

  • Bug Fixes:
    • Support LOGIN SMTP authentication method in addition to PLAIN to enable email notifications to be sent to MS Office 365 smtp server

v1.13.1

2023-12-28

  • Enhancements:
    • Migrate to CodeMirror 6
    • Update dependencies
    • Reworking of license page
  • Bug Fixes:
    • Fix line wrap overflow issue when editing scripts
    • Fix chart duplication issue on SQL report tasks

v1.13.0

2023-10-24

  • New features:
    • Project constants:
      • Define a list of constants per project
      • Use them in your bash or powershell script tasks as environment variables
      • Update the value of your constants instead of updating your scripts
  • Enhancements:
    • Replace deprecated dependency to manage OpenID Connect token
    • Migrate front-end to Svelte 4
    • Update dependencies
    • Reworking of demo project

v1.12.0

2023-09-21

  • New features:
    • In SQL Report tasks:
      • Charts can be duplicated
      • New options to force axes to begin at zero
  • Enhancements:
    • Improve UI:
      • Increase selection area size for links
      • Reduces footer refresh rate
      • Update colors
    • Add license alerting:
      • Remaining days before license expiration
      • License check issues
    • New About page with third-party software list
  • Bug Fixes:
    • Reverse top and bottom axis for horizontal bar/line charts
    • Fix typo in sql report

v1.11.1

2023-08-13

  • Enhancements:
    • List of notifiers now transitions from a table to a grid on mobile resolution
    • Back-end is now built with Go 1.21
  • Bug Fixes:
    • Upon first startup, create the directory $HOME/.config if it is missing as needed

v1.11.0

2023-08-05

  • New features:
    • New SQL Report task:
      • Generate a responsive report from SQL queries
      • Mix multiple data sources
      • Choose from various types of charts
      • The FREE Edition allows creating up to 2 SQL report tasks
    • New project viewer role:
      • A user with this role on a given project will only be able to view the execution results of the project’s tasks (not the log files)
      • This role is ideal for restricting business users to access only the reports generated by SQL Report task
  • Enhancements:
    • Redesign of sub-execution database storage
    • New task type selector
    • Update dependencies
  • FREE Edition specs update
  • Bug Fixes:
    • Fix empty workflow edition issue
    • Remove Delete execution button for user with executor role
    • Fix cache issues on iOS

v1.10.1

2023-06-20

  • Enhancements:
    • Add command line arguments to setup external url and main OpenID Connect auth provider at startup of CTFreak
    • Call OpenID Connect userinfo endpoint as fallback for missing claims in ID Token

v1.10.0

2023-06-18

  • New features:
    • Maximum number of concurrent shell script/command executions is now configurable for dedicated tasks
  • Enhancements:
    • A SQL script task can now be re-executed only on the failed databases of a previous execution
  • Bug Fixes:
    • Add explicit OpenID Connect “Empty user name” error message
    • Fix Typo in SSH credentials
    • Fix node/database execution list refresh issues with active/failed executions filter

v1.9.2

2023-05-30

  • Enhancements:
    • Retrieve mysql error number on failed database connection
  • Bug Fixes:
    • Aborted SQL script task should return Aborted instead of Failed for final status
    • RAISE NOTICE commands now properly appear in logs of SQL Script tasks for Postgresql databases without SSH tunneling
    • Fix SQL Script Aborting for Postgresql databases with SSH tunneling

v1.9.0

2023-05-12

  • New features:
    • CTFreak now manages databases (following the same principle as nodes) !
      • Mysql and Postgresql are the first supported types, with others being added in future updates
      • Nodes can be used to connect to databases via an SSH tunnel
    • New SQL script task: execute SQL or PL/SQL script on databases
    • New global settings option to disable task scheduling
  • Enhancements:
    • !!Breaking change!!: node names are now unique. Any existing duplicates (if there are any) will therefore be given a new name “{old name}-1”, “{old name}-2”, … after the update.
    • Failed external node source syncs return more detailed errors
    • Node filters no longer exclude nodes without credential
    • Add all/active/failed executions filter for execution list
    • Update dependencies

v1.8.4

2023-04-11

  • New features:
    • Custom logo displayed on the login page and in the header of the sidebar menu (PRO Edition only)
  • Enhancements:
    • Perform a database vacuum when ctfreak starts

v1.8.3

2023-03-19

  • Enhancements:
    • Redesigned notification conditions in task editor

v1.8.2

2023-03-11

  • New features:
    • New Replacement multiple execution policy: when receiving an execution request while an execution is already running for a given task, abort the running one and chain a new execution

v1.8.1

2023-03-10

  • New features:
    • New Smart chaining multiple execution policy: when receiving an execution request while an execution is already running for a given task, chain the new execution (this is particularly useful for setting up a CI/CD pipeline)
  • Enhancements:
    • Requests for forbidden concurrent executions are rejected rather than resulting in a new failed execution
    • Project task lists can be dynamically filtered by task name
    • Add profile page
    • Use profile picture for OpenID Connect users
  • Bug Fixes:
    • OpenID Connect users “Full name” field is not editable anymore
    • Fix the link that redirects to the cron format documentation

v1.7.2

2023-02-23

  • Enhancements:
    • Use a darker theme color for better text readability
  • Bug Fixes:
    • When requesting the aborting of the execution of a command or script task, a SIGHUP signal is now sent for a graceful shutdown

v1.7.1

2023-02-18

  • New features:
    • Add Incoming Webhooks:
      • Generic webhook to execute a task with a simple HTTP POST request
      • Github/Gitlab webhook to execute a task after an event (push, …)
  • Enhancements:
    • Add task type preselection page
    • Add notifier type preselection page
    • Schedule embedded database analyze once a day to improve performance
    • API return distinct error messages for missing discord/mattermost/slack/msteams notifier parameters
    • Update dependencies

v1.6.0

2023-01-31

  • New features:
    • Add Telegram notifications
    • Add MS Teams notifications
  • Enhancements:
    • Add a command line argument to bypass the http port stored in the config file

v1.5.2

2023-01-10

  • Bug Fixes:
    • CTFreak can now be properly run as a Windows service

v1.5.1

2023-01-09

  • New features:
    • New Powershell script task: execute powershell scripts on windows nodes through SSH
    • New node page with the list of tasks using the node (very useful for checking if there are still tasks related to the node before deleting it)
  • Enhancements:
    • !!Breaking change!! for Windows CTFreak instances: CTFreak config folder is no longer %AppData%\ctfreak but %LocalAppData%\ctfreak (think of moving your folder before your upgrade)
    • Add pagination of the task list on project pages
    • All listings increase from 30 to 40 items per page
    • The execution of a task now systematically requires a confirmation and redirects to the execution page
    • Notifications previously sent only in case of failed executions are now also sent in case of aborted executions
  • Bug Fixes:
    • Fix failed webhook call detection for Discord/Mattermost/Slack notifiers
    • Discord notifier name should not contain “discord”
    • Fix dead link in credential listing

v1.4.0

2023-01-04

  • New features:
    • Node filters now handles tag or node name exclusions with ! prefix
  • Enhancements:
    • Add a footer mention when a new ctfreak release is available to download
  • Bug Fixes:
    • Add a link to execution page in email notifications

v1.3.2

2022-12-28

  • Bug Fixes:
    • Fix Microsoft OpenID Connect preset
    • Add X-Accel-Buffering http header to prevent logs loading issues with nginx reverse-proxy

v1.3.1

2022-12-27

  • Enhancements:
    • Add Salesforce & Onelogin OpenID Connect presets
  • Bug Fixes:
    • Fix missing nodes menu for admin users without any project manager role

v1.3.0

2022-12-22

  • New features:
    • Add SSO via OpenID Connect
    • Add user rights management
    • Users are deletable
  • Enhancements:
    • Hide unassigned projects from non-admin users
    • Update dependencies
  • Bug Fixes:
    • Fix for disabled users not being taken into account in some cases
    • Fix null error messages on user creation or update

v1.2.0

2022-10-25

  • New features:
    • Add new Email Notifier
    • All notifiers can now be tested on demand
    • Add notifications for execution failures
  • Enhancements:
    • Remove empty headers on HTTP Request task creation

v1.1.2

2022-10-18

  • Bug Fixes:
    • Fix typo on Credential page
    • Fix OAuth Access Token

v1.1.1

2022-09-26

  • New features:
    • New HTTP Request task type to call API endpoints (webhook, ping, …).
    • PRO Edition now unlocks concurrent task executions instead of concurrent SSH connections (In other words, the FREE Edition now allows for concurrent SSH connections within the same task).

v1.0.9

2022-09-14

  • New features:
    • A task can now be re-executed only on the failed nodes of a previous execution.
  • Enhancements:
    • Add failed nodes filter for node execution list.

v1.0.8

2022-09-04

  • New features:
    • Add node attribute os family
  • Enhancements:
    • Do not prevent the creation of forbidden concurrent executions, just mark them as failed.
    • Remove node attribute ssh shell

v1.0.7

2022-09-02

  • Enhancements:
    • Client request a forced reload to clean browser cache when the client version does not match the server version.
    • Highlight nodes and external node sources with missing credential.
    • Typo: rename keys to credentials