This release includes a lot of bugfixes and small improvements. The most notable changes: - Security fixes reported by MilCERT Austria. - Automated installation. - The Taranis page adapts to two screen widths, FullHD and half-width FullHD. - Comments and actions in Analysis items are improved. - The menu shows unread items per Assess category. - Extracted CVE-IDs are now shown directly in Assess items. - New Taranis logo. - By default passwords are now hashed with bcrypt with cost factor 10. Old passwords are updated transparently. - Button copy assess item to clipboard (shortcut 'e'). - Toggle to only show 'in use' platforms and products when writing an advisory. - Support for SELinux installation (experimental). - The same assess items can be collected for different categories. - Separate scripts now function as sub-commands of the 'taranis' command, which does not need root rights.
Taranis 3.3.4 is a security and bugfix release. The following changes have been made:
Security fixes: - Fixed vulnerabilities reported by MilCERT Austria: - Stored XSS vulnerability in the HTMLFeed parser. - XSS vulnerability in the sources import dialog. - XSS vulnerability in displaying email attachment filenames. Bugfixes: - Fixed not working mailto: links. - Fixed advisory importing due to broken CVE-ID regex. - Email could not be sent due to broken address validation. - Fixed template processor crash.
To update an existing Taranis 3.3.3 installation to 3.3.4, place the files in taranis-v3.3.4-update-from-v3.3.3.tgz in /opt/taranis, overwriting existing files.
All documentation from the 3.3.3 release is still applicable to 3.3.4.