Skip to content

CHANGELOG.md

Latest commit

 

History

History
180 lines (131 loc) · 5.91 KB

CHANGELOG.md

File metadata and controls

180 lines (131 loc) · 5.91 KB

Changelog

All notable changes to Vulcan will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

v2.2.0 - 2025-01-16

This release represents a major modernization of the Vulcan platform, bringing it up to the latest versions of Ruby, Rails, and Node.js while significantly improving performance, security, and developer experience.

🚀 Major Upgrades

Framework Modernization

  • Rails 8.0.2.1: Complete upgrade from Rails 7.0.8.7 through progressive path (7.0 → 7.1 → 7.2 → 8.0)
  • Ruby 3.3.9: Upgraded from Ruby 3.1.6 for improved performance and memory efficiency
  • Node.js 22 LTS: Modernized from Node.js 16 for better JavaScript tooling support
  • esbuild: Migrated from Webpacker for 10x faster JavaScript builds

Test Suite Overhaul (#683)

  • Migrated all controller specs to request specs (Rails 8 requirement)
  • Migrated all feature specs to system specs (Rails 5.1+ standard)
  • Removed anti-patterns like any_instance_of
  • Fixed Devise authentication with Rails 8 lazy route loading
  • All 190 tests passing with improved performance

Docker & Container Optimization

  • Image size reduced by 73%: From 6.5GB to 1.76GB
  • Memory usage reduced by 20-40% using jemalloc
  • Multi-stage builds for improved security
  • Full support for corporate SSL certificates
  • Container-friendly JSON structured logging

🛡️ Security Improvements

  • Critical fixes:

    • SQL injection vulnerability in Component#duplicate_rules fixed with parameterized queries
    • Mass assignment vulnerabilities resolved with Rails 8 expect API
    • All Rails 8 deprecation warnings resolved

  • Dependency updates:

    • axios: 1.6.8 → 1.11.0 (fixes SSRF vulnerabilities)
    • factory_bot: 5.2.0 → 6.5.4
    • ESLint: 8.x → 8.57.1
    • Prettier: 2.8.8 → 3.6.2
    • Added bundler-audit for vulnerability scanning

✨ New Features

OIDC Auto-Discovery

  • Automatic endpoint configuration from provider metadata
  • Support for Okta, Auth0, Keycloak, Azure AD
  • Configuration reduced from 8+ to just 4 environment variables
  • Session-based caching with 1-hour TTL

Enhanced Developer Experience

  • Comprehensive environment variable documentation
  • Automatic secret generation script (setup-docker-secrets.sh)
  • Production-ready Docker Compose configurations
  • SonarCloud integration for code quality

🐛 Bug Fixes

  • Fixed 'Applicable - Configurable' status field display issue (#684)
  • Fixed overlay component seed data rule counts
  • Fixed Vue template compilation errors in STIG pages
  • Fixed component rules_count counter cache
  • Fixed Capybara Selenium driver for Selenium 4.x compatibility

📦 UI Updates

  • Complete migration from MDI to Bootstrap icons
  • Removed @mdi/font package dependency (300KB reduction)
  • Updated all navbar and component icons
  • Improved icon consistency across the application

⚠️ Breaking Changes

  • Ruby 3.3.9 now required (was 3.1.6)
  • Node.js 22 LTS now required (was Node.js 16)
  • Rails 8.0.2.1 now required (was Rails 7.0.8.7)
  • Webpacker removed in favor of jsbundling-rails with esbuild
  • RSpec Rails 6.0+ required for test suite
  • Spring gem removed (Rails 8 uses built-in reloader)

📝 Migration Guide

  1. Update Ruby and Node.js:

    rbenv install 3.3.9
nvm install 22

  2. Update dependencies:

    bundle install
yarn install

  3. Run database migrations:

    rails db:migrate

  4. Clear caches:

    rails tmp:cache:clear

  5. Update test environment if you have custom settings in config/environments/test.rb

🔮 Coming Soon

  • Vue 3 migration (currently Vue 2.6.11)
  • Bootstrap 5 upgrade (currently Bootstrap 4.4.1)
  • Turbolinks removal for simplified architecture

v2.1.9 - 2024-06-13

Major Features

  • OIDC Auto-Discovery Enhancement (#672)
    • Automatic configuration discovery for OpenID Connect providers
    • Reduced configuration complexity

Infrastructure Improvements

  • Enhanced Docker Compose configurations with production defaults
  • Fixed Anchore SBOM artifact naming (#668)
  • Updated GitHub Actions to v4

Bug Fixes

  • Fixed critical OIDC authentication case sensitivity bug
  • Fixed LDAP authentication (#669)
  • Fixed User effective_permissions method visibility
  • Resolved axios compatibility issues

Data Updates

  • Updated CCI mappings to latest rev5 (#627)
  • Revised Excel/CSV column ordering to align with DISA SRGTemplate (#660)

v2.1.8 - 2024-06-28

Updates

  • Updated CCI mapping with latest Rev 5 mappings (#626)

v2.1.7 - 2024-05-21

Security Updates

  • Multiple npm dependency updates for security
  • axios upgrade from 0.21.4 to 1.6.0 (#617)

Infrastructure

  • Upgraded to new Heroku plan (#624)

v2.1.6 - 2023-11-08

Security

  • Container now runs as non-root user (#612)
  • Security dependency updates

Previous Releases

For releases prior to v2.1.6, please see the GitHub releases page.