OpenRMF Core OSS 1.2.3

Updates included with the 1.2.3 version of OpenRMF:

• Fixed bug in bulk update #186 for duplicating data across checklists incorrectly
• Updated DISA Quarterly STIGs from July 2020

If upgrading from a previous version before 0.14, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF Core OSS 1.2

Updates included with the 1.2 version of OpenRMF:

• Update to .NET Core 3.1 runtime
• Update .NET Core components to latest (as of today)
• Local Help Documentation
• Small Security Fixes per active scan
• Script to auto-create Keycloak "openrmf" realm on Windows now
• Compliance Generate page has hot buttons to auto-filter results
• DoD Root CA certificates in the API containers
• OpenRMF Keycloak Theme

If upgrading from a previous version before 0.14, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF Core OSS 1.1

Updates included with the 1.1 version of OpenRMF:

• Bulk Edits on Vulnerabilities across all similar checklist types
• Upload of existing checklists in a system = update current ones in the system
• Rootless containers
• Updated Grafana to 7.0
• Updated Prometheus minor version
• Updated NATS minor version
• Updated UI components for jQuery, Bootstrap, Chart.js, Modernizr, Moment

If upgrading from a previous version before 0.14, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below.

OpenRMF Core OSS 1.0

Updates included with the 1.0 version of OpenRMF:

• Fix for Vulnerability Edit button when Vulnerability has no CCI List
• Version 1.0 labeling

If upgrading from a previous version before 0.14, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below.

Release 0.15.01

Updates included with the 0.15 version of OpenRMF:

• NGINX reverse proxy addition
• Checklist score updated visually when changing Vulnerability Status via web UI
• Small bug fixes

If upgrading from a previous version before 0.14, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below.

Release 0.14.01

Updates included with the 0.14 version of OpenRMF:

• Database Performance Increase
• Caching Performance Increase
• Report Database API and Message Client
• NATS Client Metrics
• Small bug fixes

If upgrading from a previous version, you must run both "Refresh Data" functions from the Report screen as an Administrator one time to load the data. See https://cingulara.github.io/openrmf-docs/reports.html#a-note-on-refreshing-data for more information.

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms.

Release 0.13.02

Updates included with the 0.13 version of OpenRMF:

• CCI full listing with title and NIST controls per vulnerability listed
• Updated /healthz functions to check the database
• Export the compliance report to XLSX
• Updated Helm3 chart
• Kubernetes CNI network policy YAML for security (examples)
• #20 GitHub Actions integrated to fire off unit tests (start of this, not done)

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms.

Release 0.12.1

The final release for version 0.12 with the following all inclusive features:

• Live editing of checklist data and vulnerabilities (Administrator and Editor)
• Updated Reports
• Filtering of System Checklist listing
• Filtering of Checklist Vulnerability listing
• Generated Test Plan Summary across all checklists in a system
• Generated POA&M of Open and Not Reviewed items across all checklists in a system
• Generated Risk Assessment Report across all checklists in a system
• Checklist Upgrade to latest Release (i.e. MS Windows 10 V1 Release 19 can upgrade to V1 Release 20)
• Updated documentation

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms.

Release 0.12

Latest release of OpenRMF to include:

• Live editing of checklist data and vulnerabilities (Administrator and Editor)
• Updated Reports
• Filtering of System Checklist listing
• Filtering of Checklist Vulnerability listing
• Test Plan Summary

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Hot Fix 0.11.2 Release

Hot fix for the CCI references to show up on the Checklist Export, Reports, and Checklist viewing page

IMPORTANT: You must look at the .env file to see we set the Keycloak/OpenID location and realm. Check the .env file in the scripts directory to see how to set those variables. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.