Haystax was updated today to include several new features.
Focus on backend technical debt, stability, and bug fixes
This release has a few end-user features, but the majority of the work was done in the backend and under the covers to address technical debt and bugs, while also adding some new security features.
Front-end Javascript package management with npm
In order to keep up with security updates in Javascript libraries used in the Neutron front end, the system now uses a package management system to keep third-party libraries up to date and easily maintained.
Improvements for managing users with hundreds of data groups.
There was a limitation in the number of groups a user could be in because of how that group information was passed between parts of the system. The group handling has been altered for any sets of groups larger than 30 so that administrators with tenants with potentially hundreds of data groups could log in and manage those groups.
There is a new Manage Groups screen now available. The Manage groups screen allows tenant administrators and sysadmins to create, edit and delete data groups. The group’s description is the name displayed to the user when adding permissions on objects.
Security improvements (password management, cookies, sessions)
The password complexity and lifecycle management has been updated to add many new features. The complexity rules for passwords may now be set per-tenant through the Tenant settings with the use of a regular expression to manage the acceptance of a password set by the user. There is also a minimum and maximum length that may be set. Tenant settings are also present for the maximum number of failed login attempts in a time span before locking, user session lifetime, tenant admin session timeout, password minimum and maximum lifetimes, whether or not to store password history, and a setting to require the user to change at least 8 characters in a new password when changing it.
Secure cookies and other session settings were altered to ensure security on passing data in sessions and cookies that are stored on the client browser.
Assessment feature to copy from an old assessment template and map question values
A new feature has been added which allows an assessment template to specify a mapping for questions from questions in a different template such that on create of a new assessment old answers may be copied in to start the new assessment. This feature is useful for annual assessment programs where the set of questions is expected to change slightly year to year. The new template needs to have a “copy” object in a question that can map from an older assessment template, as well as indicate the potential source template in the top level of the new template. If the user is creating a new assessment from a template which supports this copying, the user will have a new dropdown to select an existing assessment of the source copy type template. On create, answers from the older assessment will be mapped and copied into the new assessment questions where appropriate.
Tenant administrator feature to save widget grid layouts for tenant default setting
On every settings screen that allows a user to select widgets to show and save the layout of those widgets, a new op>on is present for tenant administrators where they may select to save the screen layout as the tenant default layout that all users in their tenant will see.
Assessment question photo attachments are now true linked objects
The major conversion project in this release was finally getting the assessment question attached photos converted to be true linked objects, much like every other attached file now in the system. This opens up new possibilities in the future such as a new assessment photo summary screen to easily show all question photos in one place, or the ability to set permissions differently on individual attached photos.
Asset import improvements
The asset import script was updated to support Fusion workflows with additional redaction support, a new progress bar, and support for lat/long import.
An incredible amount of bug fixes
• Fix help page layout
• Field Report Detail View – Cannot read property ‘categories’ of undefined
• Field reports show sec>ons when no field report is found
• 500 Error in particular tenant when going to page 2 of assessment list
• Permissions not working properly for users with a lot of groups
• Missing document get call used in assessment report
• Offline installer package does not include Fusion whl file
• Problem with offline installer on offline machine (no internet connection)
• Figure out indexes to solve mongo sort RAM limits
• Assessment list view – spinner doesn’t stop
• Fusion App throws a 500 error getting mars with latest fusion code
• Page appears blank when using Ad Blocker
• Need to enforce read only in the backend for assessments
• Asset List text search value appears to affect Asset results in Advanced Search
• Daily Digest email tenant name issue
• file_name key error on getting attached files
• Link Documents get_list sends back 415 due to blank ‘to.id’
• Tenant-level password complexity rules to not apply to password reset screen
• Top impacts not working in fusion app
• /api/links/ GET needs to fail more gracefully when the attached file is not found
• Full images do not open on assessment question photos
• User without threat_stream DELETE role and deleting a threat stream filter
• Pending Invite Direct Asset/Assessment Bug Report