Changes for v2.5.4

release-notes

Features

• [Backend] Create psql user for backups on db create and app init (SEC-3746)
• [Backend] Define and implement activity logging for user (SEC-3722)
• [Backend] Define and implement scenario for centralized backup of Securea tenants (SEC-3723)
• [Frontend] Define and implement UI for user activity logging (SEC-3740)
• [Frontend] Define and implement user interface backup of Securea tenants (SEC-3727)
• [Frontend] Refactor FE to match new Content Security Policy Directive (SEC-3745)

Improvements

• [Backend] 2FA recovery code shall temporarily disable 2FA (SEC-3657)
• [Backend] Analyze reasons for 63 idle transactions on production environment (SEC-3708)
• [Backend] Encrypt TOTP secrets at rest instead of storing them in plaintext (SEC-3674)
• [Backend] Lowercase username and email address (SEC-3673)
• [Backend] Rework 2FA to refresh secret and recovery code on each display of 2FA enablement screen (SEC-3686)
• [Frontend] Re-login screen shall be changed to a notification about automated logout due to inactivity (SEC-3701)
• [Frontend] Rework modal for using recovery code on login (SEC-3684)

Bugfixes

• Asset Value/Value Severity inconsistency in Detailed reports (SEC-3416)
• Double 2FA popup on delete user without elevated token (SEC-3717)
• GovDoc-Req mapping page doesn't display requirement's "fulfillment data" (SEC-3429)
• Missing scrollbar in dropdown for generate report modal (SEC-3687)
• Missing translation on tab when regulation is selected in Regulation Checklist (SEC-3672)
• Requiremement Catalogue - Control mapping shows regulation keys (SEC-3716)
• Security Posture - ParentClauseID problems (SEC-3695)
• Template asset change of asset class throws error (SEC-3715)
• Wrong ColumnName grammar Risk Register (SEC-3702)