Adrián Jesús Peña Rodríguez
8a0bd52b03
docs(api): update changelog for invitation auth fix
2026-07-01 12:45:16 +02:00
Adrián Jesús Peña Rodríguez
20f849f58c
fix: handle invitations in social and SAML auth
...
- Preserve invitation callbacks through social and SAML login
- Accept invited users without creating a default tenant
- Add regression coverage for invitation acceptance flows
2026-07-01 12:42:06 +02:00
César Arroba
af6918d57b
chore(api): opt out of PowerShell telemetry in the API image ( #11746 )
2026-07-01 10:02:59 +02:00
Josema Camacho
c3ce3d2b3c
fix(api): preflight attack paths graph databases ( #11743 )
2026-06-30 17:01:48 +02:00
Daniel Barranquero
34e8e3ca61
chore(api): replace detect-secrets with kingfisher-bin to match the SDK ( #11698 )
2026-06-30 15:59:18 +02:00
Hugo Pereira Brito
36006de8ce
chore(ci): bump Trivy scanner to v0.71.2 ( #11728 )
2026-06-30 11:45:55 +01:00
Hugo Pereira Brito
e40e9a6483
fix(docker): remove build dependencies from images ( #11730 )
2026-06-30 11:31:51 +01:00
Josema Camacho
4e7e2f7eab
fix(api): cap attack paths sink sync batches ( #11724 )
2026-06-29 17:48:02 +02:00
Pedro Martín
d6f5f060ca
feat(compliance): add CIS Controls v8.1 universal framework ( #11700 )
...
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-06-26 13:27:02 +02:00
Josema Camacho
5793cd7e38
feat(api): make Attack Paths sink selectable between Neo4j and Neptune ( #11524 )
2026-06-26 10:22:29 +02:00
Josema Camacho
2b7db88694
fix(api): handle deleted scans during progress saves ( #11696 )
2026-06-25 14:12:12 +02:00
Pepe Fagoaga
7785829969
chore: changelog v5.31.1 ( #11691 )
2026-06-25 08:28:34 +02:00
Josema Camacho
4e00cfd1b6
fix(api): avoid mutating API key manager during auth ( #11686 )
2026-06-24 16:50:55 +02:00
Davidm4r
917e5d07ff
test(api): speed up API test suite ( #11681 )
2026-06-24 15:15:29 +02:00
Adrián Peña
dc228e8b36
docs(api): move SAML changelog entry to v5.31.0 ( #11677 )
2026-06-23 17:18:20 +02:00
Rubén De la Torre Vico
058a1dc8fe
chore: unify ruff tooling and route code quality through the Makefile ( #11675 )
2026-06-23 17:15:05 +02:00
Prowler Bot
3b0124d3fd
chore(release): Bump versions to v5.32.0 ( #11673 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-06-23 16:53:29 +02:00
Josema Camacho
fb995a79bf
chore: modify changelogs for 5.31.0 release ( #11671 )
2026-06-23 14:09:52 +02:00
Josema Camacho
2375f1d962
fix(api): uvicorn worker keepalive ( #11663 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-22 16:30:33 +02:00
abdou
30d737c7d7
fix(api): bound Celery worker concurrency to a configurable default ( #11075 )
...
Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com >
2026-06-22 14:05:11 +02:00
Pepe Fagoaga
7f96d895bb
fix: API changelog from advisory merge ( #11649 )
2026-06-19 13:48:47 +02:00
Adrián Peña
bf3b5c2ba7
Merge commit from fork
...
* fix(saml): cross-tenant account takeover via SAML domain claiming
* chore(changelog): add PR #
* fix(api): bind SAML tokens to validated domain
- Reject SAML assertions with mismatched email domains
- Issue SAML tokens from the validated ACS tenant
- Add regression coverage for cross-tenant SAML token issuance
* fix(api): resolve SAML tenant inside RLS context
- Load the SAML tenant relation before leaving the RLS transaction
- Avoid lazy tenant lookups during the SAML ACS finish flow
---------
Co-authored-by: Pepe Fagoaga <pepe@prowler.com >
2026-06-19 13:38:51 +02:00
Josema Camacho
6d8d553610
fix(api): set gunicorn keep-alive above the load balancer idle timeout to stop 502s ( #11647 )
2026-06-19 12:49:49 +02:00
Josema Camacho
99285d4656
fix(api): close DB connections per request to stop ASGI replica connection leak ( #11640 )
2026-06-18 17:42:19 +02:00
Adrián Peña
19629e9bb8
fix: simplify local dev launch workflow ( #11641 )
2026-06-18 16:51:02 +02:00
Adrián Peña
b89b427a86
feat: add Makefile local development stack ( #11637 )
2026-06-18 16:37:42 +02:00
Pedro Martín
c0ae8b9739
feat(compliance): add DORA compliance framework for Azure ( #11551 )
2026-06-18 08:56:04 +02:00
Josema Camacho
bae74b8181
fix(api): ignore RequestAborted from health-check probe disconnects in Sentry ( #11632 )
2026-06-17 16:20:17 +02:00
Josema Camacho
f1a30f706a
fix(api): raise Gunicorn worker timeout to 120s via GUNICORN_TIMEOUT ( #11631 )
2026-06-17 14:04:36 +02:00
Rubén De la Torre Vico
0463cd1559
fix(api): disable ASGI lifespan probe and tune SSE worker loop/connections ( #11626 )
2026-06-17 11:16:58 +02:00
Pepe Fagoaga
7b8ce51263
chore(changelog): v5.30.2 ( #11624 )
2026-06-17 09:27:14 +02:00
Adrián Peña
e4d5ca11b3
feat(api): add provider group filters ( #11573 )
2026-06-16 14:18:34 +02:00
Adrián Peña
181197177c
feat(api): only remap SAML user roles when the IdP sends userType ( #11520 )
2026-06-16 14:18:16 +02:00
Rubén De la Torre Vico
e1f20487ce
chore(api): align uv constraints with SDK deps (numpy, py-iam-expand, iamdata; drop awsipranges) ( #11594 )
2026-06-16 12:00:18 +02:00
Pedro Martín
e419771b04
perf(api): optimize scan-compliance-overviews task ( #11591 )
2026-06-16 10:48:55 +02:00
Rubén De la Torre Vico
28c064a9b7
feat(api): add Server-Sent Events (SSE) infrastructure ( #11556 )
2026-06-16 10:26:20 +02:00
Davidm4r
36fe48dbc5
fix(api): patch dependency and container CVEs ( #11596 )
...
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-15 18:24:55 +02:00
Daniel Barranquero
566167489b
fix(sdk): patch container CVEs and suppress unfixable bookworm criticals ( #11592 )
2026-06-15 16:59:44 +02:00
Josema Camacho
ca443b8ff1
chore: prepare API and UI changelogs for 5.30.1 release ( #11562 )
2026-06-12 12:07:31 +02:00
Josema Camacho
a394c0fdf6
fix(api): drop_subgraph deletes relationships then nodes to cut Neo4j memory ( #11557 )
2026-06-11 18:32:35 +02:00
Pedro Martín
20eca78767
fix(compliance): resolve provider from scan in attributes endp ( #11546 )
2026-06-11 18:00:36 +02:00
Hugo Pereira Brito
65f00a197b
fix(api): normalize OCI scan region credentials ( #11558 )
2026-06-11 17:32:28 +02:00
Pedro Martín
610febb5d5
fix(api): bump prowler SDK lock to v5.30.0 for okta_idaas_stig ( #11553 )
2026-06-11 15:53:44 +02:00
Prowler Bot
c4378d5992
chore(release): Bump versions to v5.31.0 ( #11548 )
...
Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com >
2026-06-11 15:28:25 +02:00
Pepe Fagoaga
285974b7d4
chore(changelog): v5.30.0 ( #11540 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <74871504+danibarranqueroo@users.noreply.github.com >
2026-06-11 09:08:25 +02:00
Pedro Martín
75f95559d6
fix(api): warm compliance caches when starting the worker ( #11530 )
2026-06-10 19:04:40 +02:00
Pedro Martín
61cd4aea3f
feat(compliance): add Okta IDaaS STIG V1R2 framework ( #11428 )
...
Co-authored-by: Alejandro Bailo <59607668+alejandrobailo@users.noreply.github.com >
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com >
2026-06-10 11:22:42 +02:00
Pedro Martín
4a5a49b5bb
fix(api): store and refresh Resource.name on every scan ( #11476 )
...
Co-authored-by: Josema Camacho <josema@prowler.com >
2026-06-10 10:55:31 +02:00
César Arroba
b2d74711d9
chore(deps): bump dulwich to 1.2.5 and pyjwt to 2.13.0 for osv-scanner ( #11499 )
2026-06-09 13:01:46 +02:00
Adrián Peña
1f7caa6394
feat(api): make orphan-task recovery configurable and drop the Jira idempotency table ( #11472 )
2026-06-09 09:16:48 +02:00