Ghostwriter v6.1.1

Summary

This release fixes a few bugs and introduces a pair of new template filters to aid with date management.

CHANGELOG

[6.1.1] - 15 December 2025

Added

• Added report filters for managing business day calculations (PR #780 from @DeveloperMarius; Closes #775)
  • business_days calculates how many business days are between two dates (e.g., 1 Dec - 12 Dec, 2025 returns 10)
  • to_datetime accepts a date string and format string to create a date object to enable further date calculations

Changed

• Updated some dependencies to use the latest (PR #786)

Fixed

• Fixed an issue that could cause the collaborative editor to not load (PR #784)
• Fixed an incorrect count on the project dashboard for the number of computers in a BloodHound domain collection

Ghostwriter v6.1.0

Summary

This is a significant release that introduces integration with BloodHound Community Edition and Enterprise, dark mode, collaborative notes, updates to SSO and MFA, and more.

All the detailed are here in this blog post: https://specterops.io/blog/2025/12/05/ghostwriter-v6-1-playing-fetch-with-bloodhound/

Note: If you currently have OTP devices registered for users, you must run the ./ghostwriter-cli migrate_totp command once after upgrading.

CHANGELOG

[6.1.0] - 5 December 2025

Added

• Added support for uploading a logo for a client
  • Ghostwriter now replaces any image in your template with the client logo if you have set the alt text to [CLIENT_LOGO]
  • The client logo will keep the exact dimensions and placement as the template image
• Added a menu to the editor with new options
  • Added options to convert selected text to lowercase or uppercase
  • Added a command to insert the logo of the project's client
• Added a new collaborative notes field on the project dashboard
  • This field allows project members to take shared notes about the project
  • The notes are saved automatically and can be edited by multiple users simultaneously
  • Find this field under the "Collab Notes" tab
• Added a downloadEvidence query to the GraphQL API
  • This provides a mechanism for programmatically pulling down an evidence file
  • The query can return a download URL or a base64-encoded blob
  • You can visit the download URL with a valid login session or decode the base64
• Added an all-new integration with BloodHound
  • Thank you @zinic for the initial implementation of the BloodHound client!
  • This integration allows you to import data and findings from BloodHound into Ghostwriter
  • The integration supports both Community Edition and Enterprise versions of BloodHound
  • You can find the integration under the "BloodHound" tab in the project dashboard
  • Ghostwriter supports a global BloodHound configuration for your instance and per-project configurations
    • Configure a BloodHound instance globally or use a different instance for each project
  • Review the wiki for more information: https://www.ghostwriter.wiki/features/bloodhound-integration

Changed

• Upgraded allauth to provide the best support for SSO providers and enable new options for MFA
  • Moved to a new MFA management page
  • Implemented WebAuthn for future support for Passkey authentication
  • Note: These changes require migrating existing TOTP devices to this new version with ./ghostwriter-cli migrate_totp
• Changed the note fields on most models to description to better reflect their purpose
  • This includes models like Domain, Server, Finding, Observation, Project, Client, and others
  • These fields were meant to be used as descriptions of the object, but the note naming was confused with other note-taking features added to Ghostwriter over time
  • This is a breaking change for any references to these in existing report templates or scripts
• Converted the {{.caption}} keyword to a new editor object to make it easier to use and see in the collaborative editor
  • This continues what we started with evidence previews as objects in the editor
  • You can now set the caption text and a custom reference ID for bookmarks in the object
  • This replaces the need to use a line like {{.caption REF_ID}} Caption text
• We have hidden the legacy "Notes" sections in the dashboards
  • Like the change to the old note fields, this change is to reduce confusion with the new collaborative notes feature
  • The feature was not widely used, and the collaborative notes feature provides a better experience
  • The sections will remain visible for any existing projects with content in the notes
  • New projects will not see the notes section

Ghostwriter v6.0.6

Summary

This is a re-release of v6.0.6. The original release may have targeted an incorrect branch. This re-release also includes new pre-built Ghostwriter CLI binaries that are compatible with Docker v29, released earlier this month.

CHANGELOG

[6.0.6] - 20 November 2025

Changed

• Updated the pre-built Ghostwriter CLI binaries to v0.3.0

Fixed

• Fixed tables not using the full width in Word documents (PR #742)
  • Adjusted table width from auto to pct (percentage) and 100%
• Fixed text alignment set in content edited with the old TinyMCE editor not being applied in Word documents (PR #743)

Ghostwriter v6.0.5

Summary

This release collects several merged PRs to address issues reported since the previous release. It also smooths the release of future tagged releases by automating version and build date updates.

CHANGELOG

[6.0.5] - 16 October 2025

Added

• Added the option to color the background of table cells (PR #717)
  • This applies to cells in rows not flagged as header rows

Changed

• Changed the finding form in the admin panel to include the CVSS vector field (PR #715; Fixes #704)

Fixed

• Fixed certain invalid characters that could break report generation if copied and pasted into the editor (PR #711; Fixes #709)
• Fixed some HTML span elements being styled with a red font color (PR #714; Fixes #703)
• Fixed invalid CVSS vector strings from causing the finding form to not render properly (PR #710; Fixes #705)
• Fixed the configuration values for health checks on disk usage and minimum memory not being imported in the production YAML (PR #699; thanks to @smcgu for flagging)
• Fixed templates with references to white cards failing linting
• Fixed the Tiptap editor automatically converting strings into hyperlinks when it thinks they are URLs (PR #720)
  • PR #673 attempted to disable this behavior, but it was not fully effective due to Tiptap having two paths for how it handles pasted text
  • Based on feedback, this is the preferred behavior for most users, but we understand some users may want to re-enable it
  • We will explore making this configurable in a future release

Ghostwriter v6.0.4

Summary

This release fixes an issue with the collaborative editor and extra fields and introduces new *_by_tag queries for the GraphQL API.

CHANGELOG

[6.0.4] - 12 September 2025

Added

• Added GraphQL endpoints, *_by_tag, for several models that get all objects that include the tag passed in as the query's parameter (PR #693)
  • Results are restricted to objects to which the user has access
  • Included models are limited to OplogEntry, Finding, Observation, ReportedFinding, and ReportedObservation for now

Ghostwriter v6.0.3

Summary

This is a minor release with some enhancements and bug fixes focused on the collaborative editor.

CHANGELOG

[6.0.3] - 10 September 2025

Added

• Added font color options back to the collaborative editor (PR #662)
  • You can now change the font color using the color picker
  • The color picker supports selecting from a palette of colors or entering custom hex or RGB values

Changed

• Increased session timeout for evidence uploads to 24 hours (up from 15 minutes) (PR #686)
  • This addresses uploads expiring when users fill out the form, but then do not submit the form until later
  • This change affects evidence uploads for the collaborative editor
• Removed some redundant buttons from the observations list view (PR #685)
• Improved the collaborative editor's modals (PR #683)
  • The fields now auto-focus
  • Pressing Enter will now submit the modal form

Fixed

• Fixed handling of the JSON content in JSON extra fields with the collaborative editor (PR #679)
• Fixed the temporal and environmental scores not working properly with the CVSS v3 calculator in the collaborative editor (PR #680; Fixes #670)
• Fixed an issue with bookmark/cross-references for headers in Word documents (PR #691)

Ghostwriter v6.0.2

Summary

This release includes enhancements to collaborative editing and some minor bug fixes.

CHANGELOG

[6.0.2] - 8 August 2025

Changed

• Changed the Tiptap editor to disable itself when users lose their connection to the collaborative editing server
  • This change prevents users from making changes to the document when they are not connected to the server

Fixed

• Fixed the missing evidence button in the Tiptap editor when editing extra fields on reports
• Fixed some extra fields on findings not saving correctly with collaborative editing
• Fixed the "sanitize" action on activity logs not working well with large logs

Ghostwriter v6.0.1

Summary

This release fixes some bugs in v6.0. The most significant change is an adjustment to the maximum connections and maximum connection age for PostgreSQL to resolve connections becoming maxed out in some cases with collaborative editing.

CHANGELOG

[6.0.1] - 31 July 2025

Added

• Added a postgres.conf file for the PostgresSQL container and database
  • This file allows you to customize the PostgreSQL configuration for your Ghostwriter instance
  • The file is located in the compose/production/postgres directory and can be modified as needed
• Added the option to display a global banner at the top of any page for announcements
  • The banner has a configurable title and message content
  • You can optionally include a link that will appear as "Learn more" below the message
  • There is an expiration date to make the banner stop displaying after a specified date and time
  • There is a "public" flag to allow the banner to be displayed to unauthenticated users on the login page
  • If a user dismisses the banner, the banner will stay hidden until the banner's content changes
    • Ghostwrtier tracks the dismissal in the browser's local storage, so the dismissal will not persist across browsers or devices
  • Added a documentation page for the banner configuration

Changed

• Changed the default MAX_CONN_AGE value to 0 per Django's recommendations for ASGI applications
• The MAX_CONN_AGE value is now controlled by a POSTGRES_CONN_MAX_AGE environment variable
• Increased PostgreSQL's max_connections to 150 (up from 100) to help accommodate increased concurrent connections
  • This may help with the increased connections that came with the new collaborative editing feature in Ghostwriter v6.0.0
• Updated the pre-built Ghostwriter CLI binaries to v0.2.27
  • This update adds a POSTGRES_CONN_MAX_AGE value to the .env file to control the maximum age of PostgreSQL connections
• Updated the Ghostwriter CLI binaries to v0.2.28
  • This update adds the collaborative editing and development frontend servers to the running and logs commands

Fixed

• Fixed a permissions issue with the uploadEvidence GraphQL mutation that prevented users from uploading evidence files unless they were a manager or admin
• Fixed collaborative editing not working for boolean custom fields
• Fixed permission errors that could occur when trying to add an observation from a search result without permission

Ghostwriter v6.0.0

Summary

Ghostwriter v6.0.0 is a significant release that introduces collaborative editing and other new features. Please read the release notes for important information about the upgrade process from Ghostwriter v5.

CHANGELOG

[6.0.0] - 23 July 2025

Added

• Introduced collaborative editing server and client-side components for real-time form collaboration
  • This feature allows multiple users to edit the same form or field simultaneously
  • The collaborative editing experience applies to report fields, findings, and observations for now
  • We will expand this feature to other areas of Ghostwriter in future releases
• Added new JavaScript/TypeScript frontend infrastructure with React components and GraphQL integration
• Updated software dependencies to the latest versions, including Django and PostgreSQL
  • Important: Upgrading an existing Ghostwriter v5 installation will require upgrading the database to v16
    • Make a backup of your database before upgrading (./ghostwriter-cli backup or a server snapshot)
    • Run ./ghostwriter-cli down
    • Update your release (e.g., git pull)
    • Run./ghostwriter-cli pg-upgrade
    • Run ./ghostwriter-cli containers build

Changed

• Replaced the TinyMCE WYSIWYG editor with the new Tiptap editor for collaborative writing
  • TinyMCE is still used in some parts of Ghostwriter that are outside the collaborative editing experience
  • This new editor looks different, but it offers all the same formatting features
  • The new editor supports collaborative editing, allowing multiple users to edit the same document simultaneously
  • You will no longer see a "Save" or "Submit" button as your work is saved automatically as part of the collaborative editing experience
  • You can now insert image evidence and see a preview of it inline with your text as you work
• Updated the Ghostwriter CLI binaries to v0.2.26
  • These binaries include a new tagcleanup command to help you clean up unused or duplicated tags in your Ghostwriter instance

Ghostwriter v5.0.12

Summary

This release adds a createUser mutation to the GraphQL API. This mutation allows admins to automate the creation of new users.

CHANGELOG

[5.0.12] - 18 July 2025

Added

• Added a createUser mutation to the GraphQL API to allow creating new users
  • This mutation is useful for creating new users without needing to use the web interface
  • The mutation requires the email, username, password, name, and role fields
  • Only admins can create new users via this mutation
  • If you choose to allow managers to create users, the mutation will not allow them to create users with the manager or admin roles