4.1.0

What's Changed

Bug Patches

• Fixed "Save + Add" button on "Add Ability" modal in adversaries page so it doesn't result in an error. #2637
• Fixed a first-time startup error in the Atomic plugin resulting from a loop when parsing atomic abilities. #2657
• Fixed a bug in the Training plugin preventing the first manx flag from completing. #2638
• Fixed "(unexpected keyword argument 'loop')" error from the start_server call. #2625

Security Fixes

• Patched a XSS bug found in the Operations tab and Debrief plugin that took advantage of unsanitized input in an operation's name field. #2644
  • Disclosure reports coming soon, stay tuned
  • Credit to Jayson Grace from Meta's Purple Team for discovering this vulnerability

Operations Page

• Added "Operations Detail" modal on operation page that shows how the operation was configured at its start. #2558
• Tidied up row of buttons so they align better. #2615

Adversaries

(New!) "Everything Bagel" adversary: A collection of all CALDERA abilities ordered by ATT&CK tactic. Particularly useful when using the new advanced planners (see below) and want all abilities at the disposal of the planner.

(In progress) Added a missing ability to the "Worm" Adversary in the Stockpile plugin.

Planners

(New!) Look-Ahead Planner: A CALDERA planner that decides which abilities to execute based on expected future reward.
(New!) Guided Planner: A CALDERA planner which makes use of "distance to goals" in a dependency graph to select the optimal next action.

New Contributors

• @jt0dd made their first contribution in #2590
• @sgianvecchio made their first contribution in #2563
• @pierregi made their first contribution in #2577
• @djmartin41041 made their first contribution in #2649
• @Morpheme777 made their first contribution in #2642

Full Changelog: 4.0.0...4.1.0