SysReptor

...configurations. (see: github.com/Syslifters/sys…) To all SysReptor users who have SSO enabled: We strongly recommend reviewing the SSO config and settings "require_email_verified" to "true" and "user_identifier_claim" to "email". (See #sysreptor-configuration" target="_blank" rel="nofollow noopener">docs.sysreptor.com/users/oidc-gen…) 2/2

🛡️Time for a SysReptor update! 🥳 We've got a great security review and hardening time behind us. The today's SysReptor release brings several security hardening measures and fixed a minor "user admin" to "superuser" privilege escalation that is exploitable in non-default... 1/n

The inline image editor can now also blur sensitive parts of images. And the best thing is... ...it takes the color values from the edge of the rectangle, so it is impossible to reconstruct the images behind the blur. "Secure blurring" so to say.

@goldenfawks Sent

@SysReptor Please DM proxy

Due to recent Signal messenger blocks we share our #SignalProxy for cencorship circumvention: #sprint.syslifters.com" target="_blank" rel="nofollow noopener">signal.tube/#sprint.syslif… Please contact us if you notice that the proxy is shut down in your region. We'll share private proxies with you, if necessary. #sharingiscaring

🛡️Time to update SysReptor Professional We fixed a security issue: Read-write access to personal notes by sharing-link creation with no authorization SysReptor Community is also affected, but access to personal notes of other users is intended there (because everyone is superuser). Thank you to Robin L. for reporting ❤️ github.com/Syslifters/sys…

@noraj_rawsec Thank you, @noraj_rawsec, we appreciate that 🙌

@SysReptor I have not used SysReptor for a long time but when I'll a report generator, this will be my go to. It looks like it keeps improving over time.

☑️ Multi-select and bulk actions In the latest SysReptor version you can multi-select projects and run bulk-actions on them. The same is possible for finding templates and designs.

Support for PostgreSQL 14 is coming to an end in November. The newest SysReptor version comes with the handy update script "upgrade_postgres.sh". We recommend updating the self-hosted PostgreSQL databases before v14 reaches end of life.

✨We made the SysReptor AI integration even better in one of our recent updates. It now supports sub-agents and further tools like planning and keeping to-do lists. Our objective is to provide the best agentic integration with the LLMs of your choice: self-hosted or self-chosen.

🖼️ You can now edit uploaded images in SysReptor. Images are flattened after editing, so your sensitive contents are truly redacted. You still have the option to revert the edited image to the original.

🎥 How privilege elevation and permissions work in SysReptor. Our co-founder Aron explained this in this video: youtube.com/watch?v=ThMS4j…

We just published our collection of design components that you can copy and paste into your SysReptor report designs. This makes designing your reports even easier. sysreptor.com/designs

🥳🥳 Finally there: Custom filenames Specify your filename in the report's meta tags and get your custom filename when publishing the report. Kudos to Michael for the elegant solution. More details and a sample at: docs.sysreptor.com/designer/filen…

@briancheong Yes, they sometimes should do 8 tool calls and stop after 3, or they don't work at all. Or they even "forget" what they are supposed to do in the first place.

@SysReptor Tool call reliability as a factor in model selection is underrated. Most teams pick a model for reasoning quality and hit the governance problem after deployment.

We introduced an AI agent that allows you using the LLM of your choice. Our experiments showed that small models often have problems with tool calls or with following instructions. Large proprietary models mostly work quite well but have the drawback that most of them are hosted in the US (or by US companies), making them unusable for companies with high data privacy standards. The best performing open model was, in our experience, Kimi K2. We would be very interested in hearing about your experiences: github.com/Syslifters/sys…

Three fantastic things we're currently implementing: * Image editor for annotations and cropping * Allow setting custom filenames for PDF reports (on a per-design basis) * Exporter for pushing findings to Jira What else do you need to become even more efficient?

If you're out of seats in SysReptor Pro, you can disable users because disabled users don't count as seats in the license. If you delete users (instead of disabling them), keep in mind that this might have the side-effect that you lose the connection between projects and users. Users that are deleted and members of projects are transformed into "imported" project members (it's the same functionality as if you import a project and the project users don't exist in that SysReptor installation). There is one edge case in which we prevent deleting users: If there are archived (encrypted) projects and the user's public key was used to encrypt them. Deleting such users might lead to unexpected data loss in this case.

SysReptor now supports images in @excalidraw notes 💚

Create public sharing links for your personal notes 📝 Previously, it was only possible to publicly share project notes. You can now also share your private notes. With optional password protection, expire date, and access control.

@PinkDraconian @jkudish If you go to online Google maps you can basically do anything for free. Or what features are not free there?

@SysReptor @jkudish The requests are not always free. Many endpoints come with costs up to 32$ per 1000 requests I've found in the wild

I still don't understand Google Maps API keys. If you're showing a map on your website, the API key is in your client-side code. An attacker can use this API key to send millions of requests and you're paying for it. There's no way to secure it?