Slack Watchman - 4.4.4

Added

• Added GitHub Action to test release notes and version tag for GitHub releases

Changed

• Dependabot updates
  • requests updated to 2.33.0
• Update GitHub Actions that use Node.js 20 to the latest versions to support Node.js 24

Fixed

• Fixed broken link to Slack Cookie Authentication blog post in README (raised in [#82] by @emilstahl)

Slack Watchman - 4.4.3

Changed

• Dependabot updates
  • urllib3 updated to 2.6.0

Slack Watchman - 4.4.2

Added

• Added .github/dependabot.yml with configuration for Dependabot:
  • Use develop as target branch
  • Update both pyproject.toml and poetry.lock
• README updated to recommend using pipx for installation

Fixed

• Fixed issue with Poetry build arguments in Dockerfile, which was causing the build to fail.

Changed

• Modified signature download process to use requests instead of urllib, which is more robust and provides better SSL handling. This addresses the issue raised in #74
• Dependabot updates
  • urllib3 updated to 2.5.0
  • requests updated to 2.32.4

Slack Watchman - 4.4.1

Fixed

• Fixed a bug where an exception was raised when no suppressed signatures were passed. Fixes #66
• Fixed error when creating a Workspace object using the response from the Slack API. Validation was expecting a bool, but in some instances, a string was being returned. Fixes #68
• Fixed bug where the incorrect error message was being passed when environment variables were not set. Fixes #67

Slack Watchman - 4.4.0

Added

• Ability to disable signatures by their ID in the watchman.conf config file.
  • These signatures will not be used when running Slack Watchman
  • Signature IDs for each signature can be found in the Watchman Signatures repository
• App manifest JSON file for creating the Slack Watchman Slack application added in docs/app_manifest.json
• Pylint configuration and implement fixes and recommendations based on findings
  • Added Pylint checks in GitHub actions
• Additional tests added:
  • Unit tests for remaining non-model modules
  • Integration tests for slack_client.py

Fixed

• Bug where variables were not being imported from watchman.conf config file

Slack Watchman - 4.3.0

Changed

• Timestamps are now in UTC across all logging for consistency
• Refactor some commonly used functions into a utils module
• More general code cleanup and refactoring

Fixed

• Fixed a few bugs with models for User, Workspace and Messages not picking up all values

Added

• GitHub actions for Python tests and Docker build and run testing
• Implemented unit tests for models

Slack Watchman - 4.2.0

Added

• Added enumeration of conversations with populated Canvases attached. These can contain sensitive information, and are worth reviewing.
• Added join domain to unauthenticated probe. This is the link to use to sign into a Workspace if you have an email with one of the approved domains.

Slack Watchman - 4.1.2

Added

• Added enumeration of authentication options for the Workspace you authed to.
  • Shows which domains are authorised to create accounts on the workspace. If a historic domain that isn't registered anymore is still approved, you could access this workspace using an email from it.
  • Also shows which OAuth providers are authorised for the workspace.
• Added new 'unauthenticated probe' mode. This mode will attempt an unauthenticated probe on the workspace and return any available authentication information, as well as any other useful information such as whether the workspace is on a paid plan.
  • No authentication token is required in this mode, you can spray away to any workspace you like.

Changed

• Signatures are now downloaded, processes and stored in memory instead of writing to disk. This saves having to store them in files, and solves the issues when using Slack Watchman with read-only filesystems (raised in #51)
• Migrated to Poetry for dependency control and packaging

Slack Watchman - 4.1.1

Added

• Added enumeration of authentication options for the Workspace you authed to.
  • Shows which domains are authorised to create accounts on the workspace. If a historic domain that isn't registered anymore is still approved, you could access this workspace using an email from it.
  • Also shows which OAuth providers are authorised for the workspace.
• Added new 'unauthenticated probe' mode. This mode will attempt an unauthenticated probe on the workspace and return any available authentication information, as well as any other useful information such as whether the workspace is on a paid plan.
  • No authentication token is required in this mode, you can spray away to any workspace you like.

Changed

• Signatures are now downloaded, processes and stored in memory instead of writing to disk. This saves having to store them in files, and solves the issues when using Slack Watchman with read-only filesystems (raised in #51)
• Migrated to Poetry for dependency control and packaging

Slack Watchman - 4.1.0

Added

• Added enumeration of authentication options for the Workspace you authed to.
  • Shows which domains are authorised to create accounts on the workspace. If a historic domain that isn't registered anymore is still approved, you could access this workspace using an email from it.
  • Also shows which OAuth providers are authorised for the workspace.
• Added new 'unauthenticated probe' mode. This mode will attempt an unauthenticated probe on the workspace and return any available authentication information, as well as any other useful information such as whether the workspace is on a paid plan.
  • No authentication token is required in this mode, you can spray away to any workspace you like.

Changed

• Signatures are now downloaded, processes and stored in memory instead of writing to disk. This saves having to store them in files, and solves the issues when using Slack Watchman with read-only filesystems (raised in #51)
• Migrated to Poetry for dependency control and packaging