v3.4.0

v3.4.0 (March 2026):
Makefile:
- (beta) You may add an environment variable CAWK_SYSNAME to use special common functions implemented in database/common/special_common.gawk.template
instead of common/common.gawk.template (refer to the README for further information)
- Added a new TMP_ASSESSMENT_FILES variable used to clean all intermediate supplier assessment files, set to by default
(remain onlu all report files) (see Makefile.support.mk)
- Updated Makefile for performance enhancements
Package Integrity:
- Added an additional sha521sum check to verify the integrity of the package before running an assessment
Makefile.docker:
- Updated to inherit variables from Makefile.support.mk (see: CAWK_VERSION in Makefile.support.mk)
Tests:
- Reviewed all existing tests for ACL consistency and added new supplier ones: ,
- The ACL consistency library has been thoroughly reviewed (ref. common/common_hypercube-lib.gawk.template)

v3.3.0

v3.3.0 (January 2025):
Makefile:
- add new supplier
- add a new target <sync_teststoconfs_run> : sync tests to confs for <audit=AUDIT_NAME> assessment
- add a new target <sync_teststoconfs_run_audit> : sync tests to confs for only all <audit=AUDIT_NAME> assessments
- optimize Makefile to avoid reaching Unix shell maximum line length
Tests:
- add new tests for and (ref new authors)
Makefile.cawk.version:
- This is a specific Makefile used to manage the cawk version packages (please refer to the README for further information)
(this Makefile must be located in the parent directory of cawk installations)

v3.2.0

v3.2.0 (December 2025):
Makefile:
- add a new variable that can be called with gmake like:
gmake check_run audit=<AUDIT_NAME> PSIRT=yes : only compute PSIRT tests if you intend to build an audit only for psirt purpose
gmake check_run audit=<AUDIT_NAME> PSIRT=no (dfault value) : compute all the tests
(ref Makefile.support.mk file)
- fix a bug in database.repo copy to database
Docker:
- 3 new files have been added to build a cawk container based on:
- Makefile.docker file,
- Dockerfile file,
- cawk_docker_run.sh script
(please refer to the README for further information)

v3.1.0

v3.1.0 (October 2025):
Makefile:
- add a new script <database_sync_psirt.sh> in <database/scripts> in order to build psirt inventory
(this script is runned with <sync_psirt> target)
(refer to README for further information)
- add a new target <sync_psirt> target to build psirt inventory
- add a new target <database_repo_copy> allowing to update directory only with missing
files (database.repo -> database), this target is runned with target
(refer to README for further information)
- fix a bug with $(ECHO) -e command (not portable and printing "-e" in files)
- fix a bug with <backup_audit_run> find command (-type f -o -type d not portable, database not fully backup)
- update database_sync with a new option regex_path_exclude in order to exclude configurations based on their
paths, all associated cawk files have been updated
Tests:
- add advanced psirt test code allowing to match line, block, os version, etc.
- one advanced psirt code has been added for cisco-ios, cisco-xe, cisco-viptela and cisco-xr
- it is built over <common/test_generic_psirt.gawk.template> v1.0 code
- such psirt test has <.gawk.include> suffix
- test is now available for cisco-xe supplier scope
- all cisco-ios tests are now available for cisco-xe supplier scope

v3.0.0

v3.0.0 (October 2025):
Makefile:
- update Makefile in order to have a new type of test allowing to check advanced psirt vulnerabilities
(statements match, ios versions regex match, chassis regex match, etc.) in a future release
- update Makefile to support running cawk as a Docker container in a future release
- enforce Makefile controls during processing
- set a in Makefile.support.mk for pointing to <grep -E> rather than to
- add a new target <clean_archive_older> to remove archive files older than the ARCHIVE_OLDER_DAYS value defined in Makefile.support.mk
- <sync_run target> update
- to add a new regex allowing to match os supplier during the sync
(refer to README for further information)
- remove the confs directories by default and create only the ones linked to existing configurations
(refer to README for further information)
Tests:
- tests are now available for all cisco supplier scopes
- tests are now available for all cisco supplier scopes
- tests are now available for all cisco supplier scopes

v2.9.0

v2.9.0 (September 2025):
Makefile:
- improved test execution performance by allowing multiple configuration files per test run
(this option can be changed in Makefile.support.mk with the TEST_EXE variable)
- general performance improvements (.INTERMEDIATE and *.swap for all scopes)
- add a new target gmake version to display the current cawk version
- add two targets gmake tests_check and tests_check_nok to check the compliance validity of all tests
Tests:
- add a banner test for cisco-ios scope only (to be replicated for other scopes in future releases)
- updated tests for older crypto algorithms across all supplier scopes (ref support/tests.sed)
- fixed all inconsistent test output names and include an internal check before package release.
note that some tests names have changed to be more consistent (it could impact existing exceptions)
(ref common/check_test.gawk.template will check test consistency and format compliance)
(inconsisstencies can be checked directly with gmake tests_check and gmake tests_check_nok targets)

v2.8.0

v2.8.0 (July 2025):
Makefile:
- in reports, include the number of exceptions in the summary report
- in reports, include the number of deadbeef configurations in the summary report
- in email_send target, add the summary as a file attached and only display the common/common_message.txt in the email body
- in view_error and view_run targets, simplify the output
- in targets tests_run_copy and tests_run_audit_copy, add a check to avoid copying files that already exist in run_audit
Tests:
- for the following suppliers scopes : cisco-ios, cisco-xe and cisco-cedge, update global tests to take into consideration
the default commands (hidden commands), avoiding to set many exceptions for each supplier scope assessment
- for the following suppliers scopes : cisco-ios, cisco-xe, update line aux tests to take into consideration that other
line commands can be defined for modem, etc.
Common:
- review code of timeline reporting to enhance performance

v2.7.1

v2.7.0 (June 2025):
Makefile:
- in reports:
- rename ".all.full." substring to ".all." substring for the final reports
- build *.idx (index of configurations assessed)
- build a new final psirt report (.all(.security./.audit./.psirt./.exception./.deadbeef.)) gathering
all psirt errors
- build a timeline report for each final report (.all(.security./.audit./.psirt./.exception./.deadbeef.))
that could be injected into Microsoft PowerBI, Grafana, etc. as it includes a timestamp header for each error
(year, month, day, week, number of devices assessed)
- for the final reports, the concept of deadbeef can be activated in Makefile.support.mk or by calling
gmake with DEADBEEF like (gmake check_run audit=cawk DEADBEEF=yes):
- if DEADBEEF is set to "yes", then the deadbeef final report is generated and deadbeef devices
are removed from other final reports (.all.security.,.all.audit.,.all.psirt.,all.exception.)
- if DEADBEEF is set to "no", then the deadbeef final report is generated and deadbeef devices
are kept in other final reports (.all.security.,.all.audit.,.all.psirt.,all.exception.)
- a device is considered deadbeef by default if its configuration is older than the days value
set in DEADBEEF_THRESHOLD_DAYS (default value is 30 days)
- in backup_run target, enforce that logs/run_audit/AUDIT_NAME logs are also backed up in the gzipped
file (needed for cawk version migration)
- in migrate target, enforce the copy of tests by several finds rather than a single find command which can
generate issues at some systems
Common:
- update the summary format for a better readability
Tests:
- updated 6wind-linux tests (enhanced test outputs)

v2.6.0

v2.6.0 (may 2025):
Tests:
- update cisco-ios, cisco-xe, cisco-cedge aclsdefref* tests
- update cisco-ios, cisco-xe, cisco-cedge, cisco-xr routingdefref* tests
- update juniper-junos filterdefref* tests
- fix issues for sync_run target not working properly, update Makefile and common/sync_cawk_conf.gawk.template
Common:
- add a new "error stats" section showing a sorted list of most frequent test error names by occurrence by risk level
Cawk Makefile:
- update targets create_audit and delete_audit which write or remove audit=AUDIT_NAME in the various databases
- add a new status code psirt : to classify the errors as psirt
- add new targets:
- tests_run_copy audit=AUDIT_NAME supplier=SUPPLIER_NAME
allows copying tests from repo to run_audit (supplier scope)
- tests_run_audit_copy
allows copying tests from repo to run_audit (all supplier scopes) for all audit=AUDIT_NAME
- database_postaudit_(add,del,update)
allows running post-assessment tasks like creating helpdesk tickets, etc.
(please refer to the README for further information)
- migrate file=BACKUP_PATH_FILE
allowing to migrate from a cawk version to an another one
(please refer to the README for further information)

v2.5.0

v2.5.0 (april 2025):
Tests:
- add a new scope : 6wind-linux
- review the risk level and status codes of all defref tests
Cawk Makefile:
- by default reporting is linked to each supplier scope. now, in addition of the default reporting, a full reporting is
generated for all suppliers allowing to generate a full report, security report, audit report and summary report.
- generate cawk msg (only for assessment audit=AUDIT_NAME) when confs or tests directories are not found. it allows to
remove unused directories if needed.
- add new targets to manage email notifications for cawk assessments, it refers to database_email_(add,del,update),
email_send(audit)? targets (please refer to the README for further information)
- update gmake database_sync(add,update) audit=AUDIT_NAME dir=SYNC_PATH regex=REGEX_PATTERN/.* scope=SCOPE_FILE/none
a scope can be provided to limit the configuration synchronization to a specific scope based on internal inventory
(please refer to the README for further information)
- fix some bugs when using view targets
Cawk Makefile.support.mk:
- JSON var is set to "no" by default, if set to "yes" json reporting is activated (i.e. Makefile.support.mk)
Cawk directories:
- add a log directory to store all cawk logs