- [IR-5442] - Users & Roles admin section reworked, now you can list users under a BU and list users which belong to a role.
- [IR-5531] - New ThreadFix integration as a vulnerability tracker.
- [IR-5570] - Display confirmation window before applying a stardard.
- [IR-5790] - Version of the threat model included on the project's grid.
New Knowledge-base Content
New security standard
- [CON-741] - CIS Google Cloud Platform Foundation Benchmark.
- [CON-735] - FedRAMP (Federal Risk and Authorization Management Program) second iteration. This library provides a set of development requirements (based on NIST 800-53 Security Controls Catalog Revision 4) that help to comply with the FedRAMP Technical Security Controls Baselines.
- [CON-475] - New security content for SAML standard in the CS-Default library.
- [CON-475] - New SAML components on the Server-side category:
- SAML Service Provider
- SAML Identity Provider
- [CON-741] - New GCP components:
Google Cloud Firebase
Google Cloud Load Balancing
Google Cloud MySQL
- [IR-5129] - Improve search elements in Drawio. Partial search implemented and prioritize IriusRisk components.
- [IR-6157] - Removed DiagramBuilder and related classes, except entities/tables (internal refactor).
- [IR-6194] - UserDetailPanel minor changes to layout.
- [IR-6197] - Adjust RoleDetail's width to SplitPanel's width.
- [IR-6224] - Users can not see templates nor libraries if they do not have any view/update permission on them.
- [IR-6258] - Update MSSQL to version 9.2.0.jre8.
- [IR-6259] - Update Jackson to version 2.12.1.
- [IR-6261] - Update License3j to version 2.0.1.
- [IR-6262] - Update JQuery to version 3.5.1.
- [IR-6337] - Updated CS-Default, Google Cloud Platform, and Fedramp libraries.
- [IR-6389] - Versions XML format.
- [IR-6059] - Fixed having a non-irius component as parent removes child component from trustzone.
- [IR-6079] - In the Countermeasures tab of a product, the "Actions" column is not the last one.
- [IR-6101] - Fixed missing property "lastHeartBeatDate" on Clone / show Product API call / Export / Import processes.
- [IR-6224] - Accessing Libraries section after AccessDeniedException causes a fatal exception.
- [IR-6366] - Exception is thrown when editing custom permissions for a workflow state.
- [IR-6374] - Search by Role in users table is case insensitive.
- [IR-6387] - Users with no library permissions can see libraries.
- [IR-6395] - Fix import rules with only actions.
- [IR-6398] - Display versions are not shown in the project table when a version is selected.
- [IR-6400] - Users with ROLE_MANAGE_USERS_BU can not see Business Unit's users.
- [IR-6401] - Fix Threat tab refresh on apply a standard.
Security Bug Fixes
- [IR-5978] - Irius is not expiring idle sessions.
- [IR-5860] - The error message appears in the URL parameters.
- [IR-6185] - Removed header authentication since it was a security issue.
Hot Fixes included
This is also a cumulative release that also includes all the hotfixes on the 3.10.0: