The key new features and improvements made in this release are:
- Library update and propagation to products: with this new feature, risk patterns within libraries can be updated and those changes can then be propagated to all products that have imported those patterns. This is particularly useful when new threats or countermeasures are associated with a risk pattern. For example, if a new TLS vulnerability is identified as well as a recommended countermeasure, then these can be added to the TLS risk pattern and automatically propagated to all Products that have imported that pattern.
- Issue tracker configuration per component: with this new feature, Issue Tracker configuration is now possible per Component and not only per Product. Components will inherit the settings from the Product by default. The entire tracker configuration can be changed per Component, i.e. Component A could be using Jira, while Component B could be using Microsoft TFS
- Diagramming: Asset information is now visible on the data flows and trust zones can be moved in the diagram.
- Disable Library: Entire Libraries can be disabled with a single action. The main use case for this is to clone our default libraries and adapt them to your specific needs, without our updates overwriting your changes.
- Continuum Security Policies library: this is a new Library with a set of rules that applies Standards such as EU-GDPR, PCI-DSS or OWASP-ASVS based on the answers in the questionnaire.
- Additional Permissions: new permission THREAT_NEW_ADD to allow users to manually add new threats to the generated Threat Model.
- API improvements: List all available user groups on the system.
- Remote monitoring: the /health endpoint returns more details about the internal state of the application.
- Improved mapping algorithm for importing external test sources (HP-Fortify, BDD-Security, Threadfix...): added new threats to the Continuum Security Default Library to cover CWEs on code quality that have a security impact.
- Advanced Search feature in the Products tab: search using User Defined Fields by applying comparators, such as: "Risk Owner contains John Doe".
- AWS library improvements: content has been updated and extended.
- EU-GDPR Library improvements: Use Cases have been renamed and we have included some language corrections.
- [IR-1889] - Create use case with same name different ref for the same Component in Libraries tab should not be allowed.
- [IR-1926] - Add a new configuration option for Azure AD integration to extend the lifetime of the token when validating it.
- [IR-1988] - Importing different Risk Patterns with the same Component name-ref and UseCase-ref results in only one being imported.
- [IR-1992] - Error when importing Microsoft Threat Model artifacts.
- [IR-2017] - Incorrect ordering on Threat tables (Z-A order).
- [IR-2109] - When an standard is deleted, In the Countermeasure tab, the Compliance menu still shows that standard.
- [IR-2153] - Create a "General" use case for the CAPEC library.