Release 1.6.0 - 8 Jun 2017

The key new features introduced in this release are:

• Additional permissions
• Permissions are now configurable over the User Defined Fields so that the viewing and editing the fields can be restricted
• Integration with HP Fortify Software Security Center (SSC) as an external source of Weaknesses tests
• Full audit logs of all changes to key domain classes.

New Features

• [IR-1128] - i18n improvements.
• [IR-1106] - Integrate IriusRisk with HP Fortify Software Security Center
• [IR-1125] - Improve performance of HP Fortify (.fpr) file format parser.
• [IR-1178] - Allow a local path for logo.url and logo.small.url properties setup.
• [IRX-630] - Auditing on all key domain classes.
• [IRX-737] - Create the changes on the UI to support permissions on UDTs configuration.
• [IRX-738] - Create the backend services to support the permissions on UDTs feature.
• [IRX-731] - Add additional (fine-graned) permissions.
• [IRX-732] - Allow permissions over the UDT fields within the Workflows.
• [IRX-741], [IRX-743] - Implement new permissions (over threats, countermeasures and general options).
• [IRX-771] - Duplicate a rule on the Workflow Rules Editor.

Bugs

• [IR-1130] - Adding a new standard to a countermeasure does not update the UI.
• [IR-1133] - Improve FPR importing process.
• [IR-1201] - Null error when importing results from an empty SSC project.
• [IRX-695] - Long delay/hang when viewing portfolio threats.
• [IRX-697] - Cannot use non-ASCII characters in the question description.
• [IRX-698] - In the workflow rules the actions Assign to BU and Assign to User don't work as expected
• [IRX-720] - Templates/Libraries don't have Workflow State.
• [IRX-723] - Several permission/workflow fixes.
• [IRX-745] - Users assigned to a product cannot view the product details.
• [IRX-746] - Changing workflow state does not change ARCHITECTURE_UPDATE permissions.
• [IRX-747] - TEST_UPDATE permission does not update the Countermeasure details panel.
• [IRX-748] - WORKFLOW_CHANGE and DOWNLOAD_REPORTS should be project permissions.
• [IRX-752] - Domains are not updated when adding a new asset.
• [IRX-753] - When a group is duplicated (cloned) the Source of Threats and Controls is not cloned.
• [IRX-759] - Workflow State is not exported in XML.
• [IRX-761] - Check WORKFLOW_CHANGE permission is working correctly.
• [IRX-766] - Fix style for product number on the left menu.
• [IRX-767] - The condition "Architecture Questionnaire is completed" is triggered on an product save action.
• [IRX-768] - Deleting a group hangs the application.
• [IRX-774] - A user with roles RISK_UPDATE and RISK_VIEW can not view the product selected.
• [IRX-781] - Product selector doesn't update architecture tab.
• [IRX-782] - Created assets are hidden in the last component
• [IRX-783] - Wrong column width in analysis table.
• [IRX-786] - Selected user groups section is not updated when creating a new group.
• [IRX-788] - User with permission LIBRARY_UPDATE and without TEMPLATE_LIBRARY_VIEW cannot edit libraries.
• [IRX-789] - A user without template edit permission can publish a template as a library.
• [IRX-790] - A user with LIBRARY_UPDATE permission cannot update a library.
• [IRX-791] - Hide "Import template" option on libraries.
• [IRX-792] - Library controls remains hidden.
• [IRX-795] - Hide options "Publish as Library" and "Publish as Template" if the user hasn't PRODUCT_UPDATE permission.
• [IRX-796] - A user without PRODUCT_EXPORT permission can export all project and shouldn't.
• [IRX-797] - Fix RISK_VIEW permission description.
• [IRX-798] - Exception in apply to products when the user does not have access to any products.
• [IRX-799] - Invited user to fill questionnaire in a template allowed to change product.
• [IRX-673] - The threat and control audit logs should display changes to all fields.
• [IRX-734] - When a Countermeasure is added manually and then edited, the status "source" should be 'M' and not 'E'.