This version has changed the application entry point (base URL). This change only affects those deployments using their own reverse proxy or load balancing solution in which case the entry point / should map directly to / instead of /ui.
If you are using our nginx docker images as the reverse proxy then no action is required, the new nginx images already contain the required changes.
The key new features and improvements made in this release are:
- Diagramming: Data Flow Diagrams (DFDs) in addition to our existing questionnaire based system, that allow you to design complex relationships and rules between different architectural components. This release delivers v1 functionality in which diagrams are generated statically based on DFDs. Watch the demo.
- Performance Improvements, particularly for products with a large number of custom fields
- User Interface Improvements.
- Added new API calls (i.e. to create libraries through the API) and several improvements for SDK integrations: API docs.
- New rules for the Dataflows module.
- New library for the EU-GDPR and how it affects building applications.
- Improvements in the countermeasure descriptions in the Continuum Security Default Library.
- Bug fixes.
- [IR-1746] - Publish IriusRisk on the Azure Active Directory APP Gallery. (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.iriusrisk?tab=Overview)
- [IR-1517] - Allow the setup of a default user to assign all the newly created Threats and Countermeasures.
- [IR-1608] - Include Issue Tracker ID number when exporting and importing products.
- [IR-1853] - Create a status endpoint for Iriusrisk (/health).
- [IR-1731] - Implement static diagram generation for the Architecture view.
- [IRX-1001] - New Product Permission PRODUCT_DELETE.
- [IRX-1004] - New permission WORKFLOW_CHANGE_ALL.
- [IRX-1005] - Create new condition "When a specific workflow state is entered".
- [IRX-1030] - Improve overall performance of the application.
[IR-1836] - UI Improvements:
- [IR-1750] - Change all action menus to expand them on click event.
- [IR-1752] - Add icons to some selectors.
- [IR-1621] - Fix Text Area fields.
- [IR-1694] - Fix visibility of the data assets description on the questionnaires.
- [IR-1696] - Fix name visibility of the Threats when it does not fit the designated area.
- [IR-1686] - The condition to modify a User Defined Field of type date must display a Date Picker UI.
- [IR-1795] - Risk Pattern and library naming on the Libraries section.
- [IR-1867] - Show an icon on the Weaknesses and Countermeasures Tab for tested vulnerabilities.
- [IR-1873] - Links displayed in Question Group descriptions need to be opened in a new tab.
- [IR-1883] - The selected option of side bar is missing if you refresh the browser.
- [IRX-1009] - Improve project User Defined Fields view and search.
- [IRX-968] - Improve the way we iterate among Workflow states.
- [IRX-969] - Change the label Design for the Workflow states.
- [IRX-1008] - Show full text for the Workflow State.
- [IR-1718] - Allow HTML links in question descriptions.
- [IR-1719] - QuestionGroups should have descriptions.
[IR-17XX] - API Improvements:
- [IR-1749] - Set User Defined Field of type Date through the API is not working.
- [IR-1620] - Add a new API call to add a Risk Pattern to a Library.
- [IR-1662] - Change impacts on the API call to GET a Library to return strings instead of values.
- [IR-1637] - The GET controls API call should return the relationships to threats and weaknesses as well.
- [IR-1633] - Implements GET and DELETE option for Library RiskPattern API calls.
[IR-17XX] - Dataflows:
- [IR-1585] - Implement new actions on the DataFlows Rules module:
- [IR-1670] - New Dataflow Rule: Mark Countermeasure as Implemented on Origin/Destination.
- [IR-1671] - New Dataflow Rule: Insert Notification.
- [IR-1787] - Ref field of a Library should be non-editable.
- [IR-1625] - Rule Engine should not be executed for Libraries.
- [IR-1632] - Bug when handling same controls attached to different weaknesses on different Threats.
- [IR-1751] - Blank test result option should not be allowed.
- [IR-1785] - It should not be possible to convert a Library to a project or template.
- [IR-1860] - On the New User add menu show the password requirements when the password is not compliant.
- [IR-1865] - Allow the user to save and edit issueID for a countermeasure.
- [IR-1871] - Emails should be unique within the system.
- [IR-1640] - Unsupported options from the Workflow module should be removed.
- [IR-1653] - Show the API keys for integrations masked on the UI.
- [IR-1656] - Priorities on Countermeasures are not being updated according to Threat risks.
- [IR-1901] - Threats table is not correctly updated after remove a control from a component.
- [IR-1904] - Partially tested control colors don't match on several places of the UI.
- [IR-1905] - Status and cost selector in a control form are not using i18n.
- [IR-1910] - Controls table in compliance mode should be updated after add standard to a control.
- [IR-1944] - Conflict in Jackson library dependencies that prevented IriusRisk from starting up on some specific Operating Systems.