Release 2.3.1 - 29-11-2019

Content

• Refactor of controls for S3 component in the AWS library.
  • New weakness created: "Misconfigured S3 access policies" 
  • New/reworked controls:
    • "Restrict Amazon S3 Bucket Access".
    • "Identify and audit all your Amazon S3 buckets".
    • "Apply IAM roles".
• Hydras-AWS-EC2-6.3 corrected.
• Removed rules to avoid selecting Public Cloud as a default trust zone for AWS, Lambda, Google and Azure libraries.

Bug Fixes

• [IR-4098] - Fixed read only permission over a threat model  (edit a threat with read only permission).
• [IR-4100] - Fixed library exports regarding <rules> section. 
• [IR-4112] - Show a Logout option when authentication and/or authorization is set to AD/LDAP. 
• [IR-4142] - Change reset password token expiry behaviour to not expire on the first opening of the link.
• [IR-4146] - Fixed a problem with Create Component Definition when category was filtered.
• [IR-4147] - Fixed zoom option on view text areas for read-only permissions (Countermeasures).