Release 2.3.1 - 29-11-2019
- Refactor of controls for S3 component in the AWS library.
- New weakness created: "Misconfigured S3 access policies"
- New/reworked controls:
- "Restrict Amazon S3 Bucket Access".
- "Identify and audit all your Amazon S3 buckets".
- "Apply IAM roles".
- Hydras-AWS-EC2-6.3 corrected.
- Removed rules to avoid selecting Public Cloud as a default trust zone for AWS, Lambda, Google and Azure libraries.
- [IR-4098] - Fixed read only permission over a threat model (edit a threat with read only permission).
- [IR-4100] - Fixed library exports regarding <rules> section.
- [IR-4112] - Show a Logout option when authentication and/or authorization is set to AD/LDAP.
- [IR-4142] - Change reset password token expiry behaviour to not expire on the first opening of the link.
- [IR-4146] - Fixed a problem with Create Component Definition when category was filtered.
- [IR-4147] - Fixed zoom option on view text areas for read-only permissions (Countermeasures).