- [IR-4412] - The default SAML role is always assigned independant of the other defined mappings.
- [IR-4798] - Improved feedback for model generation failures.
- [IR-4836] - New icons are included for new AWS components.
- [IR-4765] - New setting for ASVS v4 added. Check here for more information on how the ASVS4 vs ASVS3 feature works on 3.1.0.
- [IR-4485] - Fixed a bug to allow to import weakness from CWE library.
- [IR-4686] - Fixed Unexpected Error when parsing rules.
- [IR-4707] - Fixed a problem when changing a component definition assigned in the diagram.
- [IR-4711] - Remove a browser confirmation window popup message when user do a logout in some cases.
- [IR-4730] - Fixed a problem when adding the same countermeasure several times for the same threat.
- [IR-4744] - Fixed an error in the diagram when a trust zone is deleted through the configuration and kept on the product diagrams.
- [IR-4815] - Fixed unmmaped shapes importation from tremplates on the diagram.
- [IR-4879] - Fixed an error when try to edit or delete a threat reference.
- [IR-4903] - Fixed a problem when removing weaknesses from a threat.
- [IR-4904] - Fixed a problem adding existing weaknesses to te model.
- [IR-4907] - Fixed a problem listing components with the same name on Add Threat from Existing.
- [IR-4910] - Fixed a problem adding a countermeasure if it exists on another threat.
- [IR-4911] - Fixed a problem with the updating of risk response.
- [IR-4923] The rule condition called component is now deprecated and will be removed in version 4.0.0. Use the rule condition component definition instead of.
Hot Fixes included
This is also a cumulative release that also includes all the hotfixes on the 3.0 branch:
New Knowledge-base Content
- [CON-60] - New OWASP API Security Top 10 Standard.
- [CON-216] - ASVSv4 Standard for CS-Default library. Created document "Frequently Asked Questions Upgrading to OWASP ASVS v4.0.1" in ZenDesk: https://support.iriusrisk.com/hc/en-us/articles/360037994292.
- [CON-317] - Added new Standard NIST 800-63 for countermeasures related to Authentication and Session Management in CS-Default.
- [CON-384] - Updated Mobile ASVS standard to version 1.2 (https://github.com/OWASP/owasp-masvs/releases/tag/v1.2).
- [CON-387] - Improved coverage for "CIS Amazon Web Services Three-tier Web Architecture Benchmark" standard (https://d1.awsstatic.com/whitepapers/compliance/CIS_Amazon_Web_Services_Three-tier_Web_Architecture_Benchmark.pdf).
- [CON-60] - RESTful Web Service (CS-Default library).
- [CON-370] - GraphQL Web Service (CS-Default library).
- [CON-384] - Android Device Client (OWASP MASVS library).
- [CON-384] - iOS Device Client (OWASP MASVS library).
- [CON-387] - AWS CloudFront (Hydras-AWS-Foundation library).
- [CON-387] - AWS Route53 (Hydras-AWS-Foundation library).
- [CON-444] - Kafka (CS-Default library).
- [CON-444] - Redis (CS-Default library).
- [CON-425] - SOAP Web Service (CS-Default library).
Minor changes and corrections in countermeasures and weaknesses for the following libraries:
- EU GDPR.
- AWS Lambda.
- Docker CIS.
- OWASP MASVS.
- IoT Security Compliance Framework.
- Google Cloud Platform.