Release 3.1.0 - 22-06-2020

Features

• [IR-4412] - The default SAML role is always assigned independant of the other defined mappings.
• [IR-4798] - Improved feedback for model generation failures.
• [IR-4836] - New icons are included for new AWS components. 
• [IR-4765] - New setting for ASVS v4 added. Check here for more information on how the ASVS4 vs ASVS3 feature works on 3.1.0.

Bug Fixes

• [IR-4485] - Fixed a bug to allow to import weakness from CWE library.
• [IR-4686] - Fixed Unexpected Error when parsing rules.
• [IR-4707] - Fixed a problem when changing a component definition assigned in the diagram.
• [IR-4711] - Remove a browser confirmation window popup message when user do a logout in some cases.
• [IR-4730] - Fixed a problem when adding the same countermeasure several times for the same threat.
• [IR-4744] - Fixed an error in the diagram when a trust zone is deleted through the configuration and kept on the product diagrams. 
• [IR-4815] - Fixed unmmaped shapes importation from tremplates on the diagram.
• [IR-4879] - Fixed an error when try to edit or delete a threat reference.
• [IR-4903] - Fixed a problem when removing weaknesses from a threat.
• [IR-4904] - Fixed a problem adding existing weaknesses to te model. 
• [IR-4907] - Fixed a problem listing components with the same name on Add Threat from Existing.
• [IR-4910] - Fixed a problem adding a countermeasure if it exists on another threat.
• [IR-4911] - Fixed a problem with the updating of risk response. 

Deprecated Features

• [IR-4923] The rule condition called component is now deprecated and will be removed in version 4.0.0. Use the rule condition component definition instead of.

Hot Fixes included

This is also a cumulative release that also includes all the hotfixes on the 3.0 branch: 

• Hotfix 3.0.1.

New Knowledge-base Content

New/Updated Standards

• [CON-60] - New OWASP API Security Top 10 Standard.
• [CON-216] - ASVSv4 Standard for CS-Default library. Created document "Frequently Asked Questions Upgrading to OWASP ASVS v4.0.1" in ZenDesk: https://support.iriusrisk.com/hc/en-us/articles/360037994292.
• [CON-317] - Added new Standard NIST 800-63 for countermeasures related to Authentication and Session Management in CS-Default.
• [CON-384] - Updated Mobile ASVS standard to version 1.2 (https://github.com/OWASP/owasp-masvs/releases/tag/v1.2).
• [CON-387] - Improved coverage for "CIS Amazon Web Services Three-tier Web Architecture Benchmark" standard (https://d1.awsstatic.com/whitepapers/compliance/CIS_Amazon_Web_Services_Three-tier_Web_Architecture_Benchmark.pdf).

New components

• [CON-60] - RESTful Web Service (CS-Default library).
• [CON-370] - GraphQL Web Service (CS-Default library).
• [CON-384] - Android Device Client (OWASP MASVS library).
• [CON-384] - iOS Device Client (OWASP MASVS library).
• [CON-387] - AWS CloudFront (Hydras-AWS-Foundation library).
• [CON-387] - AWS Route53 (Hydras-AWS-Foundation library).
• [CON-444] - Kafka (CS-Default library).
• [CON-444] - Redis (CS-Default library).
• [CON-425] - SOAP Web Service (CS-Default library).

Minor changes

Minor changes and corrections in countermeasures and weaknesses for the following libraries:

• EU GDPR.
• AWS Lambda.
• Hydras-AWS-Foundation.
• Docker CIS.
• Microsoft-Azure.
• OWASP MASVS.
• IoT Security Compliance Framework.
• Google Cloud Platform.
• PCI-DSSv3.2.