- [IR-5021] - New permission API_ACCESS created to allow Generate an API token.
- [IR-5047] - New filter created for "Current risk" in the threat list
- [IR-5174] - New API endpoint created "/api/v1/workflowstates"
- [IR-5175] - Move from the CheckBox component to the RadioButton component in the questionnaire, when the options are exclusive.
- [IR-5234] - CSV format is available in the product reports.
- [IR-5275] - New permission WEAKNESS_UPDATE created.
- [IR-5276] - New permission WEAKNESS_DELETE created.
- [IR-0000] - New permission RULE_CREATE created. Users without this permission won't be able to see the Drools tab.
- [IR-5294] - UDT rules marked as deprecated.
- [IR-5326] - Update a library that modifies the category for an existing component definition don't overwrite it.
- [IR-5352] - Implemented a new date format method for human-readable dates.
- [IR-5353] - Open rich text area links in a new tab.
- [IR-5431] - Removed actions from "threats assigned to me" and "Portfolio threats" from Dashboard and Portfolio respectively.
- [IR-5447] - Change the default value of the Business Impact Weighting.
- [IR-5489] - Rename RULE_CREATE permission to DROOLS_CREATION_RULE
- [IR-5510] - Make radio buttons clickable through their description.
- [IR-4687] - Fixed inconsistency problem when deleting a global asset and is used by a product.
- [IR-4888] - Create new Issues requirements is ignoring duplicated controls
- [IR-5142] - Wrong artifact image displayed on the browser
- [IR-5170] - Changes in template data flows are not being applied to the products
- [IR-5226] - User with just SYSTEM_SETTINGS_VIEW can delete standards
- [IR-5377] - Persistent flag on the "Create Component" rule does not have any effect.
- [IR-5382] - Wrong title on "Export Library" window
- [IR-5385] - Change to Read-only mode for default libraries, disabled the magnifying glass icon to enlarge the library description.
- [IR-5432] - Fixed a rule container issue for several instances. The rule container is a standalone instance in memory, so from now we synchronize the container of all instances on every change.
- [IR-5445] - Wrong UI message when creating a library
- [IR-5448] - Exporting & Importing product removes threat block
- [IR-5451] - Link custom field validation is not applied
- [IR-5462] - When disabling a component definition it doesn't show up in the Architecture palette
- [IR-5476] - Dropdowns on custom fields for Threats don't work in the default form
- [IR-5494] - Changed the term "Question Group" to "Question"
- [IR-5503] - Fixed an error shown when trying to sync & accessing product with deleted asset
- [IR-5504] - User can see "Add Weakness from existing" with WEAKNESS_ADD_FROM_EXISTING not assigned
- [IR-5511] - Fix typo on role saved message in Spanish language
- [IR-5521] - Api permission broken after several role updates
- [IR-5749] - Show a notification when a global asset is being deleted
- [IR-5752] - User with WEAKNESS_ADD_FROM_EXISTING cannot add weaknesses
- [IR-5756] - Risk rating filter isn't applied if the countermeasure is updated and visible in the Library section
- [IR-5758] - Risk rating not updating even though countermeasures have been implemented and tested.
Hot Fixes included
This is also a cumulative release that also includes all the hotfixes on the 3.6 version:
New Knowledge-base Content
- [CON-643] - New AWS components available:
AWS ElastiCache (+Redis)
AWS Direct Connect
AWS Step Functions
AWS Trusted Advisor
- [CON-659] - Bugfix: fixed condition in “Q: Server - Service - Java EE” rule. The question group “Which servers are in use?“ was being displayed after selecting a wrong answer from another question group.