Features
- [IR-5073] - New API endpoint created to gets a list of all required countermeasures of a component
- [IR-5086] - Unmitigated Threats and No Mitigation Planned filters created in the threats tab
- [IR-5131] - Add Sync state and last sync columns in product list
- [IR-5220] - New API endpoint created to delete a list of countermeasures of a product
- [IR-5272] - Allow editing project UDT without PRODUCT update if the user has the permissions for UDTs
- [IR-5274] - Create WEAKNESS_CREATE permission
- [IR-5413] - Integrate new TFS SDK
- [IR-5767] - Update PCI-DSS standard
- [IR-5791] - Content libraries to update
Changes
- [IR-3975] - Move the issue tracker sync interval field to the issue tracker tab
- [IR-5186] - Order exported XML
- [IR-5244] - Don't print stack traces for disabled TFS/JIRA/Redmine products
- [IR-5354] - Rename "Component Use Cases" in libraries table
- [IR-5485] - Inform the users is there is nothing to list in a table/grid
- [IR-5740] - Hide the tab Assets at Risk by setting
- [IR-5813] - Update swagger info and version
Bug Fixes
- [IR-5222] - Custom changes to configurations are not fully preserved over an update
- [IR-5324] - UDT default value should only be used in the creation time
- [IR-5209] - Trim white space in references
- [IR-5358] - New Library and New Template modals display an inner tab called "Product Details"
- [IR-5505] - Artifact isn't generated when we change the Diagram tab while the model is being updated
- [IR-5526] - Heartbeat sync error when quickly updating the diagram
- [IR-5533] - Absent link in errors UI message
- [IR-5547] - Fixed Update library bypasses the unique name validation
- [IR-5563] - API access is creating Spring Security persistent sessions
- [IR-5573] - Fixed duplicated NIST 800-63] - Standard
- [IR-5622] - Include a case-insensitive check-in login process
- [IR-5696] - Fixed an error applying default library changes to a product
- [IR-5736] - Fix language in J[IRa error message
- [IR-5839] - Nodes of exported XML are ordered in a different way in case they have the same names
- [IR-5862] - Fixed error when trying to edit use case name with spaces
- [IR-5865] - TFS issue link generation has an extra slash
- [IR-5882] - Fixed issues on /products/:product-id/users API endpoint
- [IR-5887] - Fixed can not edit any global asset definition
- [IR-5888] - TFS Integration. Bad message when the testing connection fails
- [IR-5898] - Wrong translation when 'Not authorized' warning is displayed in Issue Tracker configuration.
- [IR-5900] - Wrong body on DELETE {{baseUrl}}/products/:product-id/users
- [IR-5924] - Rules not migrated after migrating library ref
- [IR-5930] - Rules not migrated after migrating standard ref
- [IR-5939] - Unexpected error upon questionna[IRe is completed
Security Bug Fixes
For more information on this see the Security Advisories section.
- [IR-5761] - Stored Cross-Site-Scripting vulnerability using "Insert Question" action in the rules editor
Hot Fixes included
This is also a cumulative release that also includes all the hotfixes on the 3.7 branch:
New Knowledge-base Content
Updated libraries
-
[CON-688] - Spellchecked all default libraries
-
[CON-648] - Language-review of last AWS bundle
-
[CON-681] - Filled empty threat descriptions
Library refactor
-
[CON-614] - Improved PCI-DSS content, descriptions, and test steps
-
[CON-686] - Filled empty threat descriptions
-
[CON-691] - Upgrade PCI-DSS 3.2 to 3.2.1
New Components
-
[CON-674] - New Microsoft Azure components:
-
Azure Functions
-
Azure Cosmos DB
-
Azure Front Door
-
Azure Monitor
-
Azure Web Apps
-
-
[CON-675] - New Google Cloud Platform components:
-
Google Cloud BigQuery
-
Google Cloud Bigtable
-
Google Cloud Composer
-
Google Cloud Data Fusion
-
Google Cloud Dataproc
-
Comments
0 comments
Article is closed for comments.