Skip to main content

Release 4.2.0 - 24-03-2022

rules
  • Updated

Features

  • [DRA-323] - Rename api key from otmFile to file
  • [DRA-335] - Update Cloud Storage icon
  • [DRA-341] - Make API work with OTM content in body request, not just file
  • [DRA-352] - Associate Icons with AWS components definitions
  • [MSR-6] - Print duplicated rules in log
  • [MSR-250] - Split copy and move feature in rules
  • [MSR-269] - Remove useless columns from library threats table
  • [MSR-270] - Remove useless actions from library threats contextual menu
  • [MSR-272] - Remove useless actions from library countermeasures contextual menu
  • [RT-297] - Replace HTML by JSON error response, when a file is not supplied in the API call
  • [RT-312] - Filter countermeasures by the state of Rejected
  • [SIN-69] - Redesign login page
  • [INR-184] - Standard sections covered by countermeasures
  • [MSR-121] - Display current Component Definition icon on the form
  • [MSR-197] - Automatically add conditions/actions when they're filled
  • [MSR-252] - Decide when a manually introduced countermeasure status value must be overridden
  • [OPT-2] - Creating a new threat model from CloudFormation through an API endpoint
  • [OPT-4] - Provide a custom mapping file when uploading CloudFormation to the API endpoint
  • [RT-229] - Sorting threats in flatten view
  • [RT-243] - Setting priority manually on countermeasures
  • [RT-245] - API Endpoint for update countermeasures
  • [RT-258] - Add threat bulk actions for accept risk, NA, delete risk, and lock in flatten view
  • [RT-357] - Hide by default the details panel on Threats & Countermeasures

Bug Fixes

  • [DRA-24] - Arrange CSS in Artifact preview on Create Template from product
  • [DRA-25] - I18n issues on Diagram
  • [DRA-60] - Duplicated ID error: collision between OTM ids and cellIds on diagram
  • [DRA-168] - Duplicated ID error: collision between components/dataflows ids
  • [DRA-242] - Project was created even POST API return 400 error
  • [DRA-277] - Returns error 400 instead of 500 when OTM file is empty
  • [DRA-280] - Error 'c is undefined' thrown at draw.io in Firefox
  • [DRA-285] - Return error when importing OTM file with dataflow's bidirectional: true
  • [DRA-308] - Duplicated ID error: error deleting TZ in use
  • [DRA-386] - NPE on updateTrustZoneRefs
  • [INR-194] - Unable to Generate Reports
  • [MSR-248] - Wrong audit text when updating a library
  • [MSR-268] - Wrong audit text when enabling/disabling a library
  • [MSR-281] - Notification status 'Trust Zone created', 'Trust Zone saved' and 'Trust Zone deleted' are not shown
  • [MSR-294] - Conclusion not inserted in origin component
  • [MSR-308] - Component category is a condition not properly applying questionnaire actions
  • [MSR-312] - Rules are not automatically included in the rules session when importing a library
  • [MSR-313] - Rules combos not getting updated when changing action/condition selection
  • [MSR-330] - Component definitions' visible property is not being exported
  • [MSR-331] - Expected fields not getting updated for component definitions when importing or updating a library
  • [RT-271] - Duplicated components after importing a project
  • [RT-283] - Review threat filters when you delete a component or use-case
  • [RT-287] - Solve the performance issue of the Threat Tree view
  • [RT-301] - Duplicated reason window when users mark countermeasures as rejected or not applicable
  • [RT-315] - Fix COUNTERMEASURE_UPDATE permission description
  • [RT-322] - Settings project's menu is not working
  • [RT-355] - Fix issues in the templates table
  • [SIN-73] - Bad encoding of Spanish special characters when login error occurred
  • [SIN-180] - Login with email and non-valid password doesn't show message
  • [SIN-200] - A locked user is able to log in
  • [SIN-211] - In the login screen, the "Email or username" label is not translated to Spanish

Security Bug Fixes

  • [MSR-323] - Fix vulnerabilities in groovy
  • [MSR-324] - Fix vulnerability in library org.postgresql:postgresql
  • [DRA-356] - Fix vulnerabilities in org.apache.ant:ant

Hot Fixes included

API Changes

New Knowledge-base Content

Updated standards

  • CON-1168 & CON-1172. FedRAMP standard has now NIST 800-53 sections. Additionally, new questions are available for Server Side Components to have a smooth integration with this US Federal Standard.

Cloud components

  • CON-1125, CON-1158 & CON-1161: New components for Amazon Web Services:

    • AWS License Manager

    • AWS Lake Formation

    • AWS IQ

    • AWS DeepRacer

    • AWS DeepLens

    • AWS DeepComposer

    • AWS Data Exchange

    • AWS Cost Management

    • AWS Compute Optimizer

    • AWS Chatbot

    • AWS Backup OK

    • AWS Auto Scaling

    • AWS AppSync

    • AWS App Mesh

    • AWS Artifact

    • AWS AppStream 2.0

    • AWS Application Discovery Service

    • AWS Translate

    • AWS Transcribe

    • AWS Textract

    • AWS Sumerian

    • AWS SageMaker

    • AWS Rekognition

    • AWS Polly

    • AWS Personalize

    • AWS Lex

    • AWS Keyspaces

    • AWS Kendra

    • AWS GameLift

    • AWS Fraud Detector

    • AWS Forecast

    • AWS DocumentDB

    • AWS Connect

    • AWS Comprehend

    • AWS CodeGuru

    • AWS Chime

    • AWS Braket

    • AWS Augmented AI (A2I)

    • AWS AppFlow

    • Alexa for Business

  • CON-1178: Revision of AWS Config to improve their content

Internal improvements

  • CON-1162: New tests processes to check missing components

Updated content

  • CON-1187: Updated definition of padding oracle attacks

 

 

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk