Features
- [DRA-323] - Rename api key from otmFile to file
- [DRA-335] - Update Cloud Storage icon
- [DRA-341] - Make API work with OTM content in body request, not just file
- [DRA-352] - Associate Icons with AWS components definitions
- [MSR-6] - Print duplicated rules in log
- [MSR-250] - Split copy and move feature in rules
- [MSR-269] - Remove useless columns from library threats table
- [MSR-270] - Remove useless actions from library threats contextual menu
- [MSR-272] - Remove useless actions from library countermeasures contextual menu
- [RT-297] - Replace HTML by JSON error response, when a file is not supplied in the API call
- [RT-312] - Filter countermeasures by the state of Rejected
- [SIN-69] - Redesign login page
- [INR-184] - Standard sections covered by countermeasures
- [MSR-121] - Display current Component Definition icon on the form
- [MSR-197] - Automatically add conditions/actions when they're filled
- [MSR-252] - Decide when a manually introduced countermeasure status value must be overridden
- [OPT-2] - Creating a new threat model from CloudFormation through an API endpoint
- [OPT-4] - Provide a custom mapping file when uploading CloudFormation to the API endpoint
- [RT-229] - Sorting threats in flatten view
- [RT-243] - Setting priority manually on countermeasures
- [RT-245] - API Endpoint for update countermeasures
- [RT-258] - Add threat bulk actions for accept risk, NA, delete risk, and lock in flatten view
- [RT-357] - Hide by default the details panel on Threats & Countermeasures
Bug Fixes
- [DRA-24] - Arrange CSS in Artifact preview on Create Template from product
- [DRA-25] - I18n issues on Diagram
- [DRA-60] - Duplicated ID error: collision between OTM ids and cellIds on diagram
- [DRA-168] - Duplicated ID error: collision between components/dataflows ids
- [DRA-242] - Project was created even POST API return 400 error
- [DRA-277] - Returns error 400 instead of 500 when OTM file is empty
- [DRA-280] - Error 'c is undefined' thrown at draw.io in Firefox
- [DRA-285] - Return error when importing OTM file with dataflow's bidirectional: true
- [DRA-308] - Duplicated ID error: error deleting TZ in use
- [DRA-386] - NPE on updateTrustZoneRefs
- [INR-194] - Unable to Generate Reports
- [MSR-248] - Wrong audit text when updating a library
- [MSR-268] - Wrong audit text when enabling/disabling a library
- [MSR-281] - Notification status 'Trust Zone created', 'Trust Zone saved' and 'Trust Zone deleted' are not shown
- [MSR-294] - Conclusion not inserted in origin component
- [MSR-308] - Component category is a condition not properly applying questionnaire actions
- [MSR-312] - Rules are not automatically included in the rules session when importing a library
- [MSR-313] - Rules combos not getting updated when changing action/condition selection
- [MSR-330] - Component definitions' visible property is not being exported
- [MSR-331] - Expected fields not getting updated for component definitions when importing or updating a library
- [RT-271] - Duplicated components after importing a project
- [RT-283] - Review threat filters when you delete a component or use-case
- [RT-287] - Solve the performance issue of the Threat Tree view
- [RT-301] - Duplicated reason window when users mark countermeasures as rejected or not applicable
- [RT-315] - Fix COUNTERMEASURE_UPDATE permission description
- [RT-322] - Settings project's menu is not working
- [RT-355] - Fix issues in the templates table
- [SIN-73] - Bad encoding of Spanish special characters when login error occurred
- [SIN-180] - Login with email and non-valid password doesn't show message
- [SIN-200] - A locked user is able to log in
- [SIN-211] - In the login screen, the "Email or username" label is not translated to Spanish
Security Bug Fixes
- [MSR-323] - Fix vulnerabilities in groovy
- [MSR-324] - Fix vulnerability in library org.postgresql:postgresql
- [DRA-356] - Fix vulnerabilities in org.apache.ant:ant
Hot Fixes included
API Changes
New Knowledge-base Content
Updated standards
-
CON-1168 & CON-1172. FedRAMP standard has now NIST 800-53 sections. Additionally, new questions are available for Server Side Components to have a smooth integration with this US Federal Standard.
Cloud components
-
CON-1125, CON-1158 & CON-1161: New components for Amazon Web Services:
-
AWS License Manager
-
AWS Lake Formation
-
AWS IQ
-
AWS DeepRacer
-
AWS DeepLens
-
AWS DeepComposer
-
AWS Data Exchange
-
AWS Cost Management
-
AWS Compute Optimizer
-
AWS Chatbot
-
AWS Backup OK
-
AWS Auto Scaling
-
AWS AppSync
-
AWS App Mesh
-
AWS Artifact
-
AWS AppStream 2.0
-
AWS Application Discovery Service
-
AWS Translate
-
AWS Transcribe
-
AWS Textract
-
AWS Sumerian
-
AWS SageMaker
-
AWS Rekognition
-
AWS Polly
-
AWS Personalize
-
AWS Lex
-
AWS Keyspaces
-
AWS Kendra
-
AWS GameLift
-
AWS Fraud Detector
-
AWS Forecast
-
AWS DocumentDB
-
AWS Connect
-
AWS Comprehend
-
AWS CodeGuru
-
AWS Chime
-
AWS Braket
-
AWS Augmented AI (A2I)
-
AWS AppFlow
-
Alexa for Business
-
-
CON-1178: Revision of AWS Config to improve their content
Internal improvements
-
CON-1162: New tests processes to check missing components
Updated content
-
CON-1187: Updated definition of padding oracle attacks
Comments
0 comments
Article is closed for comments.