Features
- [DRA-217] - Allow diagram concurrent edition
- [DRA-337] - Create API endpoint to sync project
- [DRA-398] - New field created in the API project details endpoint to know if the model is being updated
- [INR-139] - IriusRisk user's SSO integration with Analytic module
- [INR-204] - Adding Standard Section as a first Level categorization in Compliance Report
- [MSR-115] - Improve performance of import risk pattern process
- [MSR-180] - Disallow modify rules for default libraries
- [OPT-35] - New API endpoint to create a new threat model from Terraform file
- [OPT-83] - Added more mapping with AWS component for TF
- [OPT-111] - Added more mapping with AWS component for TF
- [RT-131] - Make countermeasures filter support multi-select
- [RT-267] - New bulk action to change the priority of the countermeasure
- [RT-361] - New API endpoint to create threats in a project
- [RT-362] - New API endpoint to create countermeasures in a project
- [RT-364] - New API endpoint to associate a control to a threat in products
- [RT-365] - New API endpoint to associate a control to a weakness in products
- [SIN-70] - Redesign error pages 500, 403 and 404
- [SIN-191] - Validate login and register forms field length
- [SIN-173] - Create analytics setting for SSO token
- [SIN-252] - Add audit_event on SAML successful login
- [SIN-259] - Show IP information just to users with SUPPORT permission
- [VAL-2] - Project navigation redesign
Bug Fixes
- [DRA-142] - Diagram deleted trust zone fallback renaming components and text
- [DRA-169] - Duplicated ID error: delete component of dataflow and re-import otm again
- [DRA-172] - Dataflow has wrong parent when import an OTM file that creates a dataflow
- [DRA-394] - Add support to UserObject in the XML diagram
- [MSR-251] - 'Asset deleted' notification not shown
- [MSR-314] - Compilation error for rules with two or more "Risk pattern imported" conditions
- [MSR-319] - Threat form disabled in libraries for users with LIBRARY_UPDATE permission
- [MSR-339] - Category is renamed when we try to add a category with case variation from original name
- [MSR-346] - Fix some styles in new navigation
- [MSR-372] - 'Cannot invoke method toLowerCase() on null object' thrown after synchronizing the model
- [MSR-402] - Error when importing empty risk pattern
- [RT-363] - Sorting threats & countermeasures are not working in tree view
- [SIN-110] - Stacktrace printed on the log when a password doesn't match the strength requirements
- [SIN-172] - Fix default value for some settings
- [SIN-198] - Release notes window not being displayed when updating to hotfix version
- [SIN-221] - Trim forms for Role group creation form
- [SIN-220] - Change English desc for role.products_list_all.desc
- [SIN-287] - Make equal message for audit log when a user do login and logout
Security Bug Fixes
- [DRA-415] - Fix vulnerabilities in library org.apache.poi:poi
- [MSR-325] - Fix vulnerability in library junit:junit
- [SIN-233] - Fix vulnerability in library commons-io:commons-io
- [SIN-232] - Fix vulnerabilty on library org.bouncycastle:bcprov-ext-jdk15on
Hot Fixes included
API Changes
New Knowledge-base Content
Cloud components
- CON-1196 & CON-1225: Updated Amazon Web Services components with new threats and countermeasures:
-
AWS Certificate Manager
-
AWS Key Management System
-
AWS SageMaker
-
AWS EC2 Auto Scaling
-
AWS Elastic Beanstalk
-
Updated content
-
CON-1148: Updated definition of scan-antivirus countermeasure (Scan the application and systems with antivirus software) to fit ASVSv4 10.2.3 to 10.2.6.
Comments
0 comments
Article is closed for comments.