Skip to main content

Release 4.4.0 - 09-06-2022

rules
  • Updated

Features

  • [DRA-372] - Hide drawio shapes in the diagram search box
  • [DRA-433] - Project pages should take full height
  • [DRA-473][DRA-474] - Associate Icons with GCP components definitions
  • [OPT-105] - Added Terraform file validation 
  • [OPT-108] - Health endpoint included the Startleft service status
  • [RT-4] - Avoid logging "No default issue tracker is configured for component" when it is not expected
  • [RT-5] - Reduce trace level from ERROR to WARNING when trying to sync a component without issue tracker configured
  • [RT-279] - Show projects with threat model being updated in the project list
  • [RT-348] - Add a new option to clear all filters in the threats and countermeasures tables
  • [RT-419] - Page Header are not fixed in the UI
  • [RT-422] - Toolbar buttons in projects section does not have free space between them
  • [RT-429] - Add margin top to Password label in Login
  • [SIN-92] - Rename the different values for Custom fields data type
  • [SIN-324] - Display lock icon in protected user roles
  • [SIN-325] - Implement duplicate role groups.
  • [INR-171] - Clone "Threats assigned to me" and "Countermeasures assigned to me" dashboard sections into My Portfolio
  • [INR-185] - Added to Compliance Report’s a summary with each standards status. 
  • [INR-235] - Exporting Custom Fields in Jasper Reports
  • [RT-343] - Context helper for threats & countermeasures sorting

Bug Fixes

  • [DRA-419] - "Done" action on architecture questionnaire is redirecting the user to project's dashboard when should keep on diagram
  • [DRA-461] - Inconsistent access to diagram when ARCHITECTURE_UPDATE is granted but not ARCHITECTURE_VIEW
  • [INR-243] - Error when sorting in Dashboard and My Portfolio
  • [INR-248] - Add user_id as param passed as a user filter when creating SSO user details.
  • [MSR-342] - Question exists condition not working in Threat (Component conditions) module
  • [MSR-495] - Rules from threat modules are not correctly included in rules session after importing them from a library
  • [MSR-501] - 'The security standard: null will be applied' is shown in 'Conclusion exists/not exists' conditions (Component module)
  • [OPT-144] - Error processing MissingServletRequestParameterException
  • [RT-467] - Hide the separator of the menu for clear all filter in threats
  • [SIN-300] - User Profile BU name Uppercase

Security Bug Fixes

  • [INR-250] - Fix vulnerability in library org.owasp.esapi:esapi 
  • [INR-251] - Fix vulnerability in org.dom4j:dom4j 
  • [INR-252] - Fix vulnerability. Exclude log4j from org.owasp-easapi:esapi
  • [RT-493] - Fix vulnerability in com.google.code.gson:gson

Hot Fixes included

API Changes

New Knowledge-base Content

Updated content

  • CON-1213, CON-1190 & CON-1239: PCI-DSS updated to v4.0 + New security standard: PCI Secure Software Standard (PCI-SSS)

Cloud components

  • CON-1231: Include recommendation to use AWS Nitro on EC2

  • CON-1246 & CON-1251: New GCP Components

    • Google Cloud NAT

    • Google Cloud Looker

    • Google Cloud Run

    • Google Cloud VPN

    • Google Cloud Armor

    • Google Cloud API Gateway

    • Google Cloud Build

    • Google Cloud Tasks

    • Google Cloud Schedule

Library refactors

  • CON-1243: Minor formatting changes for threat, weakness, and countermeasure descriptions and names in the CS-Default, AWS, and Azure libraries.

  • CON-1205: Include countermeasure CWE-89-PREPARED in a dataflow rule

  • CON-1230: Fix bugs detected in libraries

  • CON-1237: Fix a typo in the threat name CAPEC-217

Internal improvements

  • CON-1248: Improve security content release notes

Detailed changelog ([N]ew/[E]dited/[D]eleted)

  • Threats

    • [E] CAPEC-122-DOCKER-DAEMON-CONFIG-FILES ["name"]

    • [E] CAPEC-122-DOCKER-CONTAINER-RUNTIME ["name"]

    • [E] CAPEC-122-DOCKER-SWARM ["name"]

    • [E] CAPEC-122-DOCKER-IMAGES-BUILD-FILES ["name"]

    • [E] CAPEC-122-DOCKER-LINUX ["name"]

    • [E] CAPEC-122-DOCKER-DAEMON-CONFIG ["name"]

    • [E] CAPEC-122-DOCKER-CONTAINERS ["name"]

    • [E] INSUFFICIENT-LOGGING-MONITORING ["desc"]

    • [E] CAPEC-175 ["desc"]

    • [N] GOOGLE-DOS

    • [E] CAPEC-217 ["name"]

  • Weaknesses

    • [E] inadequate-EPHI-management-emergency ["desc","timestamp"]

    • [E] PCI-R6-6.5 ["desc","timestamp"]

    • [E] RFC6819-4.2.2 ["name","timestamp"]

  • Supported Standards

    • [N] pci-sss

    • [N] PCI-DSS-v4.0

  • Component Definitions

    • [N] CD-GOOGLE-CLOUD-API-GW

    • [N] CD-GOOGLE-CLOUD-ARMOR

    • [N] CD-GOOGLE-CLOUD-BUILD

    • [N] CD-GOOGLE-CLOUD-NAT

    • [N] CD-GOOGLE-CLOUD-RUN

    • [N] CD-GOOGLE-CLOUD-SCHEDULER

    • [N] CD-GOOGLE-CLOUD-TASKS

    • [N] CD-GOOGLE-CLOUD-VPN

    • [N] CD-GOOGLE-LOOKER

    • [N] CD-PCI-APPROVED-POI-DEVICE

    • [E] kubernetes-node ["name","desc"]

  • Usecases

    • [N] UC-PCI-SSS-REQUIREMENTS

  • Controls

    • [E] C-AZURE-DDOS-PROTECTION1 ["steps","timestamp"]

    • [E] C-AZURE-FILES1 ["steps","timestamp"]

    • [E] AZURE-APP-GW6 ["name","timestamp"]

    • [E] GOOGLE-POSTGRESQL1 ["desc","timestamp"]

    • [N] C-GOOGLE-CLOUD-ARMOR2

    • [N] C-GOOGLE-CLOUD-ARMOR1

    • [N] C-GOOGLE-CLOUD-ARMOR4

    • [N] C-GOOGLE-CLOUD-ARMOR3

    • [N] C-GOOGLE-CLOUD-ARMOR5

    • [N] C-GOOGLE-NAT3

    • [N] C-GOOGLE-NAT4

    • [N] C-GOOGLE-NAT1

    • [N] C-GOOGLE-NAT2

    • [N] C-GOOGLE-CLOUD-RUN3

    • [N] C-GOOGLE-CLOUD-RUN4

    • [N] C-GOOGLE-CLOUD-RUN1

    • [N] C-GOOGLE-CLOUD-RUN2

    • [N] C-GOOGLE-CLOUD-RUN7

    • [N] C-GOOGLE-CLOUD-RUN5

    • [N] C-GOOGLE-CLOUD-SCHEDULER1

    • [N] C-GOOGLE-CLOUD-RUN6

    • [N] C-GOOGLE-CLOUD-SCHEDULER2

    • [N] C-GOOGLE-CLOUD-LOOKER7

    • [N] C-GOOGLE-CLOUD-LOOKER6

    • [N] C-GOOGLE-CLOUD-LOOKER8

    • [N] C-GOOGLE-CLOUD-LOOKER3

    • [N] C-GOOGLE-CLOUD-LOOKER2

    • [N] C-GOOGLE-CLOUD-LOOKER5

    • [N] C-GOOGLE-CLOUD-LOOKER4

    • [N] C-GOOGLE-CLOUD-LOOKER1

    • [N] C-GOOGLE-CLOUD-TASKS1

    • [N] C-GOOGLE-CLOUD-TASKS2

    • [N] C-GOOGLE-CLOUD-TASKS3

    • [N] C-GOOGLE-CLOUD-BUILD2

    • [N] C-GOOGLE-CLOUD-BUILD3

    • [N] C-GOOGLE-CLOUD-BUILD1

    • [N] C-GOOGLE-CLOUD-BUILD6

    • [N] C-GOOGLE-CLOUD-BUILD7

    • [N] C-GOOGLE-CLOUD-BUILD4

    • [N] C-GOOGLE-CLOUD-BUILD5

    • [N] C-GOOGLE-CLOUD-VPN2

    • [N] C-GOOGLE-CLOUD-VPN3

    • [N] C-GOOGLE-CLOUD-VPN4

    • [N] C-GOOGLE-CLOUD-VPN1

    • [N] C-GOOGLE-CLOUD-API-GW5

    • [N] C-GOOGLE-CLOUD-API-GW4

    • [N] C-GOOGLE-CLOUD-API-GW3

    • [N] C-GOOGLE-CLOUD-API-GW2

    • [N] C-GOOGLE-CLOUD-API-GW1

    • [E] PCI-R4-4.1-C ["desc","steps","timestamp"]

    • [E] PCI-R4-4.2-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.9-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.8-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.4.3-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.7-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.6-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.5-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.4.4-C ["desc","timestamp"]

    • [E] PCI-R6-6.5.4-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.3-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.2-C ["desc","timestamp"]

    • [E] PCI-R3-3.5.4-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.5.3-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.2.3-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.2.2-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.1-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.2.1-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.2-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.3-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.1a-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.1b-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.5.10-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.3.2-C ["desc","steps","timestamp"]

    • [E] PCI-R6-6.3.1-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.1-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.4-C ["desc","steps","timestamp"]

    • [E] PCI-R3-3.3-C ["desc","steps","timestamp"]

    • [N] C-PCI-DSS-5

    • [N] C-PCI-DSS-4

    • [N] PCI-SSS-B.2.2.1

    • [N] C-PCI-DSS-3

    • [N] C-PCI-DSS-2

    • [N] PCI-SSS-B.2.2.2

    • [N] PCI-SSS-11.2

    • [N] C-PCI-DSS-9

    • [N] C-PCI-DSS-8

    • [N] C-PCI-DSS-7

    • [N] C-PCI-DSS-6

    • [N] C-PCI-DSS-1

    • [N] PCI-SSS-2.4

    • [N] PCI-SSS-2.3

    • [N] PCI-SSS-2.2

    • [N] PCI-SSS-2.1

    • [N] PCI-SSS-8.4

    • [N] PCI-SSS-8.3

    • [N] PCI-SSS-8.2

    • [N] PCI-SSS-8.1

    • [N] PCI-SSS-6.2

    • [N] PCI-SSS-6.1

    • [N] PCI-SSS-2.5

    • [N] PCI-SSS-10.2

    • [N] PCI-SSS-B.2.9

    • [N] C-PCI-DSS-10

    • [N] PCI-SSS-B.2.2

    • [N] PCI-SSS-B.2.3

    • [N] PCI-SSS-B.2.4

    • [N] PCI-SSS-B.2.5

    • [N] PCI-SSS-B.2.6

    • [N] PCI-SSS-B.2.7

    • [N] PCI-SSS-B.2.8

    • [N] PCI-SSS-9.1

    • [E] AWS-ELASTICACHE5-REDIS ["name","desc","steps","timestamp"]

    • [E] aws-tier-5.10-5.11 ["desc","timestamp"]

    • [E] C-AWS-KEYSPACES1 ["steps","timestamp"]

    • [E] AWS-ELASTICACHE3-REDIS ["name","desc","steps","timestamp"]

    • [E] AWS-ELASTICACHE8 ["steps","timestamp"]

    • [E] AWS-KINESIS-VIDEO1 ["desc","timestamp"]

    • [E] aws-tier-4.1 ["name","timestamp"]

    • [E] C-AWS-MEDIALIVE1 ["desc","timestamp"]

    • [E] Hydras-AWS-SNS-01 ["desc","timestamp"]

    • [N] C-AWS-EC2-USE-NITRO

  • RiskPattern

    • [N] RP-GOOGLE-CLOUD-API-GW

    • [N] RP-GOOGLE-CLOUD-ARMOR

    • [N] RP-GOOGLE-CLOUD-BUILD

    • [N] RP-GOOGLE-CLOUD-LOOKER

    • [N] RP-GOOGLE-CLOUD-LOOKER-CUSTOMER-DEPLOYMENT

    • [N] RP-GOOGLE-CLOUD-NAT

    • [N] RP-GOOGLE-CLOUD-RUN

    • [N] RP-GOOGLE-CLOUD-SCHEDULER

    • [N] RP-GOOGLE-CLOUD-TASKS

    • [N] RP-GOOGLE-CLOUD-VPN

    • [N] RP-PCI-APPROVED-POI-DEVICES

    • [N] RP-AWS-EC2-XEN

  • Rules

    • [N] Q: Google Cloud Looker deployment

    • [N] Q: Google Cloud Looker deployment - *

    • [N] Risk Pattern: Google Cloud Looker - Customer Deployment

    • [D] Security Standard: Apply PCI-DSS - Cardholder Data Environment[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]

    • [N] Security Standard: Apply PCI-DSS - Cardholder Data Environment[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]

    • [D] Security Standard: Apply PCI-DSS - Credit Card Data Processed[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]

    • [N] Security Standard: Apply PCI-DSS - Credit Card Data Processed[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]

    • [D] Security Standard: Apply PCI-DSS - Credit Card Data Stored[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]

    • [N] Security Standard: Apply PCI-DSS - Credit Card Data Stored[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]

    • [N] Risk Pattern: Cardholder Data - All - Stored - Other

    • [N] Q: Cardholder Data - All - Credit Card - Processed - Which element - *[Action][, INSERT_COMPONENT_QUESTION, pci.processed.other_::_Other type of sensitive data_::_]

    • [N] Q: Cardholder Data - All - Credit Card - Stored - Which elements - *[Action][, INSERT_COMPONENT_QUESTION, pci.stored.other_::_Other type of sensitive data_::_]

    • [N] Q: AWS EC2 Infrastructure System

    • [N] Q: AWS EC2 Infrastructure System - *

    • [N] RP: AWS EC2 Infrastructure System - Xen

 

 

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk