Features
- [DRA-372] - Hide drawio shapes in the diagram search box
- [DRA-433] - Project pages should take full height
- [DRA-473][DRA-474] - Associate Icons with GCP components definitions
- [OPT-105] - Added Terraform file validation
- [OPT-108] - Health endpoint included the Startleft service status
- [RT-4] - Avoid logging "No default issue tracker is configured for component" when it is not expected
- [RT-5] - Reduce trace level from ERROR to WARNING when trying to sync a component without issue tracker configured
- [RT-279] - Show projects with threat model being updated in the project list
- [RT-348] - Add a new option to clear all filters in the threats and countermeasures tables
- [RT-419] - Page Header are not fixed in the UI
- [RT-422] - Toolbar buttons in projects section does not have free space between them
- [RT-429] - Add margin top to Password label in Login
- [SIN-92] - Rename the different values for Custom fields data type
- [SIN-324] - Display lock icon in protected user roles
- [SIN-325] - Implement duplicate role groups.
- [INR-171] - Clone "Threats assigned to me" and "Countermeasures assigned to me" dashboard sections into My Portfolio
- [INR-185] - Added to Compliance Report’s a summary with each standards status.
- [INR-235] - Exporting Custom Fields in Jasper Reports
- [RT-343] - Context helper for threats & countermeasures sorting
Bug Fixes
- [DRA-419] - "Done" action on architecture questionnaire is redirecting the user to project's dashboard when should keep on diagram
- [DRA-461] - Inconsistent access to diagram when ARCHITECTURE_UPDATE is granted but not ARCHITECTURE_VIEW
- [INR-243] - Error when sorting in Dashboard and My Portfolio
- [INR-248] - Add user_id as param passed as a user filter when creating SSO user details.
- [MSR-342] - Question exists condition not working in Threat (Component conditions) module
- [MSR-495] - Rules from threat modules are not correctly included in rules session after importing them from a library
- [MSR-501] - 'The security standard: null will be applied' is shown in 'Conclusion exists/not exists' conditions (Component module)
- [OPT-144] - Error processing MissingServletRequestParameterException
- [RT-467] - Hide the separator of the menu for clear all filter in threats
- [SIN-300] - User Profile BU name Uppercase
Security Bug Fixes
- [INR-250] - Fix vulnerability in library org.owasp.esapi:esapi
- [INR-251] - Fix vulnerability in org.dom4j:dom4j
- [INR-252] - Fix vulnerability. Exclude log4j from org.owasp-easapi:esapi
- [RT-493] - Fix vulnerability in com.google.code.gson:gson
Hot Fixes included
API Changes
New Knowledge-base Content
Updated content
-
CON-1213, CON-1190 & CON-1239: PCI-DSS updated to v4.0 + New security standard: PCI Secure Software Standard (PCI-SSS)
Cloud components
-
CON-1231: Include recommendation to use AWS Nitro on EC2
-
CON-1246 & CON-1251: New GCP Components
-
Google Cloud NAT
-
Google Cloud Looker
-
Google Cloud Run
-
Google Cloud VPN
-
Google Cloud Armor
-
Google Cloud API Gateway
-
Google Cloud Build
-
Google Cloud Tasks
-
Google Cloud Schedule
-
Library refactors
-
CON-1243: Minor formatting changes for threat, weakness, and countermeasure descriptions and names in the CS-Default, AWS, and Azure libraries.
-
CON-1205: Include countermeasure CWE-89-PREPARED in a dataflow rule
-
CON-1230: Fix bugs detected in libraries
-
CON-1237: Fix a typo in the threat name CAPEC-217
Internal improvements
-
CON-1248: Improve security content release notes
Detailed changelog ([N]ew/[E]dited/[D]eleted)
-
Threats
-
[E] CAPEC-122-DOCKER-DAEMON-CONFIG-FILES ["name"]
-
[E] CAPEC-122-DOCKER-CONTAINER-RUNTIME ["name"]
-
[E] CAPEC-122-DOCKER-SWARM ["name"]
-
[E] CAPEC-122-DOCKER-IMAGES-BUILD-FILES ["name"]
-
[E] CAPEC-122-DOCKER-LINUX ["name"]
-
[E] CAPEC-122-DOCKER-DAEMON-CONFIG ["name"]
-
[E] CAPEC-122-DOCKER-CONTAINERS ["name"]
-
[E] INSUFFICIENT-LOGGING-MONITORING ["desc"]
-
[E] CAPEC-175 ["desc"]
-
[N] GOOGLE-DOS
-
[E] CAPEC-217 ["name"]
-
-
Weaknesses
-
[E] inadequate-EPHI-management-emergency ["desc","timestamp"]
-
[E] PCI-R6-6.5 ["desc","timestamp"]
-
[E] RFC6819-4.2.2 ["name","timestamp"]
-
-
Supported Standards
-
[N] pci-sss
-
[N] PCI-DSS-v4.0
-
-
Component Definitions
-
[N] CD-GOOGLE-CLOUD-API-GW
-
[N] CD-GOOGLE-CLOUD-ARMOR
-
[N] CD-GOOGLE-CLOUD-BUILD
-
[N] CD-GOOGLE-CLOUD-NAT
-
[N] CD-GOOGLE-CLOUD-RUN
-
[N] CD-GOOGLE-CLOUD-SCHEDULER
-
[N] CD-GOOGLE-CLOUD-TASKS
-
[N] CD-GOOGLE-CLOUD-VPN
-
[N] CD-GOOGLE-LOOKER
-
[N] CD-PCI-APPROVED-POI-DEVICE
-
[E] kubernetes-node ["name","desc"]
-
-
Usecases
-
[N] UC-PCI-SSS-REQUIREMENTS
-
-
Controls
-
[E] C-AZURE-DDOS-PROTECTION1 ["steps","timestamp"]
-
[E] C-AZURE-FILES1 ["steps","timestamp"]
-
[E] AZURE-APP-GW6 ["name","timestamp"]
-
[E] GOOGLE-POSTGRESQL1 ["desc","timestamp"]
-
[N] C-GOOGLE-CLOUD-ARMOR2
-
[N] C-GOOGLE-CLOUD-ARMOR1
-
[N] C-GOOGLE-CLOUD-ARMOR4
-
[N] C-GOOGLE-CLOUD-ARMOR3
-
[N] C-GOOGLE-CLOUD-ARMOR5
-
[N] C-GOOGLE-NAT3
-
[N] C-GOOGLE-NAT4
-
[N] C-GOOGLE-NAT1
-
[N] C-GOOGLE-NAT2
-
[N] C-GOOGLE-CLOUD-RUN3
-
[N] C-GOOGLE-CLOUD-RUN4
-
[N] C-GOOGLE-CLOUD-RUN1
-
[N] C-GOOGLE-CLOUD-RUN2
-
[N] C-GOOGLE-CLOUD-RUN7
-
[N] C-GOOGLE-CLOUD-RUN5
-
[N] C-GOOGLE-CLOUD-SCHEDULER1
-
[N] C-GOOGLE-CLOUD-RUN6
-
[N] C-GOOGLE-CLOUD-SCHEDULER2
-
[N] C-GOOGLE-CLOUD-LOOKER7
-
[N] C-GOOGLE-CLOUD-LOOKER6
-
[N] C-GOOGLE-CLOUD-LOOKER8
-
[N] C-GOOGLE-CLOUD-LOOKER3
-
[N] C-GOOGLE-CLOUD-LOOKER2
-
[N] C-GOOGLE-CLOUD-LOOKER5
-
[N] C-GOOGLE-CLOUD-LOOKER4
-
[N] C-GOOGLE-CLOUD-LOOKER1
-
[N] C-GOOGLE-CLOUD-TASKS1
-
[N] C-GOOGLE-CLOUD-TASKS2
-
[N] C-GOOGLE-CLOUD-TASKS3
-
[N] C-GOOGLE-CLOUD-BUILD2
-
[N] C-GOOGLE-CLOUD-BUILD3
-
[N] C-GOOGLE-CLOUD-BUILD1
-
[N] C-GOOGLE-CLOUD-BUILD6
-
[N] C-GOOGLE-CLOUD-BUILD7
-
[N] C-GOOGLE-CLOUD-BUILD4
-
[N] C-GOOGLE-CLOUD-BUILD5
-
[N] C-GOOGLE-CLOUD-VPN2
-
[N] C-GOOGLE-CLOUD-VPN3
-
[N] C-GOOGLE-CLOUD-VPN4
-
[N] C-GOOGLE-CLOUD-VPN1
-
[N] C-GOOGLE-CLOUD-API-GW5
-
[N] C-GOOGLE-CLOUD-API-GW4
-
[N] C-GOOGLE-CLOUD-API-GW3
-
[N] C-GOOGLE-CLOUD-API-GW2
-
[N] C-GOOGLE-CLOUD-API-GW1
-
[E] PCI-R4-4.1-C ["desc","steps","timestamp"]
-
[E] PCI-R4-4.2-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.9-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.8-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.4.3-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.7-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.6-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.5-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.4.4-C ["desc","timestamp"]
-
[E] PCI-R6-6.5.4-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.3-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.2-C ["desc","timestamp"]
-
[E] PCI-R3-3.5.4-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.5.3-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.2.3-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.2.2-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.1-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.2.1-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.2-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.3-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.1a-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.1b-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.5.10-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.3.2-C ["desc","steps","timestamp"]
-
[E] PCI-R6-6.3.1-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.1-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.4-C ["desc","steps","timestamp"]
-
[E] PCI-R3-3.3-C ["desc","steps","timestamp"]
-
[N] C-PCI-DSS-5
-
[N] C-PCI-DSS-4
-
[N] PCI-SSS-B.2.2.1
-
[N] C-PCI-DSS-3
-
[N] C-PCI-DSS-2
-
[N] PCI-SSS-B.2.2.2
-
[N] PCI-SSS-11.2
-
[N] C-PCI-DSS-9
-
[N] C-PCI-DSS-8
-
[N] C-PCI-DSS-7
-
[N] C-PCI-DSS-6
-
[N] C-PCI-DSS-1
-
[N] PCI-SSS-2.4
-
[N] PCI-SSS-2.3
-
[N] PCI-SSS-2.2
-
[N] PCI-SSS-2.1
-
[N] PCI-SSS-8.4
-
[N] PCI-SSS-8.3
-
[N] PCI-SSS-8.2
-
[N] PCI-SSS-8.1
-
[N] PCI-SSS-6.2
-
[N] PCI-SSS-6.1
-
[N] PCI-SSS-2.5
-
[N] PCI-SSS-10.2
-
[N] PCI-SSS-B.2.9
-
[N] C-PCI-DSS-10
-
[N] PCI-SSS-B.2.2
-
[N] PCI-SSS-B.2.3
-
[N] PCI-SSS-B.2.4
-
[N] PCI-SSS-B.2.5
-
[N] PCI-SSS-B.2.6
-
[N] PCI-SSS-B.2.7
-
[N] PCI-SSS-B.2.8
-
[N] PCI-SSS-9.1
-
[E] AWS-ELASTICACHE5-REDIS ["name","desc","steps","timestamp"]
-
[E] aws-tier-5.10-5.11 ["desc","timestamp"]
-
[E] C-AWS-KEYSPACES1 ["steps","timestamp"]
-
[E] AWS-ELASTICACHE3-REDIS ["name","desc","steps","timestamp"]
-
[E] AWS-ELASTICACHE8 ["steps","timestamp"]
-
[E] AWS-KINESIS-VIDEO1 ["desc","timestamp"]
-
[E] aws-tier-4.1 ["name","timestamp"]
-
[E] C-AWS-MEDIALIVE1 ["desc","timestamp"]
-
[E] Hydras-AWS-SNS-01 ["desc","timestamp"]
-
[N] C-AWS-EC2-USE-NITRO
-
-
RiskPattern
-
[N] RP-GOOGLE-CLOUD-API-GW
-
[N] RP-GOOGLE-CLOUD-ARMOR
-
[N] RP-GOOGLE-CLOUD-BUILD
-
[N] RP-GOOGLE-CLOUD-LOOKER
-
[N] RP-GOOGLE-CLOUD-LOOKER-CUSTOMER-DEPLOYMENT
-
[N] RP-GOOGLE-CLOUD-NAT
-
[N] RP-GOOGLE-CLOUD-RUN
-
[N] RP-GOOGLE-CLOUD-SCHEDULER
-
[N] RP-GOOGLE-CLOUD-TASKS
-
[N] RP-GOOGLE-CLOUD-VPN
-
[N] RP-PCI-APPROVED-POI-DEVICES
-
[N] RP-AWS-EC2-XEN
-
-
Rules
-
[N] Q: Google Cloud Looker deployment
-
[N] Q: Google Cloud Looker deployment - *
-
[N] Risk Pattern: Google Cloud Looker - Customer Deployment
-
[D] Security Standard: Apply PCI-DSS - Cardholder Data Environment[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]
-
[N] Security Standard: Apply PCI-DSS - Cardholder Data Environment[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]
-
[D] Security Standard: Apply PCI-DSS - Credit Card Data Processed[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]
-
[N] Security Standard: Apply PCI-DSS - Credit Card Data Processed[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]
-
[D] Security Standard: Apply PCI-DSS - Credit Card Data Stored[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v3.2.1_::_PCI-DSS-v3.2.1]
-
[N] Security Standard: Apply PCI-DSS - Credit Card Data Stored[Action][, APPLY_SECURITY_STANDARD, PCI-DSS-v4.0_::_PCI-DSS-v4.0]
-
[N] Risk Pattern: Cardholder Data - All - Stored - Other
-
[N] Q: Cardholder Data - All - Credit Card - Processed - Which element - *[Action][, INSERT_COMPONENT_QUESTION, pci.processed.other_::_Other type of sensitive data_::_]
-
[N] Q: Cardholder Data - All - Credit Card - Stored - Which elements - *[Action][, INSERT_COMPONENT_QUESTION, pci.stored.other_::_Other type of sensitive data_::_]
-
[N] Q: AWS EC2 Infrastructure System
-
[N] Q: AWS EC2 Infrastructure System - *
-
[N] RP: AWS EC2 Infrastructure System - Xen
-
Comments
0 comments
Article is closed for comments.