Release 4.5.0 - 07-07-2022

Features

• [DRA-508] - Disable shortcut ALT + SHIFT + S on diagram
• [INR-161] - Two new widgets for the dashboard presentation. Overall Risk for all the thread models and Projects with higher risk.
• [MSR-504] - Create a new condition to check if a dataflow contains a specific asset
• [OPT-179] - File content validation for Cloudformation endpoints
• [OPT-155] - Create IriusRisk endpoints for creating or updating threat models from Visio
• [RT-11] - Remove strikethrough from broken links, show warning instead
• [RT-242] - Provide a button in UI to copy links to project sections
• [RT-272] - Improve the performance of the Countermeasures tree view
• [RT-286] - Change the icons for the impact of Weakness, Inherent Risk, and Projected Risk
• [RT-539] - Replace the text "Clone" project for "Duplicate" project

Bug Fixes

• [DRA-425] - Sync project model on the main questionnaire done action if the model changes.
• [DRA-427] - Create a project diagram when we create the project
• [DRA-456] - The lock threat model button is not working properly for multi-users on the same project
• [DRA-457] - Latest artifact can be deleted by the users
• [DRA-467] - Templates header disappear when removing one template
• [DRA-475] - Notification about deleting a project on another browser is not displayed if the second user does some action on the project/template
• [DRA-479] - Custom fields in a custom group field are not shown in the Project Version Details view
• [DRA-480] - Unable to enlarge the whole text or value of a custom field after a product is versioned.
• [INR-266] - Missing "%" symbol in Overall Risk widget Tooltip
• [INR-278] - See All projects link doesn't show the new project button and the title is wrong.
• [MSR-206] - Knowledge Session not disposed of in the questionnaire in some scenarios
• [MSR-417] - Error when the processor tries to remove a project threat with Custom Fields
• [OPT-231] - IOException reading CFT schema during CFT file validation
• [RT-427] - Create project does not open it when created outside the projects page
• [RT-440] - When you delete a countermeasure from the component, then the dialog does not show the information correctly
• [RT-441] - Advanced project search is not shown properly
• [RT-446] - Wrong label for Source filter in Threats
• [RT-452] - API endpoint to delete a countermeasure from a product doesn't work
• [RT-465] - Wrong validation for the length of custom field
• [RT-471] - Workflow button exceeds viewport when text is too long
• [RT-485] - Text on the setting panel is centralized

Hot Fixes included

• Hotfix 4.4.1
• Hotfix 4.4.2

API Changes

• API Release Notes 1.15.0

New Knowledge-base Content

Security Standards updates:

• CON-1043. Added 13 new countermeasures to be able to expand the PCI-DSSv4 coverage to the AWS components.

External libraries updates:

• MSR-483. CAPEC library updated from 3.4 to 3.7

• MSR-483. CWE library updated from 4.3 to 4.7

Detailed changelog ([N]ew/[E]dited/[D]eleted):

• Supported Standards

  • [N] PCI-DSS-v4.0

• Controls

  • [N] C-AWS-GUARDDUTY2

  • [N] C-AWS-REDSHIFT8

  • [N] C-AWS-ELASTICSEARCH10

  • [N] C-AWS-CODEBUILD3

  • [N] C-AWS-CODEBUILD2

  • [N] C-AWS-EC2-1

  • [N] C-AWS-DMS2

  • [N] AWS-S3-3

  • [N] C-AWS-EC2-AUTO-SCALING5

  • [N] C-AWS-SYSTEMS-MANAGER2

  • [N] C-AWS-SYSTEMS-MANAGER3

  • [N] C-AWS-SYSTEMS-MANAGER4

  • [N] C-AWS-ELB1