Features
- [RT-504] - Set the reporter of a ticket in Jira issuetracker
- [SIN-197] - Add Audit log option into the Settings section
- [SIN-356] - New feature for disabling a user
- [INR-264] - New Standard Coverage Widget and Top 10 Countermeasures improvements
- [INR-368] - Improvements in the overall Risk Widget
- [OPT-228] - Generate or update threat models from Microsoft Threat Modeling Tool (MTMT)
- [RT-284] - Improve bulk actions for threats & countermeasures
- [RT-487] - Map Standards into ServiceNow giving more information in the ticket to implement or act upon
- [DRA-539] - Ability to add general threats on the template's creation window
- [DRA-540] - Join imported template component "General product threats" to the existing one of the one for the project
- [DRA-611] - Use PRODUCT_OWNER_UPDATE permissions for OWNERSHIP tab
- [OPT-32] - Enhance CFT ec2 mapping (subnetId) for EC2 instances as web servers
- [OPT-216] - Added support for Visio AWS complex stencils shapes
- [OPT-363] - Improved 400 response for invalid IaC CFT file
- [OPT-413] - Improved validation of Visio files
- [OPT-445] - Map MTMT Stencils to IriusRisk components
- [SIN-288] - Add new entry to allow users with role
USER_AUDIT_LOG_VIEW
to view new section that includes the audit log
Bug Fixes
- [MSR-815] - Unexpected error updating a Countermeasure with at least one 'Countermeasure' custom field type combobox (User or Business Unit) without value
- [DRA-668] - Error when loading diagram (add NPE protection)
- [DRA-683] - Quick navigation from project to list is throwing an exception
- [DRA-693] - Incorrect error message when calling version creation API with empty name
- [DRA-748] - Issue filtering by "Custom Field"
- [DRA-759] - Fix the audit log icon from the sidebar
- [INR-425] - Error when trying to load combo with business units from the user when it's not Admin in Portfolio Page
- [INR-451] - Fix Standard compliance performance
- [INR-453] - Links are broken when accessing to Audit Log from Home Dashboard
- [MSR-670] - User with permission 'LIBRARY_UPDATE' is not able to add threats from the use case context menu
- [OPT-466] - OTM file has inconsistent IDs when parsing SecurityGroupIngress Resource
- [SIN-419] - Fix a bug sorting by multiple fields in the AuditLog endpoint
- [RT-605] - Issuetracker settings are not horizontally expanded
- [RT-625] - Avoid the selection of all threats when you delete a threat/use case
- [RT-655] - Broken issue link is shown in the Threat view when the issue tracker configuration is defined at the countermeasure level
- [RT-666] - Issue tracker at countermeasure level is not imported in the project action "Update data from file..."
- [RT-669] - No use cases are displayed when trying to add a threat from the main menu
- [RT-671] - On add threat window, if you click outside the window, it shouldn't close
- [RT-759] - Null pointer exception when you select a parent node in the countermeasures table and try some bulk actions
Security Fixes
- [ARCH-264] - Improve the communication security layer between frontend and backend
- [DRA-767] - Fix vulnerability in library com.google.guava:guava
- [DRA-782] - Cross-Site-Scripting vulnerabilities when importing a tampered product list from an Excel file
- [RT-678] - Fix XSS by adding a link with the rich text editor
- [RT-728] - Fix vulnerability in library com.fasterxml.jackson.core:jackson-databind
Hot Fixes included
API Changes
New Knowledge-base Content
New security standards
-
[CON-1341] - Added OWASP Top 10 Kubernetes standard to current countermeasures in the Kubernetes and Microservices libraries.
Cloud components
-
[CON-1345] - New components for AWS:
-
AWS IAM
-
-
[CON-1352] - New components for Azure;
-
Azure Managed Apps
-
Azure Resource Manager
-
Azure Container Apps
-
New libraries
-
[CON-1343] - IR-Virtual-Components (3 new components): This library contains risk patterns related to virtual components.
-
[CON-1328] & [CON-1343] - IR-Network-Components (2 new components): This library contains risk patterns related to network devices and systems.
-
[CON-1343] - IR-Hardware-Components (41 new components): This library provides us with set of threats and countermeasures for hardware devices.
-
[CON-1351] - mitre-attack-framework (0 components): This library provides us a set of threats and countermeasures obtained from Mitre ATT&CK STIX file: enterprise-attack-11.3.json
Content Updates
-
[CON-1338] - Updated component name: from “GCP Identity-Aware Proxy” to “GCP IAP (Identity-Aware Proxy)”
Detailed changelog ([N]ew/[E]dited/[D]eleted)
-
Libraries
-
[N] mitre-attack-framework
-
[N] IR-Virtual-Components
-
[N] IR-Hardware-Components
-
[N] IR-Network-Components
-
-
Threats
-
[N] OWASP-A10-2017
-
-
Supported Standards
-
[N] owasp-kubernetes-top-10-2022
-
-
Component Definitions
-
[N] CD-MICROSOFT-AZURE-BATCH
-
[N] CD-MICROSOFT-AZURE-CONTAINER-APPS
-
[N] CD-MICROSOFT-AZURE-MANAGED-APPS
-
[N] CD-MICROSOFT-AZURE-RESOURCE-MANAGER
-
[N] CD-MICROSOFT-AZURE-VM-SCALE-SET
-
[E] CD-GOOGLE-CLOUD-ID-AWARE-PROXY ["name"]
-
[N] CD-AWS-IAM
-
-
Controls
-
[N] C-AZURE-API-MNGMT1
-
[N] C-AZURE-TIME-SYNC
-
[N] AZURE-SERVICE-PRINCIPAL
-
[N] C-AZURE-API-MNGMT2
-
[N] C-AZURE-API-MNGMT3
-
[N] C-AZURE-API-MNGMT4
-
[N] C-AZURE-API-MNGMT5
-
[N] C-AZURE-API-MNGMT6
-
[N] C-AZURE-API-MNGMT7
-
[N] C-AZURE-RESOURCE-MANAGER1
-
[N] C-AZURE-BATCH2
-
[N] C-AZURE-BATCH3
-
[N] C-AZURE-BATCH4
-
[N] C-AZURE-BATCH5
-
[N] C-AZURE-BATCH6
-
[N] C-AZURE-BATCH1
-
[N] C-AZURE-VM-SCALE-SET4
-
[N] C-AZURE-VM-SCALE-SET3
-
[N] C-AZURE-VM-SCALE-SET2
-
[N] C-AZURE-VM-SCALE-SET1
-
-
RiskPattern
-
[N] RP-AZURE-BATCH
-
[N] RP-AZURE-CONTAINER-APPS
-
[N] RP-AZURE-MANAGED-APPS
-
[N] RP-AZURE-RESOURCE-MANAGER
-
[N] RP-AZURE-VM-SCALE-SET
-
Comments
0 comments
Article is closed for comments.