Features
- [DRA-647] - Move IriusRisk draw.io listeners to a new class
- [DRA-722] - Analyze and improve performance for project sync
- [DRA-746] - Replace draw.io-widget by React component
- [DRA-833] - Associate icons to the new GCP components definitions
- [DRA-837] - Allow to the user change the dataflow colors
- [DRA-853] - Secure TemplateDashboardPresenter methods
- [DRA-869] - Add parameter to allow customized firefox path
- [DRA-872] - Refactors on DrawioMxFinder
- [INR-476] - Refactor MyPortfolio and Dashboard presenters
- [MSR-654] - Unify creation of threats on a single method for each entity
- [MSR-879] - Update External Library with new revision - CAPEC - 2022/11/30
- [OPT-480] - Simplify Terraform mapping file
- [OPT-484] - Return an error when calling the IriusRisk API with multiple Visio or MTMT files
- [OPT-585] - Identity Server must be mapped to an IAM component (MTMT)
- [RT-105] - Change icon colors for actions in tables/grids
- [RT-430] - Sort priority filter from highest to lowest
- [RT-520] - Compliance drop down for countermeasures should only show the relevant standards
- [RT-774] - Secure AddThreatModalPresenter methods
- [OPT-429] - Add support for multiple IaC files in IriusRisk API
- [RT-598] - Audit changing CIA and Ease of Exploitation values in Threats
- [DRA-796] - Wrong styles on modal of close sessions
- [RT-780] - Workflow selector is displayed even when no workflow states have been created
- [RT-507] - Issue tracker config at threat level
Bug Fixes
- [DRA-836] - Delete project notification coming from another user action can be closed
- [DRA-863] - Endless loading message after creating project version
- [INR-497] - The literals of the countermeasure status chart are overlapping
- [INR-526] - Access denied loading login page due to ReactDashboardPage constructor
- [INR-529] - Fix home dashboard errors
- [MSR-394] - Duplicated asset question when asset is renamed
- [MSR-448] - Standards form not visually read-only when user only has read permission
- [MSR-691] - Asset is getting corrupted after trying to update its name with an existing name from other asset
- [MSR-791] - Project versions are displayed in the modal 'Select Projects to update'
- [OPT-625] - Terraform file may exclusively contain terraform module elements
- [RT-432] - After updating model the UI is not refreshed
- [RT-453] - Positions of Custom fields does not work
- [RT-463] - User without permissions to view the architecture is redirected to diagram if this is empty
- [RT-536] - Threats and countermeasures are created with owner = NULL depending on settings
- [RT-745] - Switching workflow states from within a project does not update the project permissions for the user
- [RT-748] - Keep template comments when template is created from a project
- [RT-749] - Error when you select all countermeasures from father component
- [RT-771] - Standards threat filter is not refreshing after updating a standard in the countermeasures
- [RT-804] - ExpiryDate value for Threats is not being returned in API call
Security Fixes
- [ARCH-433] - Fix vulnerability on org.bouncycastle_bcprov-jdk15on
- [DRA-690] - Draw.io resources should not be accessible for non-logged users
- [INR-486] - Secure ReactDashboardPresenter methods
- [INR-487] - Secure ProjectDashboardPresenter method getProjectDashboardState
- [RT-767] - Fix css-loader vulnerability
API Changes
New Knowledge-base Content
Updated security standards:
-
[CON-1259]: Updated CIS Microsoft Azure Foundations Benchmark to 1.5.0
Cloud components:
-
[CON-1380]: New Google Cloud Platform components:
-
GCP Looker Studio
-
GCP Dataflow
-
GCP DLP (Data Loss Prevention)
-
GCP DNS (Domain Name System)
-
GCP Spanner
-
GCP Resource Manager
-
GCP Compute Engine
-
GCP Container Registry
-
GCP Data Catalog
-
GCP Secret Manager
-
GCP KMS (Key Management Service)
-
GCP Memorystore for Redis
-
GCP VPC Service Controls
-
GCP Anthos Service Mesh
-
GCP Apigee X
-
GCP Artifact Registry
-
-
[CON-1382]: Google Cloud Platform Firestore and Firebase Realtime Database components are now available as components
-
[CON-1384]: New AWS components:
-
AWS Apache Flink
-
AWS ElastiCache for Redis
-
AWS Hyperledger Fabric
-
AWS Ethereum
-
-
[CON-1392]: Removed AWS Common Security Considerations from several AWS components due to adding too much noise
Content Updates:
-
[CON-1396]: Added specific details for each technique in Mitre ATT&CK countermeasures
-
[CON-1400]: Enabled IR-Dataflows library by default
Detailed changelog ([N]ew/[E]dited/[D]eleted):
-
Component Definitions
-
[N] CD-GOOGLE-CLOUD-ANTHOS-SER-MESH
-
[N] CD-GOOGLE-CLOUD-APIGEE-X
-
[N] CD-GOOGLE-CLOUD-ART-REG
-
[N] CD-GOOGLE-CLOUD-COMPUTE-ENGINE
-
[N] CD-GOOGLE-CLOUD-CONTAINER-REGISTRY
-
[N] CD-GOOGLE-CLOUD-DATA-CATALOG
-
[N] CD-GOOGLE-CLOUD-DATAFLOW
-
[N] CD-GOOGLE-CLOUD-DLP
-
[N] CD-GOOGLE-CLOUD-DNS
-
[N] CD-GOOGLE-CLOUD-FIRESTORE
-
[N] CD-GOOGLE-CLOUD-KMS
-
[N] CD-GOOGLE-CLOUD-LOOKER-STUDIO
-
[N] CD-GOOGLE-CLOUD-MEMORYSTORE-REDIS
-
[N] CD-GOOGLE-CLOUD-REALTIME-DATABASE
-
[N] CD-GOOGLE-CLOUD-RESOURCE-MANAGER
-
[N] CD-GOOGLE-CLOUD-SECRET-MANAGER
-
[N] CD-GOOGLE-CLOUD-SPANNER
-
[N] CD-GOOGLE-CLOUD-VPC-SERVICE-CONTROLS
-
[N] CD-APACHE-FLINK
-
[N] CD-ELASTICACHE-FOR-REDIS
-
[N] CD-ETHEREUM
-
[N] CD-HYPERLEDGER-FABRIC
-
[E] api-gateway ["riskPatterns"]
-
[E] athena ["riskPatterns"]
-
[E] cognito ["riskPatterns"]
-
[E] direct-connect ["riskPatterns"]
-
[E] dynamodb ["riskPatterns"]
-
[E] elasticache ["riskPatterns"]
-
[E] glacier ["riskPatterns"]
-
[E] kinesis-data-analytics ["riskPatterns"]
-
[E] kinesis-data-firehose ["riskPatterns"]
-
[E] kinesis-data-streams ["riskPatterns"]
-
[E] kinesis-video-streams ["riskPatterns"]
-
[E] redshift ["riskPatterns"]
-
[E] sqs-simple-queue-service ["riskPatterns"]
-
[E] step-functions ["riskPatterns"]
-
[E] swf-simple-workflow-service ["riskPatterns"]
-
[E] trusted-advisor ["riskPatterns"]
-
-
Controls
-
[N] C-GOOGLE-CLOUD-LOOKER-STUDIO1
-
[N] C-GOOGLE-RESOURCE-MANAGER1
-
[N] C-GOOGLE-ANTHOS-SER-MESH1
-
[N] C-GOOGLE-DATA-CATALOG1
-
[N] C-GOOGLE-SERVICE-CONTROLS1
-
[N] C-GOOGLE-KMS1
-
[N] C-GOOGLE-CLOUD-DLP1
-
[N] C-GOOGLE-CLOUD-DNS1
-
[N] C-GOOGLE-APIGEE-X1
-
[N] C-GOOGLE-COMPUTE-ENGINE1
-
[N] C-GOOGLE-CONTAINER-REGISTRY1
-
[N] C-GOOGLE-CLOUD-SPANNER1
-
[N] C-GOOGLE-CLOUD-DATAFLOW1
-
[N] C-GOOGLE-ARTIFACT-REGISTRY1
-
[N] C-GOOGLE-SECRET-MANAGER1
-
[N] C-GOOGLE-MEMORYSTORE-REDIS1
-
[E] C-M1019 ["desc"]
-
[E] C-M1018 ["desc"]
-
[E] C-M1017 ["desc"]
-
[E] C-M1016 ["desc"]
-
[E] C-M1015 ["desc"]
-
[E] C-M1013 ["desc"]
-
[E] C-M1057 ["desc"]
-
[E] C-M1056 ["desc"]
-
[E] C-M1055 ["desc"]
-
[E] C-M1054 ["desc"]
-
[E] C-M1053 ["desc"]
-
[E] C-M1030 ["desc"]
-
[E] C-M1029 ["desc"]
-
[E] C-M1028 ["desc"]
-
[E] C-M1027 ["desc"]
-
[E] C-M1026 ["desc"]
-
[E] C-M1025 ["desc"]
-
[E] C-M1024 ["desc"]
-
[E] C-M1022 ["desc"]
-
[E] C-M1021 ["desc"]
-
[E] C-M1020 ["desc"]
-
[E] C-M1041 ["desc"]
-
[E] C-M1040 ["desc"]
-
[E] C-M1039 ["desc"]
-
[E] C-M1038 ["desc"]
-
[E] C-M1037 ["desc"]
-
[E] C-M1036 ["desc"]
-
[E] C-M1035 ["desc"]
-
[E] C-M1034 ["desc"]
-
[E] C-M1033 ["desc"]
-
[E] C-M1032 ["desc"]
-
[E] C-M1031 ["desc"]
-
[E] C-M1052 ["desc"]
-
[E] C-M1051 ["desc"]
-
[E] C-M1050 ["desc"]
-
[E] C-M1049 ["desc"]
-
[E] C-M1048 ["desc"]
-
[E] C-M1047 ["desc"]
-
[E] C-M1046 ["desc"]
-
[E] C-M1045 ["desc"]
-
[E] C-M1044 ["desc"]
-
[E] C-M1043 ["desc"]
-
[E] C-M1042 ["desc"]
-
-
RiskPattern
-
[N] RP-GOOGLE-CLOUD-ANTHOS-SER-MESH
-
[N] RP-GOOGLE-CLOUD-APIGEE-X
-
[N] RP-GOOGLE-CLOUD-ART-REG
-
[N] RP-GOOGLE-CLOUD-COMPUTE-ENGINE
-
[N] RP-GOOGLE-CLOUD-CONTAINER-REGISTRY
-
[N] RP-GOOGLE-CLOUD-DATA-CATALOG
-
[N] RP-GOOGLE-CLOUD-DATAFLOW
-
[N] RP-GOOGLE-CLOUD-DLP
-
[N] RP-GOOGLE-CLOUD-DNS
-
[N] RP-GOOGLE-CLOUD-KMS
-
[N] RP-GOOGLE-CLOUD-LOOKER-STUDIO
-
[N] RP-GOOGLE-CLOUD-MEMORYSTORE-REDIS
-
[N] RP-GOOGLE-CLOUD-RESOURCE-MANAGER
-
[N] RP-GOOGLE-CLOUD-SECRET-MANAGER
-
[N] RP-GOOGLE-CLOUD-SPANNER
-
[N] RP-GOOGLE-CLOUD-VPC-SERVICE-CONTROLS
-
Comments
0 comments
Article is closed for comments.