Page tree
Skip to end of metadata
Go to start of metadata

Content matrix

VersionSummary of contentComments
2.6.3-funcrel

Package contents:

Updates:

  • Implementation of ''All Applications" option, which lets user to assign "All Applications" to multiple profiles or a single profile without adding any role.
  • Contains customer bug fixes for the Engineering Dashboard and the Health Dashboard

Can be used with 

  • ≥ 8.3.3




2.6.2-funcrel

Package contents:

Updates:

  • Action Plan Recommendation documentation is updated with remediation effort details. 
  • Bug fix to resolve two CVE vulnerabilities found in CAST Dashboards, for CVE-2022-23457
2.6.1-funcrel

Package contents:

Updates:

  • Java 11 is supported
  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for CVE-2022-22965 and CVE-2022-21724 for OWASP
2.6.0-funcrel

Package contents:

Updates:

  • Show more option for large files: If the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed
  • Tooltip for tags: In Rule Documentaion, tooltips are provided for tags, to show the detailed name.
  • Performance improvement in Admin page/User authorization view
  • Contains customer bug fixes for the Engineering Dashboard and the Health Dashboard

RestAPI documentation

2.6.3-funcrel

Feature Improvements

SummaryDetails
Implement "All Applications" Authorization"All Applications" Authorization is implemented. Now, Users can assign 'All Applications" to multiple profiles or a single profile without adding any role. Also, a new onboarding application will be automatically assigned to the profile (if the authorization is set to "All Applications").

Resolved Issues

Customer Ticket IdDetails
36543Fixed an issue where 0 weight rules were not included in the data published to the Health Dashboard.
36419Critical Violation Density increased even when there was no new or deleted critical violations.
35840New applications are not added automatically to "ALL APPLICATIONS" filter in Dashboard 2.6.1.

2.6.2-funcrel

Other Updates

Internal IdDetails
DASHBOARDS-4546Top Priority tile has been removed out of the box. To manually configure the tile, refer: https://doc.castsoftware.com/display/DASHBOARDS/Health+Dashboard+tile+management#HealthDashboardtilemanagement-QualityStandards(TopPriority).
DASHBOARDS-4442Action Plan Recommendation documentation is updated with remediation effort details. Refer: https://doc.castsoftware.com/display/DASHBOARDS/Engineering+Dashboard+-+Action+Plan+Recommendation#EngineeringDashboardActionPlanRecommendation-Calculationoftheremediationeffort.
DASHBOARDS-4590Fix for the CVE-2022-23457 is provided.
DASHBOARDS-4575The AC model having 'From Any' and 'To Any' dependency is not displayed in Dashboard after snapshot. This issue is fixed.
DASHBOARDS-4396In HD ISO view page, the link shared through the icon “share” used to land in the default view, instead of ISO view. This issue has been fixed, and now the link shared in the email (through the share icon) lands in HD ISO view.
DASHBOARDS-1133Fixed the issue with search for object (Lucene), on Tomcat 8.5 deployed with Java 9.0.4.

Resolved Issues

Customer Ticket IdDetails
35808When Dashboard is opened through AIP Console, Engineering Dashboard does not display list of rules correctly for Chinese rules.
35626Engineering Dashboard application filter does not work in application selection page (in Dashboard version 2.6.1).
35575Unable to start Health Dashboard after configuring SAML authentication mode.
35529The Tree-View Edit (Set categories and tags) area is not available in Dashboard v220 for tags customization.
35284Though the Dashboard (2.5.2-68) installation on Windows is successful, the Windows service does not start.
36321All rules of an application are not extracted.

2.6.1-funcrel

Note

As a result of the change made to allow the use of Java 11 with the CAST Dashboards/RestAPI (see the entry below in "Other Updates), a new release of the Lucene indexer has been bundled with this release of the CAST Engineering Dashboard/RestAPI that functions with Java 11. As a result of this change to the Lucene indexer, if you have set your basic and advanced indexes to re-index (see https://doc.castsoftware.com/display/DASHBOARDS/Managing+the+Engineering+Dashboard+search+indexes) when the CAST Engineering Dashboard/RestAPI starts up then you should expect that the initial dashboards start-up time may be impacted due to the need to re-build the indexes.

Other Updates

Internal IdDetails
DASHBOARDS-4515A fix has been applied to all Dashboards/RestAPI all Dashboards/RestAPI (upgrade of embedded PostgreSQL driver 42.2.18 to 43.3.3) to close the vulnerability described in CVE-2022-21724. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724.
DASHBOARDS-1133It is now possible to deploy the CAST Dashboards/RestAPI using Java 11 (previously only Java 8-10 were supported), whether via Apache Tomcat or via ZIP/JAR. As a result of this change, the Lucene search index mechanism available in the Engineering Dashboard has been upgraded to release 7.0.0 to allow it to function with Java 11.
DASHBOARDS-4520A CSS fix has been applied to the Health and Engineering Dashboards, to prevent an erroneously appearing vertical scroll bar beside the Dashboard logo in login page.
DASHBOARDS-4518A fixed has been applied to all Dashboards/RestAPI to close the vulnerability, also known as Spring4Shell, described in CVE-2022-22965. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965 and https://doc.castsoftware.com/display/CAST/Spring+Framework+-+CVE+vulnerabilities.

Resolved Issues

Customer Ticket IdDetails
35223Fixed an issue in both the Health and Engineering Dashboards where it was impossible to add profiles in the user management page.
35110Fixed an issue related to navigation in the Security Dashboard. Navigation was not working correctly (some pages and panels were blank and did not load) for users without the ADMIN role.
35030Fixed a nullpointerException popup that appeared erroneously when logging in to the Dashboard.

2.6.0-funcrel

Feature Improvements

SummaryDetails
ED and HD: Performance improvement in Admin pagePagination and react virtualization has been introduced in user, profiles and license tables and selectors, to increase the performance of the pages.
Simplify REST API/Datamart interfaceREST API 2.5.2 works with cast-datamart-2.5.0.jar and cast-datamart-2.4.0.jar
Security standards tags should be displayed with description and tooltip.In Rule Documentaion, tooltips are provided for tags to display the detailed name. Also, a hyperlink is provided to the specific rule (in the rule portal) if an official doc page available for the tag. Refer: https://doc.castsoftware.com/display/DASHBOARDS/Engineering+Dashboard+-+Risk+Investigation#EngineeringDashboardRiskInvestigation-RuleDocumentation
ED: Show more option for large view filesIf the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed while opening CAST_LOCAL.sql file, with SHOW 100 LINES option to view 100 more lines at a time. Refer: https://doc.castsoftware.com/display/DASHBOARDS/Engineering+Dashboard+-+Risk+Investigation#EngineeringDashboardRiskInvestigation-Bookmarks

Other Updates

Internal IdDetails
DASHBOARDS-4431ED and HD: Editing a user profile displays a blank page.
DASHBOARDS-4427HD: Validation message should not be displayed when a snapshot is selected in chart.
DASHBOARDS-4384ED and HD: Passing different value to startRow and nbRows queryParams returns 500 error for most of the web services.
DASHBOARDS-4387ED: Action plan table shows no violation found even when api returns data.
DASHBOARDS-4482ED and HD: Fix CVE-2022-0839 for third-party library liquibase-core. Version 4.8.0 now used.
DASHBOARDS-4314ED: View File should be able to display 2 bookmarks when in same source file, not just 1 at a time.
DASHBOARDS-4372HD: Disable "add to compare" in hover dialog if no point are selected in graph.
DASHBOARDS-4382ED: Performance issue while opening CAST_LOCAL.sql file.
DASHBOARDS-4440ED: Action Plan Recommendation: bad "Remediate" input.
DASHBOARDS-4441ED: Action Plan Recommendation - When an action plan exists do not increase the violations to fix.
DASHBOARDS-2703ED: Two Code viewers for two bookmarks on two adjacent lines. Only one code viewer should be enough.

Resolved Issues

Customer Ticket IdDetails
34793ED and HD: Cannot associate Applications to Profile in the user configuration of Dashboard as Assign Application by name column is not present.
34732ED and HD: Vulnerabilities found in CAST Dashboards.
34998ED and HD: Background facts API does not list snapshots.
34828HD: Module map showing black colored modules for module tree map.
34603HD: Health Dashboard login is not working after updating the license which is of new format.
34137HD: Performance issue in Health Dashboard user configuration page when there are more number of users and profiles.
34792ED and HD: Dashboard 2.5.2 - User configuration page does not load.
  • No labels