Content matrix
| Version | Summary of content | Comments |
|---|---|---|
| 2.11.4-funcrel | Updates:
| Can be used with:
|
| 2.11.3-funcrel | Updates:
| |
| 2.11.2-funcrel | Updates:
| |
| 2.11.1-funcrel | Updates:
| |
| 2.11.0-funcrel | Updates:
|
.
2.11.4-funcrel
Other Updates
| Internal Id | Details |
|---|---|
| DASHBOARDS-5041 | Fixes an issue wherein the upgrade to 2.11.3 Dashboard was failing. |
| DASHBOARDS-5043 | Handled the cookie session hijacking vulnerability. |
| DASHBOARDS-5064 | Disabled the OPTIONS method in restAPI calls. |
| DASHBOARDS-5063 | Handled the Cross-site request forgery. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 42022 | Fixes an issue wherein the Dashboard 2.8- funcrel was creating more connections on database and most of them were COMMIT statement from the Dashboard. |
| 43040 | Fixes an issue wherein the violations were not loading on Advance Search - Modules option. |
| 42641 | Fixes an issue where it is impossible to run any executable JAR Dashboard installer when the target server already has a Dashboard 2.11.1, 2.11.2 or 2.11.3 installed on it. If you have installed any of the releases mentioned previously and you need to run an installer from an older or newer release see the workaround described here: https://doc.castsoftware.com/display/DASHBOARDS/2.11+-+Workaround+for+issue+with+JAR+installers. |
| 42135 | Background facts import fails unless the value for ALL modules that existed on ALL snapshots are provided. After the fix, APIs request modules only for that particular snapshot. |
| 42437 | Fixes a vulnerability issue (in the pentest scan) in Dashboard. |
2.11.3-funcrel
Feature Improvements
| Summary | Details |
|---|---|
| UI - Action Plan Recommendation - Exclude Previously selected criteria | A new option has been added to the Action Plan Recommendation feature called "Exclude Previously selected criteria": this option (when enabled) will exclude rules that have already been added to the Action Plan. By default, the option is NOT activated. See https://doc.castsoftware.com/display/SECURITY/Security+Dashboard+-+Action+Plan+Recommendation#SecurityDashboardActionPlanRecommendation-ActionPlanRecommendationinterface. |
Other Updates
| Internal Id | Details |
|---|---|
| DASHBOARDS-5028 | APR - Fixes an issue wherein the "exclude selected criteria" did not work well for ISO. |
| DASHBOARDS-5019 | Fixes an APR issue where the Grade was impacted. |
2.11.2-funcrel
Other Updates
| Internal Id | Details |
|---|---|
| DASHBOARDS-5004 | Fixes an issue where attempting to edit multiple Profiles in the Admin Center breaks the UI. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38748 | Fixes an issue with a deployed embedded Dashboards Windows Service: clicking dashboard-servicew.exe gives the error "specified service does not exist". See https://doc.castsoftware.com/display/DASHBOARDS/Updating+Windows+Service+Java+parameters. |
| 1 | Fixes an issue where the Engineering dashboard displays an incorrect violation count if injected custom tags are duplicated. The fix ensures that an error message is displayed when a tag is assigned incorrectly to the same rule more than once. |
2.11.1-funcrel
Feature Improvements
| Summary | Details |
|---|---|
| Security Compliance PDF reports - Bookmarks added | Bookmarks have been added to the left side of Security Compliance PDF reports to make it simple for users to access specific paragraphs. See https://doc.castsoftware.com/display/SECURITY/Security+Dashboard+-+Report+Generation#SecurityDashboardReportGeneration-SecurityandIndustryComplianceReports. |
Other Updates
| Internal Id | Details |
|---|---|
| DASHBOARDS-4974 | Changes made to support deployment of CAST Dashboards with Java 17 (LTS). See https://doc.castsoftware.com/display/DASHBOARDS/Standalone+dashboard+-+installation+requirements#Standalonedashboardinstallationrequirements-jreSupportedJavaJRE/JDK. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40158 | Fixes an issue where it is not possible to close the disclaimer informing users that an old style license key is in use. |
| 40408 | Fixes various issues reported with Security Compliance PDF reports generated in the Security Dashboard: 1) inability to copy/paste from generated reports, 2) inability to perform an "in PDF" search, 3) lack of chapters/bookmarks in left panel. |
| 40167 | Changes made to support deployment of CAST Dashboards with Java 17 (LTS). See https://doc.castsoftware.com/display/DASHBOARDS/Standalone+dashboard+-+installation+requirements#Standalonedashboardinstallationrequirements-jreSupportedJavaJRE/JDK. |
2.11.0-funcrel
Feature Improvements
| Summary | Details |
|---|---|
| UI - Security Dashboard - Upgrade tiles to latest standards. | In the Security Dashboard, outdated tiles (Data Safety, SQL Injection, XSS Command Injection, Misconfiguration) have been replaced with the updated tiles (CISQ-ISO 5055, CWE Top 25 2011-CWE Top 25 2022, OWASP 2017-OWASP 2021), and a new tile - PCI-DSS-V3.2.1 has been added. See: https://doc.castsoftware.com/display/SECURITY/Security+Dashboard+-+GUI |
Other Updates
| Internal Id | Details |
|---|---|
| DASHBOARDS-4950 | Fixes an issue where "more bookmarks" option was not coming in case of more than 5 bookmarks. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 39916 | Fixes an issue where SAML group admin user is unable to login to the Dashboard as an admin, despite the group admin having the admin role assigned. |
| 39649 | Fixes an issue where applications are no longer sorted in an alphabetical order in Security Dashboard. |
| 39656 | Fixes an issue where target value goes to infinity after changing to effort option. |