Page tree
Skip to end of metadata
Go to start of metadata

Content matrix

VersionSummary of contentComments


  • If admin users are using old license key, followng message is displayed, "A new license policy exisits now for CAST Dashboard, please contact the CAST sales Service or Support for more details"
  • In license section, expiry date is displayed in months when number of days is more than 30 days.

Can be used with:

  •  8.3.3


  • New executable JAR file to replace ZIP file.
  • Option to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually
  • It is now possible to add/edit a license key using the UI.
  • It is now possible to add SAML user/ group from UI.
  • Six new report types are added to the default exsiting list of Standard Compliance reports
  • ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.
  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832
  • Contains customer bug fixes


Feature Improvements

UI - Admin Centre - License KeyIf a legacy type license key is still being used, users with the Admin role will now see messages explaining that a new license key format is available. See

Other Updates

Internal IdDetails
DASHBOARDS-4327Only critical violations are displayed by default pop up position changed.
DASHBOARDS-4328Display expiry date in months when number of days is more than 30 days in license section.
DASHBOARDS-4349SD not showing user excess message in banner.
DASHBOARDS-4350Associated user count is not updated after removing users from table.
DASHBOARDS-4357Non admin user is able to access the applications in SD when no authorization is configured.
DASHBOARDS-4359Roles are not assigned for the user in integrated mode.

Resolved Issues

Customer Ticket IdDetails
33902Multiple profiles not working as expected
31456Previous contributed value displayed in FP report is incorrect for transactions with same full name
33839Embedded SD (service) does not display onboarded app - error updating domain bindings
34069Error: Your application failed to start due to a "An error occurred"



This release supports the new license key syntax progressively being introduced by CAST. All existing valid license keys will function exactly as they are intended, however, if you are using one, you may see messages in the dashboards stating that you you need to contact support. This message can be ignored, and all functionality is available.

New Features

New executable JAR with installerA new executable JAR file (to replace the .ZIP files shipped in releases 2.0 - 2.4) is now provided in the install media alongside the traditional WAR file. This executable JAR file implements a wizard installer to improve the deployment process. The configuration of user authentication, CAST Storage Service/PostgreSQL instances, dashboard/central and measurement schemas and a Windows Service is now configured direct in the installer. The executable JAR file can be deployed on both Microsoft Windows and Linux and in UI or console/cli mode. See
License key support from admin UIIt is now possible to add a new or update an existing Dashboard license key using the UI (previously the license key had to be provided in a text file called "license.key"). This option is available only to the users with the ADMIN role. The legacy "license.key" file can still be used if necessary. See

Feature Improvements

Ability to encrypt the CAST Storage Service/PostgreSQL and/or LDAP username / password individually.It is now possible to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually, instead (as in previous releases) of having to encrypt both. When using the encryption keys, it is now only necessary to replace the clear text entries with the encryption keys (previously, these items needed to be removed and new encryption key lines added). All previous functionality remains in place. See
New defaults Reports are added to Standard Compliance reports list.Six new report types are added to the exsiting list of Standard Compliance reports.
SAML user/ group can be added from UI.An option to add a user or group in the Users tab/UI is provided.
ISO-5055 tile will be hidden, based on the extension.ISO-5055 tile will be hidden, if the application does not have the ISO-5055 extension installed.
APR - only Compliance option for IndustryStandard health measures.In Action Plan Recomendation, upon selecting any IndustryStandard health measures, the violations will be calculated only on Compliance.

Other Updates

Internal IdDetails
DASHBOARDS-4207Wrong message displayed after user/group is added in SAML mode.
DASHBOARDS-4132Security mode should be set to default instead of security.mode=${security.mode}.
DASHBOARDS-4123Dashboard not able to generate report correctly with Report Generator.
DASHBOARDS-4304Dashboards from AIP console 1.27.0 is displaying an empty page.
DASHBOARDS-1764Impcated transaction section is not loading for some transactions.
DASHBOARDS-4241Fix for security issue: CVE-2021-23463.
DASHBOARDS-4306Update Log4j version to 2.17.1 for CVE-2021-44832.
DASHBOARDS-4296APR - if Compliance mode seleted, SEI maintainability will break the UI with console error.
DASHBOARDS-4309For integrated v2 mode, there is an erroneous license message in ED.
DASHBOARDS-4310Dashboards integrated with console 2.0.0 does not display the Dashboard version.

Resolved Issues

Customer Ticket IdDetails
33202Error while running datamart.
33235Tags CWE-78 and PCI-Requirement-6.5.1 are duplicated in Rule Documentation display in SD.
32866The Password Present in the file for dashboard Integration should be encrypted.
32700Change the comment in the file to not use encryption tool to encrypt ldap password. - login issues after configuring user access restriction using SAML groups.
33273CAST Dashboard 2.4.0 - exclustion and action plan role problem.
33347When installing Microsoft Windows services for multiple ZIP/JAR file deployments on the same host, the documentation does not explain how to manually remove those services if necessary. The documentation has been updated:
33535Impacted objects with violations are not loading in transaction investigation view.
  • No labels