Created by N Padmavathi on Feb 18, 2022
Content matrix
| Version | Summary of content | Comments |
|---|
| 2.5.2-funcrel | Updates: - When there is no data, all SD tiles will show N/A instead of loading icon so that the home page does not hang.
- Pagination has been implemented in CAST Administration page (profiles and users tabs).
- The .ICO file used in the Dashboards (visible in the browser tab) has been updated and improved.
- In Action Plan, for Solved violations, the last snapshot date is displayed. For Added and Pending violations the last updated date is displayed.
| Can be used with:
|
| 2.5.1-funcrel | Updates: - If admin users are using old license key, followng message is displayed, "A new license policy exisits now for CAST Dashboard, please contact the CAST sales Service or Support for more details"
- In license section, expiry date is displayed in months when number of days is more than 30 days.
|
| 2.5.0-funcrel | Updates: - New executable JAR file to replace ZIP file.
- Option to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually
- It is now possible to add/edit a license key using the UI.
- It is now possible to add SAML user/ group from UI.
- Six new report types are added to the default exsiting list of Standard Compliance reports
- ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.
- Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832
- Contains customer bug fixes
|
2.5.2-funcrel
Feature Improvements
| Summary | Details |
|---|
| Add solved date in Action Plan | In Action Plan, for Solved violations, the last snapshot date is displayed. For Added and Pending violations the last updated date is displayed. |
| UI - tile loading behaviour update | When there is no data, all ED tiles should show N/A instead of loading icon, so that home page doesnot get stuck. |
| UI - browser .ICO file updates | The .ICO file used in the Dashboards (visible in the browser tab) has been updated and improved. |
| Implement pagination for profiles and user | To improve performance, pagination is added to all the admin user/profile tables. |
Other Updates
| Internal Id | Details |
|---|
| DASHBOARDS-4388 | Fixed an issue where domain bindings were not correctly updated when the Dashboards are used in integrated mode with AIP Console. |
| DASHBOARDS-4394 | Fixed an issue with the Dashboard login routes when the Dashboards are used in integrated mode with AIP Console. |
| DASHBOARDS-4412 | Fixed an issue where the source file view was still being displayed even though the session had timed out. A login dialog box is now shown instead. |
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 33438 | Cannot get the scan results on Dashboard - Dashboard takes infinite time to load. |
2.5.1-funcrel
Feature Improvements
Other Updates
| Internal Id | Details |
|---|
| DASHBOARDS-4327 | Only critical violations are displayed by default pop up position changed. |
| DASHBOARDS-4328 | Display expiry date in months when number of days is more than 30 days in license section. |
| DASHBOARDS-4349 | SD not showing user excess message in banner. |
| DASHBOARDS-4350 | Associated user count is not updated after removing users from table. |
| DASHBOARDS-4357 | Non admin user is able to access the applications in SD when no authorization is configured. |
| DASHBOARDS-4359 | Roles are not assigned for the user in integrated mode. |
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 33902 | Multiple profiles not working as expected |
| 31456 | Previous contributed value displayed in FP report is incorrect for transactions with same full name |
| 33839 | Embedded SD (service) does not display onboarded app - error updating domain bindings |
| 34069 | Error: Your application failed to start due to a "An error occurred" |
2.5.0-funcrel
Note
This release supports the new license key syntax progressively being introduced by CAST. All existing valid license keys will function exactly as they are intended, however, if you are using one, you may see messages in the dashboards stating that you you need to contact support. This message can be ignored, and all functionality is available.
New Features
| Summary | Details |
|---|
| New executable JAR with installer | A new executable JAR file (to replace the .ZIP files shipped in releases 2.0 - 2.4) is now provided in the install media alongside the traditional WAR file. This executable JAR file implements a wizard installer to improve the deployment process. The configuration of user authentication, CAST Storage Service/PostgreSQL instances, dashboard/central and measurement schemas and a Windows Service is now configured direct in the installer. The executable JAR file can be deployed on both Microsoft Windows and Linux and in UI or console/cli mode. See https://doc.castsoftware.com/display/SECURITY/Deploy+CAST+Security+Dashboard+using+JAR+file. |
| License key support from admin UI | It is now possible to add a new or update an existing Dashboard license key using the UI (previously the license key had to be provided in a text file called "license.key"). This option is available only to the users with the ADMIN role. The legacy "license.key" file can still be used if necessary. See https://doc.castsoftware.com/display/DASHBOARDS/Dashboard+Service+license+key+configuration. |
Feature Improvements
| Summary | Details |
|---|
| Ability to encrypt the CAST Storage Service/PostgreSQL and/or LDAP username / password individually. | It is now possible to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually, instead (as in previous releases) of having to encrypt both. When using the encryption keys, it is now only necessary to replace the clear text entries with the encryption keys (previously, these items needed to be removed and new encryption key lines added). All previous functionality remains in place. See https://doc.castsoftware.com/display/DASHBOARDS/Encrypt+login+and+password+for+database+and+LDAP. |
| New defaults Reports are added to Standard Compliance reports list. | Six new report types are added to the exsiting list of Standard Compliance reports. |
| SAML user/ group can be added from UI. | An option to add a user or group in the Users tab/UI is provided. |
| ISO-5055 tile will be hidden, based on the extension. | ISO-5055 tile will be hidden, if the application does not have the ISO-5055 extension installed. |
| APR - only Compliance option for IndustryStandard health measures. | In Action Plan Recomendation, upon selecting any IndustryStandard health measures, the violations will be calculated only on Compliance. |
Other Updates
| Internal Id | Details |
|---|
| DASHBOARDS-4207 | Wrong message displayed after user/group is added in SAML mode. |
| DASHBOARDS-4132 | Security mode should be set to default instead of security.mode=${security.mode}. |
| DASHBOARDS-4123 | Dashboard not able to generate report correctly with Report Generator. |
| DASHBOARDS-4304 | Dashboards from AIP console 1.27.0 is displaying an empty page. |
| DASHBOARDS-1764 | Impcated transaction section is not loading for some transactions. |
| DASHBOARDS-4241 | Fix for security issue: CVE-2021-23463. |
| DASHBOARDS-4306 | Update Log4j version to 2.17.1 for CVE-2021-44832. |
| DASHBOARDS-4296 | APR - if Compliance mode seleted, SEI maintainability will break the UI with console error. |
| DASHBOARDS-4309 | For integrated v2 mode, there is an erroneous license message in ED. |
| DASHBOARDS-4310 | Dashboards integrated with console 2.0.0 does not display the Dashboard version. |
Resolved Issues
| Customer Ticket Id | Details |
|---|
| 33202 | Error while running datamart. |
| 33235 | Tags CWE-78 and PCI-Requirement-6.5.1 are duplicated in Rule Documentation display in SD. |
| 32866 | The Password Present in the application.property file for dashboard Integration should be encrypted. |
| 32700 | Change the comment in the application.properties file to not use encryption tool to encrypt ldap password. |
| 32867 | com.castsoftware.aip.dashboard.engineering.2.3.0 - login issues after configuring user access restriction using SAML groups. |
| 33273 | CAST Dashboard 2.4.0 - exclustion and action plan role problem. |
| 33347 | When installing Microsoft Windows services for multiple ZIP/JAR file deployments on the same host, the documentation does not explain how to manually remove those services if necessary. The documentation has been updated: https://doc.castsoftware.com/display/DASHBOARDS/Deploying+multiple+2.x+ZIPs+or+JARs+on+the+same+server. |
| 33535 | Impacted objects with violations are not loading in transaction investigation view. |
