Content matrix

Content matrix

Version	Summary of content	Comments
2.6.3-funcrel	Updates: Implementation of ''All Applications" option, which lets user to assign "All Applications" to multiple profiles or a single profile without adding any role. Contains customer bug fixes for the Engineering Dashboard and the Health Dashboard	Can be used with: ≥ 8.3.3
2.6.2-funcrel	Updates: Action Plan Recommendation documentation is updated with remediation effort details Bug fix to resolve two CVE vulnerabilities found in CAST Dashboards, for CVE-2022-23457. Refer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23457 Contains customer bug fixes
2.6.1-funcrel	Updates: Java 11 is supported Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for CVE-2022-22965 and CVE-2022-21724 for OWASP
2.6.0-funcrel	Updates: Show more option for large files: If the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed Tooltip for tags: In Rule Documentaion, tooltips are provided for tags, to show the detailed name. Performance improvement in Admin page/User authorization view Contains customer bug fixes

2.6.3-funcrel

Feature Improvements

Summary	Details
Implement "All Applications" Authorization	"All Applications" Authorization is implemented. Now, Users can assign 'All Applications" to multiple profiles or a single profile without adding any role. Also, a new onboarding application will be automatically assigned to the profile (if the authorization is set to "All Applications").

Resolved Issues

Customer Ticket Id	Details
35840	New applications are not added automatically to "ALL APPLICATIONS" filter in Dashboard 2.6.1.

2.6.2-funcrel

Other Updates

Internal Id	Details
DASHBOARDS-4442	Action Plan Recommendation documentation is updated with remediation effort details. Refer: https://doc.castsoftware.com/display/SECURITY/Security+Dashboard+-+Action+Plan+Recommendation#SecurityDashboardActionPlanRecommendation-Calculationoftheremediationeffort
DASHBOARDS-4575	The AC model having 'From Any' and 'To Any' dependency is not displayed in Dashboard after snapshot. This issue is fixed.
DASHBOARDS-1133	Fixed the issue with search for object (Lucene), on Tomcat 8.5 deployed with Java 9.0.4.
DASHBOARDS-4590	Fix for the CVE-2022-23457 is provided.

Resolved Issues

Customer Ticket Id	Details
35808	When Dashboard is opened through AIP Console, Security Dashboard does not display list of rules correctly for Chinese rules.
35626	Security Dashboard application filter does not work in application selection page (in Dashboard version 2.6.1).
35284	Though the Dashboard (2.5.2-68) installation on Windows is successful, the Windows service does not start.
35887	While assigning the user a particular role, roles are not listed in the Security Dashboard (GUI).
36321	All rules of an application are not extracted.

2.6.1-funcrel

Note

As a result of the change made to allow the use of Java 11 with the CAST Dashboards/RestAPI (see the entry below in "Other Updates), a new release of the Lucene indexer has been bundled with this release of the CAST Security Dashboard/RestAPI that functions with Java 11. As a result of this change to the Lucene indexer, if you have set your basic and advanced indexes to re-index (see https://doc.castsoftware.com/display/DASHBOARDS/Managing+the+Engineering+Dashboard+search+indexes) when the CAST Security Dashboard/RestAPI starts up then you should expect that the initial dashboards start-up time may be impacted due to the need to re-build the indexes.

Other Updates

Internal Id	Details
DASHBOARDS-4515	A fix has been applied to all Dashboards/RestAPI all Dashboards/RestAPI (upgrade of embedded PostgreSQL driver 42.2.18 to 43.3.3) to close the vulnerability described in CVE-2022-21724. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21724.
DASHBOARDS-1133	It is now possible to deploy the CAST Dashboards/RestAPI using Java 11 (previously only Java 8-10 were supported), either via Apache Tomcat or via ZIP/JAR. As a result of this change, the Lucene search index mechanism available in the Engineering Dashboard has been upgraded to release 7.0.0 to allow it to function with Java 11.
DASHBOARDS-4520	A CSS fix has been applied to the Health and Engineering Dashboards, to prevent an erroneously appearing vertical scroll bar beside the Dashboard logo in login page.
DASHBOARDS-4518	A fixed has been applied to all Dashboards/RestAPI to close the vulnerability, also known as Spring4Shell, described in CVE-2022-22965. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965 and https://doc.castsoftware.com/display/CAST/Spring+Framework+-+CVE+vulnerabilities.

Resolved Issues

Customer Ticket Id	Details
35223	Fixed an issue in the Security Dashboard where it was not possible to add profiles in the user management page.
35110	Fixed an issue related to navigation in the Security Dashboard. Navigation was not working correctly (some pages and panels were blank and did not load) for users without the ADMIN role.
35030	Fixed a nullpointerException popup that appeared erroneously when logging in to the Dashboard.

2.6.0-funcrel

Feature Improvements

Summary	Details
Security standards tags should be displayed with description and tooltip.	In Rule Documentaion, tooltips are provided for tags to display the detailed name. Also, a hyperlink is provided to the specific rule (in the rule portal) if an official doc page available for the tag.
Performance improvement in Admin page	Pagination and react virtualization has been introduced in user, profiles and license tables and selectors, to increase the performance of the pages.
Simplify REST API/Datamart interface	REST API 2.5.2 works with cast-datamart-2.5.0.jar and cast-datamart-2.4.0.jar
Show more option for large view files	If the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed while opening CAST_LOCAL.sql file, with SHOW 100 LINES option to view 100 more lines at a time.

Other Updates

Internal Id	Details
DASHBOARDS-4431	Editing a user profile displays a blank page.
DASHBOARDS-4384	Passing different value to startRow and nbRows queryParams returns 500 error for most of the web services.
DASHBOARDS-4387	Action plan table shows no violation found even when api returns data.
DASHBOARDS-4314	View File should be able to display 2 bookmarks when in same source file, not just 1 at a time.
DASHBOARDS-4382	Performance issue while opening CAST_LOCAL.sql file.
DASHBOARDS-4482	Fix CVE-2022-0839 for third-party library liquibase-core. Now version 4.8.0 is used.
DASHBOARDS-4440	Action Plan Recommendation: bad "Remediate" input.
DASHBOARDS-4441	Action Plan Recommendation - When an action plan exists do not increase the violations to fix.
DASHBOARDS-2703	Two Code viewers for two bookmarks on two adjacent lines. Only one code viewer should be enough.

Resolved Issues

Customer Ticket Id	Details
34793	Cannot associate Applications to Profile in the user configuration of Dashboard as Assign Application by name column is not present.
34732	Vulnerabilities found in CAST Dashboards.
34998	Background facts API does not list snapshots.
34792	Dashboard 2.5.2 - User configuration page does not load.