Page tree
Skip to end of metadata
Go to start of metadata

2.x

Release - 2.5.0-funcrel

Release date - January 11, 2021

  • New executable JAR file to replace ZIP file. Includes a wizard installer:

  • It is now possible to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually, instead (as in previous releases) of having to encrypt both:

  • It is now possible to add/edit a license key using the UI.

  • Now SAML user/ group can be added from UI.

  • Following six new report types are added to the default exsiting list of Standard Compliance reports:
    • OWASP-API-2021 Compliance Report.docx
    • OWASP-API-2021 Detailed Report.docx
    • CWE (2021) Top 25 Compliance Report.docx
    • CWE (2021) Top 25 Detailed Report.docx
    • ISO-5055 Compliance Report - OMG Technical Debt.docx
    • ISO-5055 Detailed Report - OMG Technical Debt.docx

  • ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.
  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832 
    For details, please refer: 

Release Notes - 2.5.0-funcrel

Release - 2.4.3-funcrel

Release date - December 16, 2021

Release Notes - 2.4.3-funcrel

Release - 2.4.2-funcrel

This version is not available.

Release - 2.4.1-funcrel

Release date - December 14, 2021

Release Notes - 2.4.1-funcrel

Release - 2.4.0-funcrel

Release date - November 18, 2021

  • User Profile: In LDAP mode, if there is no search object, the user list is diplayed based on the assigned profile

Release Notes - 2.4.0-funcrel

Release - 2.3.1-funcrel

Release date - October 13, 2021

  • Enhancement in display for results generated by the OMG Technical Debt: Dashboard has been updated to provide improved display for results generated by the OMG Technical Debt extension, v 2.x (Refer: https://doc.castsoftware.com/display/TECHNOS/OMG-CTDM+-+2.0 ): the Security Dashboard now includes (out of the box) a "Technical Debt (OMG) tile. By default this tile shows ISO-5055 index data, but it can be manually configured to show TQI or CISQ Index data if necessary.

Release Notes - 2.3.1-funcrel

Release - 2.3.0-funcrel

Release date - September 30, 2021

  • UI - Improvements to the Roles/Data Authorization interface (Refer: User roles - 2.x and above). The new interface has two tabs Profiles and Users (by default Profiles tab is displayed).

Profiles tab: Lets user to add New Profiles. After adding the Profile, user can assign: Roles, Applications by Name, Applications by technologies, Applications by tags to the selected Profile/s.

Users tab: Lets user to assign profiles to Users/Groups.

  • Support for CTDM: Dashboard 2.3.0 supports CTDM (Contextual Technical Debt Measure - version 2.x), i.e., OMG Technical Debt will be measured using CTDM (Contextual Technical Debt Measure) which is a union of AIP and ISO index measures. To view the output, user must have installed the latest version of the extension OMG CTDM (2.x).

Release Notes - 2.3.0-funcrel

Release - 2.2.1-funcrel

Release date - September 23, 2021

  • This release contains only bug fixes.

Release Notes - 2.2.1-funcrel

Release - 2.2.0-funcrel

Release date - September 03, 2021

  • This release contains only bug fixes.

Release Notes - 2.2.0-funcrel

Release - 2.1.0-funcrel

Release date - July 07, 2021

  • A graphical user interface has been implemented for managing the assignment of role and data authorizations to users and groups of users. This interface replaces the existing mechanism provided by the roles.xml and the authorizations.xml files. 

    This feature is in beta version and MUST NOT be used if you have re-used an existing authorizations.xml file with the new deployment and this file contains authorizations defining specific "restrictions" or which define "application name patterns". In this case, the user interface must not be used and instead authorizations and roles must be updated using the REST API (see /server/authorizations and /server/roles web services).


    For details refer:

  • In advanced search, six new filter criteria (Business Criteria Name, Technical Criteria Name, Technology Name, Module Name, Weight, Critical value) are added as columns in exported excel reports.

  • ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).

Release Notes - 2.1.0-funcrel

Release - 2.0.0-funcrel

Release date - May 17, 2021

  • SAML authentication mode is now supported in 2.x WAR and ZIP files.
  • Microsoft Windows Service installer - A batch script is now available to install a Windows Service specifically to handle the startup and shutdown of the deployed ZIP files.
  • Shutdown script for ZIP file deployment on Linux - A shutdown.sh script has been added for deploying the ZIP files on Linux. For Microsoft Windows deployments, use the CTRL+C keyboard option to gracefully stop the web application. 

Release Notes - 2.0.0-funcrel

Release - 2.0.0-beta1

Release date - March 19, 2021

Dashboard 2.0.0-beta1 is the first release of the CAST Dashboards that will use Spring Boot technology. It is now possible to deploy the CAST Dashboards without a standalone web application server such as Apache Tomcat - the web application server is instead embedded within the delivered dashboard. This will simplify and speed up the deployment of the CAST Dashboards

Release Notes - 2.0.0-beta1

1.x

Release - 1.28.5

Release date - January 11, 2022

  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832 
    For details, please refer: 

Release Notes - 1.28.5-funcrel

Release - 1.28.4

Release date - December 15, 2021

Release Notes - 1.28.4-funcrel

Release - 1.28.3

Release date - December 06, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.3-funcrel

Release - 1.28.2

Release date - November 18, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.2-funcrel

Release - 1.28.1

Release date - September 30, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.1-funcrel

Release - 1.28

Release date - September 03, 2021

  • This release is done with only bug fixes. 

From 1.28 release onwards, only bug fixes will be provided in the 1.x series of Security Dashboard. 

Release Notes - 1.28.0-funcrel

Release -1.27

Release date - July 07, 2021

  • ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).

Release Notes - 1.27.0-funcrel

Release - 1.26

Release date - April 29, 2021

  • The new ISO-5055 extension is supported with full functionality. New tile has been added to automatically display ISO-5055 data, with full drill down capability.

Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):

  • ISO report names are added and OMG report names are removed. 

  • APR provides even the number of occurrences during which the violation of a rule takes place. The value of number of occurrences and number of violations of the rule could be same or different. 

 

  • In Technical Debt (OMG), the Adjustment Factor value are now set to two decimal place

  • Release version is given in the home page (in the place of build number)

Release Notes - 1.26

Release - 1.25

Release date - March 18, 2021

Customer bug fix and other fixes.

Release Note - 1.25

Release - 1.24

Release date - February 17, 2021

User notification added for cache refresh

  • Following user notification is displayed when a new application is added.

  • Following user notification is displayed when a new snapshot is taken.

  • Following user notification is displayed when an authorization file/configuration is changed.

Release Notes - 1.24

Release - 1.23

Release date - January 12, 2020

  • Introducing Action plan recommendation (Beta) - A feature that allows users to define the health improvement goals and an optimization algorithm that recommends the optimized set of violations required to be fixed to reach the goal.

  • "Compliance (in %)" in Action Plan Recommendation (APR) - This feature allows user to Compliance (in %) score to specify the improvement goal. 

Release Notes - 1.23

Release - 1.22

Release date - November 27, 2020

Introducing a new option "Applied Filter" in the Risk Investigation View. 

You may filter Modules and Technologies using the Filtering icon/feature. Once you select a Module/Technology, the selected Module/Technology is displayed in the Applied Filters field as shown in the below screen.

Release Notes - 1.22

Release - 1.21

Release date - October 16, 2020

Introducing a new option "Tags" in the Rule Documentation section, which lists the Tags associated with the selected Rules. If there are no "Tags" associated with the Rule, there will be a "No Tag" message in the "Tags" section.

Release Notes - 1.21

Release - 1.20

Release date - September 10, 2020

  • Support of OWASP 2013 and OWASP 2017 Assessment Models - The Assessment Model drop down will now show the OWASP 2013 Assessment Model and OWASP 2017 Model (along with CISQ, MIPS, OMG-ASCQM Assessment Models that were introduced in 1.18).

  • Risk Investigation for Industry standards update - Critical violation filter is disabled for industry standards. Thus, when users land onto Risk investigation view by clicking on Industry standards or are redirected from Health dashboard, users will find critical violations filters disabled, as the industry standards does not define critical/non critical rules.
  • Improvement in Architecture Model View - The look and feel of architecture model view has been changed. Users now can navigate to the violations section, by clicking on the red arrows visible in the Architecture Model. Fullscreen, Recenter, Zoom in and Zoom out options are added to the Architecture Model View.

Release Note - 1.20

Release - 1.19

Release date - August 03, 2020

  • Implement CISQ Technical Debt in Security Dashboard Risk Investigation View
  • Moved Object Search to Table header, in Action Plan view

Release Note - 1.19

Release - 1.18

Release date - June 17, 2020

  • What’s New option added - In the left menu panel, a What's New icon has been added below the existing Help icon.

  • Check for update features in Dashboards - A Check for update option has been added to the user profile drop down list for admin users.

  • Industry standard as assessment Model – Support for Industry standard Index extensions which provides the ability to configure industry standard tiles as a grade, compliance, and violations. Drill down gives a detailed view of the assessment model based on the standards.

Release Note - 1.18

Release - 1.17

Release date – May 11, 2020

  • Filter violations based on status in Architecture Model

Release Note - 1.17

Release - 1.16

Release date – April 02, 2020

  • Module search added to Advanced Search view

  • Option to remove Solved violations from the Action Plan

  • Architecture model violation tile 

  • Architecture Models graphical implementation

Release Note - 1.16

Release - 1.15

Release Date: March 02, 2020 

  • Source and application name in audit trail log

  • Search feature for module selector 

Release Note - 1.15

Release - 1.14

Release Date: February 05, 2020

  • Improvements to Excel export in Transaction Investigation view

Release Note - 1.14

Release - 1.13.2

Release Date: January 03, 2019

Release Note - 1.13.2

Release - 1.12.0

Release Date: October 31, 2019

  • Parameter details for Distribution metrics
  • New predefined Industry Compliance reports
  • New Miscellaneous Report for Top Cyclomatic Complexity changes
  • Cache reload messages

Release Note - 1.12.0

Release - 1.10.0

Release Date: July 09, 2019

  • Atlassian JIRA integration - Allows Atlassian JIRA tickets to be created directly from the interface of the CAST Engineering Dashboard.
  • Custom reports in PPTX, XLSX and DOCX formats for the Security Dashboard
  • Chinese translation available by default

Release Note - 1.10.0


  • No labels