Content matrix
- 2.9.1-funcrel
  - Note
  - Feature Improvements
- 2.9.0-funcrel

Content matrix

Version

Summary of content

Comments

2.9.1-funcrel

This release contains one feature enhancement which is specific to the CAST Health and Engineering Dashboards when embedded in CAST Console. There are no other new features provided and no changes for those using the standalone CAST Security Dashboard.

Can be used with:

≥ 8.3.3

2.9.0-funcrel

Updates:

Bug fix to resolve two CVE vulnerabilities found in CAST Dashboards, for CVE-2022-31160. Refer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
Contains customer bug fixes

Can be used with:

≥ 8.3.3

.

2.9.1-funcrel

Note

This release contains one feature enhancement which is specific to the CAST Health and Engineering Dashboards when embedded in CAST Console. There are no other new features provided and no changes for those using the standalone CAST Security Dashboard.

Feature Improvements

Summary

Details

Technical - SSO for CAST Dashboards and Console (standalone)

An SSO (single sign on) mechanism has been implemented to link embedded CAST Dashboards (≥ 2.9.1) installed on Microsoft Windows and Console (≥ 2.5) Standalone edition. This mechanism ensures that when accessing embedded CAST Dashboards (from CAST Console), users will be directed to the CAST Console login page - i.e. logins to embedded CAST Dashboards will be managed by Console. See https://doc.castsoftware.com/display/AIPCONSOLE/2.x+-+Standalone+mode+-+Installation+of+AIP+Console+front-end+in+standalone+mode#id-2.xStandalonemodeInstallationofAIPConsolefrontendinstandalonemode-ConfigureSSO(singlesign-on)forembeddedCASTDashboardsinstalledonMicrosoftWindows

2.9.0-funcrel

Feature Improvements

Summary

Details

UI - Security Dashboard - Improvements in rules violation page

Search option is added in rules violation page (Application Investigation, Risk Investigation, Transaction Investigation, and Report Generation). When there are many violations, search button helps to search for a specific violation (based on the object name location field). See https://doc.castsoftware.com/display/SECURITY/Security+Dashboard+-+Risk+Investigation#SecurityDashboardRiskInvestigation-ViolationTableViolation.

Other Updates

Internal Id	Details
DASHBOARDS-4832	To improve security, the autocomplete feature for the login password field for the Security Dashboard has been disabled.
DASHBOARDS-4773	Fix for CVE-2022-31160 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160) is provided.
DASHBOARDS-4811	Fixes the issue of permanent license popup message. The permanent license popup message was blocking the ability to check and uncheck applications in the right hand list of applications. Now, the license pop-up message has a close option.

Resolved Issues

Customer Ticket Id	Details
37208	Fixes an issue related to SAML authentication. SAML authentication failed in Dashboard 2.7.0 due to ClassNotFoundException.