What is new in the Security Dashboard


Release - 2.12.3-funcrel

  • Customer bug fixes

Release Notes - 2.12.x

Release - 2.12.2-funcrel

  • Internal and customer bug fixes

Release Notes - 2.12.x

Release - 2.12.1-funcrel

  • Customer bug fixes

Release Notes - 2.12.x

Release - 2.12.0-funcrel

  • New reports and action plan improvements.

Release Notes - 2.12.x

Release - 2.11.7-funcrel

Release date - March 12, 2024

  • Customer bug fixes

Release Notes - 2.11.7-funcrel

Release - 2.11.6-funcrel

Release date - March 7, 2024

  • Customer bug fixes

Release Notes - 2.11.6-funcrel

Release - 2.11.5-funcrel

Release date - February 21, 2024

  • Customer bug fixes

Release Notes - 2.11.5-funcrel

Release - 2.11.4-funcrel

Release date - September 01, 2023

  • Customer bug fixes

Release Notes - 2.11.4-funcrel

Release - 2.11.3-funcrel

Release date - June 27, 2023

Release Notes - 2.11.3-funcrel

Release - 2.11.2-funcrel

Release date - April 25, 2023

  • Minor bug fixes

Release notes - 2.11.2-funcrel

Release - 2.11.1-funcrel

Release date - March 16, 2023

Release notes - 2.11.1-funcrel

Release - 2.11.0-funcrel

Release date - February 02, 2023

Feature Update

  • Outdated tiles (Data Safety, SQL Injection, XSS Command Injection, Misconfiguration) have been replaced with updated to tiles (CISQ-ISO 5055, CWE Top 25 2011-CWE Top 25 2022, OWASP 2017-OWASP 2021). Newly added tiles are based on Industry Standards. See: Security Dashboard - GUI
  • A new tile - PCI-DSS-V3.2.1 has been added. 

  • User can now add new industry standards to the assessment model drop-down by configuring ed.json file.

Release notes - 2.11.0-funcrel

Release - 2.10.0-funcrel

Release date - November 15, 2022

  • Feature update
    • In the rules violation table (available in the Risk Investigation, Application Investigation, Transaction Investigation and Advanced Search pages), it is now possible to:
    • The NO_ROLE role (read-only role) has now been made available for selection in the CAST Dashboard Administration panel for all Dashboards (in previous releases this role was not available for selection). Refer: User roles - 2.x and above
    • Admin Center:
      • Search option: A search option is provided for the table header in the CAST Dashboard Administration for all the Dashboards
      • Delete option: A delete/remove option (to delete the selected user/s from the local schema) is provided for the SAML/LDAP user/group in CAST Dashboard Administration panel for all the Dashboards.
      • Info icon: An info icon is provided (which shows a tool tip) is provided for SAML/LDAP user/group in CAST Dashboard Administration panel for all the Dashboards.


Release Notes - 2.10.0-funcrel

Release - 2.9.0-funcrel

Release date - October 13, 2022

  • Feature update: Search option is provided for the following pages: Application Investigation, Risk Investigation, Transaction Investigation and Report Generation. When there are many violations, search button  helps to search for a specific violation (based on the object name location field).

Release Notes - 2.9.0-funcrel

Release - 2.8.0-funcrel

Release date - August 18, 2022

Release Notes - 2.8.0-funcrel

Release - 2.7.0-funcrel

Release date - July 07, 2022

  • Reports in PDF format: To simplify the deployment and configuration of the CAST Engineering Dashboard, Standard Compliance Reports will now be generated automatically in PDF format - rather than needing to rely on the installation and configuration of CAST Report Generator for Dashboards. See Security Dashboard - Report Generation. As a result of this change, the option to generate Custom Reports has been disabled.

Release Notes - 2.7.0-funcrel

Release - 2.6.3-funcrel

Release date - June 17, 2022

  • Users can assign 'All Applications" to multiple profiles or a single profile without adding any role to the selected profile/s. When using the "All Applications" authorization, any new Applications that are onboarded will automatically be included in the authorization.

Release Notes - 2.6.3-funcrel

Release - 2.6.2-funcrel

Release date - June 02, 2022

Release Notes - 2.6.2-funcrel

Release - 2.6.1-funcrel

Release date - April 08, 2022

Release Notes - 2.6.1-funcrel

Release - 2.6.0-funcrel

Release date - March 25, 2022

  • Show more option for large files: If the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed while opening CAST_LOCAL.sql file, with SHOW 100 LINES option to view 100 more lines at a time. 

  • Tooltip for tags: In Rule Documentaion, tooltips are provided for tags, to show the detailed name. Also, a hyperlink is provided to the specific rule (in the rule portal) if an official doc page available for the tag. 

  • Performance improvement in Admin page/User authorization view: Pagination and react virtualization has beed introduced in user, profiles and license tables and selectors, to increase the performance of the pages. Now it takes only 45 mins to load 850+ user data.

Release Notes - 2.6.0-funcrel

Release - 2.5.2-funcrel

Release date - February 16, 2022

  • When there is no data, all SD tiles will show N/A instead of loading icon so that the home page does not hang.
  • Pagination has been implemented in CAST Administration page (profiles and users tabs).

  • The .ICO file used in the Dashboards (visible in the browser tab) has been updated and improved. Now it is visible in all browser themes (like in dark mode).


  • Now, in Action Plan the date in Last Updated column shows:

    • Last Snapshot date, in case of solved violations
    • Last Updated date, in case of Added and Pending violations

Release Notes - 2.5.2-funcrel

Release - 2.5.1-funcrel

Release date - January 28, 2021

Release Notes - 2.5.1-funcrel

Release - 2.5.0-funcrel

Release date - January 11, 2021

  • New executable JAR file to replace ZIP file. Includes a wizard installer:

  • It is now possible to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually, instead (as in previous releases) of having to encrypt both:

  • It is now possible to add/edit a license key using the UI.

  • Now SAML user/ group can be added from UI.

  • Following six new report types are added to the default exsiting list of Standard Compliance reports:
    • OWASP-API-2021 Compliance Report.docx
    • OWASP-API-2021 Detailed Report.docx
    • CWE (2021) Top 25 Compliance Report.docx
    • CWE (2021) Top 25 Detailed Report.docx
    • ISO-5055 Compliance Report - OMG Technical Debt.docx
    • ISO-5055 Detailed Report - OMG Technical Debt.docx

  • ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.
  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832 
    For details, please refer: 

Release Notes - 2.5.0-funcrel

Release - 2.4.3-funcrel

Release date - December 16, 2021

Release Notes - 2.4.3-funcrel

Release - 2.4.2-funcrel

This version is not available.

Release - 2.4.1-funcrel

Release date - December 14, 2021

Release Notes - 2.4.1-funcrel

Release - 2.4.0-funcrel

Release date - November 18, 2021

  • User Profile: In LDAP mode, if there is no search object, the user list is diplayed based on the assigned profile

Release Notes - 2.4.0-funcrel

Release - 2.3.1-funcrel

Release date - October 13, 2021

  • Enhancement in display for results generated by the OMG Technical Debt: Dashboard has been updated to provide improved display for results generated by the OMG Technical Debt extension, v 2.x (Refer: https://doc.castsoftware.com/display/TECHNOS/OMG-CTDM+-+2.0 ): the Security Dashboard now includes (out of the box) a "Technical Debt (OMG) tile. By default this tile shows ISO-5055 index data, but it can be manually configured to show TQI or CISQ Index data if necessary.

Release Notes - 2.3.1-funcrel

Release - 2.3.0-funcrel

Release date - September 30, 2021

  • UI - Improvements to the Roles/Data Authorization interface (Refer: User roles - 2.x and above). The new interface has two tabs Profiles and Users (by default Profiles tab is displayed).

Profiles tab: Lets user to add New Profiles. After adding the Profile, user can assign: Roles, Applications by Name, Applications by technologies, Applications by tags to the selected Profile/s.

Users tab: Lets user to assign profiles to Users/Groups.

  • Support for CTDM: Dashboard 2.3.0 supports CTDM (Contextual Technical Debt Measure - version 2.x), i.e., OMG Technical Debt will be measured using CTDM (Contextual Technical Debt Measure) which is a union of AIP and ISO index measures. To view the output, user must have installed the latest version of the extension OMG CTDM (2.x).

Release Notes - 2.3.0-funcrel

Release - 2.2.1-funcrel

Release date - September 23, 2021

  • This release contains only bug fixes.

Release Notes - 2.2.1-funcrel

Release - 2.2.0-funcrel

Release date - September 03, 2021

  • This release contains only bug fixes.

Release Notes - 2.2.0-funcrel

Release - 2.1.0-funcrel

Release date - July 07, 2021

  • A graphical user interface has been implemented for managing the assignment of role and data authorizations to users and groups of users. This interface replaces the existing mechanism provided by the roles.xml and the authorizations.xml files. 

    This feature is in beta version and MUST NOT be used if you have re-used an existing authorizations.xml file with the new deployment and this file contains authorizations defining specific "restrictions" or which define "application name patterns". In this case, the user interface must not be used and instead authorizations and roles must be updated using the REST API (see /server/authorizations and /server/roles web services).

    For details refer:

  • In advanced search, six new filter criteria (Business Criteria Name, Technical Criteria Name, Technology Name, Module Name, Weight, Critical value) are added as columns in exported excel reports.

  • ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).

Release Notes - 2.1.0-funcrel

Release - 2.0.0-funcrel

Release date - May 17, 2021

  • SAML authentication mode is now supported in 2.x WAR and ZIP files.
  • Microsoft Windows Service installer - A batch script is now available to install a Windows Service specifically to handle the startup and shutdown of the deployed ZIP files.
  • Shutdown script for ZIP file deployment on Linux - A shutdown.sh script has been added for deploying the ZIP files on Linux. For Microsoft Windows deployments, use the CTRL+C keyboard option to gracefully stop the web application. 

Release Notes - 2.0.0-funcrel

Release - 2.0.0-beta1

Release date - March 19, 2021

Dashboard 2.0.0-beta1 is the first release of the CAST Dashboards that will use Spring Boot technology. It is now possible to deploy the CAST Dashboards without a standalone web application server such as Apache Tomcat - the web application server is instead embedded within the delivered dashboard. This will simplify and speed up the deployment of the CAST Dashboards

Release Notes - 2.0.0-beta1


Release - 1.28.9

Release date - July 07, 2022

  • This release contains only bug fixes.

Release Notes - 1.28.9-funcrel

Release - 1.28.8

Release date - June 02, 2022

  • This release contains only bug fixes.

Release Notes - 1.28.8-funcrel

Release - 1.28.7

Release date - April 08, 2022

  • This release contains only bug fixes.

Release Notes - 1.28.7-funcrel

Release - 1.28.6

Release date - March 25, 2022

  • This release contains only bug fixes.

Release Notes - 1.28.6-funcrel

Release - 1.28.5

Release date - January 11, 2022

  • Bug fix to resolve CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-45105 and CVE-2021-44832 
    For details, please refer: 

Release Notes - 1.28.5-funcrel

Release - 1.28.4

Release date - December 15, 2021

Release Notes - 1.28.4-funcrel

Release - 1.28.3

Release date - December 06, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.3-funcrel

Release - 1.28.2

Release date - November 18, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.2-funcrel

Release - 1.28.1

Release date - September 30, 2021

  • This release contains only bug fixes.

Release Notes - 1.28.1-funcrel

Release - 1.28

Release date - September 03, 2021

  • This release is done with only bug fixes. 

From 1.28 release onwards, only bug fixes will be provided in the 1.x series of Security Dashboard. 

Release Notes - 1.28.0-funcrel

Release -1.27

Release date - July 07, 2021

  • ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).

Release Notes - 1.27.0-funcrel

Release - 1.26

Release date - April 29, 2021

  • The new ISO-5055 extension is supported with full functionality. New tile has been added to automatically display ISO-5055 data, with full drill down capability.

Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):

  • ISO report names are added and OMG report names are removed. 

  • APR provides even the number of occurrences during which the violation of a rule takes place. The value of number of occurrences and number of violations of the rule could be same or different. 


  • In Technical Debt (OMG), the Adjustment Factor value are now set to two decimal place

  • Release version is given in the home page (in the place of build number)

Release Notes - 1.26

Release - 1.25

Release date - March 18, 2021

Customer bug fix and other fixes.

Release Note - 1.25

Release - 1.24

Release date - February 17, 2021

User notification added for cache refresh

  • Following user notification is displayed when a new application is added.

  • Following user notification is displayed when a new snapshot is taken.

  • Following user notification is displayed when an authorization file/configuration is changed.

Release Notes - 1.24

Release - 1.23

Release date - January 12, 2020

  • Introducing Action plan recommendation (Beta) - A feature that allows users to define the health improvement goals and an optimization algorithm that recommends the optimized set of violations required to be fixed to reach the goal.

  • "Compliance (in %)" in Action Plan Recommendation (APR) - This feature allows user to Compliance (in %) score to specify the improvement goal. 

Release Notes - 1.23

Release - 1.22

Release date - November 27, 2020

Introducing a new option "Applied Filter" in the Risk Investigation View. 

You may filter Modules and Technologies using the Filtering icon/feature. Once you select a Module/Technology, the selected Module/Technology is displayed in the Applied Filters field as shown in the below screen.

Release Notes - 1.22

Release - 1.21

Release date - October 16, 2020

Introducing a new option "Tags" in the Rule Documentation section, which lists the Tags associated with the selected Rules. If there are no "Tags" associated with the Rule, there will be a "No Tag" message in the "Tags" section.

Release Notes - 1.21

Release - 1.20

Release date - September 10, 2020

  • Support of OWASP 2013 and OWASP 2017 Assessment Models - The Assessment Model drop down will now show the OWASP 2013 Assessment Model and OWASP 2017 Model (along with CISQ, MIPS, OMG-ASCQM Assessment Models that were introduced in 1.18).

  • Risk Investigation for Industry standards update - Critical violation filter is disabled for industry standards. Thus, when users land onto Risk investigation view by clicking on Industry standards or are redirected from Health dashboard, users will find critical violations filters disabled, as the industry standards does not define critical/non critical rules.
  • Improvement in Architecture Model View - The look and feel of architecture model view has been changed. Users now can navigate to the violations section, by clicking on the red arrows visible in the Architecture Model. Fullscreen, Recenter, Zoom in and Zoom out options are added to the Architecture Model View.

Release Note - 1.20

Release - 1.19

Release date - August 03, 2020

  • Implement CISQ Technical Debt in Security Dashboard Risk Investigation View
  • Moved Object Search to Table header, in Action Plan view

Release Note - 1.19

Release - 1.18

Release date - June 17, 2020

  • What’s New option added - In the left menu panel, a What's New icon has been added below the existing Help icon.

  • Check for update features in Dashboards - Check for update option has been added to the user profile drop down list for admin users.

  • Industry standard as assessment Model – Support for Industry standard Index extensions which provides the ability to configure industry standard tiles as a grade, compliance, and violations. Drill down gives a detailed view of the assessment model based on the standards.

Release Note - 1.18

Release - 1.17

Release date – May 11, 2020

  • Filter violations based on status in Architecture Model

Release Note - 1.17

Release - 1.16

Release date – April 02, 2020

  • Module search added to Advanced Search view

  • Option to remove Solved violations from the Action Plan

  • Architecture model violation tile 

  • Architecture Models graphical implementation

Release Note - 1.16

Release - 1.15

Release Date: March 02, 2020 

  • Source and application name in audit trail log

  • Search feature for module selector 

Release Note - 1.15

Release - 1.14

Release Date: February 05, 2020

  • Improvements to Excel export in Transaction Investigation view

Release Note - 1.14

Release - 1.13.2

Release Date: January 03, 2019

Release Note - 1.13.2

Release - 1.12.0

Release Date: October 31, 2019

  • Parameter details for Distribution metrics
  • New predefined Industry Compliance reports
  • New Miscellaneous Report for Top Cyclomatic Complexity changes
  • Cache reload messages

Release Note - 1.12.0

Release - 1.10.0

Release Date: July 09, 2019

  • Atlassian JIRA integration - Allows Atlassian JIRA tickets to be created directly from the interface of the CAST Engineering Dashboard.
  • Custom reports in PPTX, XLSX and DOCX formats for the Security Dashboard
  • Chinese translation available by default

Release Note - 1.10.0