- 2.x
- Release - 2.13.1-funcrel
- Release - 2.13.0-funcrel
- Release - 2.12.6-funcrel
- Release - 2.12.5-funcrel
- Release - 2.12.4-funcrel
- Release - 2.12.3-funcrel
- Release - 2.12.2-funcrel
- Release - 2.12.1-funcrel
- Release - 2.12.0-funcrel
- Release - 2.11.7-funcrel
- Release - 2.11.6-funcrel
- Release - 2.11.5-funcrel
- Release - 2.11.4-funcrel
- Release - 2.11.3-funcrel
- Release - 2.11.2-funcrel
- Release - 2.11.1-funcrel
- Release - 2.11.0-funcrel
- Release - 2.10.0-funcrel
- Release - 2.9.0-funcrel
- Release - 2.8.0-funcrel
- Release - 2.7.0-funcrel
- Release - 2.6.3-funcrel
- Release - 2.6.2-funcrel
- Release - 2.6.1-funcrel
- Release - 2.6.0-funcrel
- Release - 2.5.2-funcrel
- Release - 2.5.1-funcrel
- Release - 2.5.0-funcrel
- Release - 2.4.3-funcrel
- Release - 2.4.2-funcrel
- Release - 2.4.1-funcrel
- Release - 2.4.0-funcrel
- Release - 2.3.1-funcrel
- Release - 2.3.0-funcrel
- Release - 2.2.1-funcrel
- Release - 2.2.0-funcrel
- Release - 2.1.0-funcrel
- Release - 2.0.0-funcrel
- Release - 2.0.0-beta1
- 1.x
- Release - 1.28.9
- Release - 1.28.8
- Release - 1.28.7
- Release - 1.28.6
- Release - 1.28.5
- Release - 1.28.4
- Release - 1.28.3
- Release - 1.28.2
- Release - 1.28.1
- Release - 1.28
- Release -1.27
- Release - 1.26
- Release - 1.25
- Release - 1.24
- Release - 1.23
- Release - 1.22
- Release - 1.21
- Release - 1.20
- Release - 1.19
- Release - 1.18
- Release - 1.17
- Release - 1.16
- Release - 1.15
- Release - 1.14
- Release - 1.13.2
- Release - 1.12.0
- Release - 1.10.0
2.x
Release - 2.13.1-funcrel
- Customer bug fixes and minor improvements.
Release - 2.13.0-funcrel
- Customer bug fixes and minor improvements.
Release - 2.12.6-funcrel
- Customer bug fixes
Release - 2.12.5-funcrel
- Customer bug fixes
Release - 2.12.4-funcrel
- Internal bug fix
Release - 2.12.3-funcrel
- Customer bug fixes
Release - 2.12.2-funcrel
- Internal bug fix
Release - 2.12.1-funcrel
- Customer bug fixes
Release - 2.12.0-funcrel
- New reports and action plan improvements.
Release - 2.11.7-funcrel
Release date - March 12, 2024
- Customer bug fixes
Release Notes - 2.11.7-funcrel
Release - 2.11.6-funcrel
Release date - March 7, 2024
- Customer bug fixes
Release Notes - 2.11.6-funcrel
Release - 2.11.5-funcrel
Release date - February 21, 2024
- Customer bug fixes
Release - 2.11.4-funcrel
Release date - September 01, 2023
- Customer bug fixes
Release - 2.11.3-funcrel
Release date - June 27, 2023
- Improvements for Action Plan Recommendation feature.
Release - 2.11.2-funcrel
Release date - April 25, 2023
- Minor bug fixes
Release notes - 2.11.2-funcrel
Release - 2.11.1-funcrel
Release date - March 16, 2023
- You now have "Bookmarks" to the left side of Security Compliance PDF reports which makes it simple to access specific paragraphs. See Security Dashboard - Report Generation#SecurityandIndustryComplianceReports.
- Changes made to support deployment of CAST Dashboards with Java 17 (LTS). See Standalone dashboard - installation requirements#jreSupportedJavaJRE/JDK.
Release notes - 2.11.1-funcrel
Release - 2.11.0-funcrel
Release date - February 02, 2023
Feature Update
- Outdated tiles (Data Safety, SQL Injection, XSS Command Injection, Misconfiguration) have been replaced with updated to tiles (CISQ-ISO 5055, CWE Top 25 2011-CWE Top 25 2022, OWASP 2017-OWASP 2021). Newly added tiles are based on Industry Standards. See: Security Dashboard - GUI
- A new tile - PCI-DSS-V3.2.1 has been added.
- User can now add new industry standards to the assessment model drop-down by configuring ed.json file.
Release notes - 2.11.0-funcrel
Release - 2.10.0-funcrel
Release date - November 15, 2022
- Feature update
- In the rules violation table (available in the Risk
Investigation,
Application Investigation, Transaction Investigation and Advanced
Search pages), it is now possible to:
- move violations that are already in the Action Plan list into the Scheduled Exclusion list using the "Manage > Manage exclusion of the violations" option. In previous releases it was only possible to do this directly using the Scheduled Exclusion list.
- remove violations from the Action Plan and the Scheduled Exclusion list using the "Manage > Remove from Action list" and the "Manage > Remove from Scheduled List" options. In previous releases it was only possible to remove violations directly using the Action Plan or the Scheduled Exclusion list. Refer: Security Dashboard - Action Plan#Removingviolations(objects)fromtheActionPlan and Security Dashboard - Exclusions#removeRemovingviolations(objects)fromtheExclusionlist
- The NO_ROLE role (read-only role) has now been made available for selection in the CAST Dashboard Administration panel for all Dashboards (in previous releases this role was not available for selection). Refer: User roles - 2.x and above
- Admin Center:
- Search option: A search option is provided for the table header in the CAST Dashboard Administration for all the Dashboards
- Delete option: A delete/remove option (to delete the selected user/s from the local schema) is provided for the SAML/LDAP user/group in CAST Dashboard Administration panel for all the Dashboards.
- Info icon: An info icon is provided (which shows a tool tip) is provided for SAML/LDAP user/group in CAST Dashboard Administration panel for all the Dashboards.
- In the rules violation table (available in the Risk
Investigation,
Application Investigation, Transaction Investigation and Advanced
Search pages), it is now possible to:
Release - 2.9.0-funcrel
Release date - October 13, 2022
- Feature update: Search option is provided for the following pages: Application Investigation, Risk Investigation, Transaction Investigation and Report Generation. When there are many violations, search button helps to search for a specific violation (based on the object name location field).
- Usability Improvement: License message comes with close option, allowing user to close the pop-up message.
- Bug fix to resolve two CVE
vulnerabilities found in CAST Dashboards, for CVE-2022-31160
For details refer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
Release - 2.8.0-funcrel
Release date - August 18, 2022
- UI changes in the Reports page: Reports page is re-designed which helps user to sort and search the reports in the Standard Compliance Report Category. In the Miscellaneous Reports category, user can now view the details of the selected report on the same page. Refer: Security Dashboard - Report Generation
- Multi language support in Report Generation: Reports can now be generated in - German, Italian, Spanish, French, and Chinese. (Rules are displayed in English). Refer: Security Dashboard - Report Generation#Introduction
- Support for CWE Top25 2022 reports: Now you can generate CWE Top25 2022 Compliance Report and CWE Top25 2022 Detail PDF Reports. Refer: https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
Release - 2.7.0-funcrel
Release date - July 07, 2022
- Reports in PDF format: To simplify the deployment and configuration of the CAST Engineering Dashboard, Standard Compliance Reports will now be generated automatically in PDF format - rather than needing to rely on the installation and configuration of CAST Report Generator for Dashboards. See Security Dashboard - Report Generation. As a result of this change, the option to generate Custom Reports has been disabled.
Release - 2.6.3-funcrel
Release date - June 17, 2022
- Users can assign 'All Applications" to multiple profiles or a single profile without adding any role to the selected profile/s. When using the "All Applications" authorization, any new Applications that are onboarded will automatically be included in the authorization.
Release - 2.6.2-funcrel
Release date - June 02, 2022
- Action Plan Recommendation documentation is updated with remediation effort details. Refer: Security Dashboard - Action Plan Recommendation#Calculationoftheremediationeffort
- Bug fix to resolve two CVE
vulnerabilities found in CAST Dashboards, for CVE-2022-23457
For details refer:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23457
Release - 2.6.1-funcrel
Release date - April 08, 2022
- Java 11 is supported: It is now possible to deploy the CAST Dashboards/RestAPI using Java 11. Refer: Standalone dashboard - installation requirements
Release - 2.6.0-funcrel
Release date - March 25, 2022
- Show more option for large files: If the size of the file is more than 500KB, then by default 500 lines below and above the bookmark will be displayed while opening CAST_LOCAL.sql file, with SHOW 100 LINES option to view 100 more lines at a time.
- Tooltip for tags: In Rule Documentaion, tooltips are provided for tags, to show the detailed name. Also, a hyperlink is provided to the specific rule (in the rule portal) if an official doc page available for the tag.
- Performance improvement in Admin page/User authorization view: Pagination and react virtualization has beed introduced in user, profiles and license tables and selectors, to increase the performance of the pages. Now it takes only 45 mins to load 850+ user data.
Release - 2.5.2-funcrel
Release date - February 16, 2022
- When there is no data, all SD tiles will show N/A instead of loading icon so that the home page does not hang.
- Pagination has been implemented in CAST Administration page (profiles and users tabs).
- The .ICO file used in the Dashboards (visible in the browser tab) has been updated and improved. Now it is visible in all browser themes (like in dark mode).
-
Now, in Action Plan the date in Last Updated column shows:
- Last Snapshot date, in case of solved violations
- Last Updated date, in case of Added and Pending violations
Release - 2.5.1-funcrel
Release date - January 28, 2021
- If a legacy type license key is still being used, users with the Admin role will now see messages explaining that a new license key format is available. Refer: Dashboard Service license key configuration#UIbehaviourwhenusingalegacylicensekey.
Release - 2.5.0-funcrel
Release date - January 11, 2021
- New executable JAR file to replace ZIP file. Includes a wizard installer:
- It is now possible to encrypt the username / password for CAST Storage Service/PostgreSQL and/or LDAP individually, instead (as in previous releases) of having to encrypt both:
- It is now possible to add/edit a license key using the UI.
- Now SAML user/ group can be added from UI.
- Following six new report types are added to the default exsiting
list of Standard Compliance reports:
- OWASP-API-2021 Compliance Report.docx
- OWASP-API-2021 Detailed Report.docx
- CWE (2021) Top 25 Compliance Report.docx
- CWE (2021) Top 25 Detailed Report.docx
- ISO-5055 Compliance Report - OMG Technical Debt.docx
- ISO-5055 Detailed Report - OMG Technical Debt.docx
- ISO-5055 tile will not be displayed on the homepage if the application does not have the ISO extension installed.
- Bug fix to resolve CVE
vulnerabilities found in CAST Dashboards, for Apache
Log4j: CVE-2021-45105 and CVE-2021-44832
For details, please refer:- Apache Log4j - CVE vulnerabilities (CAST documentation)
Release - 2.4.3-funcrel
Release date - December 16, 2021
- Bug fixes to resolve two
CVE vulnerabilities found in CAST Dashboards: CVE-2021-45046 (for Apache
Log4j) and CVE-2021-23463 (for h2database).
For details, please refer:
Release - 2.4.2-funcrel
This version is not available.
Release - 2.4.1-funcrel
Release date - December 14, 2021
- Bug fixes to resolve two
CVE vulnerabilities found in CAST Dashboards: CVE-2021-44228
(for Apache Log4j) and CVE-2021-43466 (for OWASP).
For details, please refer:
Release - 2.4.0-funcrel
Release date - November 18, 2021
- Role and data authorizations feature ismoved from beta to functional release. For details refer:
- User Profile: In LDAP mode, if there is no search object, the user list is diplayed based on the assigned profile
Release - 2.3.1-funcrel
Release date - October 13, 2021
- Enhancement in display for results generated by the OMG Technical Debt: Dashboard has been updated to provide improved display for results generated by the OMG Technical Debt extension, v 2.x (Refer: https://doc.castsoftware.com/display/TECHNOS/OMG-CTDM+-+2.0 ): the Security Dashboard now includes (out of the box) a "Technical Debt (OMG) tile. By default this tile shows ISO-5055 index data, but it can be manually configured to show TQI or CISQ Index data if necessary.
Release - 2.3.0-funcrel
Release date - September 30, 2021
- UI - Improvements to the Roles/Data Authorization interface (Refer: User roles - 2.x and above). The new interface has two tabs Profiles and Users (by default Profiles tab is displayed).
Profiles tab: Lets user to add New Profiles. After adding the Profile, user can assign: Roles, Applications by Name, Applications by technologies, Applications by tags to the selected Profile/s.
Users tab: Lets user to assign profiles to Users/Groups.
- Support for CTDM: Dashboard 2.3.0 supports CTDM (Contextual Technical Debt Measure - version 2.x), i.e., OMG Technical Debt will be measured using CTDM (Contextual Technical Debt Measure) which is a union of AIP and ISO index measures. To view the output, user must have installed the latest version of the extension OMG CTDM (2.x).
Release - 2.2.1-funcrel
Release date - September 23, 2021
- This release contains only bug fixes.
Release - 2.2.0-funcrel
Release date - September 03, 2021
- This release contains only bug fixes.
Release - 2.1.0-funcrel
Release date - July 07, 2021
-
A graphical user interface has been implemented for managing the assignment of role and data authorizations to users and groups of users. This interface replaces the existing mechanism provided by the roles.xml and the authorizations.xml files.
This feature is in beta version and MUST NOT be used if you have re-used an existing authorizations.xml file with the new deployment and this file contains authorizations defining specific "restrictions" or which define "application name patterns". In this case, the user interface must not be used and instead authorizations and roles must be updated using the REST API (see /server/authorizations and /server/roles web services).
For details refer:
- In advanced search, six new filter criteria (Business Criteria Name, Technical Criteria Name, Technology Name, Module Name, Weight, Critical value) are added as columns in exported excel reports.
- ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).
Release - 2.0.0-funcrel
Release date - May 17, 2021
- SAML authentication mode is now supported in 2.x WAR and ZIP files.
- Microsoft Windows Service installer - A batch script is now available to install a Windows Service specifically to handle the startup and shutdown of the deployed ZIP files.
- Shutdown script for ZIP file deployment on Linux - A shutdown.sh script has been added for deploying the ZIP files on Linux. For Microsoft Windows deployments, use the CTRL+C keyboard option to gracefully stop the web application.
Release - 2.0.0-beta1
Release date - March 19, 2021
Dashboard 2.0.0-beta1 is the first release of the CAST Dashboards that will use Spring Boot technology. It is now possible to deploy the CAST Dashboards without a standalone web application server such as Apache Tomcat - the web application server is instead embedded within the delivered dashboard. This will simplify and speed up the deployment of the CAST Dashboards
1.x
Release - 1.28.9
Release date - July 07, 2022
- This release contains only bug fixes.
Release Notes - 1.28.9-funcrel
Release - 1.28.8
Release date - June 02, 2022
- This release contains only bug fixes.
Release Notes - 1.28.8-funcrel
Release - 1.28.7
Release date - April 08, 2022
- This release contains only bug fixes.
Release Notes - 1.28.7-funcrel
Release - 1.28.6
Release date - March 25, 2022
- This release contains only bug fixes.
Release Notes - 1.28.6-funcrel
Release - 1.28.5
Release date - January 11, 2022
- Bug fix to resolve CVE
vulnerabilities found in CAST Dashboards, for Apache
Log4j: CVE-2021-45105 and CVE-2021-44832
For details, please refer:- Apache Log4j - CVE vulnerabilities (CAST documentation)
Release Notes - 1.28.5-funcrel
Release - 1.28.4
Release date - December 15, 2021
- Bug fix to resolve two CVE vulnerabilities found in CAST Dashboards, for Apache Log4j: CVE-2021-44228 and CVE-2021-45046.
Release Notes - 1.28.4-funcrel
Release - 1.28.3
Release date - December 06, 2021
- This release contains only bug fixes.
Release Notes - 1.28.3-funcrel
Release - 1.28.2
Release date - November 18, 2021
- This release contains only bug fixes.
Release Notes - 1.28.2-funcrel
Release - 1.28.1
Release date - September 30, 2021
- This release contains only bug fixes.
Release Notes - 1.28.1-funcrel
Release - 1.28
Release date - September 03, 2021
- This release is done with only bug fixes.
From 1.28 release onwards, only bug fixes will be provided in the 1.x series of Security Dashboard.
Release Notes - 1.28.0-funcrel
Release -1.27
Release date - July 07, 2021
- ISO tile displays the number of Violations (it has been changed from critical violation to non-critical, now it does not depend on the critical switch).
Release Notes - 1.27.0-funcrel
Release - 1.26
Release date - April 29, 2021
- The new ISO-5055 extension is supported with full functionality. New tile has been added to automatically display ISO-5055 data, with full drill down capability.
Drilling down through this tile will take you to the Risk Investigation view, where the focus will be set to the ISO-5055 Assessment Model (1) showing only the ISO-5055 metrics (2):
- ISO report names are added and OMG report names are removed.
- APR provides even the number of occurrences during which the violation of a rule takes place. The value of number of occurrences and number of violations of the rule could be same or different.
- In Technical Debt (OMG), the Adjustment Factor value are now set to two decimal place
- Release version is given in the home page (in the place of build number)
Release - 1.25
Release date - March 18, 2021
Customer bug fix and other fixes.
Release - 1.24
Release date - February 17, 2021
User notification added for cache refresh
- Following user notification is displayed when a new application is added.
- Following user notification is displayed when a new snapshot is taken.
- Following user notification is displayed when an authorization file/configuration is changed.
Release - 1.23
Release date - January 12, 2020
- Introducing Action plan recommendation (Beta) - A feature that allows users to define the health improvement goals and an optimization algorithm that recommends the optimized set of violations required to be fixed to reach the goal.
- "Compliance (in %)" in Action Plan Recommendation (APR) - This feature allows user to Compliance (in %) score to specify the improvement goal.
Release - 1.22
Release date - November 27, 2020
Introducing a new option "Applied Filter" in the Risk Investigation View.
You may filter Modules and Technologies using the Filtering icon/feature. Once you select a Module/Technology, the selected Module/Technology is displayed in the Applied Filters field as shown in the below screen.
Release - 1.21
Release date - October 16, 2020
Introducing a new option "Tags" in the Rule Documentation section, which lists the Tags associated with the selected Rules. If there are no "Tags" associated with the Rule, there will be a "No Tag" message in the "Tags" section.
Release - 1.20
Release date - September 10, 2020
-
Support of OWASP 2013 and OWASP 2017 Assessment Models - The Assessment Model drop down will now show the OWASP 2013 Assessment Model and OWASP 2017 Model (along with CISQ, MIPS, OMG-ASCQM Assessment Models that were introduced in 1.18).
- Risk Investigation for Industry standards update - Critical violation filter is disabled for industry standards. Thus, when users land onto Risk investigation view by clicking on Industry standards or are redirected from Health dashboard, users will find critical violations filters disabled, as the industry standards does not define critical/non critical rules.
- Improvement in Architecture Model View - The look and feel of architecture model view has been changed. Users now can navigate to the violations section, by clicking on the red arrows visible in the Architecture Model. Fullscreen, Recenter, Zoom in and Zoom out options are added to the Architecture Model View.
Release - 1.19
Release date - August 03, 2020
- Implement CISQ Technical Debt in Security Dashboard Risk Investigation View
-
Moved Object Search to Table header, in Action Plan view
Release - 1.18
Release date - June 17, 2020
-
What’s New option added - In the left menu panel, a What's New icon has been added below the existing Help icon.
-
Check for update features in Dashboards - A Check for update option has been added to the user profile drop down list for admin users.
-
Industry standard as assessment Model – Support for Industry standard Index extensions which provides the ability to configure industry standard tiles as a grade, compliance, and violations. Drill down gives a detailed view of the assessment model based on the standards.
Release - 1.17
Release date – May 11, 2020
-
Filter violations based on status in Architecture Model
Release - 1.16
Release date – April 02, 2020
-
Module search added to Advanced Search view
-
Option to remove Solved violations from the Action Plan
-
Architecture model violation tile
-
Architecture Models graphical implementation
Release - 1.15
Release Date: March 02, 2020
-
Source and application name in audit trail log
-
Search feature for module selector
Release - 1.14
Release Date: February 05, 2020
-
Improvements to Excel export in Transaction Investigation view
Release - 1.13.2
Release Date: January 03, 2019
Release - 1.12.0
Release Date: October 31, 2019
- Parameter details for Distribution metrics
- New predefined Industry Compliance reports
- New Miscellaneous Report for Top Cyclomatic Complexity changes
- Cache reload messages
Release - 1.10.0
Release Date: July 09, 2019
- Atlassian JIRA integration - Allows Atlassian JIRA tickets to be created directly from the interface of the CAST Engineering Dashboard.
- Custom reports in PPTX, XLSX and DOCX formats for the Security Dashboard
- Chinese translation available by default