1.3.7

What's Changed

• (API) Update fast-xml-parser dependency to address CVE-2023-34104 (#1012)
• (API) Addd stack trace to API error responses (#1011)
• (Docs) Minor updates

Full Changelog: 1.3.6...1.3.7

1.3.6

What's Changed

• (APP) tally sprites have been added to the bottom toolbars of grids that display Review data. These sprites show the relevant counts for the various rows, results, and statuses displayed in the grids above. (#992)
• (App) Resolved Application Deployment Stats download issue. (#994)
• (App) Resolved issue causing error when persistent Collection Review tab was re-opened.(#997)
• (App) Resolved issue with errorEvents causing errors in error handler. (#998)
• (Docs) Additional info about Review handling and tracking between STIG revisions. (#999)

Full Changelog: 1.3.5...1.3.6

1.3.5

What's Changed

• (API) Review carry-forward feature implemented. Reviews are now associated with a key composed of the calculated digest of Rule Check Content and the Rule Version ("STIG ID"), rather than specific RuleIds. This will allow a much greater proportion of Reviews to apply across changes between STIG Revisions (#957).
• (App) Last modified RuleId context now displayed in Attributions Panel, with hover text indicating other applicable RuleIds.
• (App) OIDC Library refactor (#775).
  • This change uses features of the browser that require the web client to be in a Secure Context. A Secure Context is one that is either using HTTPS with a valid certificate or is from localhost.
• (API/App) Assessment counts by severity now included in "Detailed" Metrics exports (#898).

NOTE: This Release includes a Database Migration.

Full Changelog: 1.3.4...1.3.5

1.3.4

What's Changed

• (API/Hotfix) Resolves an issue with missing rule-CCI associations that was causing Findings report miscounts and incomplete Rule Info presentation.
• (API/Hotfix) Resolves issue that could exclude Findings for Rules that did not have an associated CCI.
• (App/Hotfix) Removed asmCrypto dependency, replaced with native browser crypto functions.
• (App) Added more informative error handling messages.
• (App) Resolved issue preventing Application Managers from creating/modifying Owner grants via the User Admin panel.
• (API) Refactored Collection Checklist query to improve performance.
• (Workflows) Updated GitHub workflows to generate test coverage reports, build and sign binary artifacts, audit npm dependencies.
• (Workflows) [REVERTED: #982 ] The Iron Bank-based image offering on Docker Hub is now based on the Iron Bank Alpine Node image (nodejs18:18-slim), which scans much cleaner than the previously used RHEL UBI.

Full Changelog: 1.3.3...1.3.4

1.3.3

What's Changed

• (API/Hotfix) Resolves issue that could lead to inaccurate metrics percentages after Releases 1.3.1 and 1.3.2.
• (API/Hotfix) Resolves issue that could cause migration 0020 to fail when populating identical duplicate multi-check content fields.

Full Changelog: 1.3.2...1.3.3

1.3.2

What's Changed

• (App) Pass clobber parameter when recursing zip file.
• (API) Replace dependency got with axios.
• (Docs) Project description, copyright, link updates; Disable failing pdf generation.
• (App/Hotfix) Restores XSS protections inadvertently removed in 1.3.1.
• (App) Display STIG Rule differences even if RuleId stayed the same; indicate RuleId change with badge as well as highlighting.
• (App) Fix Swagger display issue in binary artifacts.

Full Changelog: 1.3.1...1.3.2

1.3.1

What's Changed

• (App/API) Allow users to replace existing STIG Revisions when importing reference benchmarks.
• (App) Restrict Collections Managers from creating or altering Owner Grants. (#934)
• (App) Parse and import XCCDF with root-level TestResult element (Found in SCAP scan results performed by HBSS or ACAS).
• (App/API) Support for importing known forms of non-DISA STIGs (vmWare STIG Readiness Guides).
• (App) Made grid text selectable in most places.
• (API) Added granular STIG Severity counts to metrics. (#915)
• (API) Include controls associated with CCIs in CCI projection responses.
• (API) Updated dependencies identified as vulnerable by Dependabot. (#925) (#918)
• (Docs) Various updates to documentation describing feature and behavior changes.
• (API) Removed remaining references to unused "global" privilege. (#909)
• (App/API/DB) Database and API changes to enable future features, including storing the hash of Rule Check Content and refining STIG Revision and Rule/content associations.

NOTE: This Release includes a Database Migration. See this PR for details: (#936)

Full Changelog: 1.3.0...1.3.1

1.3.0

What's Changed

• (App) New Collection Dashboard replaces much of the navigation previously performed in the Navigation Tree, as well as the separate Metrics report.
• (App) New STIG Revision Compare tool available from STIG Library node in Navigation Tree.
• (App) Addressed issue causing error when empty or undefined review arrays were POSTed.
• (API) Increased default value for STIGMAN_API_MAX_JSON_BODY to 30MB.
• (App) Updated dependencies to address dependabot-identified vulnerabilities.
• (App) Adjusted matching criteria for Assets with website/db extended names.

Full Changelog: 1.2.22...1.3.0

1.2.22

What's Changed

• (App/API) Added support for display of additional Rule property "Version" (aka "STIG Id" aka "Rule_Ver") information in checklists, STIG Library, and Rule Content Panel (#871)
• (API/Fix) Resolved issue preventing certain characters from being added to Review text fields (#874)
• (App/Fix) Resolved issue preventing new user grants from being properly handled in windowed panel (#869)
• (App) Prevent display grids from preserving state until specifically invoked (#865)
• (App) Adjusted label for "Null" Status import option for better clarity (#878)
• (App) Added UI indication and disabled Reject button when provided Status Text is longer than defined in specification (#876)
• (Test) Updated expired test user tokens (#864)

Full Changelog: 1.2.21...1.2.22

1.2.21

What's Changed

• (App/Feature) Added CSV export button to User App Admin panel. (#856)
• (App/Fix) Sort Assets in NavTree when building tree node (#855)
• (API/Chore) Updates to node package dependencies (#845)
• (App/Feature) Added a distinct logout button to navtree header (#844)
• (App/Feature) Collection review workspace enhancements, batch editing uses new API endpoints for better performance (#835)
• (App/Fix) Resolved overly persistent stig grid reload mask (#836)
• (App/Fix) Fallback to navy logo on img error (#839)
• (App/Fix) Enabled User grant delete button from User Admin interface (#840)
• (App/Feature) Added sourcemap to support client debugging (#841)
• (API/Fix) Fixed issue preventing AppData from loading reviewHistory > 5000 characters (#830)
• (API/Feature) Added endpoints for batch POST of reviews (#832)
• (App/Feature) Render rows to a markup cache in BufferView for better performance (#831)
• (API/Feature) Refactor migrations; avoid mysql2 bugs by removing charset/collation directives (#829)
• (Ops/Chore) Removed unused Docker-compose file envvars (#842)

Full Changelog: 1.2.20...1.2.21