Product Update: Release 4.8 - Featuring New Compenents

Product Update: Release 4.8

We are excited to announce the release of IriusRisk 4.8 which includes:

• New components
• Bi-directional dataflows for Visio
• Security Improvements

Security Content

The following new components have been added to IriusRisk:

• Google Cloud Identity and Access Management (IAM)
• Google Cloud Identity-Aware Proxy (IAP)
• Google Cloud Terraform
• Google Cloud Router
• Google Cloud Interconnect
• Google Vertex AI
• Google Vertex AI Workbench
• Google Cloud Functions
• SSH Client
• SSH Server

Visio API

The Visio import API will now parse bi-directional dataflows in Visio diagrams and create the two uni-directional dataflows used in IriusRisk.

Security improvements

At the beginning of April this year we sent an email informing customers of the vulnerability CVE-2022-22965 in the Spring framework version 4.3.23 used by IriusRisk. SaaS and on-premise customers with default docker configurations were not vulnerable due to mitigating controls in place. The version of Grails used meant we were not able to immediately upgrade to the patched Spring 5.x version. Although not exploitable, we did not want vulnerable libraries to remain in the product long term.

In this release we have completely removed Grails and have upgraded Spring to the non-vulnerable version 5.3.21. We have also fixed two additional critical vulnerabilities with the migration:

• CVE-2022-22978, relating to spring security
• CVE-2022-35912 relating to grails core

Release notes

For more information, see the Version 4.8 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access

‍