We are excited to announce the release of IriusRisk 4.8 which includes:
- New components
- Bi-directional dataflows for Visio
- Security Improvements
The following new components have been added to IriusRisk:
- Google Cloud Identity and Access Management (IAM)
- Google Cloud Identity-Aware Proxy (IAP)
- Google Cloud Terraform
- Google Cloud Router
- Google Cloud Interconnect
- Google Vertex AI
- Google Vertex AI Workbench
- Google Cloud Functions
- SSH Client
- SSH Server
The Visio import API will now parse bi-directional dataflows in Visio diagrams and create the two uni-directional dataflows used in IriusRisk.
At the beginning of April this year we sent an email informing customers of the vulnerability CVE-2022-22965 in the Spring framework version 4.3.23 used by IriusRisk. SaaS and on-premise customers with default docker configurations were not vulnerable due to mitigating controls in place. The version of Grails used meant we were not able to immediately upgrade to the patched Spring 5.x version. Although not exploitable, we did not want vulnerable libraries to remain in the product long term.
In this release we have completely removed Grails and have upgraded Spring to the non-vulnerable version 5.3.21. We have also fixed two additional critical vulnerabilities with the migration:
- CVE-2022-22978, relating to spring security
- CVE-2022-35912 relating to grails core
For more information, see the Version 4.8 Release Notes.
Shape the future of Threat Modeling with us!
Join IriusRisk Horizon
IriusRisk Horizon - Customer Research, Product Discovery, and Early Access
Bringing you the latest on all things threat modeling and architectural security.