Skip to content

1.2.0
Compare
Choose a tag to compare
@izar izar released this 30 Apr 16:58
· 165 commits to master since this release
v1.2.0
c3b824c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

In this release, we are aiming at clearer reports and some more data-oriented facilities.

Breaking changes

  • Replace usesLatestTLSversion with minTLSVersion in assets and tlsVersion in data flows #123
  • When the data attribute of elements is initialied with a string, convert it to a Data object with undefined as name and the string as description; change the default classification from PUBLIC to UNKNOWN #148

New features

  • Separate actors and assets from elements when dumping the model to JSON #150
  • Add unique Finding ids #154
  • Allow to associate the threat model script with source code files and check their age difference #145
  • Adapt the DFD3 notation #143
  • Allow to override findings (threats) attributes #137
  • Allow to mark data as PII or credentials and check if it's protected #127
  • Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
  • Added HTML docs using pdoc #110
  • Added checksDestinationRevocation attribute to account for certificate revocation checks #109

Bug fixes

  • Escape HTML entities in Threat attributes #149
  • Fix generating reports for models with a Datastore that has isEncryptedAtRest set and a Data that has isStored set #141
  • Fix condition on the Data Leak threat so it does not always match #139
  • Fixed printing the data attribute in reports #123
  • Added a markdown file with threats #126
  • Fixed drawing nested boudnaries #117
  • Add missing provideIntegrity attribute in Actor and Asset classes #116
Assets 2
Loading