3.3
3.3.0-beta1
Note
- An in-place update from previous 3.x releases is not supported for Microsoft Windows installations. This release can only be installed from scratch.
- Migration from CAST Console/CAST Imaging 2.x is supported for Microsoft Windows - see the documentation.
- Embedded Dashboard release = 2.13.2-funcrel (additional Dashboard fixes/changes are provided in this release and are detailed below.
- Security fixes included are listed in Security fixes.
New Features
| Summary | Details |
|---|---|
| Dashboards: Security Dashboard now available | The Security Dashboard is now provided as standard alongside the Management and Engineering Dashboards and can be accessed from the Application landing page via the Actions menu providing you have an appropriate license key. |
| Results: Support for AWS Bedrock AI | CAST Imaging can now supports AWS Bedrock AI services to power its AI features. An IAM access key/secret key pairing, a service location/region (such as us-east-1) and an LLM provider model ID are required. See AI Settings. |
| Results: Application discovery report | It is now possible to export a top-level report to Microsoft Word format, containing basic information about the contents of your application. See Generating an application report. |
Feature Improvements
| Summary | Details |
|---|---|
| Settings: Enable/Disable the display of table column as node in viewer for an application | Adminstrator can now enable or disable the display of table columns as objects for one or multiple applications - see the documentation. |
| Technical: Support for Oracle Forms/Reports technology. | CAST Imaging v3 now supports the analysis of Oracle Forms/Reports technology via the extension com.castsoftware.formsreport. |
| Results: improved application statisics display | Application statistics (LOC values, number of transactions etc.) are now displayed at the top of the Overview/Welcome page when consulting results. See the documentation. |
| Technical: Support for PowerCenter technology | CAST Imaging v3/8.4.3 now supports the analysis of PowerCenter technology via the User Community extension com.castsoftware.uc.powercenter. |
| Administration: Assign applications to domains | It is now possible to assign an application to a domain from the application landing page via the "Assign to domain" action menu - previously this was only possible from the Administration settings panel. |
| Installation: Separation of the "dashboards" component | It is now possible to choose to install the CAST Dashboards (Engineering/Management) as a separate standalone component. Previously, this component was provided as part of the "imaging-services" component and was therefore always installed. Now, if you are not licensed for CAST Dashboards or you are not interested in them, you can choose not to install them. See Installation on Microsoft Windows. |
| Results: Data Sensitivity display | The display of Data Sensitivity indicators has been improved and available for table columns and other objects (custom indicators) in the Characteristics right panel. |
| Dashboards: New report for CWE Top 25 2024 | A new CWE Top 25 2024 has been added to the PDF report generation feature available in the Engineering Dashboard. |
| Dashboards: Improve LOC value display in tiles in dashboard | The LOC values available in tiles in all dashboards will now show both new (66071) and old (10151) metric IDs. Drill-downs continue to show the old (10151) metric ID. Tool tip info bubbles have been updated to explain the change. See Size Indicator tiles - Management Dashboard and Application Components tile - Engineering Dashboard. |
| Dashboards: New report for STIG V6 standard | A new STIG V6 report has been added to the PDF report generation feature available in the Engineering Dashboard. |
| Results: Improved structural flaws presentation | The way in which structural flaws are displayed direct from the "Improve application quality" tiles in the "Welcome page" has been improved with the addition of an intermediate page listing all rules and all flaws, therefore making it easier to navigate and find the objects containing the flaws. See the documentation. |
| Results: Complete and Incomplete transactions filter | When searching for transactions via the custom view search, it is now possible to filter on Complete (with end-points) and Incomplete (without end-points) transactions. |
Other Updates
| Internal Id | Details |
|---|---|
| IMAGKSL-2668 | The Keycloak authentication component has been updated to v. 26.0.x. |
| IMAGSYS-18493 | Results: A minor update has been implemented to ensure that when multiple items are selected in the view, and then the right click menu option Add Dependencies > Add Parent or Add > Children is chosen, the action applies to all selected nodes. Currently the action is applied to only one of the selected items. |
| IMAGSYS-18357 | Results: A minor update has been implemented to change the location where Data Sensitivity information is provided. Previously this information was made available in the right-panel under "Additional Details": now this information is displayed in the Characteristics section in the same panel. You can find out more about Data Sensitivity here. |
| IMAGSYS-18002 | Results: A minor update has been implemented to change the default drill-down behaviour when double-clicking a node at Level 5: previously the behaviour was to display objects using the "Expand objects with caller/callee, group by communities" option where objects are grouped together, however the new behaviour is to use the simple "Expand objects" option. The same applies when double clicking items at object level. The previous "communities" drill-down behaviour is still available at object level via the "Drill mode options" option in the left panel. |
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 50864 | Dashboards: Fixes various Spring related security violation for versions 5.7 prior to 5.7.13, 5.8 prior to 5.8.15, 6.0 prior to 6.0.13, 6.1 prior to 6.1.11, 6.2 prior to 6.2.7, and 6.3 prior to 6.3.4. |
| 50801 | Dashboards (HD/MD): Fixes an issue causing the Technical size value to be displayed as null. |
| 50917 | Dashboards (ED): Fixes an issue where the sort option does not function correctly in the exclusion list. |
| 50938 | Dashboards: Fixes an issue where an incorrect download link is provided when using the "Check for update" option. |
| 51086 | Dashboards (ED): Fixes an issue causing the need to action a manual reload after removing re-solved violations. |
| 51307 | Dashboards (ED): Fixes an issue where the Size Snapshot comparison displays percentage instead on numeric value (for ISO view). |
| 51573 | Dashboards (ED): Fixes an issue causing performance issues while loading the violations. |
| 51737 | Dashboards (ED): Fixes an issue where the CWE Assessment Model (added in the latest release of the com.castsoftware.owasp-index extension) is missing from the Security Dashboard. |
| 51885 | Results: Fixes an issue where technology LOC (line of code) values are missing if only one single user defined module (based on a technology) is defined. |
Bug Fixes
| Internal Id | Details |
|---|---|
| IMAGKSL-2316 | Fixes an issue that prevented users with the Application User profile from viewing source code. |