Skip to content

Latest commit

 

History

History
99 lines (70 loc) · 5.51 KB

CHANGELOG.md

File metadata and controls

99 lines (70 loc) · 5.51 KB
Raw

1.2.0

Breaking changes

  • Replace usesLatestTLSversion with minTLSVersion in assets and tlsVersion in data flows #123
  • When the data attribute of elements is initialied with a string, convert it to a Data object with undefined as name and the string as description; change the default classification from PUBLIC to UNKNOWN #148

New features

  • Separate actors and assets from elements when dumping the model to JSON #150
  • Add unique Finding ids #154
  • Allow to associate the threat model script with source code files and check their age difference #145
  • Adapt the DFD3 notation #143
  • Allow to override findings (threats) attributes #137
  • Allow to mark data as PII or credentials and check if it's protected #127
  • Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
  • Added HTML docs using pdoc #110
  • Added checksDestinationRevocation attribute to account for certificate revocation checks #109

Bug fixes

  • Escape HTML entities in Threat attributes #149
  • Fix generating reports for models with a Datastore that has isEncryptedAtRest set and a Data that has isStored set #141
  • Fix condition on the Data Leak threat so it does not always match #139
  • Fixed printing the data attribute in reports #123
  • Added a markdown file with threats #126
  • Fixed drawing nested boudnaries #117
  • Add missing provideIntegrity attribute in Actor and Asset classes #116

1.1.2

  • Added Poetry #108
  • Fix drawing DFDs for nested Boundaries #107

1.1.1

  • Fix pydal dependencies install on pip #106

1.1.0

Breaking changes

  • Removed HandlesResources attribute from the Process class, which duplicates handlesResources
  • Change default Dataflow.dstPort attribute value from 10000 to -1

New features

  • Add dump of elements and findings to sqlite database using "--sqldump " (with result in ./sqldump/) #103
  • Add Data element and DataLeak finding to support creation of a data dictionary separate from the model #104
  • Add JSON input #105
  • Add JSON output #102
  • Use numbered dataflow labels in sequence diagram #94
  • Move authenticateDestination to base Element #88
  • Assign inputs and outputs to all elements #89
  • Allow detecting and/or hiding duplicate dataflows by setting TM.onDuplicates #100
  • Ignore unused elements if TM.ignoreUnused is True #84
  • Assign findings to elements #86
  • Add description to class attributes #91
  • New Element methods to be used in threat conditions #82
  • Provide a Docker image and allow running make targets in a container #87
  • Dataflow inherits source and/or sink attribute values #79
  • Merge edges in DFD when TM.mergeResponses is True; allow marking Dataflow as responses #76
  • Automatic ordering of dataflows when TM.isOrdered is True #66
  • Loading a custom threats file by setting TM.threatsFile #68
  • Setting properties on init #67
  • Wrap long labels in DFDs #65

Bug fixes

  • Ensure all items have correct color, based on scope #93
  • Add missing server isResilient property #63
  • Advanced templates in repeat blocks #81
  • Produce stable diagrams #79
  • Allow overriding classes #64

1.0.0

New features

  • New threats #61

Bug fixes

  • UnicodeDecodeError: 'charmap' codec can't decode byte 0x9d #57
  • _uniq_name missing 1 required positional argument #60
  • Render objects with duplicate names #45

0.8.1

Bug fixes

  • Draw nested boundaries #54, #55

0.8.0

New features

  • Draw nested boundaries #52