MONARC Changelog ================ ## 2.9.1 (2019-10-29) ### Upgrade - upgrade of the Backend Framework. Now we use ZendFramework 3; - restructured the Monarc code to comply with PSR-2 standard; - updated the usage of the dependencies (Core and FrontOffice) from packagist.org; - some code improvements and bug-fixes. ## 2.9.0 (2019-08-23) ### New - each analysis can now integrate a record of processing activities in order to help you in your GDPR compliance efforts; - it is now possible to create and manage set of recommendations via the knowledge base of a risk analysis. Like for the security referentials (introduced in version 2.8.0), MOSP can now be used in order to [share recommendations](https://objects.monarc.lu/schema/17). ### Fix - Monarc 2.8.3 - invalid datetime format: 1292 [#179](https://github.com/monarc-project/MonarcAppFO/issues/179) - various minor fixes and improvements. ## 2.8.3 (2019-07-26) ### Enhancement - Some improvements in MOSP import - Some improvements in 3rd deliverable ### Fix - SOA is not imported [#166](https://github.com/monarc-project/MonarcAppFO/issues/166) - Drag & drop in risk treatment plan fails after 1 change [#167](https://github.com/monarc-project/MonarcAppFO/issues/166) - Underscore "\_" is not considered as a special character in password reset [#169](https://github.com/monarc-project/MonarcAppFO/issues/169) - Error when duplicating object [#171](https://github.com/monarc-project/MonarcAppFO/issues/171) - Add objects in model/anr from common DB [#172](https://github.com/monarc-project/MonarcAppFO/issues/172) - Composed objects in the library->position [#174](https://github.com/monarc-project/MonarcAppFO/issues/174) - Import analysis -> conflict on uuid on objects [#175](https://github.com/monarc-project/MonarcAppFO/issues/175) - FO > Knowledge base > OP risks [#177](https://github.com/monarc-project/MonarcAppFO/issues/177) ## 2.8.2 (2019-05-28) ### New - the MONARC core objects (assets, threats, vulnerabilities and risks) are now identified with UUIDs. We published the objects on the [MONARC objects sharing platform](https://objects.monarc.lu). Risks from the CASES models are also [available](https://objects.monarc.lu/schema/16); - Assets, threats, vulnerabilities, risks and referentials can be imported in the knowledge base of your analysis from MOSP without leaving the MONARC user interface. ### Enhancement - Adding referential afterwards does not update the knowledge base [#156](https://github.com/monarc-project/MonarcAppFO/issues/156). ### Fix - Import analysis in 2.81, exported from 2.72, gives errors [#152](https://github.com/monarc-project/MonarcAppFO/issues/152); - Edit label of added Referentials does not work [#153](https://github.com/monarc-project/MonarcAppFO/issues/153); - Problem generating deliverable [#157](https://github.com/monarc-project/MonarcAppFO/issues/157); - Categories are duplicated in import [#158](https://github.com/monarc-project/MonarcAppFO/issues/158); - Getting prob & impacts on operational risks [#161](https://github.com/monarc-project/MonarcAppFO/issues/161). ## 2.8.1 (2019-04-24) ### New - the dashboard can now be exported to a CSV file or to a presentation file (.pptx). ### Enhancement - Improve the treatment of a risk [#114](https://github.com/monarc-project/MonarcAppFO/issues/114); - Improve risk sheet screen [#139](https://github.com/monarc-project/MonarcAppFO/issues/139); - the cartography in the dashboard has been improved. ### Fix - Loss of recommendation link [#150](https://github.com/monarc-project/MonarcAppFO/issues/150). ## 2.8.0 (2019-03-01) ### New - [management of multiple referentials](https://www.monarc.lu/news/2019/03/01/monarc-280-released#management-of-multiple-security-referentials); - [mapping between security referentials](https://www.monarc.lu/news/2019/03/01/monarc-280-released#mapping-between-security-referentials); - [improvements to the statement of applicability](https://www.monarc.lu/news/2019/03/01/monarc-280-released#improvements-to-the-statement-of-applicability); - [batch import of objects](https://www.monarc.lu/news/2019/03/01/monarc-280-released#batch-import-of-objects); - [improvements to the dashboard](https://www.monarc.lu/news/2019/03/01/monarc-280-released#improvements-to-the-dashboard); - [MONARC Objects Sharing Platform](https://www.monarc.lu/news/2019/03/01/monarc-280-released#monarc-objects-sharing-platform); - it is now possible to set a page for your terms of service when MONARC is used to provide a service. ### Fix - Fixed an issue when deleting threat theme [#143](https://github.com/monarc-project/MonarcAppFO/issues/143) - Improved the go back on risk sheet [#95](https://github.com/monarc-project/MonarcAppFO/issues/95) ## 2.7.4 (2018-11-27) ### Fix - Fixed risk target calculation [199db6c](https://github.com/monarc-project/zm-core/commit/199db6c1a59fe6cfead19bcc63d99c0b52f711aa); - Fixed a typo in SoaCategorySuperClass [ea72881](https://github.com/monarc-project/zm-core/commit/ea72881d6a99acb0b658d7cb17d02a9338da5116); - Fixed an issue when operational raw risks are hidden before an import [f382c91](https://github.com/monarc-project/zm-client/commit/f382c91fe624ea12d0c5b67c897879c359f09dd8); - Fixed some minor issues in the views [cbbd94e](https://github.com/monarc-project/ng-anr/commit/cbbd94e7a019e7fa7dd8acf11334e9d4290166a7); - Fixed several bugs in the reports generation (in the PHPWord library) caused by special characters. ## 2.7.3 (2018-10-25) ### Enhancement - added backend capability for the bulk creation of objects; - various improvements and harmonization of the backend code; ### Fix - Sort order for operational risks in final deliverable annex D (#111); - Upload of template deliverable fails in Dutch (#141); - SOA is now included in snapshots. ## 2.7.2 (2018-10-08) ### Fix - MONARC is now compatible with PHP 7.2 (#89). Future MONARC virtual machines will be based on Ubuntu Bionic LTS; - Reports not generated in user's language or selected templates (#129); - All your rights have been revoked. Please contact the manager for your organization (#110); - various improvements and minor fixes in the back end. ## 2.7.1 (2018-09-07) ### Enhancement - inform user which rights he has on each risk analysis (#131); - display read/write access of the currently connected user on the home page (list of analysis) (#130); - improvements to the statement of applicability (SOA) module (speed improvements); - minor improvements to the home page. ### Fix - impossible to download a report when user has no wright access (#133); - name of columns of the evaluation scales are not displayed when a user has not write access (#132). ## 2.7.0 (2018-08-22) ### New - this release introduces the statement of applicability (SOA) module for your risk analysis. This is a first step towards the awaited [Statement of Applicability & Gap Analysis module](https://github.com/monarc-project/MonarcAppFO/wiki/feature-SOA&GAP) ### Fix - Error in translation in sector 3 of Final report (#124); - The management of the position in the library is not working (#123); - Empty categories in the library (#122); - Impossible to order the questions in the back oficce (#121); - Hidden impacts function doesn't works (#119); - Search and sort filter for import (#38). ## 2.6.0 (2018-07-20) ### New - MONARC users who open the home page in the web interface will see an image in the bottom left corner with the text "up-to-date" in green, "update available" in orange or "security update available" in red. This will make outdated version more visible for users of MONARC. This version checking is performed thanks to a [dedicated service](https://version.monarc.lu/version/MONARC). ### Enhancement - the import and export functions have been improved; - creation of recommendation and missing field (#115); - make an easy link to implement the recommendation directly from the risk view (#112). ### Fix - fixed a bug in the table Risk treatment plan management. - problem on date parsing with the date-picker with non-US browsers (when using date.toLocaleString) (#117) - it is not possible to reset the ``duedate`` attribute of a recommendation since the introduction of the date-picker (#116) - review and correct the functionality of import by fusion or merge (#62) - minor translations fixes. ## 2.5.0 (2018-07-04) ### New - all dashboard data can now be exported to a CSV file with tabs; - fine grained export of risk analysis (choice between method steps, interviews, existing controls and recommendations); - it is now possible to create a new recommendation from an existing one; - account deletion / right to erasure (#109). ### Enhancement - how to erase the evaluation of all threats of a risk analysis (#97); - the risk treatment view has been improved (#96); - MONARC and the back office are now using AngularJS 1.7.0. ### Fix - impossible to edit some fields in BO. Only is possible in the default language of instance (#108); - md-datepicker sends the day before the one that was selected (#105); - the filter by tag is not working on Knowledge base > Operational Risk (#103); - the generation of deliverables has been improved (bullet point lists) (#101); - various minor improvements and fixes in the back office of MONARC. ## 2.4.2 (2018-06-08) ### Enhancement - improvements for the breadcrumb used in the graphs of the dashboard. Moreover it is now possible to click in the items of the breadcrumb in order to navigate between the different graph's levels; - the deadlines of recommendations are now set with a date picker in the fourth step (#98); - Removed the filter on the checkbox of the step 3 to display the dashboard of residual risk (#99); - the column 'phone' has been removed from the 'users' table and in the models. The application must store the minimum amount of information required on users; - Validate recommendations for operational risks (#102); - the translations have been improved. ### Fix - Operational risks are not updated (#93); - In the 4th deliverable, an inherited risk is displayed at -1 and in red color (#100); - Fixed a problem with some translations in the legends of the report's graphs; - Removal of a recommendation on same risk of different assets of the same type (#92). ## 2.4.1 (2018-05-30) ### Enhancement - the dashboard has been improved with more interactive graphs; - the dashboard view is now part of the analysis. The home page of MONARC simply lists the projects. ### Fix - Removal of a recommendation on same risk of different asset of the same type (#92); - Order of operational risks (#88). ## 2.4.0 (2018-05-14) ### New - the dashboard of MONARC has been entirely revamped and is now using D3.js; - the version of MONARC is specified in all exported objects. ### Fix - restart from an existing analysis (#87); - order of operational risks (#88). ## 2.3.0 (2018-04-27) ### New - an administrator of a MONARC front office instance is now able to set custom templates for deliveries per step. ### Enhancement - default deliveries templates were improved; - the section dedicated to the management of the organization has been moved in a dedicated view; - improved the switching between the different available languages; - improved the generation of the deliveries. ### Fix - fixed a bug in the generation of the deliveries (#84); - Inconsistency of Threat and Vulnerability Tables (#82); - various minor fixes. ## 2.2.1 (2018-02-14) ### Enhancement - Lack of information in the final deliverable (#65) - Update template of third deliveries ### Fix - CID/CIA translation in generateImpactsAppreciation for the deliveries (zm-client/#3) - Removed useless dependencies to City entity. ## 2.2.0 (2018-02-01) ### New - generate deliverable on 4th step of method (#51) - export all of risk analysis data (#28) ### Enhancement - option of export tables in a csv file (#52) - show version MONARC on left panel (#50) - ensures new users (of the back office) are created with a level of permissions (#48) - the back office displays the appropriate view based on the user permissions (#48) - set the selected attribute for the search filter of models in the back office ### Fix - user operational risk - tag (#55) - operational risk - tag (#54) - detach a tag from an asset (#53) - operational risk importation (#64) - various minor fixes in the back office (management of models) To update, check out our [update](http://monarc.lu/technical-guide/#monarc-update) instructions. This release includes a consequent changes in the database of the back office and in the synchronization process of the deliveries templates (between the back office and the different clients instances). If you are using a back office, be careful to also update your ansible playbook ([instructions](http://monarc.lu/technical-guide/#update-monarc-when-connected-to-a-back-office)). ## 2.1.0 (2017-12-04) ### Enhancement - cleaning of the initial database structure. - split database model and data. - simplify the panel to create new MONARC clients. - improved the table of MONARC clients of the administration panel. - removed all useless column of the 'clients' table. - removed cities and countries tables in the database. - added a condition to hide/show probability field on Threats assessment. - it is now possible to export a whole analysis (or an asset) in JSON or as an encrypted JSON file. Analysis exported with the legacy system can still be imported in MONARC (#47). - it is now mandatory to specify a level of permissions when creating a new user. ### Fix - minor fixes in the forms of the user profile page. - minor translations fixes. - fixed a bug that prevented users to update password without the password recovery feature. ## 2.0.4 (2017-10-27) ### Fix - fix a bug with salted passwords that prevented users to update their password. Users may have to use the password recovery functionality (zm-core) Reported by Nicolas SCHWARTZ, Cyber Security Team of PwC Luxembourg. - set default deliveries in english (zm-client); - block the probability in the threat assessment in 1.2 of the method (ng-anr); ## 2.0.3 (2017-10-13) ### Fix - set default deliveries in english. - Set NewCenturySchlbk-Roman Imagick font. ## 2.0.2 (2017-10-10) ### New - MONARC is now available in Dutch. ### Enhancement - updated German translations. - updated the font used for the images in the generated reports. - minor improvements in the configuration. ### Fix - Lost operational risk when importing from MONARC Common DB (#32) - PHP Notice: Use of undefined constant i (#33) ## 2.0.1 (2017-08-28) ### Enhancement - Auto-complete function in the creation of a specific risk (#29) - Remove the category for operational risk (#26) - update of the database - the database of MONARC is now backed up before an upgrade ### Fix - Import bug : Format of duedate in recomandation (#30) - Problem when a label of an impact contains a character such as '&' or '%' (#24) - Lost operational risks of assets in library after a snapshot (#25) - Problem setting a comment in new scale row (#24) - hash of users' passwords were exposed through the API as reported by Thomas LARCHER, Cyber Security Team of PwC Luxembourg. ## 2.0.0 (2017-08-07) ### Other - initial release of the version 2.0.0 of MONARC; - project source code is now hosted at https://github.com/monarc-project