Product Update: Release 4.8

We are excited to announce the release of IriusRisk 4.8 which includes:

New components
Bi-directional dataflows for Visio
Security Improvements

Security Content

The following new components have been added to IriusRisk:

Google Cloud Identity and Access Management (IAM)
Google Cloud Identity-Aware Proxy (IAP)
Google Cloud Terraform
Google Cloud Router
Google Cloud Interconnect
Google Vertex AI
Google Vertex AI Workbench
Google Cloud Functions
SSH Client
SSH Server

Visio API

The Visio import API will now parse bi-directional dataflows in Visio diagrams and create the two uni-directional dataflows used in IriusRisk.

Security improvements

At the beginning of April this year we sent an email informing customers of the vulnerability CVE-2022-22965 in the Spring framework version 4.3.23 used by IriusRisk. SaaS and on-premise customers with default docker configurations were not vulnerable due to mitigating controls in place. The version of Grails used meant we were not able to immediately upgrade to the patched Spring 5.x version. Although not exploitable, we did not want vulnerable libraries to remain in the product long term.

In this release we have completely removed Grails and have upgraded Spring to the non-vulnerable version 5.3.21. We have also fixed two additional critical vulnerabilities with the migration:

CVE-2022-22978, relating to spring security
CVE-2022-35912 relating to grails core

Release notes

For more information, see the Version 4.8 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access

‍