1.2.0
In this release, we are aiming at clearer reports and some more data-oriented facilities.
Breaking changes
- Replace
usesLatestTLSversion
withminTLSVersion
in assets andtlsVersion
in data flows #123 - When the
data
attribute of elements is initialied with a string, convert it to aData
object withundefined
as name and the string as description; change the default classification fromPUBLIC
toUNKNOWN
#148
New features
- Separate actors and assets from elements when dumping the model to JSON #150
- Add unique Finding ids #154
- Allow to associate the threat model script with source code files and check their age difference #145
- Adapt the DFD3 notation #143
- Allow to override findings (threats) attributes #137
- Allow to mark data as PII or credentials and check if it's protected #127
- Added '--levels' - every element now has a 'levels' attribute, a list of integers denoting different DFD levels for rendering
- Added HTML docs using pdoc #110
- Added
checksDestinationRevocation
attribute to account for certificate revocation checks #109
Bug fixes
- Escape HTML entities in Threat attributes #149
- Fix generating reports for models with a
Datastore
that hasisEncryptedAtRest
set and aData
that hasisStored
set #141 - Fix condition on the
Data Leak
threat so it does not always match #139 - Fixed printing the data attribute in reports #123
- Added a markdown file with threats #126
- Fixed drawing nested boudnaries #117
- Add missing
provideIntegrity
attribute inActor
andAsset
classes #116