diff --git a/releases/2024-08-15-mondoo-11.17-is-out.md b/releases/2024-08-15-mondoo-11.17-is-out.md new file mode 100644 index 000000000..d6a9ac39f --- /dev/null +++ b/releases/2024-08-15-mondoo-11.17-is-out.md @@ -0,0 +1,123 @@ +--- +slug: mondoo-11.17-is-out/ +title: Mondoo 11.17 is out! +description: Announcing the 11.17 release of Mondoo, FOO, BAR, BAZ, and more! +author: Tim Smith +author_title: Mondoo Core Team +author_url: https://github.com/tas50 +image: /img/releases/2024-08-07-mondoo-11.17-is-out/empty_state.png +tags: [release, mondoo] +--- + +## ๐Ÿฅณ Mondoo 11.17 is out! This release includes a FOO, BAR, BAZ, and more! + +Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec) + +--- + +## ๐ŸŽ‰ NEW FEATURES + +### Dockerfile Security policy + +https://github.com/mondoohq/cnspec-policies/pull/426 + +### CIS AWS Database Services Benchmark + +https://github.com/mondoohq/server/pull/8848 + +### Mondoo Amazon Web Services (AWS) GuardDuty policy + +DEETS + +### Mondoo Amazon Web Services (AWS) IAM Access Analyzer + +DEETS + +## ๐Ÿงน IMPROVEMENTS + +### Newly certified CIS benchmark policies + +RHEL 9! DEETS! + +### Jump right to the point + +https://github.com/mondoohq/console/pull/4764 + +### Run AWS Serverless integration in isolated VPCs + +https://github.com/mondoohq/console/pull/4761 + +### Resource updates + +#### aws.dynamodb.table + +- New `items` field +- New `latestStreamArn` field + +#### aws.elasticache + +- New `serverlessCaches` field using the new `aws.elasticache.serverlessCache` resource + +#### aws.guardduty.detector + +- New `features` field +- New `findings` field using the new `aws.guardduty.finding` resource +- New `tags` field +- Improve performance fetching detector details + +#### aws.iam.accessAnalyzer + +- Renamed from `aws.accessAnalyzer` with backwards compatibility for existing policies +- New `findings` field using the new `aws.iam.accessanalyzer.finding` resource + +#### aws.iam.accessanalyzer.analyzer + +- New `region` field +- Include organization level analyzers as well as activated but unused analyzers + +#### aws.rds + +- New `allPendingMaintenanceActions` field + +#### aws.rds.dbcluster / aws.rds.dbinstance + +- New `enabledCloudwatchLogsExports` field +- New `preferredBackupWindow` field +- New `preferredMaintenanceWindow` field +- Improve performance fetching security groups details +- Don't include non-RDS engine results + +#### aws.timestream.liveanalytics + +- New resource with `databases` and `tables` fields + +#### aws.vpc + +- New `name` field + +#### azure.subscription.cloudDefender + +- Check the pricing tier for the Servers plan when verifying if Azure's Defender for Servers is enabled + +#### microsoft.application + +- New `certificates` field using the new `microsoft.keyCredential` resource +- New `createdAt` field +- New `description` field +- New `hasExpiredCredentials` field +- New `info` field +- New `name` field +- New `notes` field +- New `secrets` field using the new `microsoft.passwordCredential` resource +- New `tags` field + +## ๐Ÿ› BUG FIXES AND UPDATES + +- https://github.com/mondoohq/cnquery/pull/4495 +- https://github.com/mondoohq/cnquery/pull/4507 +- https://github.com/mondoohq/cnquery/pull/4506 +- https://github.com/mondoohq/cnquery/pull/4520 +- Fix a false negative result in the CIS Microsoft 365 policy's "Ensure a dynamic group for guest users is created" check. +- Add VPC name to asset overview information. +- Don't execution CIS Windows workstation benchmarks on server releases. +- Improve the default data returned by the `k8s.node` resource.