diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 00000000..9a2a0e21 --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +v20 diff --git a/releases/2025-01-28-mondoo-11.39-is-out.md b/releases/2025-01-28-mondoo-11.39-is-out.md new file mode 100644 index 00000000..fee81b01 --- /dev/null +++ b/releases/2025-01-28-mondoo-11.39-is-out.md @@ -0,0 +1,51 @@ +--- +slug: mondoo-11.39-is-out/ +title: Mondoo 11.39 is out! +description: Announcing the 11.39 release of Mondoo with CrowdStrike vulnerability findings in Mondoo, cases in workspaces, and more! +authors: [tim] +image: DEETS +tags: [release, mondoo] +--- + +## ๐Ÿฅณ Mondoo 11.39 is out! This release includes CrowdStrike vulnerability findings in Mondoo, cases in workspaces, and more! + +Get this release: [Installation Docs](https://mondoo.com/docs/cnspec/) | [Package Downloads](https://releases.mondoo.com/cnspec/) | [Docker Container](https://hub.docker.com/r/mondoo/cnspec) + +--- + +## ๐ŸŽ‰ NEW FEATURES + +### CrowdStrike vulnerability integration + +DEETS + +### Create cases in workspaces + +DEETS + +### Search for assets and findings in workspaces + +DEETS + +## ๐Ÿงน IMPROVEMENTS + +### Risk insights on assets + +Quickly assess asset risks with the updated Risk Insights section, displaying total counts of high and critical findings and vulnerabilities. Click any section to drill in particular findings to fix. + +![Asset page with risk insights](/img/releases/2025-01-28-mondoo-11.39-is-out/risk_insights.png) + +## ๐Ÿ› BUG FIXES AND UPDATES + +- Fix asset technology fields on VMware and OCI assets. +- Add OCI to the list of technology values available for workspace creation. +- Fix incorrect CVSS scores displayed in CVE page score boxes. +- Ensure that positive risk factors display in green. +- Display the save button on the security model settings tab even if the advanced settings aren't selected. +- Update the workspaces selection filtering to move "Kind" under infrastructure. +- Add "OCI" under the workspaces technology selection filtering. +- Fix failures generating some exports. +- Support certificate based authentication for the Microsoft Defender integration. +- Add the version number to the PCI DSS compliance framework to make it more clear which version is included. +- Fix the application of risk factors on Debian-based systems. +- Show correct timestamps for export and import integrations. diff --git a/static/img/releases/2025-01-28-mondoo-11.39-is-out/risk_insights.png b/static/img/releases/2025-01-28-mondoo-11.39-is-out/risk_insights.png new file mode 100644 index 00000000..28f6fdc9 Binary files /dev/null and b/static/img/releases/2025-01-28-mondoo-11.39-is-out/risk_insights.png differ diff --git a/yarn.lock b/yarn.lock index 935c0345..a22d8792 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2282,9 +2282,9 @@ integrity sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw== "@types/express-serve-static-core@*", "@types/express-serve-static-core@^5.0.0": - version "5.0.5" - resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-5.0.5.tgz#f6a851c7fd512e5da087f6f20d29f44b162a6a95" - integrity sha512-GLZPrd9ckqEBFMcVM/qRFAP0Hg3qiVEojgEFsx/N/zKXsBzbGF6z5FBDpZ0+Xhp1xr+qRZYjfGr1cWHB9oFHSA== + version "5.0.6" + resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-5.0.6.tgz#41fec4ea20e9c7b22f024ab88a95c6bb288f51b8" + integrity sha512-3xhRnjJPkULekpSzgtoNYYcTWgEZkp4myc+Saevii5JPnHNvHMRlBSHDbs7Bh1iPPoVTERHEZXyhyLbMEsExsA== dependencies: "@types/node" "*" "@types/qs" "*" @@ -2414,9 +2414,9 @@ "@types/node" "*" "@types/node@*": - version "22.10.10" - resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.10.tgz#85fe89f8bf459dc57dfef1689bd5b52ad1af07e6" - integrity sha512-X47y/mPNzxviAGY5TcYPtYL8JsY3kAq2n8fMmKoRCxq/c4v4pyGNCzM2R6+M5/umG4ZfHuT+sgqDYqWc9rJ6ww== + version "22.12.0" + resolved "https://registry.yarnpkg.com/@types/node/-/node-22.12.0.tgz#bf8af3b2af0837b5a62a368756ff2b705ae0048c" + integrity sha512-Fll2FZ1riMjNmlmJOdAyY5pUbkftXslB5DgEzlIuNaiWhXd00FhWxVC/r4yV/4wBb9JfImTu+jiSvXTkJ7F/gA== dependencies: undici-types "~6.20.0" @@ -2771,9 +2771,9 @@ ajv@^8.0.0, ajv@^8.9.0: require-from-string "^2.0.2" algoliasearch-helper@^3.22.6: - version "3.23.1" - resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.23.1.tgz#1780ca624b5787dae3c62110d222750875c260ee" - integrity sha512-j/dF2ZELJBm4SJTK5ECsMuCDJpBB8ITiWKRjd3S15bK2bqrXKLWqDiA5A96WhVvCpZ2NmgNlUYmFbKOfcqivbg== + version "3.24.1" + resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.24.1.tgz#763115d81fc56518bff36b7c707967f70d8fdf45" + integrity sha512-knYRACqLH9UpeR+WRUrBzBFR2ulGuOjI2b525k4PNeqZxeFMHJE7YcL7s6Jh12Qza0rtHqZdgHMfeuaaAkf4wA== dependencies: "@algolia/events" "^4.0.1" @@ -3148,9 +3148,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001646, caniuse-lite@^1.0.30001688: - version "1.0.30001695" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001695.tgz#39dfedd8f94851132795fdf9b79d29659ad9c4d4" - integrity sha512-vHyLade6wTgI2u1ec3WQBxv+2BrTERV28UXQu9LO6lZ9pYeMk34vjXFLOxo1A4UBA8XTL4njRQZdno/yYaSmWw== + version "1.0.30001696" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001696.tgz#00c30a2fc11e3c98c25e5125418752af3ae2f49f" + integrity sha512-pDCPkvzfa39ehJtJ+OwGT/2yvT2SbjfHhiIW2LWOAcMQ7BzwxT/XuyUp4OTOd0XFWA6BKw0JalnBHgSi5DGJBQ== ccount@^2.0.0: version "2.0.1" @@ -3966,9 +3966,9 @@ ee-first@1.1.1: integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.5.73: - version "1.5.87" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.87.tgz#3a89bec85e43a8b32445ec938228e4ec982e0f79" - integrity sha512-mPFwmEWmRivw2F8x3w3l2m6htAUN97Gy0kwpO++2m9iT1Gt8RCFVUfv9U/sIbHJ6rY4P6/ooqFL/eL7ock+pPg== + version "1.5.88" + resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.88.tgz#cdb6e2dda85e6521e8d7d3035ba391c8848e073a" + integrity sha512-K3C2qf1o+bGzbilTDCTBhTQcMS9KW60yTAaTeeXsfvQuTDDwlokLam/AdqlqcSy9u4UainDgsHV23ksXAOgamw== emoji-regex@^8.0.0: version "8.0.0" @@ -8099,9 +8099,9 @@ semver@^6.3.1: integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.5.4: - version "7.6.3" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.3.tgz#980f7b5550bc175fb4dc09403085627f9eb33143" - integrity sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A== + version "7.7.0" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.7.0.tgz#9c6fe61d0c6f9fa9e26575162ee5a9180361b09c" + integrity sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ== send@0.19.0: version "0.19.0"