Release notes

New features, enhancements, resolved issues, and known issues for Puppet Remediate 1.x release series.

Version 1.3

Released 3 June 2020

New in this release:

  • Record of Remediation - Puppet Remediate has been updated to provide persistent records of the events initiated to combat vulnerabilities. You can now see data on the latest events and remediation tasks that have been carried out, who initiated them, and whether they were successful or not, for any given vulnerability.
  • Audit log - Remediate now contains a fuller audit log that provides data on user, source, credential, and task management events. This is available via command line and can be stored or examined as an audit trail.
  • Activity feed - Data on latest remediation events are now persisted even after restart.
  • Improved data polling configuration - The Update Interval option has been added to the security source configuration. This allows users to set how often Remediate checks for new data. This defaults to 30 minutes. Users who use Remediate in large environments should adjust this value accordingly.
  • Severity threshold configuration - The Severity threshold option has been added to the security source configuration. When configured Remediate will not import any vulnerabilities with a severity less than the configured value. This defaults to importing all vulnerabilities, regardless of severity.
  • integration - The integration now uses the last_found field instead of the since field.

Resolved issues in this release:

  • integration - Improved error handling when requesting authentication tokens from the server.

Version 1.2.1

Released 23 March 2020

Resolved issues in this release:

  • Service logs timestamps - Remediate has been updated to fix an issue where timestamps were missing from service logs.
  • Custom registry installs - A fix was added for an issue that stopped the install image from loading when using a custom container registry.
  • Vault container shutdown issue - A fixed was added to Remediate to resolve an issue that caused the vault container to be inadvertently shut down.
  • Non-UTF-8 encoded status message issue - Remediate was updated to fix an issue where the controller panicked if it encountered a non-UTF-8 encoded status message.
  • Non-admin login issue - This release fixes an issue where non-admin accounts were permitted to log in before the initial configuration was complete.

Version 1.2.0

Released 26 February 2020

New in this release:

  • Vulnerabilities dashboard redesign - The Remediate Vulnerabilities dashboard has been redesigned with a new Metrics bar, data visualizations, and reorganization of vulnerability and affected node information.
  • Performance improvements - The database behind Remediate has been completely redesigned for this release to provide significant performance and scale improvements.
  • Puppet Risk Score - To enhance risk-based prioritisation, the addition of the Puppet Risk Score (the risk score assigned by your vulnerability scanner multiplied by the number of nodes affected) allows you to reduce the risk in your environment even faster.
  • Offline install updated to use custom container registries - The offline install process has been expanded to allow users to install from their own custom container registries.
  • Integration status redesign - The Integration status indicator has been moved to navigation sidebar to give you immediate information on the health of your latest scans.
  • Source credential testing - You can now test access credentials when setting up a scanner on the Add sources page before you run a scan.

Resolved issues in this release:

  • Duplication of nodes - The Remediate database redesign incorporates a fix to prevent possible duplication of nodes information in the Remediate UI.
  • integration - Remediate has been updated to correct an issue where some vulnerabilities reported in were not reflected in the Remediate UI.

Version 1.1.1

Released 9 January 2020

New in this release:

  • Scan refresh functionality - You can now manually trigger a rescan of all or selected resources from the Manage Sources page.
  • SUSE Linux 11 integration - Remediate now fully supports SUSE Linux 11.
  • Activity feed updates - The Recent Events table has been updated to include the username of the event initiator.

Resolved issues in this release:

  • Offline install - Remediate now uses a dedicated Docker image bundle and docker-compose.yml file for offline installs.
  • SSH Updates - Remediate has been updated to enable SSH access to hosts that use CBC ciphers.
  • Container DNS issue - Remediate has now been updated to fix a DNS issue where the container added ndots configuration to the /etc/resolv.conf file.
  • Qualys API integration - Remediate is now able to parse human-readable durations used by the Qualys API that may be reported during daylight savings.

Version 1.1.0

Released 31 October 2019

New in this release:

  • support - Remediate now supports the (Security Center) vulnerability scanner.
  • Multi-user support - User management in Remediate has been completely updated. Administrators can now:
    • Create and manage multiple users accounts.
    • Assign different group privileges to user accounts.
    • Configure Remediate to work with LDAP or Active Directory servers.
  • RBAC Permissions - Assign user privileges to:
    • Add, remove, or run tasks
    • Add or remove credentials
    • Add or remove sources
  • Remediation workflow improvements - The vulnerability remediation workflow has been improved and additional information on the vulnerability and the steps needed to remediate it are provided.

Resolved issues in this release:

  • Offline install not working - The -o flag has been introduced to the remediate start command to ensure you can start remediate when there is no internet access.
  • OpenSSH private key support - Remediate now supports the latest version of OpenSSH private keys.

Version 1.0.1

Released 1 August 2019.

This is the initial release of Remediate.

Known issues:

  • Unable to install Remediate on Debian8 with the default kernel module. Upgrade to Kernal 4.9 and install Remediate again.
  • Network discovered nodes being shown as cloud instances. Hosts discovered via their IP address will be counted as a cloud instance and visible in the top cloud instance by region card.
  • Due to inconsistent DNS lookups, tasks fail to run on discovered hosts. When discovered hosts are running on the same domain, an inconsistent DNS lookup between discovering hosts and running tasks on discovered hosts results in tasks failing.
  • In a multi-network environment, the first discovery run might not identify the IP or hostname. Wait for the second discovery run, which happens automatically after four hours.