Remediate 2.x release notes

New features, enhancements, resolved issues, and known issues for Puppet Remediate 2.x release series.

Version 2.0.1

Released 8 July 2021.

Resolved issues in this release:

  • Tenable.sc integration - Fixed an issue where Tenable.sc was not verifying Remediate SSL certificates. This fixes CVE-2021-27018.
  • Tenable.io integration - Fixed a bug where integration fails occasionally after Tenable.io is added as a source.
  • Remediate UI - Corrected an issue with the Cancel activity button where it was not disabled on first click.
  • High severity vulnerabilities - Remediate image updated to resolve the following high severity vulnerabilities:
    • CVE-2021-20305
    • CVE-2019-25013
    • CVE-2019-5827
    • CVE-2021-27219
    • CVE-2021-3517
    • CVE-2021-3560
  • Accept risk - Corrected an issue where the Accept risk review timed out if a large number of nodes were selected.
  • Accept risk table - Fixed an issue where the Accept risk table did not display properly.
  • Tagging - Removed a redundant Assign tags button from the Node overview page.
  • Medium severity vulnerabilities - Several medium severity vulnerabilities were also resolved in the Remediate image update.
  • Tenable.io integration - Remediate now detects if there is a corrupted export in Tenable.io and informs the user in the integration status page.

Version 2.0.0

Released 14 April 2021.

New in this release:

  • Node tagging - This release introduces the ability to assign tags to nodes to group them according to any criteria you choose. You can now For full details of this feature, see Tagging nodes.
  • Import scanner tags - You can elect to import tags that are assigned to nodes by the Qualys and Tenable.io vulnerability scanners by selecting the Import Tags option when adding them as a source.
  • Cancel data discovery runs - Data discovery runs can now be cancelled before completion with the click of a button.
  • Vulnerability scanner SSL certificates - The process for adding certificates signed by an internal certificate authority for vulnerability scanners has been simplified. Certificates signed by an internal certificate authority are now validated by Remediate and customers are strongly recommended to upgrade to version 2.0.0. This fixes CVE-2021-27018. For more information, see SSL certificate verification for scanners.
  • Admin user group - A new 'admin' user group was added to allow individual users to have admin superuser privileges. For more information on this feature, see Managing user access.
  • AWS provider improvements - Improved the way in which the AWS provider discovers regions.
  • Improved provider logging - Messages previously written to the messages channel are now outputted to edge docker logs.

Resolved issues in this release:

  • Source management - Simplified the process of deleting a source by removing an unnecessary pop-up drop-down menu.
  • Puppet Tasks updated - The default Puppet Tasks shipped with Remediate were updated to the latest versions.
  • Remediate tasks - Resolved an issue where task output was not captured for all tasks.
  • Working with multiple sources - Added the Canonical ID field to Node Attributes table to aid troubleshooting of deduplication issues when using multiple discovery sources.
  • Mayday logs - Information on accessible nodes is now included in the mayday logs.
  • Data discovery UI - Fixed a bug where the status icon did not update when the Discover all button was clicked on the Manage Sources pages
  • Puppet Enterprise integration - Fixed an issue where adding a trailing slash to the Puppet Enterprise source URL resulted in no tasks being discovered.
  • Running tasks - Corrected an issue where multiple tasks jobs could be run if the Run Task button was clicked multiple times before the initial API request was sent.
  • Vulnerable node filtering - Fixed an issue where the filter on the Nodes table on the Vulnerability Details page did not handle multiple filters.
  • Accept risk functionality - Resolved a bug where accepting risks on all nodes for a vulnerability caused an error.
  • Node filtering - Corrected an issue where filter requests were aborted or sent twice on the Nodes by operating system page.
  • Run task wizard - Updated the Run tasks wizard to fix a bug that caused the loss of user-set credentials if the user went back to the Add Credentials step from the Node Overview step.
  • Run task functionality - Fixed an issue where it was possible to run tasks without adding mandatory parameters.
  • Node filtering options - Corrected a bug where any attempt to remove a source filter results in an error if the only active filter applies on sources on the Nodes page.
  • Integration status icon - Updated Remediateto correct an issue where On the first run of a fresh install with a security source, the integration status icon remained 'unset'.
  • Run task workflow - Resolved a bug that caused the run task workflow to work incorrectly if only a single node was selected.
  • unset-override command - Corrected an issue that prevented the unset-override from working for global keys.
  • Initializing Remediate - Updated Remediate so that IPv6 no longer needs to be configured on the host for Remediate to initialise.
  • Node filtering - Fixed an issue where if all nodes from a filter were selected and the filter removed, select all was still applied in the Nodes page.
  • Adding sources - Improved the look and feel of the page loading message in the Add source page.
  • Data discovery UI - The number of nodes that a task can be run against has been capped at 10,000 nodes to prevent slow loading of the UI. A warning message is presented if the number of selected nodes exceeds 10,000.