Compliance - 12:30 UTC

Type: Improvement
Description: Image Assurance - Reduce the delay between consecutive image scans.
Instead of a single image every 5 minutes, requests for image scans will now be sent from the backend to the scanning agent in batches.
Known limitations: N/A 
Affected Components: 

Compliance - 15:00 UTC

Type: New Feature
Description: Admission Control GSL rule verification has been improved. Clicking on the verify button will test the rule based on the cluster's recent API calls history.
Users can now see if the rule violated any of the last 1000 events or the last 7 days of events (the smaller of the two).
Known limitations: N/A 
Affected Components:

GCP GSuite User & GCP GSuite Group - 17:00 UTC

Type: Bug Fix
Description:  Support pagination 
Known limitations: N/A 
Affected Components:  

GCP Service Account - 14:00 UTC

Type: Bug Fix
Description:  Support pagination 
Case ID: DFT-1555
Known limitations: N/A 
Affected Components:  

AWS IAM SAML & AWS IAM Open ID -  10:30 UTC

Type: New Entities
Case ID: DFR-1299
Description: Added support for AWS IAM SAML & AWS IAM Open ID in protected assets and compliance engine.
Known limitations: N/A
Affected Components:       

Compliance Rulesets Update - 13:15 UTC

Type: Improvement

Description: The first release of Azure HITRUST v9.5.0 and Source Code Assurance 1.0 rulesets, adding new rules for the Azure platform, fixing Azure and GCP rules. A complete list can be found here. Adding new CloudBots for AWS and Azure platforms.

Case ID: DFR-1913
Known limitations: N/A 
Affected Components: 

Compliance - 12:30 UTC

Type: Bug Fix
Case ID : DFT-1499
Description: Fixing a bug with AWS SSO authentication
Known limitations: N/A 
Affected Components: 

Compliance - 15:00 UTC

Type: Bug Fix
Description: Fixing a bug with large email reports.
Known limitations: N/A 
Affected Components: 

Intelligence - 17:00 UTC

Type: Improvement
Description: Internal Improvements.
Known limitations: N/A 
Affected Components: 

Compliance Engine - 16:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Compliance Engine - 15:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Compliance API - 11:30 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Posture Findings Exclusions  - 10:00 UTC

Type: Bug Fix
Case ID: DFT-1354
Description: Run Assessment when adding a new posture findings exclusion.
Known limitations: N/A 
Affected Components: 

Fetchers Improvement - 16:00 UTC

Type: Improvement
Description: Internal Configuration Improvement.
Known limitations: N/A 
Affected Components: 

AWS S3 Bucket - 12:00 UTC

Type: Bug Fix
Case ID: DFT-1503
Description: Fix ‘objectLevelLogging’ property
Known limitations: N/A 
Affected Components: 

Fetchers Improvement - 14:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Fetchers Permissions Handling Improvement - 09:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

API Improvement - 15:30 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Fetchers Improvement - 09:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Compliance API - 07:00 UTC

Type: Improvement

Description: Internal Improvement Webhook integration.
Known limitations: N/A 
Affected Components: 

Compliance API - 07:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Intelligence - 18:00 UTC

Type: Improvement
Description: Onboarding Azure network traffic logs (a.k.a Azure flow logs) is now done using a custom ARM template. After assigning an additional IAM role to the CloudGuard application and selecting the Network Security Groups to onboard, the system will generate an ARM template for the customer to deploy. The template will handle the requirements for onboarding to Intelligence. This new onboarding replaces the previous onboarding for Azure network traffic logs. It is available to all customers.
Known limitations: N/A 
Affected Components: 

AWS SNS Platform Application, AWS Events Rule, AWS System Manager Parameter, AWS Kinesis Firehose, AWS Custom Domain Name - 16:00 UTC

Type: Bug Fix
Description:  Support pagination 
Known limitations: N/A 
Affected Components:  

Fetchers Improvement - 16:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Compliance API - 18:00 UTC

Type: Improvement
Description: Internal Improvement Webhook integration.
Known limitations: N/A 
Affected Components: 

Compliance API - 17:00 UTC

Type: Improvement
Description: Internal Improvement adding a TTL.
Known limitations: N/A 
Affected Components: 

Compliance API - 15:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Continuous posture - 15:00 UTC

Type: Bug Fix
Description: Fix a bug on ruleset save operation.
Known limitations: N/A 
Affected Components:   

Compliance API - 05:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 10:15 UTC

Type: Improvement

Description: The first release of CIS Kubernetes Benchmark v1.20 ruleset, fixing Azure rules. A complete list can be found here. 

Case ID: DFR-2041
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 10:30 UTC

Type: Bug Fix
Description: Running Kubernetes node will now appear when filtering for billable assets.
Known limitations: N/A 
Affected Components: 

Compliance Improvement - 14:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N/A 
Affected Components: 

Azure Storage Account - 13:00 UTC

Type: Improvement
Case ID:  DFR-392
Description: Added the following properties to Azure Storage Account in protected assets and compliance engine.

• fileServiceProperties

• tableServiceProperties

• queueServiceProperties

• blobServiceProperties (existed before, only internal improvement)

Known limitations: N/A  
Affected Components:   

AWS Cognito - 13:00 UTC

Type: Improvement
Description: Fetch Cognito identity and user pools from N. California, São Paulo, Paris, Stockholm and Bahrain
Known limitations: N/A  
Affected Components:   

AWS MQ Broker - 13:00 UTC

Type: Improvement
Description: Fetch MQ brokers from GovCloud (US-East), GovCloud (US-West),  Beijing and Ningxia
Known limitations: N/A  
Affected Components:   

Compliance API - 15:00 UTC

Type: Improvement
Description: Internal configuration change
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:15 UTC

Type: Improvement

Description: Fixing AWS rules. A complete list can be found here. 

Case ID: DFT-1342, DFT-1539
Known limitations: N/A 
Affected Components: 

AWS SQS - 10:00 UTC

Type: Bug Fix
Case ID: DFT-1458
Description:  Support pagination 
Known limitations: N/A 
Affected Components:  

Internal changes for several components - 10:00 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components:  

Compliance Rulesets Update - 10:30 UTC

Type: Improvement

Description: Fixing Azure rules. A complete list can be found here. 

Case ID: DFT-1467
Known limitations: N/A 
Affected Components: 

Protected Assets - Alibaba Entities - 11:00 UTC

Type: Improvement
Description:

• Added 'Status' as additional field to Alibaba ECS Instance entity in protected assets.

• Added 'DBInstanceStatus' as additional field to Alibaba RDS DB Instance entity in protected assets.

• Alibaba ECS Instance 'Billable Asset' property is set to 'Yes' in case 'Status' is 'Running'.

• Alibaba RDS DB Instance 'Billable Asset' property is set to 'Yes' in case 'DBInstanceStatus' is 'Running'.

Known limitations: N/A 
Affected Components:    

Serverless - Obsolete dotnetcore2.1 FSP injector changes - 17:00 UTC

Type: New Feature
Description: Add/remove auto-protect feature from webapp UI won't be supported for dotnetcore2.1 runtime.
Cloud Formation template has been changed. the new version: 21
Known limitations: N/A 
Affected Components:  

Serverless - FSP add support for graviton2 - 17:00 UTC

Type: New Feature
Description: Cloudguard FSP Support for AWS Lambda running on Graivton2 processors
FSP has been changed. the new version: 1.5.62
Known limitations: N/A 
Affected Components:  

Azure Subnet and VNET - 08:30 UTC

Type: Bug Fix
Case ID: DFT-1497
Description: Improve the way we correlate subnet to VNET model in compliance engine
Known limitations: N/A 
Affected Components: 

Shift Left - Feature enabled in Preview mode for all customers - 07:00 UTC

Type: New Feature
Description:  Releasing it as preview for everyone, supporting Terraform and CFT.
Known limitations: N/A 
Affected Components: 

Protected Assets Page - 07:00 UTC

Type: Improvement

Description:  internal improvements.
Known limitations: N/A 
Affected Components: 

Findings Page - 07:00 UTC

Type: Improvement

Description:  internal improvements.
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 16:00 UTC

Type: Improvement

Description: Azure and GCP rules removal. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 16:00 UTC

Type: Improvement

Description:  Adding new rules to the Azure best practices ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Serverless - Generate Obsolete Runtime Task - 15:00 UTC

Type: Improvement
Description: For the functions with runtimes, that have reached end of support from AWS, an ObsoleteRuntimeTask will be created to notify the user that the account has the functions with unsupported runtimes. The task will have an information how to resolve that.

Please visit the link below for information on runtime end of support dates.
https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html

Known limitations: N/A 
Affected Components:     

Serverless - Dot-net auto protect bug fix - 15:00 UTC

Type: Bug Fix
Description: Update Dot-net FSP instrumentation libraries to latest version.
FSP has been changed. the new version: 1.5.60
Known limitations: N/A 
Affected Components:     

Azure Redis - 14:30 UTC

Type: Improvement
Description: Internal improvement in error handling.

Known limitations: N/A  
Affected Components:   

Google Cloud Account - 13:30 UTC

Type: Improvement
Description: Added new property "ProjectNumber" in protected assets and compliance engine.

Known limitations: N/A  
Affected Components:   

AWS SSM Instance Information - 13:30 UTC

Type: Improvement
Description: Removed redundant property "LastPingDateTime" in protected assets and compliance engine.

Known limitations: N/A  
Affected Components:   

Data Fetchers  - 13:30 UTC

Type: Improvement
Description: Internal improvement in multiple data fetchers.

Known limitations: N/A  
Affected Components:   

Compliance Rulesets Update - 10:00 UTC

Type: Improvement

Case ID: SR-352, SR-346
Description:  Adding new rules to the Azure best practices ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure Redis - 18:00 UTC

Type: Improvement
Case ID: DFR-1431
Description: Added the following properties to Azure Redis in protected assets and compliance engine.

• ReplicasPerMaster

• ReplicasPerPrimary

• PublicNetworkAccess

• MinimumTlsVersion

• Instances

• PrivateEndpointConnections

Known limitations: N/A  
Affected Components:   

Data Fetchers Improvement - 18:00 UTC

Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N/A 
Affected Components:     

Compliance Rulesets Update - 15:00 UTC

Type: Improvement

Case ID: SR-281
Description:  The first release of AWS CloudFormation Template ruleset.
Known limitations: N/A 
Affected Components: 

DataFetchers Improvement - 11:00 UTC

Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N\A
Affected Components:          

Findings Page - Sorting - 18:00 UTC

Type: Improvement

Case ID: DFR-1866
Description: Adding Values for Action field: Detect and Prevent
Known limitations: N/A 
Affected Components:   

Findings Page - Sorting - 18:00 UTC

Type: Bug Fix
Description: Fix Events alphabetical sorting
Known limitations: N/A 
Affected Components:   

Findings Page - Action Buttons Improvement - 14:00 UTC

Type: Improvement
Case ID: DFR-1663
Description: UI change on the Findings actions.
Known limitations: N/A 
Affected Components:  

Dashboard - Widget Filter fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1357
Description: Fixed an issue that affected filter on dashboards widgets.
Known limitations: N/A 
Affected Components:  

Intelligence Findings - Investigate button fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1160
Description: Fixed a bug on the UI that sent the wrong URL when investigating a finding.
Known limitations: N/A 
Affected Components: 

Compliance Report - Passed entities fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1325, DFT-1420
Description: Fixed a bug on the UI representation on the report.
Known limitations: N/A 
Affected Components: 

External Findings API - 7:30 UTC

Type: Bug Fix
Description: Fixed a bug where External Findings API returns all types and findings, and not only external findings.
Known limitations: N/A 
Affected Components: 

Azure Cosmos DB - 15:00 UTC

Type: Improvement
Case ID: DFR-2028
Description: Added the following properties to Azure Cosmos DB in compliance engine.

• isVirtualNetworkFilterEnabled

• keyVaultKeyUri

• privateEndpointConnections

• publicNetworkAccess

• virtualNetworkRules

Known limitations: N/A  
Affected Components:   

Serverless - fix list append - 16:00 UTC

Type: Bug Fix
Description: Bug fix in k8s whitelist creation
Known limitations: N/A 
Affected Components:     

Serverless - profile according to callstack info  - 16:00 UTC

Type: Improvement
Description: Add support for callstack profiling and enforcement in Kubernetes - parent process/process that generate network activity.
Known limitations: N/A 
Affected Components:     

Serverless - intercept csharp function with harmony - 16:00 UTC

Type: Improvement
Description: Intercept azure function using Harmony
FSP has been changed. the new version: 1.5.59
Known limitations: N/A 
Affected Components:     

GCP Route -  11:00 UTC

Type: New Entity
Case ID: DFR-1955
Description: Added support for GCP Route in protected assets and compliance engine.
Known limitations: N/A
Affected Components:       

GCP Router -  11:00 UTC

Type: New Entity
Case ID: DFR-1954
Description: Added support for GCP Router in protected assets and compliance engine.
Known limitations: N/A
Affected Components:       

GCP Instance Template -  11:00 UTC

Type: New Entity
Case ID: DFR-1953
Description: Added support for GCP Instance Template in protected assets and compliance engine.
Known limitations: N/A
Affected Components:       

Azure Web App, Azure Function App - 11:00 UTC

Type: Improvement
Case ID: DFR-1833
Description:  Added 'scmIpSecurityRestrictionsUseMain' property under 'config' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components:   

Azure Web App, Azure Function App - 11:00 UTC

Type: Improvement
Case ID: DFR-1833
Description:  Added 'kind' property under 'config.accessRestrictions' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components:   

AWS Onboarding - 10:00 UTC

Type: Improvement
Description: Internal change in AWS onboarding flow.
Known limitations: N/A 
Affected Components: 

Data Fetchers - 11:30 UTC
Type: Improvement
Description: Internal Improvement
Known limitations: N/A 
Affected Components:    

Compliance Engine - 10:00 UTC

Type: Terraform Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected Components:  

AWS GovCloud Onboarding - 12:30 UTC

Type: Bug Fix
Description: Fixed a bug which prevented onboarding of AWS GovCloud accounts.
Known limitations: N/A 
Affected Components: 

Compliance Engine - 13:00 UTC

Type: Removal of obsolete Ticketing system 
Description: Internal improvement.
Known limitations: N/A 
Affected Components:  

Protected Assets - New Infrastructure - 11:00 UTC

Type: Improvement
Description:

• Added internal infrastructure to support future features in Protected Assets.

• Added additional property 'externalAdditionalFields' in Protected Assets entities.

Known limitations: N/A 
Affected Components:   

Kubernetes APIs - 14:00 UTC
Type: Improvement
Description: New and updated APIs for Pod Groups.

A new API that queries a specific pod group for its images
A new API that queries a specific pod group for its pods

Change in Kubernetes image pod groups API return value.
When querying for pod groups that use specific KubernetesImage the ‘id’ field which to date returned the Kubernetes Id, will now be renamed as ExternalID.
Instead, the ‘id’ field will now return, CloudGuard id of the pod group and not the Kubernetes id.

Known limitations: N/A 
Affected Components:      

Data Fetchers Improvement - 13:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of AWS, Azure, GCP and Alibaba.
Known limitations: N/A 
Affected Components:    

AWS Onboarding - 11:00 UTC

Type: Improvement
Case ID: DFR-1884
Description: Changed the validation process. We no longer require EC2 permissions in order to complete AWS cloud accounts onboarding.
Known limitations: N/A 
Affected Components: 

CloudSecurityGroup API Performance - 11:00 UTC

Type: Improvement
Description: Improved the performance of '/v2/cloudsecuritygroup?forAccess=true' API.
Known limitations: N/A 
Affected Components: 

Compliance Engine MongoDB- 10:00 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected Components:  

Account registration and User Password Reset fix- 17:00 UTC

Type: Bug Fix
Case ID: DFT-1370
Description:  Fixed a UI issue that blocked specific flows affecting registering new accounts, users and password reset.
Known limitations: N/A
Affected Components:  

Azure Storage Account - 13:30 UTC

Type: Improvement
Case ID: DFR-1045
Description:  Added 'AdvancedThreatProtectionEnabled' and  'BlobSoftDeleteEnabled' properties in protected assets and compliance engine.
Known limitations: 'AdvancedThreatProtectionEnabled' is not supported in the following regions: southafricanorth, southafricawest, westus3, chinaeast2, norwayeast, australiacentral.
Affected Components:  

Azure Storage Account - 13:30 UTC

Type: Improvement
Case ID: DFR-1045
Description:  Enriched information in 'PrivateEndpointConnections' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components:  

AWS Storage Gateway - 13:00 UTC

Type: Improvement
Description:  Remove redundant 'ContentLength', 'HttpStatusCode' and 'ResponseMetadata' properties in compliance engine.
Known limitations: N/A
Affected Components:  

GCP HTTP Load Balancer - 13:00 UTC

Type: New Entity
Description: Added support for GCP HTTP Load Balancer in protected assets and compliance engine.
Known limitations: N/A 
Affected Components:  

GCP TCP\UDP Load Balancer - 13:00 UTC

Type: New Entity
Description: Added support for GCP TCP\UDP Load Balancer in protected assets and compliance engine.
Known limitations: N/A 
Affected Components:  

Compliance Engine- 16:00 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected Components:  

AWS IAM User - 11:30 UTC

Type: Bug Fix
Case ID: DFT-1359
Description: Set consistent order for the IAM access keys in compliance engine 
Known limitations: N/A 
Affected Components:     

AWS Red Shift & AWS IAM User - 11:30 UTC

Type: Improvement 
Description: Improve error handling in the compliance engine.
Known limitations: N/A 
Affected Components:  

Serverless - Added support for kafka and mq triggers - 15:00 UTC

Type: Improvement
Description: Added support for kafka and mq triggers when generating suggested roles .
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html
Known limitations: N/A 
Affected Components:     

Serverless - Proact - Get token from env var - 15:00 UTC

Type: Improvement
Description: You can now use `CLOUDGUARD_ACCESS_TOKEN` environment variable to provide the token to cloudguard tool.
Earlier only config file and command line parameters were supported.
Known limitations: N/A 
Affected Components:     

Serverless - get function errors - HF - 15:00 UTC

Type: Bug Fix
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors
Known limitations: N/A 
Affected Components:     

Serverless - WRP auto identify os distribution - 15:00 UTC

Type: Improvement
Description: Implement loader which responsible for identifying container OS, and initialize appropriate (per OS) libosfsp.so
FSP has been changed. the new version: 1.5.52
Known limitations: N/A 
Affected Components:     

Serverless - FSP node14.x support aws - 15:00 UTC

Type: Improvement
Description: AWS is obsoleting node10.x runtime. We have removed Cloudguard FSP support for node10.x runtime and added support for node14.x. It is recommended to use latest nodejs runtime to continue protecting your functions with FSP.
FSP has been changed. the new version: 1.5.57
Known limitations: N/A 
Affected Components:     

AWS IAM Credentials Report - 14:00 UTC

Type: Bug Fix
Description: Fixed an internal issue that caused a failure to generate the credentials report in some cases.
Known limitations: N/A 
Affected Components:     

Tenable.io Open Findings - 13:00 UTC

Type: Bug Fix
Description: Fixed a bug which caused Tenable.io external finding to remain open after EC2 instance deletion.
Known limitations: N\A
Affected Components:  

Azure Insights - 12:00 UTC

Type: Improvement
Description: Infra Improvement for Azure Insights data fetcher.
Known limitations: N\A
Affected Components:  

Shiftleft - Ignoring un relevant file types- 9:30 UTC
Type: Improvement
Description: Internal change in order to ignore not relevant files.
Known limitations: N/A 
Affected Components:      

Azure Virtual Machine - 13:30 UTC
Type: Improvement
Case ID: DFR-1938
Description: Added 'vmId' property to Azure Virtual Machine API
Known limitations: N/A 
Affected Components:      

Data Fetchers Improvement - 11:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of Azure, GCP and Alibaba.
Known limitations: N/A 
Affected Components:      

Kubernetes - Clean up old Images  - 10:00 UTC

Type: Improvement
Description: Remove kubernetes Image objects that no longer exist in the cluster.
Known limitations: N/A
Affected Components: Kubernetes Images

Kubernetes - Update Admission Control APIs - 10:00 UTC

Type: Improvement
Description:
Adding a targetType for requests and responses to Admission Control policies APIs.
The relevant APIs are:

• {Get, Put, Post} at /v2/kubernetes/admissionControl/policy

• {Get, Delete} at /v2/kubernetes/admissionControl/policy/{id}.

The available target types for these APIs are "Environment", indicating an environment policy, and "OrganizationalUnit", indicating an Organizational Unit Policy.
Known limitations: N/A
Affected Components: Kubernetes API

Azure Insights - 12:00 UTC

Type: Improvement
Description:  Removed redundant fields from Azure Insights entity.
Known limitations: N\A
Affected Components:   

AWS SES - 12:00 UTC

Type: New Entity
Case ID: DFR-771
Description: Added support for AWS SES in protected assets and compliance engine.
Known limitations: Limited up to 1000 ses items per cloud account .
Affected Components:       

AWS Elastic Beanstalk - 12:00 UTC

Type: Improvement
Case ID: DFR-1337
Description:  Added 'Resources' and 'Settings' properties in protected assets and compliance engine.
Known limitations: N/A
Affected Components:  

Azure Log Profile & AWS Iam User - 12:00 UTC

Type: Improvement 
Description: Improve error handling in the compliance engine.
Known limitations: N/A 
Affected Components:  

AWS Group History - 12:00 UTC

Type: Improvement
Case ID: DFR-1343
Description: Internal improvement for non US regions.

Known limitations: N/A 

Affected Components:  

Serverless - Handle old accounts ProtegoAgentBucketPolicy - 18:00 UTC

Type: Improvement
Description: Update Cross account CFT in order to support account update.
cloud formation template has been changed. the new version: 20

Known limitations: N/A 
Affected Components:  

Serverless - Serverless get function errors  - 18:00 UTC

Type: New Feature
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors

Known limitations: N/A 
Affected Components:  

Serverless - FSP subprocess context support - 18:00 UTC

Type: Improvement
Description: Added support for sub-process in Azure.
FSP has been changed. the new version: 1.5.56

Known limitations: N/A 
Affected Components:  

Kubernetes - New APIs - 15:00 UTC

Type: Improvement

Description: 

New APIs for Containers Image Assurance.

A new API that queries a specific image for the image details, including the results of the scan.
A new API that queries a specific image for the Pods and Pod Groups that are deployed from this image.

Known limitations: N/A 
Affected Components: 

Kubernetes - Cluster status improvement - 15:00 UTC

Type: Bug Fix
Description: Fixed a bug where the Kubernetes cluster status could go from Initializing back to Pending status, during the onboarding process.

Known limitations: N/A 
Affected Components: 

Kubernetes - Scan status improvements - 15:00 UTC

Type: Improvement
Description: Added detailed error messages for image scan status when the image exceeds max size limits (as defined in the Helm chart) or exceeds max IP or URL limitation.
When the image hasn’t been scanned yet, the status text was changed from ‘Pending’ to "Pending Scan"
When there is an unrecoverable error during the scan, the status text was changed from ‘Error’ to "Internal Error"

Known limitations: N/A 
Affected Components: 

Compliance Engine- 07:30 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected Components:  

Serverless - Remove Python2.7 from CLI Tool- 15:00 UTC

Type: Improvement
Description: 

From the deprecation date of July 15, 2021, AWS Lambda will no longer apply security patches and other updates to the Python 2.7 runtime used by Lambda functions. In addition, functions using Python 2.7 will no longer be eligible for technical support. You will no longer be able to create new Lambda functions using the Python 2.7 runtime from this date.

Python 2.7 has been removed from Proact Tool supported runtime, if you run the tool on Python 2.7 functions,
you will get below error
`UnsupportedRuntimeError - Runtime Python2.7 will no longer be supported. To continue receiving security updates and support, please upgrade to Python3.x`

Please migrate your Python 2.7 functions to Python 3.x
proact tool has been changed. the new version: 1.5.50

Known limitations: N/A 
Affected Components:    

Serverless - Obsolete node 10x- 15:00 UTC

Type: Improvement
Description: Since AWS will be soon obsoleting node 10.x support, the nodejs scanner is upgraded to node14.x

Known limitations: N/A 
Affected Components:    

Alibaba - Organizational Units - 14:00 UTC

Type: Improvement
Case ID: DFR-1903
Description: Added APIs to support Organizational Units management for Alibaba cloud accounts.
Known limitations: Not supported in UI.
Affected Components:  

Alibaba RAM Password Policy - 17:00 UTC

Type: Bug Fix
Description: Rename property from 'ramPolicyPasswordId' to 'policyPasswordId' in compliance engine
Known limitations: N/A 
Affected Components:    

Alibaba KMS - 17:00 UTC

Type: Bug Fix
Description: Change 'automaticRotation' property from date time to string type in compliance engine
Known limitations: N/A 
Affected Components:    

Support AWS Osaka Japan Region - 17:00 UTC

Type: Improvement
Description: Added support for Osaka region.
Known limitations: N/A 
Affected Components:    

Kubernetes - Helm chart 2.4.0 released - 20:00 UTC

Type: New Release
Description: A new Helm chart, version 2.4.0 was released.
The main changes include:

• Image Assurance: Image Assurance Engine memory limit modified to be to [MAX_IMAGE_SIZE]+500MB (the default value remains 2GB+500MB).

• Runtime Protection: Added Containerd support. Reduce required agent privileges.

• Container runtime auto-detection. There is no longer a need to manually set the runtime environment (Docker/Containerd).

• Telemetry enhancements

• Miscellaneous bug fixes (fix references to Check Point in helm chart docs fields, fix various typos/formatting, etc)

Known limitations : N/A 

Affected Components :        

Serverless - FSP support for java8.al2 runtime - 12:00 UTC

Type: Improvement
Description: Add FSP add/remove support for java8.al2 runtime.

FSP has been changed. the new version: 1.5.55
Cloud Formation template has been changed. the new version: 18

Known limitations : N/A 

Affected Components :        

AWS Backup Vault - 12:00 UTC

Type: New Entity
Case ID: DFR-1789
Description: Added support for AWS Backup Vault in protected assets and compliance engine.
Known limitations: Requires a new permission to cloud guard role - "backup:ListBackupVaults".
Affected Components:       

Azure Function App - 12:00 UTC

Type: Improvement
Case ID: DFR-1935
Description:  Added 'externalPrivateEndpoints' property in the compliance engine.
Known limitations: Requires a new permission to cloud guard role - "Microsoft.Web/sites/config/list/action".
Affected Components:  

AWS VPC, Subnet & VPC Peering connection - 12:00 UTC

Type: Improvement
Case ID: DFR-1848
Description:  Added 'ownerId' property in the compliance engine and API.
Known limitations: N/A 
Affected Components:  

Serverless - Obsolete Python2.7 - 18:00 UTC

Type: Improvement
Description: Obsolete Python2.7 runtime as AWS is going to end Python 2 support for the AWS CLI and SDK.
Known limitations: N\A
Affected Components: 

AWS Security Groups- 13:00 UTC

Type: Improvement
Description: Infrastructure changes for data fetchers responsible for AWS security groups handling.
Known limitations: N\A
Affected Components: 

Data Fetchers - Permissions Handling - 13:00 UTC

Type: Improvement
Description: Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components:     

Azure Insights - 13:00 UTC

Type: New Entity
Case ID: DFR-891
Description:  

• Added support for Azure Insights entity. The entity contains Azure resource's Diagnostic Settings.

• Currently the following entity types are supported: Virtual Machines, Function Apps, Web Apps, SQL DBs, Network Security Groups.

Known limitations: N\A
Affected Components:   

Compliance Rulesets Update - 11:45 UTC

Type: Improvement

Case ID: DFR-1661
Description:  The first release of Hi-Trust and ITSG-33 rulesets for AWS.
Known limitations: N/A 
Affected Components: 

Infrastructure Improvement - 14:00 UTC

Type: Improvement
Case ID: DFT-1353
Description:  Improved Posture Findings filters sorting.
Known limitations: N/A 
Affected Components:  

Compliance Rulesets Update - 11:25 UTC

Type: Improvement
Description:  GCP CloudGuard Network Alerts ruleset depreciation.
Known limitations: N/A 
Affected Components: 

Infrastructure Improvement - 09:00 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components:  

AWS EKS Cluster - 13:00 UTC

Type: Improvement
Case ID: DFR-1640
Description:  Added 'fargateProfiles' property in the compliance engine
Known limitations: N/A 
Affected Components:  

AWS IAM Role - 13:00 UTC

Type: Improvement
Case ID: DFR-1790
Description:  Added 'roleLastUsed' and 'maxSessionDuration' properties in the compliance engine and API.
Known limitations: N/A 
Affected Components:  

Serverless - Azure learning - 16:00 UTC

Type: New Feature
Description:  Add behavior for Azure Function App
Known limitations: N/A 
Affected Components: 

Serverless - Azure - support context in threads - 16:00 UTC

Type: Improvement
Description:   A support to identify function name in a thread created by Azure function

FSP has been changed. the new version: 1.5.52
Known limitations: N/A 
Affected Components:    

Serverless - Java FSP remove bug - 16:00 UTC

Type: Bug Fix
Description:  Java bug fix FSP add/remove using cli tool.

FSP has been changed. the new version: 1.5.53
The plugin version has been changed.
Known limitations: N/A 
Affected Components:     

Serverless - CLI Python3 Transition - 16:00 UTC

Type: Improvement
Description:  Transition of CLI tool to Python3 as AWS is going to end Python 2 support for the AWS CLI and SDK.

FSP has been changed. the new version: 1.5.49
Known limitations: N/A 
Affected Components:    

Serverless - Add severity to security events - 16:00 UTC

Type: Improvement
Description:  Add severity to k8s signature security events

Known limitations: N/A 
Affected Components:   

AWS SSM Instance Information - 15:00 UTC

Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components:      

AWS Shield - 15:00 UTC

Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components:      

Alibaba RDS - 15:00 UTC

Type: Improvement
Description: Added 'dbInstanceIpHostnames' property in the compliance engine
Known limitations: N\A
Affected Components:      

Serverless - Remove logs poller - 15:00 UTC

Type: Improvement
Description:  Remove Logs Poller.

Known limitations: N/A 
Affected Components:    

Serverless - Generate FSP UUID from plugin - 15:00 UTC

Type: Improvement
Description:  Read UUID from cloudguard-fsp-config.json

FSP has been changed. the new version: 1.5.51
Known limitations: N/A 
Affected Components:    

Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC

Type:  Bug Fix
Description:  For any IO block event in azure dot-net functions, it should not allow access and return 500 internal server error

FSP has been changed. the new version: 1.5.50
Known limitations: N/A 
Affected Components:    

Serverless - Support network and improve signature alert - 15:00 UTC

Type: New Feature
Description:  Add Network profiling and enforcement support for Kubernetes workloads.
Change the Signature security events aggregation logic to include the event action - detect/block.
Known limitations: N/A 
Affected Components:  

Serverless - Retry FSP policy download - 15:00 UTC

Type:  Improvement
Description:  Implemented policy download retry mechanism for Azure FSP.

FSP has been changed. the new version: 1.5.50
Known limitations: N/A 
Affected Components:    

Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC

Type:  Improvement
Description:  Generate timestamp UUID azure

FSP has been changed. the new version: 1.5.49
Known limitations: N/A 
Affected Components:    

Compliance Improvement- 17:45 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components: 

Infrastructure Improvement - 15:30 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components:  

AWS Application and Network Load Balancer - 16:00 UTC

Type: Improvement
Description:  Internal performance improvement
Known limitations: N/A 
Affected Components: 

Alibaba RDS - 13:00 UTC

Type: Improvement
Description: Adjust db type and version enrichment fetching for Alibaba RDS.
Known limitations: N\A
Affected Components:   

AWS Application Auto Scaling Policy - 13:00 UTC

Type: New Entity
Case ID: DFR-1653
Description: Added support for AWS Application Auto Scaling Policy in protected assets and compliance engine.
Known limitations: N\A
Affected Components:       

EntityFetchStatus API - 13:00 UTC

Type: Improvement
Description: Internal performance enhancement for the GET request in EntityFetchStatus API.
Known limitations: N\A
Affected Components: 

Service Account - 13:00 UTC

Type: Improvement
Case ID: DFT-1321
Description: Allow to manage service accounts via SSO JIT users.
Known limitations: N\A
Affected Components: 

Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Updating best practices rulesets, changing the name of Alibaba ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

AWS Instance - 11:40 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components: 

Compliance Improvement- 11:40 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components: 

Authentication Improvements - 12:30 UTC

Type: Improvement
Description: Authentication flows improvements.
Known limitations:  N/A
Affected Components:     

AWS Instance - 15:15 UTC

Type: Improvement 
Case ID: DFR-1429
Description: Added 'ssmAgentInstanceInformation' property in the compliance engine
Known limitations:  N\A
Affected Components:    

Azure Storage Account - Blob Containers - 12:00 UTC

Type: Internal Change
Description: Limited the amount of fetched Blob Containers for each Storage Account.
Known limitations:  N\A
Affected Components:  

Compliance Improvement- 10:30 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  Fix for D9.AWS.CRY.05. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Compliance Improvement - 15:30 UTC

Type: Improvement core
Description: Internal improvement upgrading core version.
Known limitations: N\A
Affected Components:           

Azure Key Vault - 12:00 UTC

Type: Improvement
Case ID: DFT-1128
Description:  Added 'ipRulesObjects' property in the compliance engine
Known limitations: N\A
Affected Components:   

AWS Lambda Function - 17:00 UTC

Type: Bug Fix
Case ID: DFT-1133
Description:  Fetch lambda functions where package type is image
Known limitations: N\A
Affected Components:   

Serverless billable asset change - 17:00 UTC

Type: Improvement
Description:  Billable assets Serverless ratio was updated to 1:60
Known limitations: N\A
Affected Components:   

Azure Security Center - 10:00 UTC

Type: New Entities
Case ID: DFR-1226
Description:  Added support for Azure AutoProvisioningSettings and SecurityContact in the compliance engine.
Known limitations: N\A
Affected Components:   

Alibaba RDS - 13:15 UTC

Type: Improvement
Description: 

• Added 'dbInstanceBackupPolicy' property in the compliance engine

• Added 'dbInstanceEndpoints' property in the compliance engine

• Added 'dbInstanceEncryptionKey' property in the compliance engine

Known limitations: N\A
Affected Components:      

Azure Data Fetchers - 13:15 UTC

Type: Improvement
Description: Improving permission errors handling
Known limitations: N\A
Affected Components:      

Kubernetes Agent Status Enchantments - 16:30 UTC

Type: Improvement
Description: The Kubernetes agent status have been refactored with faster and more detailed Agent deployment status information.
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  The first release of the Azure New Zealand Information Security Manual (NZISM) v.3.4 rulesets and fix duplicated rules. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure Storage Account - 11:15 UTC

Type: Improvement 
Case ID: DFR-1465
Description:

• Added 'performance' property in the compliance engine

• Added 'replication' property in the compliance engine

Known limitations:  N\A
Affected Components:  

Azure Virtual Machine - 11:15 UTC

Type: Improvement 
Case ID: DFR-1465, DFR-1680
Description:

• Added 'extensions' property in the compliance engine

• Added 'availabilityZones' property in the compliance engine

Known limitations:  N\A
Affected Components:  

AWS Cloud Front - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS Cloud Front entity.
Known limitations:  N\A
Affected Components:  

AWS Network Load Balancer - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS NLB entity.
Known limitations:  N\A
Affected Components:  

AWS Application Load Balancer - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS ALB entity.
Known limitations:  N\A
Affected Components:  

AWS ELB - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS ELB entity.
Known limitations:  N\A
Affected Components:  

Alibaba SLB - 11:15 UTC

Type: New Entity
Case ID: DFR-1506
Description: Added support for Alibaba Server Load Balancer in protected assets and compliance engine.
Known limitations: N\A
Affected Components:       

Alibaba Auto Scaling Group- 11:15 UTC

Type: New Entity
Case ID: DFR-1512
Description: Added support for Alibaba Auto Scaling Group in protected assets and compliance engine.
Known limitations: N\A
Affected Components:       

Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Statistics counter improvement.
Known limitations: N\A
Affected Components:           

Compliance Improvement - 15:00 UTC

Type: Improvement
Description: Internal improvement Image Scan model update.
Known limitations: N\A
Affected Components:           

Intercom - 16:45 UTC

Type: Bug Fix
Description: Added default value for 'registered by' property.
Known limitations: N/A 
Affected Components:  

Support Alibaba Region - China Guangzhou - 15:30 UTC

Type: Improvement
Description: Added support for China Guangzhou region.
Known limitations: N/A 
Affected Components:  

Update Image Risk Score - 12:30 UTC

Type: Improvement
Description: ImageScan result will now feature an Image Risk Score value in the CVSS format of 0-10.0.
Image Risk Score will denote an image’s overall risk potential.
Known limitations: N/A 
Affected Components:  

Kubernetes new APIs - 16:45 UTC

Type: Improvement
Description: Some Kubernetes API have been changed for better usability.
Kubernetes onboarding and Admission Control APIs have been refactored.

note: Even though the documentation has been updated to reflect the new format, the old format of the APIs will continue to be supported.
Known limitations: N/A 
Affected Components:   

Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  Adding new rules to new vendor preview ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Serverless - FSP Version List  - 14:00 UTC

Type: New Feature
Description: Adding the ability to set the FSP version manually for AWS Lambda. The plugin and proact tool have been changed.
Known limitations: N\A
Affected Components:   

Serverless - SNS Topic per Account - 14:00 UTC

Type: Improvement
Description: Use SNS topic per account for cross account interaction cloud_formation template has been changed. the new version: 16
Known limitations: N\A
Affected Components:   

Serverless - Ignore IO Values - 14:00 UTC

Type: Bug Fix
Description: This fixes the false positive security events due to change in chrome headers in latest update. FSP has been changed. the new version: 1.5.48
Known limitations: N\A
Affected Components:   

Azure Data Fetchers - Permissions Handling - 10:00 UTC

Type: Improvement
Description: Azure Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components:   

Azure Policy Definition - 10:00 UTC

Type: Bug Fix
Description: Fixed an issue with Azure Policy Definition data fetcher which caused sync failures in some cases.
Known limitations: N\A
Affected Components:  

New Cloud Vendor Support - 17:00 UTC

Type: New Entity
Description:  Added support for new entities in the compliance engine
Known limitations: N/A 
Affected Components:     

AWS IAM Data Fetchers - 17:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:           

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  Adding new rules to new vendor preview ruleset. Removing D9.AWS.NET.69. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

AWS IAM Data Fetchers - 18:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:           

Compliance Rulesets Update - 09:37 UTC

Type: Improvement
Description:  Adding new rules to Azure Best Practice ruleset. Fixing D9.AZU.IAM.06 rule.
Known limitations: N/A 
Affected Components: 

AWS Onboarding - Role Trust Policy - 16:00 UTC

Type: Bug Fix
Description: Changes in AWS Roles External ID generation logic.
Known limitations: N/A 
Affected Components:  

Compliance Rulesets Update - 11:10 UTC

Type: Improvement
Description:  Azure CloudGuard Network Alerts ruleset depreciation. Replacing old network rules in new network rules. 
Known limitations: N/A 
Affected Components: 

GCP Data Fetchers - Permissions Handling - 12:00 UTC

Type: Improvement
Description: GCP Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components:   

Roles Page - Adding Service account indicator - 16:15 UTC

Type: Improvement
Case ID: DFR-1146
Description: Adding Service Accounts indicator.
Known limitations: N\A
Affected Components:  

Dashboards - Public option fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1146
Description: Fixing an issue while creating a public custom dashboard.
Known limitations: N\A
Affected Components:  

Environments page - typo fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1153
Description: Fixing a typo on EU West region.
Known limitations: N\A
Affected Components:  

CSV Export - Download fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1166
Description: Fixing an issue that prevented download on windows system.
Known limitations: N\A
Affected Components:  

Compliance Report  - Print fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1169, DFT-1174
Description: Fixing an issue that affected printing reports.
Known limitations: N\A
Affected Components:  

Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Statistics counter improvment.
Known limitations: N\A
Affected Components:           

Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement ElasticSearch
Known limitations: N\A
Affected Components:           

Compliance Improvement - 7:00 UTC

Type: Improvement
Description: Internal improvement Runners.
Known limitations: N\A
Affected Components:           

Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Data Migration.
Known limitations: N\A
Affected Components:           

Compliance Rulesets Update - 13:40 UTC

Type: Improvement
Description:  Rules added to AWS and GCP best practices rulesets. Rule D9.AWS.IAM.1020 was fixed.
Known limitations: N/A 
Affected Components: 

Kubernetes Assets - New columns - 11:00 UTC

Type: Improvement
Description: Kubernetes asset list now support additional columns such as namespace, number of workloads, image tags, etc.
Known limitations: This change only affects new and/or changed objects.
Affected Components:  

Azure Storage Account - 14:00 UTC

Type: Improvement
Case ID: DFR-1535
Description: Added 'blobContainers' property for Azure Storage Account in the compliance engine.
Known limitations:  N\A
Affected Components:   

Azure Container Registry - 14:00 UTC

Type: Improvement
Case ID: DFR-1621
Description: Added networking properties for Azure Container Registry in the compliance engine.
Known limitations:  N\A
Affected Components:   

AWS Athena - 14:00 UTC

Type: Entity Removal
Case ID: DFT-1114
Description: AWS Athena Query Execution (Athena in GSL) was removed in order to prevent rate limit and costs impact.
Known limitations:  N\A
Affected Components:   

AWS RDS DB Instance - 13:00 UTC

Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS RDS DB Instance in china and gov regions.
Known limitations:  N\A
Affected Components:  

Compliance CSV export - 18:30 UTC

Type: Improvement
Case ID: DFR-1743
Description:  Added IsExcluded field to the CSV report.
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Rules added to AWS and GCP best practices rulesets.
Known limitations: N/A 
Affected Components: 

AWS Dynamo DB Table - 13:30 UTC

Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS Dynamo DB Table in china and gov regions.
Known limitations:  N\A
Affected Components:  

UI - Infrastructure improvements  - 12:30 UTC

Type: Improvement
Description: Internal improvement and new login page.
Known limitations: N\A
Affected Components:           

Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Teams integrations
Known limitations: N\A
Affected Components:           

Protected assets - Kubernetes fixes - 22:00 UTC

Type: Bug fix
Case ID: DFT-1142, DFT-1141
Description: Fixing minor UI issues.
Known limitations: N\A
Affected Components:  

Protected assets page - VPC fix - 22:00 UTC

Type: Bug fix
Case ID: DFT-1147
Description: Fixing an issue that showed AWS VPC as new vendor cloud VPC.
Known limitations: N\A
Affected Components:  

Serverless - optimise se q flow - 14:00 UTC

Type: Improvement 
Description: Optimize security events handling flow, to prevent delay of processing and display.
Known limitations:  N\A
Affected Components:  

Serverless - Azure python post deploy instrumentation - 14:00 UTC

Type: New Feature
Description: FSP can now be added to an already deployed Azure function app. This support is currently enabled for Python runtime (Linux containers).
Known limitations:  N\A
Affected Components:  

Serverless - Azure post deploy premium - 14:00 UTC

Type: Improvement 
Description: Added support for Azure post deploy functionality for premium and app service plans.
Known limitations:  N\A
Affected Components:  

Serverless - Add dynamic signatures fetch - 14:00 UTC

Type: New Feature
Description: Dynamic update of k8s signatures from Check Point Research team.
Known limitations:  N\A
Affected Components:  

AWS S3 Bucket - 14:00 UTC

Type: Improvement 
Description: Added property 'arn' to AWS S3Bucket entity.
Known limitations:  N\A
Affected Components:  

GCP IAM Group - 12:30 UTC

Type: Bug Fix
Description: Fixed an issue that caused GcpIamGroup.groupData property to be empty.
Known limitations:  N\A
Affected Components:  

GCP IAM User - 10:30 UTC

Type: Improvement 
Description:  

• Added 'roles' property in the compliance engine. 
  This property holds all the roles assigned to the user directly on the onboarded project.

• Added 'userData.groups' property in the compliance engine.
  This property includes holds all groups the user is member in and in the same domain.

Known limitations:  Roles are not include organization inheritance
Affected Components:  

GCP IAM Role - 10:30 UTC

Type: New Entity 
Description:  Added support for GCP Project IAM Role (custom and predefined) including the role permissions in the compliance engine
Known limitations:  N\A
Affected Components:  

GCP VM Instance- 10:30 UTC

Type: Improvement 
Description:  Added 'sourceImage' and 'sourceImageId' properties for each GCP VM Instance Disk in the compliance engine
Known limitations:  N\A
Affected Components:  

GCP Disk - 10:30 UTC

Type: New Entity
Description:  Added support for GCP Disk in the compliance engine
Known limitations:  N\A
Affected Components:  

GCP Image - 10:30 UTC

Type: Improvement
Description:  Added 'creationTimestamp' property for GCP Image in the compliance engine
Known limitations:  N\A
Affected Components:  

GCP Project - 10:30 UTC

Type: Improvement
Case ID: DFR-1698
Description:  Added 'enabledServices' property for GCP Project in the compliance engine
Known limitations:  N\A
Affected Components:  

Azure Function App and Web App - 10:30 UTC

Type: Improvement
Case ID: DFR-1572
Description:  Added 'appServicePlan' property for Azure Function App and Web App in the compliance engine
Known limitations:  N\A
Affected Components:  

Azure Function App - 18:00 UTC

Type: Improvement
Case ID: DFR-1635, DFR-1636, DFR-1642
Description: 

• Added 'privateEndpoints' property in the compliance engine

• Added 'unauthenticatedClientAction' property in the compliance engine

• Populate SCM IP Security Restrictions as part of 'config.accessRestrications' property in the compliance engine

Known limitations:  N\A
Affected Components:  

Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Rules added to Azure best practices ruleset. Logic fix of D9.GCP.CRY.07.
Known limitations: N/A 
Affected Components: 

New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:     

AWS Shield - 14:00 UTC

Type: New Entity
Case ID: DFR-1715
Description: Added support for AWS Shield in the compliance engine
Known limitations:  N\A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 19:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:     

Compliance Rulesets Update - 13:00 UTC

Type: Improvement
Description:  The first release of GCP GDPR ruleset. Rules added to GCP best practices ruleset.
Known limitations: N/A 
Affected Components: 

Azure Storage Account - 10:30 UTC

Type: Bug Fix
Case ID: DFT-1149
Description: Populate 'resourceGroup' property for Azure Storage Account in compliance engine.
Known limitations: N\A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 10:30 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:     

AWS Data Fetchers - 13:30 UTC

Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: Sqs, Organization.
Known limitations:  N\A
Affected Components: 

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  Fixing an issue affected internally.
Known limitations: N/A 
Affected Components: 

Rulesets page - Run assessment permission fix - 13:30 UTC

Type: Bug fix
Case ID: DFT-1124
Description: Fixing an issue that disabled the run button.
Known limitations: N\A
Affected Components:  

Exclusions page - Free search text fix - 13:30 UTC

Type: Bug fix
Case ID: DFT-1123
Description: Fixing an issue that affected searching for rule names.
Known limitations: N\A
Affected Components:  

Event page - Adding missing links - 13:30 UTC

Type: Bug fix
Case ID: DFT-1116
Description: Adding alert missing links.
Known limitations: N\A
Affected Components:  

AWS Onboarding - Fix for full protection - 13:30 UTC

Type: Bug fix
Case ID: DFT-1070
Description: Fixing an issue to restrict converting security groups to full protection.
Known limitations: N\A
Affected Components:  

Log.ic - Fixing time ticker - 13:30 UTC

Type: Bug fix
Case ID: DFT-1095
Description: Fixing an issue affected the time ticker.
Known limitations: N\A
Affected Components:  

New cloud vendor support - Infrastructure change - 13:30 UTC

Type: New feature
Case ID: DFR-1598
Description: Adding new vendor support framework.
Known limitations: N\A
Affected Components:  

Continuous posture - Showing only associated policies  - 13:30 UTC

Type: Improvement
Case ID: DFR-1381
Description: Showing only associated elements.
Known limitations: N\A
Affected Components:  

Protected assets - Added DaemonSet asset page - 13:30 UTC

Type: Improvement
Case ID: DFR-1266
Description: Adding DaemonSet asset page.
Known limitations: N\A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 17:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:     

GCP Filestore Instance - 16:30 UTC

Type: New Entity
Case ID: DFR-1558
Description: Added support for GCP Filestore Instance in the compliance engine
Known limitations:  N\A
Affected Components:  

AWS Data Fetchers - 14:00 UTC

Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: NatGateway, RDSDBSnapshot.
Known limitations:  N\A
Affected Components: 

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  Rules added to Azure and GCP best practices rulesets. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure SQL Server - 11:00 UTC

Type: Improvement
Case ID: DFR-1102
Description: Added 'minimalTlsVersion' property for Azure SQL Server entity in the compliance engine
Known limitations:  N\A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 11:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:     

New Cloud Vendor Support - New Infrastructure - 08:30 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:   

AWS Route53 Hosted Zone - 14:00 UTC

Type: Improvement
Case ID: DFR-1442
Description: Added 'queryLoggingConfigs' property for AWS Route53 Hosted Zone entity in the compliance engine
Known limitations:  N\A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:    

Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:           

New cloud vendor support - Infrastructure change - 10:00 UTC

Type: New feature
Case ID: DFR-1528, DFR-1530, DFR-1531
Description: Adding new vendor support framework.
Known limitations: N\A
Affected Components:  

Dashboards - Fixing account ID filter - 10:00 UTC

Type: Bug fix
Case ID: DFT-1078
Description: Fixing an issue for specific widgets with account Id.
Known limitations: N\A
Affected Components:  

UI changes - Titles removal and filter change  - 10:00 UTC

Type: Improvement
Case ID: DFR-1576, DFR-1577
Description: Removing page titles from all system pages, combine the filter and search to a single line.
Known limitations: N\A
Affected Components:  

Compliance Reports - Adding representation for passed entities  - 10:00 UTC

Type: Improvement
Case ID: DFR-377
Description: The assessment results now will show the failed and passed entities.
Known limitations: N\A
Affected Components:  

Notifications page - Improving Error Messages  - 10:00 UTC

Type: Improvement
Case ID: DFR-1437
Description: When a Webhook integration fails the page will return the complete error message.
Known limitations: N\A
Affected Components:  

Dashboards - Adding Assignee = me - 10:00 UTC

Type: Improvement
Case ID: DFR-1548
Description: Adding filter to represent which alerts assigned to the current user.
Known limitations: N\A
Affected Components:  

GCP Data Fetchers - New Infrastructure - 13:00 UTC

Type: Improvement
Description: Added a new Infrastructure for GCP Data Fetchers
Known limitations: N/A.
Affected Components:     

New Cloud Vendor Support - New Infrastructure - 15:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:    

New Welcome Pages - 14:00 UTC

Type: Improvement
Description:  Added new default welcome pages to menu sections :

• Posture

• Network

• Identity

• Workload Protection

• Intelligence

Known limitations: N/A 
Affected Components:    

New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:    

Compliance Rulesets Update - 12:30 UTC

Type: Improvement
Description:  Rules added to GCP Best Practice ruleset. D9.AWS.DR.04 was removed. 
Known limitations: N/A 
Affected Components: 

Compliance Backend Functionality enhancement - 14:00 UTC

Type: Improvement
Description:  Adding Backend functionality in order to support a new cloud vendor.
Known limitations: N/A 
Affected Components:  

FSP version visibility - 08:00 UTC

Type:  New Feature
Case ID:  PROT-713
Description:  Adding a new visibility for each AWS lambda that’s use FSP, to get the FSP version.
The purpose of this feature is that in the next step we will have the ability to set the FSP version manually.
Known limitations:  N/A
Affected Components: 

New Cloud Vendor Support - New Infrastructure - 12:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  

Compliance Rulesets Update - 12:40 UTC

Type: Improvement
Description:  Rules added to Azure CIS v1.1,v1.2, and v1.3 rulesets. and Azure CIS v1.2 enrichment. New and fix rules for GCP rulesets. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:           

GSL Builder - Run rule on all Accounts  - 14:00 UTC

Type: Improvement
Case ID: DFR-434
Description: Added ability to run a rule on multiple accounts. 
Known limitations: N\A
Affected Components:      

Environment page - Log.ic improvements  - 14:00 UTC

Type: Improvement
Case ID: DFR-1451, DFR-1452, DFR-1454
Description: Minor UI Improvements 
Known limitations: N\A
Affected Components:      

Configuration explorer - Group by fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1034
Description: Fix for group by option
Known limitations: N\A
Affected Components:      

Exclusions page - Export to CSV fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1086
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components:      

Exclusions page - Rule name fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1052
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components:      

Log.ic - Explorer graph fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1100 
Description: Fix an issue that cause the page to break
Known limitations: N\A
Affected Components:      

Ruleset page - Bug fix on create exclusion - 14:00 UTC

Type: Bug fix
Case ID: DFT-1102 
Description: Fix an exception that cause the page to freeze
Known limitations: N\A
Affected Components:      

Compliance Improvement - 13:40 UTC

Type: Improvement
Description: Internal Migration
Known limitations: N\A
Affected Components:      

ShiftLeft CLI - 12:00 UTC

Type: Improvement
Description: Improving error messages output
Known limitations: N\A
Affected Components:      

Compliance Improvement - 10:40 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:           

Azure Storage Account - 11:30 UTC

Type: Improvement
Case ID: DFR-1485
Description: Added 'privateEndpointConnections' property for Azure StorageAccount entity in the compliance engine
Known limitations:  N\A
Affected Components:  

Compliance Rulesets Update - 10:30 UTC

Type: Improvement
Description:  The first release of Azure CIS v1.3 ruleset and Azure CIS v1.2 enrichment. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Cloud IAM Role - 09:55 UTC

Type: Improvement
Description:  Added 'AssumeRolePolicy’ property to Cloud IAM Role API
Known limitations: N/A 
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 09:55 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  

Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:           

Compliance Improvement - 12:00 UTC

Type: Improvement
Description: Internal Finding Validation improvement
Known limitations: N\A
Affected Components:           

AWS EKS Cluster - 16:00 UTC

Type: Bug Fix
Case ID: DFT-1048
Description: Support node group label/tag key containing dots.
Known limitations: N/A
Affected Components:  

Azure Function App and Web App - 16:00 UTC

Type: Improvement
Case ID: DFR-1461
Description: Access Restrictions with source of type 'Service Tag'  are supported.
Known limitations: N/A
Affected Components:  

New Cloud Vendor Support - New Infrastructure - 13:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  

Azure Event Hub Namespace - 15:30 UTC

Type: Improvement
Case ID: DFR-1053
Description: Added 'virtualNetworkRules' property for Azure Event Hub Namespace in the compliance engine
Known limitations:  N\A
Affected Components:  

Azure Data Fetchers - 13:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Bastion and Maria DB.
Known limitations: N\A
Affected Components:    

AWS API Gateway V2 - 13:00 UTC

Type: New Entity
Case ID: DFR-1470
Description: Added support for AWS HTTP API Gateway in the compliance engine
Known limitations:  N\A
Affected Components:  

Azure Function App and Web App - 16:00 UTC

Type: Improvement
Case ID: DFR-1461
Description:

• Added the 'accessRestrictions' property to Azure Function App and Web App config in compliance engine

• 'isAuthenticateOn' property will be null when we fail to retrieve this information

Known limitations: Access Restrictions with at least one source of type 'Service Tag'  are not supported. Will be supported on later phase. 
Affected Components:  

Compliance Rulesets Update - 10:00 UTC

Type: Improvement
Description:  Adding AWS Best practices rule. 
Known limitations: N/A 
Affected Components: 

AWS SQS and SNS - 15:00 UTC

Type: Improvement
Description: Add 'cryptoKeyId' property for AWS SQS and SNS in compliance engine.
Known limitations: N\A
Affected Components:  

Environment API - fixing a minor issue 11:00 UTC

Type: Bug Fix
Description: Fixing an issue that affected removing cloud account.
Known limitations: N\A
Affected Components:           

Remediation - Fixing UI issue - 8:30 UTC

Type: Bug Fix
Case ID: DFT-1084
Description: Fixed an issue that caused the UI to freeze.
Known limitations: N\A
Affected Components:  

Compliance dashboard - Export fix - 8:30 UTC

Type: Bug Fix
Case ID: DFT-1059
Description: fixing missing Account Id on export.
Known limitations: N\A
Affected Components:  

Exclusions page - New look and feel - 8:30 UTC

Type: Improvement
Case ID: DFR-1212
Description: Adjusted to the general system style.
Known limitations: N\A
Affected Components:  

Compliance Report - Redirect to referrer page - 8:30 UTC

Type: Improvement
Case ID: DFR-412
Description: After closing the report redirect to the referrer page.
Known limitations: N\A
Affected Components:  

Internal configuration improvement - 14:00 UTC

Type: Improvement
Description:  Internal configuration improvement
Known limitations: N\A
Affected Components:           

Azure Service Fabric Cluster- 14:00 UTC

Type: New Entity
Case ID: DFR-330
Description:  Added support for Azure Service Fabric Cluster in the compliance engine
Known limitations: N\A
Affected Components:     

Azure Bastion - 14:00 UTC

Type: New Entity
Case ID: DFR-1498
Description:  Added support for Azure Bastion in the compliance engine
Known limitations: N\A
Affected Components:     

GCP Security Group - 14:00 UTC

Type: Improvement

Case ID: DFR-458
Description:

• Added the 'enabled' property to Security Groups Inbound and Outbound rules.

• The property reflects the enforcement status of the corresponding firewall rules.

• The change effects GcpSecurityGroup and VMInstance entities.

Known limitations: N\A
Affected Components:     

AWS Credentials Editing - New infra structure - 14:00 UTC

Type: Improvement
Description:  Adding new infra structure in order to support new future features. 
Known limitations: N/A 
Affected Components:  

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  D9.AWS.VLN.02 fix. 
Known limitations: N/A 
Affected Components: 

Compliance Improvement - 13:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:           

Compliance Improvement - 11:30 UTC

Type: Improvement
Description: Api Infrastructure improvement
Known limitations: N\A
Affected Components:           

Compliance Improvement - 08:30 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:           

AWS SQS and SNS - 11:00 UTC

Type: Bug Fix
Case ID: DFT-1079
Description: Populate 'cryptoKey' property for keys without alias name in compliance engine.
Known limitations: N\A
Affected Components:  

Compliance Rulesets Update - 9:20 UTC

Type: Improvement
Description:  A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: