23.3.28 Release Notes
Important Changes to Review
Note on Database Migration for IaC Users
23.3.28 includes updates that can lead to long DB migrations for IaC users. The updates required a fix for a rare bug that could cause incomplete scan results to show in the UI. These updates also include preparations for some additional upcoming improvements for IaC Scanning.
Note: The larger quantity of scans your environment contains, the longer this update may take.Changes to Paths for Hosted Customers
As of {release}, accessing static data via /divvy/ will no longer work. In cases like this, you will need to use /static/ instead which should function identically. The most common examples or usage of these paths is in the Logo URL of custom packs that reference cloud provider images and in some Plugins.
Updates to Endpoint Handling
InsightCloudSec’s 23.2.28 release included updates to our internal webserver library, Flask. As a result, some of our endpoint handling has changed in the following ways:
- Any requests submitting JSON to an endpoint must explicitly include the Content-Type: application/json header (e.g. for POST requests).
- Any requests POSTing empty bodies may fail with a 500 error as empty bodies for endpoints that expect one aren’t valid JSON.
- Plugins that declare custom endpoints will also be affected by the above changes.
- For more information about the above changes, refer to the details linked here.
Kubernetes Scanner Release Notes 4.0.0
Kubernetes Scanner Release v.4.0.0 (3/22/23)
23.3.21 Release Notes
Important Changes to Review
Changes to Paths for Hosted Customers
As of Release 23.3.7, accessing static data via /divvy/ will no longer work. In cases like this, you will need to use /static/ instead which should function identically. The most common examples or usage of these paths is in the Logo URL of custom packs that reference cloud provider images and in some Plugins. [ENG-20367]Updates to Endpoint Handling
InsightCloudSec’s 23.2.28 release included updates to our internal webserver library, Flask. As a result, some of our endpoint handling has changed in the following ways:
- Any requests submitting JSON to an endpoint must explicitly include the Content-Type: application/json header (e.g. for POST requests).
- Any requests POSTing empty bodies may fail with a 500 error as empty bodies for endpoints that expect one aren’t valid JSON.
- Plugins that declare custom endpoints will also be affected by the above changes.
For more information about the above changes, refer to the details linked here.
[ENG-23896]
23.3.14 Release Notes
Important Changes to Review
Changes to Paths for Hosted Customers
As of Release 23.3.7, accessing static data via /divvy/ will no longer work. In cases like this, you will need to use /static/ instead which should function identically. The most common examples or usage of these paths is in the Logo URL of custom packs that reference cloud provider images and in some Plugins.
[ENG-20367]Updates to Endpoint Handling
InsightCloudSec’s 23.2.28 release included updates to our internal webserver library, Flask. As a result, some of our endpoint handling has changed in the following ways:
- Any requests submitting JSON to an endpoint must explicitly include the Content-Type: application/json header (e.g. for POST requests).
- Any requests POSTing empty bodies may fail with a 500 error as empty bodies for endpoints that expect one aren’t valid JSON.
- Plugins that declare custom endpoints will also be affected by the above changes.
For more information about the above changes, refer to the details linked here.
[ENG-23896]
23.3.7 Release Notes
Important Changes to Review
Changes to Paths for Hosted Customers
As of Release 23.3.7, accessing static data via /divvy/ will no longer work. In cases like this, you will need to use /static/ instead which should function identically. The most common examples or usage of these paths is in the Logo URL of custom packs that reference cloud provider images and in some Plugins.
[ENG-20367]
Updates to Endpoint Handling
InsightCloudSec’s 23.2.28 release included updates to our internal webserver library, Flask. As a result, some of our endpoint handling has changed in the following ways:
Any requests submitting JSON to an endpoint must explicitly include the Content-Type: application/json header (e.g. for POST requests).
Any requests POSTing empty bodies may fail with a 500 error as empty bodies for endpoints that expect one aren’t valid JSON.
Plugins that declare custom endpoints will also be affected by the above changes.
For more information about the above changes, refer to the details linked here.[ENG-23896]
23.2.28 Release Notes
Required Permissions - Reference
InsightCloudSec has updated our approach to documenting all permissions. Permissions are provided in a single location and updated with each release.
23.2.28 and all future releases will include a reference section at the end of the release notes page with links to individual policy files.
23.2.22 Release Notes
Required Permissions - Reference
InsightCloudSec has updated our approach to documenting all permissions. Permissions are provided in a single location and updated with each release.
23.2.22 and all future releases will include a reference section at the end of the release notes page with links to individual policy files.
23.2.15 Release Notes
Required Permissions - Reference
With our previous release (23.2.8), InsightCloudSec has updated our approach to documenting all permissions. Permissions are provided in a single location and updated with each release.
23.2.15 and all future releases will include a reference section at the end of the release notes page with links to individual policy files.
23.2.8 Release Notes
Documenting Required Permissions
InsightCloudSec has updated our approach to documenting permissions with the 23.2.8 release.
Each month InsightCloudSec releases support for new resources, Insights, Bot Actions, and other updates that require dozens of permission changes. There is significant effort required to maintain accurate policies and ensure access to these ever-expanding features. We strongly encourage customers to use the policies offered by the providers (for example the AWS managed policy with our small supplemental InsightCloudSec policy) to minimize ongoing manual intervention and ensure the best visibility into our growing coverage.
Important Details to Note:
All required permissions for each CSP are now available as JSON policy files that can be downloaded from our public S3 bucket. The following policies are available (and utilized by the documentation during cloud setup):
- Alibaba Cloud
- AWS
- Commercial
- Managed Read Only Supplement Policy
- Customer-Managed Read Only Policy
- Commercial Power User Policy
- GovCloud
- Read Only Policy
- Power User Policy
- Azure
- GCP
- For GCP, since permissions are tied to APIs there is no policy file to maintain. Refer to our list of Recommended APIs that is maintained as part of our GCP coverage.
- Oracle Cloud Infrastructure
For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.
23.2.1 Release Notes
Documenting Required Permissions
InsightCloudSec will update our approach to documenting permissions with the February documentation branch for the 23.2.8 release.
Each month InsightCloudSec releases support for new resources, Insights, Bot Actions, and other updates that require dozens of permission changes. There is significant effort required to maintain accurate policies and ensure access to these ever-expanding features. We strongly encourage customers to use the policies offered by the providers (for example the AWS managed policy with our small supplemental InsightCloudSec policy) to minimize ongoing manual intervention and ensure the best visibility into our growing coverage.
Important Details to Note:
All required permissions will be available as JSON policy files for each individual provider linked throughout the documentation with the CSP-specific content.
For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.