Skip to main content
Version: 3.6.0

Release Notes

warning

Before proceeding with an update, review the Before Upgrading guide. Failing to do so may result in data loss or downtime.

Furthermore, users are strongly encouraged to review the release notes for each version before upgrading, to understand the impact of changes, including feature removals or default behaviour modifications.

For more information regarding the release process, please see the Versioning page.

See below for the latest changes and fixes. For older versions, please refer to the respective documentation version.

Version 3.6.0

What's new:

  • AME-1304 Ticketing integration with Jira Software
  • AME-1321 Option to make comments mandatory when changing status and enforcing comment format
  • AME-1331 Option to disable ServiceNow work_notes updates unless explicitly mapped
  • AME-1299 Sender address overwrite in notification targets
  • AME-1278 Improved filters for staged realizations allowing to search by observable value and stage reason
  • AME-1354 Lazy result loading for observables ingest
  • AME-1257 Limiting number of risk events per event to 1000
  • AME-1328 Configurable deletion of remote tickets
  • AME-1309 Staged Realizations now load by default and search fixed
  • AME-1159 Improved comment modal behavior preventing left open dropdowns
  • AME-1307 Vulnerability drilldowns for notifications, ticketing integrations and reports
  • AME-1327 Read exploitability from NIST tags into additional field
  • AME-1273 Date equal queries for vulnerability overview
  • AME-1175 Introduced valid_from / valid_until in exception rules
  • AME-1261 Migrated to TanStack Router for better routing and nested routes
  • AME-1300 Upgraded to React UI 5.3
  • AME-1110 Option to clear/remove staged realizations

Fixed issues:

  • AME-1355, AME-1351, AME-1323, AME-1322 Introduced batching and pagination in housekeeping, realization fixes, and ticketing integration to improve performance and scalability
  • AME-1359 Removed misleading UI hint for bulk-update flows
  • AME-1353 Fixed realizations can not be deleted if referenced by risk event
  • AME-1296 Setup now correctly marked as complete without reload
  • AME-1292 Improved “Tenant not found” message
  • AME-1341 Replaced buggy unixTimestampToDate method
  • AME-1339 Fixed is-truthy operator selection and deserialization
  • AME-1335 Corrected accelerations for observable fields
  • AME-1330 CVE Overview no longer allows invalid filter creation
  • AME-1329 Improved modinput run check for kvstore startup
  • AME-1324 Improved handling of stale ticketing integration queue entries
  • AME-1290 Migrated HTTP handling from requests to httpx
  • AME-1240 Replaced react-beautiful-dnd with maintained alternative

Deprecation notice:

Starting with version 4.0.0, the following features will be deprecated and removed:

  • “squash” configuration option on notification targets
  • Removal of CVE Tag view
    • moved to CVE overview in vulnerability intelligence
    • requires configuration of NIST API key for fetching CVE information

Version 3.5.5

What's new:

  • AME-1299 Implement sender address overwrite in notification targets

Fixed issues:

  • AME-1308 vuln_int_realization_ingest.py consumes a lot of memory during ingest
  • AME-1312 Status 414 during event processing with risk events
  • AME-1314 Rework tracking calculations to keep "stable" trigger times to reduce required updates
  • AME-1318 Realization- / Realization-Exception-Rules / VulnIntReport do not enforce unique names per tenant

Version 3.5.4

Fixed issues:

  • AME-1238 Adding search controls to observables and vulnerability dashboards
  • AME-1262 Fixing event actions alignment
  • AME-1269 Enabling keep alive for long-lived search jobs used in vulnerability dashboards
  • AME-1276 Updating the complete EPSS dataset instead of the newest CVEs
  • AME-1280 Observable chart editor loses focus on input
  • AME-1283 Fixing the width of workflow action dropdowns
  • AME-1284 Implementing resizable tables
  • AME-1286 Fixing CVE downloads not respecting proxy and certificate settings
  • AME-1288 Presenting errors from generating commands in vulnerability dashboards
  • AME-1297 Fixing CVE updates being rejected
  • AME-1298 Implementing action to reset CVE ingest markers
  • AME-1301 Implementing relative observable fields in vulnerability matching context
  • AME-1302 Sorting lists in enriched event context
  • AME-1303 Fix identical data entries in event from vulnerability realization rules
  • AME-1305 Excessive collection size and cache size in vulnerability housekeeping
  • AME-1306 Fixing purging and pruning for large collections

Version 3.5.3

Fixed issues:

  • AME-1275 Fixed an issue where realization details failed to load
  • AME-1272 Resolved limitation where vulnerability realization queries were capped at 10k results when using realization filters
  • AME-1268 Improved CVE handling to add realizations to staged queue when CVE is not found in KV-Store

Version 3.5.1

What's new:

  • AME-1226 Upgrade to React UI 5.0
  • AME-1219 Allow jinja2 templated comparisons for data & trigger conditions in notification flows

Fixed issues:

  • AME-1256 Ticketing integration test does not show that it is ongoing
  • AME-1254 Ticketing integration: Remote-Ticket-ID is not correctly set on existing update entries
  • AME-1253 Direct From Search Notification Trigger: preconditions are not checked
  • AME-1251 SLAEntryService: dont call register_event_attached_data_changed from fulfillment and violation as an event update is made anyway
  • AME-1249 Risk-Event changes does not trigger an event-lifecycle update, preventing SNOW from getting an updated description
  • AME-1248 Ticketing Integration Tab: set max-width for changed-fields col
  • AME-1247 Support-Central: ame_notification_trigger_queue: cannot determine tenant UI for collection
  • AME-1246 Event edit dropdown width is not set
  • AME-1241 Fix create-alert: templates should only be read in AlertQueueService, and order of priority should be valid
  • AME-1235 Vuln int overview exploitable is not shown
  • AME-1232 Templating Error in Realization Rule templates is not notified to users
  • AME-1133 Observable Reporting Groups: Deleting an item does not refresh the reducer state

Version 3.5.0

What's new:

  • Vulnerability Intelligence
  • Implement option to load observable data in ameevents
  • Observability Reporting Groups
  • Ingest Observable Group Alert Action
  • Create AME Notifcation Alert Action

Fixed issues:

  • AME-1113 KPI Report Resolved Events - Average Resolve Duration panels not working
  • AME-1115 Creating an event from an interactive search causes an exception in JobWrapper
  • AME-1129 Bulk-Update of events does not trigger sync for SNOW
  • AME-1134 Rework filtering logic for observables overview to apply implicit OR within the same field