Remediate 1.x release notes

New features, enhancements, resolved issues, and known issues for Puppet Remediate 1.x release series.

Version 1.4.2

Released 15 December 2020.

Resolved issues in this release:

  • Node filtering - A content completion drop-down field was added to help correct an issue where node filter results on Nodes pages were not returned if the node source name was not entered in full.
  • Task parameters - Remediate was updated to fix an issue where it was possible to run a task without mandatory parameters.
  • Node identification - An issue was corrected where canonical ID matching between hosts found from VR sources and a PDB source failed.
  • Running tasks on nodes - Fixed an issue where the selection of individual nodes on Node pages when running a task did not pass the provider information accurately.
  • Install image - The docker-compose.yml file has been updated to fix an issue where Docker pull limits caused the install process to fail.
  • Puppet Enterprise integration - This release fixes an issue where incompatibilities between the names of identical assets retrieved from Puppet Enterprise and other sources negatively affected PE integration with Remediate.

Version 1.4.1

Released 10 November 2020

Resolved issues in this release:

  • Security hardening - A number of Remediate open source components have been updated to improve software security.
  • Password management - Remediate has been updated to prevent browsers from saving login credentials.
  • Installation improvements - Previously, Remediate could be installed without a license and display very limited functionality. This is no longer possible in this release.
  • UI selection updates - Custom column selection in the Vulnerability details page now persists when the user navigates away from the page.
  • Source/Credential removal improved - Removal of a source or credential set in Remediate now requires additional confirmation in the UI.
  • Source loading information - Users are now given information on the progress of the loading of sources.

Known issues in this release:

  • IPv6 must enabled on the host for Remediate to start properly.

Version 1.4.0

Released 30 September 2020

New in this release:

  • Puppet Enterprise tasks - Remediate has been updated to allow you to add a single Puppet Enterprise source. Use this source to apply PE tasks on your network.
  • Risk management - In this release, you can use Remediate to accept risk for, and pause reporting of, individual vulnerabilities on selected nodes.
  • TLS certificate management - Additional CLI commands have been added to help users add and manage third-party signed TLS certificates.

Resolved issues in this release:

  • Package management - Remediate has been updated to show statuses for Windows packages.
  • User management password hardening - Password hardening has been implemented for the Remediate user management interface. Users must now employ strong passwords of at least 6 characters in length.
  • Qualys vulnerability scanner integration - You can now set limits on the date range within which you want vulnerability results to be returned. Previously, Remediate returned all available results.

Version 1.3.0

Released 3 June 2020

New in this release:

  • Record of Remediation - Puppet Remediate has been updated to provide persistent records of the events initiated to combat vulnerabilities. You can now see data on the latest events and remediation tasks that have been carried out, who initiated them, and whether they were successful or not, for any given vulnerability.
  • Audit log - Remediate now contains a fuller audit log that provides data on user, source, credential, and task management events. This is available via command line and can be stored or examined as an audit trail.
  • Activity feed - Data on latest remediation events are now persisted even after restart.
  • Improved data polling configuration - The Update Interval option has been added to the security source configuration. This allows users to set how often Remediate checks for new data. This defaults to 30 minutes. Users who use Remediate in large environments can adjust this value accordingly.
  • Severity threshold configuration - The Severity threshold option has been added to the security source configuration. When configured Remediate does not import any vulnerabilities with a severity less than the configured value. This defaults to importing all vulnerabilities, regardless of severity.
  • integration - The integration now uses the last_found field instead of the since field.

Resolved issues in this release:

  • integration - Improved error handling when requesting authentication tokens from the server.

Version 1.2.1

Released 23 March 2020

Resolved issues in this release:

  • Service logs timestamps - Remediate has been updated to fix an issue where timestamps were missing from service logs.
  • Custom registry installs - A fix was added for an issue that stopped the install image from loading when using a custom container registry.
  • Vault container shutdown issue - A fixed was added to Remediate to resolve an issue that caused the vault container to be inadvertently shut down.
  • Non-UTF-8 encoded status message issue - Remediate was updated to fix an issue where the controller panicked if it encountered a non-UTF-8 encoded status message.
  • Non-admin login issue - This release fixes an issue where non-admin accounts were permitted to log in before the initial configuration was complete.

Version 1.2.0

Released 26 February 2020

New in this release:

  • Vulnerabilities dashboard redesign - The Remediate Vulnerabilities dashboard has been redesigned with a new Metrics bar, data visualizations, and reorganization of vulnerability and affected node information.
  • Performance improvements - The database behind Remediate has been completely redesigned for this release to provide significant performance and scale improvements.
  • Puppet Risk Score - To enhance risk-based prioritisation, the addition of the Puppet Risk Score (the risk score assigned by your vulnerability scanner multiplied by the number of nodes affected) allows you to reduce the risk in your environment even faster.
  • Offline install updated to use custom container registries - The offline install process has been expanded to allow users to install from their own custom container registries.
  • Integration status redesign - The Integration status indicator has been moved to navigation sidebar to give you immediate information on the health of your latest scans.
  • Source credential testing - You can now test access credentials when setting up a scanner on the Add sources page before you run a scan.

Resolved issues in this release:

  • Duplication of nodes - The Remediate database redesign incorporates a fix to prevent possible duplication of nodes information in the Remediate UI.
  • integration - Remediate has been updated to correct an issue where some vulnerabilities reported in were not reflected in the Remediate UI.

Version 1.1.1

Released 9 January 2020

New in this release:

  • Scan refresh functionality - You can now manually trigger a rescan of all or selected resources from the Manage Sources page.
  • SUSE Linux 11 integration - Remediate now fully supports SUSE Linux 11.
  • Activity feed updates - The Recent Events table has been updated to include the username of the event initiator.

Resolved issues in this release:

  • Offline install - Remediate now uses a dedicated Docker image bundle and docker-compose.yml file for offline installs.
  • SSH Updates - Remediate has been updated to enable SSH access to hosts that use CBC ciphers.
  • Container DNS issue - Remediate has now been updated to fix a DNS issue where the container added ndots configuration to the /etc/resolv.conf file.
  • Qualys API integration - Remediate is now able to parse human-readable durations used by the Qualys API that may be reported during daylight savings.

Version 1.1.0

Released 31 October 2019

New in this release:

  • support - Remediate now supports the (Security Center) vulnerability scanner.
  • Multi-user support - User management in Remediate has been completely updated. Administrators can now:
    • Create and manage multiple users accounts.
    • Assign different group privileges to user accounts.
    • Configure Remediate to work with LDAP or Active Directory servers.
  • RBAC Permissions - Assign user privileges to:
    • Add, remove, or run tasks
    • Add or remove credentials
    • Add or remove sources
  • Remediation workflow improvements - The vulnerability remediation workflow has been improved and additional information on the vulnerability and the steps needed to remediate it are provided.

Resolved issues in this release:

  • Offline install not working - The -o flag has been introduced to the remediate start command to ensure you can start remediate when there is no internet access.
  • OpenSSH private key support - Remediate now supports the latest version of OpenSSH private keys.

Version 1.0.1

Released 1 August 2019.

This is the initial release of Remediate.

Known issues:

  • Unable to install Remediate on Debian8 with the default kernel module. Upgrade to Kernel 4.9 and install Remediate again.
  • Network discovered nodes being shown as cloud instances. Hosts discovered via their IP address are counted as a cloud instance and visible in the top cloud instance by region card.
  • Due to inconsistent DNS lookups, tasks fail to run on discovered hosts. When discovered hosts are running on the same domain, an inconsistent DNS lookup between discovering hosts and running tasks on discovered hosts results in tasks failing.
  • In a multi-network environment, the first discovery run might not identify the IP or hostname. Wait for the second discovery run, which happens automatically after four hours.