Skip to main content

Release Summary v1.2.18

This release introduces significant enhancements across multiple services, focusing on improved security, expanded SharePoint and AWS integration, and user experience improvements. Several dependencies have been updated to address vulnerabilities and ensure compatibility, while new features and backend capabilities have been added to support advanced reporting and inventory management.

helmChart

No changes were made in this release.

python-algo

  • 🔧 Enhanced AWS property mappings by adding Elastic IP relationships in account.json, ec2.json, and network.json, improving resource identifier connections for AWS services.

chronom-backend

  • 🔧 Merged recent development branch updates.
  • 🐛 Fixed 34 instances of potential XSS vulnerabilities across 13 controllers by replacing res.send() with res.json(), ensuring Content-Type enforcement and mitigating XSS injection risks.
    • Addressed Snyk CWE-79 findings in policy.controller.js.
    • Replaced all unsafe res.send(variable) calls where user or database input could flow through.
    • Preserved binary buffer sends (Excel/PDF) on res.send().
  • 🔧 Enhanced NAT Gateway metrics scanning.
  • 🔧 Updated Coralogix configuration to use modern authentication.
  • 🔼 Upgraded @segment/analytics-node to version 3.0.0.
  • 🔼 Updated mongoose to version 9.3.1.
  • 🔼 Upgraded typesense to version 3.0.3.
  • 🔼 Updated various AWS SDK and Smithy dependencies to their latest versions for improved performance and security.

chronom-client

  • 🔧 Merged recent development branch updates.
  • 🔧 Enhanced report generation logic in the useReports hook to include tenant data and determine report relevance based on available data sources (Cloud and M365).
    • Introduced filtering for report buttons based on data availability.
    • Adjusted state management for selected reports to utilize filtered report data.
  • 🔧 Improved loading state management in M365DirectoryFiltersSection and updated user stats display logic for accuracy.
  • 🔧 Updated M365Directory page to pass the new loading prop to the filters section.
  • 🔧 Updated announcement descriptions in AWS and Azure account components to use an em dash for improved readability.
  • 🔧 Refactored M365 and Inventory pages to support view switching, introducing a new ViewSwitch component.
    • Updated Home, Inventory, M365, and M365Directory pages to utilize the new view switching functionality.
    • Adjusted routing and component structure for a streamlined user experience.
    • Enhanced README documentation to reflect routing and component organization changes.
  • 🔧 Deleted deprecated alerts and inventory pages, cleaning up unused code.
  • 🔼 Upgraded Docker base image from node:22.15.1-alpine3.21 to node:22.22.1-alpine3.22, resolving five vulnerabilities including race condition, directory traversal, and reliance on undefined behaviors.

policy-service

  • 🔧 Upgraded package versions, removed unused packages, and cleaned up unneeded Jest references.
  • 🔧 Updated Coralogix configuration to use the new API endpoint.

typesense-mongodb-sync

  • Added a new sharepointInventory Typesense collection, which is site-scoped and aggregates child resources (Drives, DriveItems, Lists, Pages, Permissions) per Azure/SharePointSite.
    • Implemented aggregation pipeline with $lookup joins for child nodes, computing storage metrics, counts, and owner info.
    • Triggered via the existing sync-m365 RabbitMQ action.
    • Added sharepointResourceId reference field to the policyResults collection.
    • Included sharepointInventory in delete-account cleanup processes.

azure-scanner

  • 🔧 Enhanced SharePoint parsing by adding siteTemplate and isArchived properties to SharePointSiteInterface.
    • Updated the parseSite function to accept enrichment data for improved site parsing.
    • Modified SharePoint scanner to fetch and utilize enriched site properties.
    • Updated .dockerignore to exclude cursor files.
  • 🔼 Upgraded @aws-sdk/client-secrets-manager from 3.998.0 to 3.1000.0, addressing vulnerabilities related to XML entity expansion, improper input validation, and buffer overflow.
  • 🔼 Upgraded @types/node from 24.10.14 to 24.11.0.
  • 🔼 Upgraded axios from 1.13.5 to 1.13.6, improving React Native Blob support, error handling, and resolving a potential Denial of Service issue.

be-ms-graph

  • 🔧 Merged recent development branch updates.
  • 🔧 Updated Coralogix integration to use modern authentication and endpoint.
    • Updated dependencies in package.json and bun.lock.
    • Modified logger middleware for improved Coralogix integration.

be-ms-inventory

  • 🔧 Merged recent development branch updates.
  • Implemented SharePoint dashboard backend with site search, stats aggregation, and CSV export, following M365Directory patterns.
    • Added Typesense multi-search with facets, MongoDB for tenant quota, and CSV export via flag.
    • Introduced new endpoints:
      • POST /m365/directory/sharepoint/search: Paginated site search with facets, sorting, filtering, policyResults join, and CSV export.
      • GET /m365/directory/sharepoint/stats: Dashboard stats (Typesense facets and MongoDB tenant quota).
    • Documented endpoints and UI/backend field gaps.
    • Verified code quality with linting.
  • 🔧 Added aadGroupIds to m365DirectoryUserFacets and limited members in node retrieval for improved performance.

reports-automation

  • 🔧 Merged recent development branch updates.
  • 🔧 Updated Coralogix configuration.
  • 🔼 Upgraded mongoose, winston, eslint, and other development dependencies for improved performance and compatibility.

Disclaimer: The release notes are generated by OpenAI ChatGPT and may not be accurate. Please contact our support team for more information.

2026-Mar-22T14:27:58