PowerStig/HISTORIC_CHANGELOG.md

13 KiB

Historic change log for PowerSTIG

The release notes in the PowerShell Module manifest cannot exceed 10000 characters. Due to a bug in the CI deploy pipeline this is not handled. This file is to temporary move the older change log history to keep the change log short.

[3.3.0] - 2019-08-12

UPDATES

  • Fixed #419: PowerStig is creating resource xSSLSettings with the wrong value for Name.
  • Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule #431

Added the following STIG

  • Added support for Windows 10, Version 1, Release 17 #442
  • Added support for Windows Defender, Version 1, Release 5 #393
  • Added support for Internet Explorer 11 Version 1, Release 17 #422
  • Added support for Server 2016 STIG, Version 1, Release 8 #418

[3.2.0] - 2019-05-24

  • Added support for IIS 8.5 Server STIG, Version 1, Release 7 #399
  • Fixed #373: Registry resource does not handle null values for ValueData contained in Processed STIGs
  • Fixed #376: SQL STIG Rules V-41021 (Instance STIG) and V-41402 (Database STIG) fail to apply when applying to a SQL instance that is NOT name the default (MSSQLSERVER).
  • Fixed #377: SQL Instance Rule V-40936 fails when Set-TargertResource is ran
  • Fixed #280: HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. (Regression Issue)
  • Fixed #385: IIS Server STIG V-76681 does not parse correctly
  • Added support for Office 2016 STIGs #370
  • Added support to Automate Application Pool Recycling for IisSite_8.5 #378
  • Added support for Windows Server 2012R2 DC V2R16 #398
  • Added support for update Windows Server 2012 MS STIG v2r15 #395
  • Added support for Firefox STIG v4r25 #389
  • Added entry in log file for IISSite 1.7 so rule v-76819 parses as an xWebConfigurationProperty #407
  • Added IISSite v1.7 #400
  • Fixed #403: DotNet STIG V1R7 update

[3.1.0] - 2019-04-01

UPDATES

  • Removed duplicate code from rule class constructors
  • Migrated from Get-WmiObject to Get-CimInstance to support PowerShell Core
  • Migrated to PSDscResources #345
  • Migrated to ComputerManagementDsc #342
  • Fixed #358: Update PowerSTIG Duplicate Rule handling and capability

Added the following STIG

  • Windows Defender V1R4 #344

[3.0.1] - 2019-03-11

  • Fixed #350: Updates to fix Skip rules not working correctly
  • Fixed #348: Update to DnsServer Schema to correct typo.

[3.0.0] - 2019-03-01

  • Introduces class support for each rule type
  • The STIG class now contains an array of rule objects vs xml elements
  • Orgsettings, Exceptions, and Rule skips are all supported by the Rule base class
  • Rule help is provided for any loaded rule.
    • See the wiki for more information.
  • Major code refactor to simplify maintenance and usage
  • [Breaking Change] The STIG class constructor no longer accepts Orgsettings, Exceptions, or Rule skips
    • That functionality has move to the load rule method
  • DSC composite resource parameter validation for version numbers has been removed
    • The STIG class validates all input and will throw an error if invalid data is provided.
  • The Get-StigList has be updated and renamed to Get-Stig to return the STIG class

UPDATES

  • Fixed #241: [WindowsFeatureRule] PsDesiredStateConfiguration\WindowsOptionalFeature doesn't properly handle features that return $null

  • Fixed #258: New-StigChecklist will not accept a path without an explicit filename

  • Fixed #243: [V-46515] Windows-All-IE11-1.15 Rawstring typo

  • Fixed #289: Updated DocumentRule and DocumentRuleConvert Classes to parse correctly.

  • Fixed #284: [V-74415] [V-74413] Windows 10 STIG rule V-74415 and V-74413 should not contain white space in key

  • Fixed 290: [V-76731] IIS Server STIG V-76731 fails to properly set STIG guidance because rule is not split.

  • Fixed 314: Update PowerSTIG to Utilize LogTargetW3C parameter in xWebAdministration 2.5.0.0.

  • Fixed 334: Update PowerStig to utilize AccessControlDsc 1.3.0.0

  • Fixed 331: 2012/R2 [V-39325] 2016 [V-73373], [V-73389] PermissionRule.Convert CheckContent Match Parser Update

  • Fixed 320: IIS Site STIG doesn't correctly convert STIGS that contain "SSL Settings" in raw string

  • Added the following STIGs

    • IIS Site 8.5 V1R6 #276
    • Windows Firewall STIG V1R7 #319
  • Removed the following STIGs

    • Windows Server 2012 R2 DC 2.12
    • Windows Server 2012 R2 DSN 1.7
    • Active Directory Domain 2.9
    • IIS Server 8.5 1.3
    • IIS Site 8.5 1.2
    • Removed: Internet Explorer 1.13

[2.4.0.0] - 2019-02-07

  • Fixed #244: IIS Server rule V-76727.b org setting test fails

  • Fixed #246: IIS Server rule V-76737 contains an incorrect value

  • Fixed #225: Update PowerStig integration tests to consolidate duplicate code.

  • Fixed #160: PowerStig.Convert needs to handle new registry rules without affecting existing code

  • Fixed #201: Update PowerStig integration tests to account for skips and exceptions.

  • Fixed #260: FireFox Composite Resource configuration applies correctly, but never passes a Test-DscConfiguration.

  • Fixed #244: IIS Server rule V-76727.b org setting test fails

  • Fixed #265: Fixed UserRightsAssignment split rule bug.

  • Fixed #267: Fixed winlogon registry path parser bug.

  • Fixed #238: Adds regex tracker for RegistryRule regex's.

  • Fixed #274: UserRightsAssignment composite resource does not leverage the Force Parameter.

  • Fixed #280: HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource.

  • Windows Server 2012R2 Fixes

    • V-36707 is now an org setting
    • (DC only) V-2376 - V-2380 are migrated from manual to account policy rules.
  • Added the following STIGs

    • SQL Server 2016 Instance V1R3 #186
    • Windows Defender Antivirus V1R4 #236
    • Mozilla Firefox V4R24 #261
    • Windows Server 2016 V1R6 #169
    • Windows Server 2016 V1R7 #251
    • SQL Server 2012 Database V1R18 #263
    • Windows Server 2012R2 DC V2R15 #267
    • Windows 10 V1R16 #269
    • IIS Server 8.5 V1R6 #256
    • Windows Server 2012R2 DNS V1R11 STIG #265
    • AD Domain V2R12 #270

[2.3.2.0] - 2018-12-18

  • Fixed #215: Org settings wont apply for DotNet STIG
  • Fixed #216: DotNet STIGs are misnamed
  • Fixed #207: SQL Server Database rules fail to apply
  • Fixed #208: Update PowerSTIG to use SQLServerDsc 12.1.0.0
  • Fixed #220: Update PowerSTIG to use xWebAdministration 2.3.0.0

[2.3.1.0] - 2018-12-07

  • Fixed #212: SDDL strings are incorrectly split in the xRegistry resource
  • Fixed #180: IisSite SkipRuleType and SkipRule fail to skip rules

[2.3.0.0] - 2018-11-30

  • Windows 10 Fixes

    • V-63795 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ##
  • Windows Server 2012R2 Fixes

    • V-1089 - Corrected text
    • V-21954 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ##
    • V-26070 - Corrected key path
    • V-36657 - Corrected key path
    • V-36681 - Corrected key path
  • Added the following STIGs

    • IIS Server 8.5 STIG V1R5
    • Microsoft Outlook 2013 STIG V1R13
    • DotNet Framework 4.0 STIG V1R6
    • IIS Site 8.5 STIG V1R5
    • Windows Domain V2R11
    • FireFox 4.23 STIG
    • Windows Server 2012R2 DC V2R14
    • Windows Server 2012R2 MS V2R14
    • Windows 10 V1R15

[2.2.0.0] - 2018-10-10

  • Added the following STIGs

    • IIS Site 8.5 STIG V1R2
    • IIS Site 8.5 STIG V1R3
    • Oracle JRE 8 STIG V1R5
    • Microsoft Outlook 2013 STIG V1R12
    • Microsoft PowerPoint 2013 Stig V1R6
    • Microsoft Excel 2013 STIG V1R7
    • Microsoft Word 2013 STIG V1R6
  • Added the following DSC Composite Resources

    • Microsoft Office 2013 STIGs
    • FireFox STIG
    • IIS Site STIG
    • IIS Server STIG
    • Oracle JRE STIG
    • Windows10 STIG
  • Newly required modules

    • PolicyFileEditor
    • FileContentDsc
    • WindowsDefenderDSC
    • xWebAdministration
    • xWinEventLog
  • Updated required module versions

    • xDnsServer from 1.9.0.0 to 1.11.0.0
    • SecurityPolicyDsc from 2.2.0.0 to 2.4.0.0

[2.1.0.0] - 2018-09-05

  • Migrated Composite resources to the xRegistry resource
  • Fixed 2012R2 V-15713 default org setting value
  • Updated IE STIGs (V-46477) with the decimal value
  • Updated New-StigCheckList to output StigViewer 2.7.1 ckl files
  • Added SkipRule functionality to all composite resources
  • Added StigData for FireFox STIG V4R21
  • Added Sql2012 1.17 to Archive and processed
  • Updated Sql2012 1.16 to fix broken rules
  • Removed Sql2012 1.14 from archives to comply with n-2 version policy
  • Updated data for 2012R2 Stigs to fix broken rules

[2.0.0.0] - 2018-08-17

  • Added a Document module to automatically create a Stig Checklist (EXPERIMENTAL)

  • Merged PowerStigDsc into PowerStig so there is only one module to maintain

    • Replaced PowerStig Technology Class with Enumeration
    • Added script module back to manifest
    • Added DotNetFramework composite resource
  • Added the following STIGs

    • Windows Server 2012R2 MS STIG V2R13
    • Windows Server 2012R2 DC STIG V2R13
    • Windows 2012 DNS V1R10
    • Windows Domain V2R10
    • Windows Forest V2R8
    • IE11-V1R16
  • Corrected parsing of rule V-46477 in the IE STIGs

    • Updated StigData
    • Bug fixes
    • Removed Windows Server 2012R2 MS and DC StigData v2.9

[1.1.1.0] - 2018-08-13

Update IIS Server STIG V-76723.a with correct value

[1.1.0.0] - 2018-07-29

Replaced Technology class with enumeration. This breaks PowerStigDsc < 1.1.0.0

Added the following STIGs:

  • IIS 8.5 Server STIG V1R3

Updates

  • Updated SQL STIG code to account for SQL STIGS being added in PowerStigDsc
  • Update to PowerStig.psm1 to fix issue were StigData class was not accessible to PowerStigDsc

[1.0.0.0] - 2018-07-01

Added the following STIGs:

  • Windows Server 2012R2 MS STIG V2R12
  • Windows Server 2012R2 DC STIG V2R12
  • Windows Server DNS V1R9
  • Windows AD Domain V2R9
  • IE11 V1R15