Releases: Azure/PSRule.Rules.Azure
Releases · Azure/PSRule.Rules.Azure
v1.37.0-B0034
What's changed since pre-release v1.37.0-B0009:
- New features:
- Added support for new Bicep language features introduced in v0.27.1 by @BernieWhite.
#2860
#2859- Added support for
shallowMerge
,groupBy
,objectKeys
, andmapValues
. - Updated syntax for Bicep lambda usage of
map
,reduce
, andfilter
which now support indices. - Added support for spread operator.
- Added support for
- Added support for new Bicep language features introduced in v0.27.1 by @BernieWhite.
- New rules:
- Application Gateway:
- Check that WAF v2 doesn't use legacy WAF configuration by @BenjaminEngeset.
#2877
- Check that WAF v2 doesn't use legacy WAF configuration by @BenjaminEngeset.
- Azure Managed Grafana:
- Check that Azure Managed Grafana workspaces uses Grafana version 10 by @BenjaminEngeset.
#2878
- Check that Azure Managed Grafana workspaces uses Grafana version 10 by @BenjaminEngeset.
- Cosmos DB:
- Check that database accounts have local authentication disabled by @BenjaminEngeset.
#2846 - Check that database accounts have public network access disabled by @BenjaminEngeset.
#2702
- Check that database accounts have local authentication disabled by @BenjaminEngeset.
- Event Hub:
- Check that access to the namespace endpoints is restricted to only allowed sources by @BenjaminEngeset.
#2701
- Check that access to the namespace endpoints is restricted to only allowed sources by @BenjaminEngeset.
- Application Gateway:
- Updated rules:
- API Management:
- Important change: Updated
Azure.APIM.AvailabilityZone
to improve accuracy with non-premium SKUs by @BenjaminEngeset.
#2788- Removed the
If
Premium SKU. - Added check for Premium SKU.
- Bumped rule set to
2024_06
.
- Removed the
- Important change: Updated
- API Management:
- General improvements:
- Updated resource providers and policy aliases.
#2880
- Updated resource providers and policy aliases.
- Engineering:
- Bug fixed:
- Fixed
union
does not perform deep merge or keep property order by @BernieWhite.
#2885
- Fixed
See change log.
v1.37.0-B0009
What's changed since v1.36.0:
- New rules:
- Cosmos DB:
- Check that database accounts use a paid tier by @BernieWhite.
#2845
- Check that database accounts use a paid tier by @BernieWhite.
- Cosmos DB:
- Updated rules:
- Deployment:
- Add additional exclusions for
Azure.Deployment.SecureParameter
by @BernieWhite.
#2857
- Add additional exclusions for
- Deployment:
- General improvements:
- Quality updates to documentation by @BernieWhite.
#2570
- Quality updates to documentation by @BernieWhite.
- Bug fixes:
- Fixed dependency ordering for cross scope deployments by @BernieWhite.
#2850
- Fixed dependency ordering for cross scope deployments by @BernieWhite.
See change log.
v1.36.0
What's changed since v1.35.3:
- New rules:
- Container App:
- Check that Container Apps have a minimum number of replicas by @BernieWhite.
#2790 - Check that Container App environments are zone redundant by @BernieWhite.
#2791
- Check that Container Apps have a minimum number of replicas by @BernieWhite.
- Cosmos DB:
- Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
#2809
- Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
- Entra Domain Services:
- Check that instances use a minimum version of NTLM by @BernieWhite.
#2837 - Check that instances use a minimum version of TLS by @BernieWhite.
#2837 - Check that instances do not use RC4 encryption by @BernieWhite.
#2837
- Check that instances use a minimum version of NTLM by @BernieWhite.
- Container App:
- General improvements:
- Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
#2493- The following rules are deprecated:
Azure.Template.UseParameters
Azure.Template.UseVariables
Azure.Template.DefineParameters
Azure.Template.ValidSecretRef
- These rules have been deprecated and will be removed in v2.
- The following rules are deprecated:
- Quality updates to documentation by @lukemurraynz @BernieWhite.
#2789
#2570 - Additional policies added to default ignore list by @BernieWhite.
#1731
- Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
- Bug fixes:
- Fixed not found warning when exporting firewall policy
signatureOverrides
by @BernieWhite.
#2806 - Fixed
Azure.Storage.UseReplication
to allow for zone-redundant replication by @sebassem.
#2827 - Fixed nested usage of
listKeys
mocks by @BernieWhite.
#2829
- Fixed not found warning when exporting firewall policy
What's changed since pre-release v1.36.0-B0077:
- General improvements:
- Quality updates to documentation by @BernieWhite.
#2570
- Quality updates to documentation by @BernieWhite.
See change log.
v1.36.0-B0077
What's changed since pre-release v1.36.0-B0046:
- New rules:
- Entra Domain Services:
- Check that instances use a minimum version of NTLM by @BernieWhite.
#2837 - Check that instances use a minimum version of TLS by @BernieWhite.
#2837 - Check that instances do not use RC4 encryption by @BernieWhite.
#2837
- Check that instances use a minimum version of NTLM by @BernieWhite.
- Entra Domain Services:
- General improvements:
- Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
#2493- The following rules are deprecated:
Azure.Template.UseParameters
Azure.Template.UseVariables
Azure.Template.DefineParameters
Azure.Template.ValidSecretRef
- These rules have been deprecated and will be removed in v2.
- The following rules are deprecated:
- Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
See change log.
v1.36.0-B0046
What's changed since pre-release v1.36.0-B0020:
- Bug fixes:
- Fixed
Azure.Storage.UseReplication
to allow for zone-redundant replication by @sebassem.
#2827 - Fixed nested usage of
listKeys
mocks by @BernieWhite.
#2829
- Fixed
See change log.
v1.36.0-B0020
What's changed since v1.35.3:
- New rules:
- Container App:
- Check that Container Apps have a minimum number of replicas by @BernieWhite.
#2790 - Check that Container App environments are zone redundant by @BernieWhite.
#2791
- Check that Container Apps have a minimum number of replicas by @BernieWhite.
- Cosmos DB:
- Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
#2809
- Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
- Container App:
- General improvements:
- Quality updates to documentation by @lukemurraynz @BernieWhite.
#2789
#2570 - Additional policies added to default ignore list by @BernieWhite.
#1731
- Quality updates to documentation by @lukemurraynz @BernieWhite.
- Bug fixes:
- Fixed not found warning when exporting firewall policy
signatureOverrides
by @BernieWhite.
#2806
- Fixed not found warning when exporting firewall policy
See change log.
v1.35.3
What's changed since v1.35.2:
- Bug fixes:
- Fixed false positive with load balancers that use a public IP by @BernieWhite.
#2814
- Fixed false positive with load balancers that use a public IP by @BernieWhite.
See change log.
v1.35.2
What's changed since v1.35.1:
- Bug fixes:
- Fixed regression when handing ambiguous mock array outputs by @BernieWhite.
#2801
- Fixed regression when handing ambiguous mock array outputs by @BernieWhite.
See change log.
v1.35.1
What's changed since v1.35.0:
- Bug fixes:
- Fixed null parameter overrides default value by @BernieWhite.
#2795
- Fixed null parameter overrides default value by @BernieWhite.
See change log.
v1.35.0
What's changed since v1.34.2:
- New features:
- Added WAF pillar specific baselines by @BernieWhite.
#1633
#2752- Use pillar specific baselines to target a specific area of the Azure Well-Architected Framework.
- The following baselines have been added:
Azure.Pillar.CostOptimization
Azure.Pillar.OperationalExcellence
Azure.Pillar.PerformanceEfficiency
Azure.Pillar.Reliability
Azure.Pillar.Security
- Added March 2024 baselines
Azure.GA_2024_03
andAzure.Preview_2024_03
by @BernieWhite.
#2781- Includes rules released before or during March 2024.
- Marked
Azure.GA_2023_12
andAzure.Preview_2023_12
baselines as obsolete.
- Added WAF pillar specific baselines by @BernieWhite.
- Updated rules:
- Updated
Azure.AppService.NETVersion
to detect out of date .NET versions including .NET 5/6/7 by @BernieWhite.
#2766- Bumped rule set to
2024_03
.
- Bumped rule set to
- Updated
Azure.AppService.PHPVersion
to detect out of date PHP versions before 8.2 by @BernieWhite.
#2768- Fixed
Azure.AppService.PHPVersion
check fails when phpVersion is null. - Bumped rule set to
2024_03
.
- Fixed
- Updated
Azure.AKS.Version
to use1.27.9
as the minimum version by @BernieWhite.
#2771
- Updated
- General improvements:
- Renamed Cognitive Services rules to Azure AI by @BernieWhite.
#2776- Rules that were previously named
Azure.Cognitive.*
have been renamed toAzure.AI.*
. - For each rule that has been renamed, an alias has been added to reference the old name.
- Rules that were previously named
- Improved export of in-flight data for Event Grid and Azure Firewall Policies by @BernieWhite.
#2774 - Additional policies added to default ignore list by @BernieWhite.
#1731 - Quality updates to rule documentation by @BernieWhite.
#2570
#1243
#2757- Add rule severity to rule documentation pages.
- Add documentation redirects for renamed rules.
- Updated links to learn.microsoft.com (from docs.microsoft.com) by @lukemurraynz.
#2785
- Renamed Cognitive Services rules to Azure AI by @BernieWhite.
- Engineering:
- Bump coverlet.collector to v6.0.2.
#2754
- Bump coverlet.collector to v6.0.2.
- Bug fixes:
- Fixed false negative from
Azure.LB.AvailabilityZone
when zone list is empty or null by @jtracey93.
#2759 - Fixed failed to expand JObject value with invalid key by @BernieWhite.
#2751
- Fixed false negative from
What's changed since pre-release v1.35.0-B0116:
- General improvements:
- Updated links to learn.microsoft.com (from docs.microsoft.com) by @lukemurraynz.
#2785
- Updated links to learn.microsoft.com (from docs.microsoft.com) by @lukemurraynz.
See change log.