v1.37.0-B0034

What's changed since pre-release v1.37.0-B0009:

• New features:
  • Added support for new Bicep language features introduced in v0.27.1 by @BernieWhite.
    #2860
    #2859
    • Added support for shallowMerge, groupBy, objectKeys, and mapValues.
    • Updated syntax for Bicep lambda usage of map, reduce, and filter which now support indices.
    • Added support for spread operator.
• New rules:
  • Application Gateway:
    • Check that WAF v2 doesn't use legacy WAF configuration by @BenjaminEngeset.
      #2877
  • Azure Managed Grafana:
    • Check that Azure Managed Grafana workspaces uses Grafana version 10 by @BenjaminEngeset.
      #2878
  • Cosmos DB:
    • Check that database accounts have local authentication disabled by @BenjaminEngeset.
      #2846
    • Check that database accounts have public network access disabled by @BenjaminEngeset.
      #2702
  • Event Hub:
    • Check that access to the namespace endpoints is restricted to only allowed sources by @BenjaminEngeset.
      #2701
• Updated rules:
  • API Management:
    • Important change: Updated Azure.APIM.AvailabilityZone to improve accuracy with non-premium SKUs by @BenjaminEngeset.
      #2788
      • Removed the If Premium SKU.
      • Added check for Premium SKU.
      • Bumped rule set to 2024_06.
• General improvements:
  • Updated resource providers and policy aliases.
    #2880
• Engineering:
  • Bump xunit to v2.8.0.
    #2870
  • Bump xunit.runner.visualstudio to v2.8.0.
    #2871
  • Bump System.Management.Automation to 7.3.12.
    #2868
  • Bump Microsoft.NET.Test.Sdk to v17.10.0.
    #2884
• Bug fixed:
  • Fixed union does not perform deep merge or keep property order by @BernieWhite.
    #2885

See change log.

v1.37.0-B0009

What's changed since v1.36.0:

• New rules:
  • Cosmos DB:
    • Check that database accounts use a paid tier by @BernieWhite.
      #2845
• Updated rules:
  • Deployment:
    • Add additional exclusions for Azure.Deployment.SecureParameter by @BernieWhite.
      #2857
• General improvements:
  • Quality updates to documentation by @BernieWhite.
    #2570
• Bug fixes:
  • Fixed dependency ordering for cross scope deployments by @BernieWhite.
    #2850

See change log.

v1.36.0

What's changed since v1.35.3:

• New rules:
  • Container App:
    • Check that Container Apps have a minimum number of replicas by @BernieWhite.
      #2790
    • Check that Container App environments are zone redundant by @BernieWhite.
      #2791
  • Cosmos DB:
    • Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
      #2809
  • Entra Domain Services:
    • Check that instances use a minimum version of NTLM by @BernieWhite.
      #2837
    • Check that instances use a minimum version of TLS by @BernieWhite.
      #2837
    • Check that instances do not use RC4 encryption by @BernieWhite.
      #2837
• General improvements:
  • Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
    #2493
    • The following rules are deprecated:
      • Azure.Template.UseParameters
      • Azure.Template.UseVariables
      • Azure.Template.DefineParameters
      • Azure.Template.ValidSecretRef
    • These rules have been deprecated and will be removed in v2.
  • Quality updates to documentation by @lukemurraynz @BernieWhite.
    #2789
    #2570
  • Additional policies added to default ignore list by @BernieWhite.
    #1731
• Bug fixes:
  • Fixed not found warning when exporting firewall policy signatureOverrides by @BernieWhite.
    #2806
  • Fixed Azure.Storage.UseReplication to allow for zone-redundant replication by @sebassem.
    #2827
  • Fixed nested usage of listKeys mocks by @BernieWhite.
    #2829

What's changed since pre-release v1.36.0-B0077:

• General improvements:
  • Quality updates to documentation by @BernieWhite.
    #2570

See change log.

v1.36.0-B0077

What's changed since pre-release v1.36.0-B0046:

• New rules:
  • Entra Domain Services:
    • Check that instances use a minimum version of NTLM by @BernieWhite.
      #2837
    • Check that instances use a minimum version of TLS by @BernieWhite.
      #2837
    • Check that instances do not use RC4 encryption by @BernieWhite.
      #2837
• General improvements:
  • Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
    #2493
    • The following rules are deprecated:
      • Azure.Template.UseParameters
      • Azure.Template.UseVariables
      • Azure.Template.DefineParameters
      • Azure.Template.ValidSecretRef
    • These rules have been deprecated and will be removed in v2.

See change log.

v1.36.0-B0046

What's changed since pre-release v1.36.0-B0020:

• Bug fixes:
  • Fixed Azure.Storage.UseReplication to allow for zone-redundant replication by @sebassem.
    #2827
  • Fixed nested usage of listKeys mocks by @BernieWhite.
    #2829

See change log.

v1.36.0-B0020

What's changed since v1.35.3:

• New rules:
  • Container App:
    • Check that Container Apps have a minimum number of replicas by @BernieWhite.
      #2790
    • Check that Container App environments are zone redundant by @BernieWhite.
      #2791
  • Cosmos DB:
    • Check that database accounts only accept a minimum of TLS 1.2 by @BernieWhite.
      #2809
• General improvements:
  • Quality updates to documentation by @lukemurraynz @BernieWhite.
    #2789
    #2570
  • Additional policies added to default ignore list by @BernieWhite.
    #1731
• Bug fixes:
  • Fixed not found warning when exporting firewall policy signatureOverrides by @BernieWhite.
    #2806

See change log.

v1.35.3

What's changed since v1.35.2:

• Bug fixes:
  • Fixed false positive with load balancers that use a public IP by @BernieWhite.
    #2814

See change log.

v1.35.2

What's changed since v1.35.1:

• Bug fixes:
  • Fixed regression when handing ambiguous mock array outputs by @BernieWhite.
    #2801

See change log.

v1.35.1

What's changed since v1.35.0:

• Bug fixes:
  • Fixed null parameter overrides default value by @BernieWhite.
    #2795

See change log.

v1.35.0

What's changed since v1.34.2:

• New features:
  • Added WAF pillar specific baselines by @BernieWhite.
    #1633
    #2752
    • Use pillar specific baselines to target a specific area of the Azure Well-Architected Framework.
    • The following baselines have been added:
      • Azure.Pillar.CostOptimization
      • Azure.Pillar.OperationalExcellence
      • Azure.Pillar.PerformanceEfficiency
      • Azure.Pillar.Reliability
      • Azure.Pillar.Security
  • Added March 2024 baselines Azure.GA_2024_03 and Azure.Preview_2024_03 by @BernieWhite.
    #2781
    • Includes rules released before or during March 2024.
    • Marked Azure.GA_2023_12 and Azure.Preview_2023_12 baselines as obsolete.
• Updated rules:
  • Updated Azure.AppService.NETVersion to detect out of date .NET versions including .NET 5/6/7 by @BernieWhite.
    #2766
    • Bumped rule set to 2024_03.
  • Updated Azure.AppService.PHPVersion to detect out of date PHP versions before 8.2 by @BernieWhite.
    #2768
    • Fixed Azure.AppService.PHPVersion check fails when phpVersion is null.
    • Bumped rule set to 2024_03.
  • Updated Azure.AKS.Version to use 1.27.9 as the minimum version by @BernieWhite.
    #2771
• General improvements:
  • Renamed Cognitive Services rules to Azure AI by @BernieWhite.
    #2776
    • Rules that were previously named Azure.Cognitive.* have been renamed to Azure.AI.*.
    • For each rule that has been renamed, an alias has been added to reference the old name.
  • Improved export of in-flight data for Event Grid and Azure Firewall Policies by @BernieWhite.
    #2774
  • Additional policies added to default ignore list by @BernieWhite.
    #1731
  • Quality updates to rule documentation by @BernieWhite.
    #2570
    #1243
    #2757
    • Add rule severity to rule documentation pages.
    • Add documentation redirects for renamed rules.
  • Updated links to learn.microsoft.com (from docs.microsoft.com) by @lukemurraynz.
    #2785
• Engineering:
  • Bump coverlet.collector to v6.0.2.
    #2754
• Bug fixes:
  • Fixed false negative from Azure.LB.AvailabilityZone when zone list is empty or null by @jtracey93.
    #2759
  • Fixed failed to expand JObject value with invalid key by @BernieWhite.
    #2751

What's changed since pre-release v1.35.0-B0116:

• General improvements:
  • Updated links to learn.microsoft.com (from docs.microsoft.com) by @lukemurraynz.
    #2785

See change log.