Stax Changelog logo

Changelog

Back to Homepage Subscribe to Updates

Labels

  • All Posts
  • Fix
  • changed
  • added
  • deprecated
  • removed
  • security
  • notice

Jump to Month

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
Fix
a month ago

CIS Benchmark Rule update for Network ACL ingress allowed from all hosts

An update has been released for Rule CIS 5.1 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports. This rule will now flag a Network ACL (NACL) as failing when any of the following conditions are met:

  • There is a NACL rule allowing TCP traffic on SSH (port 22) to all hosts (0.0.0.0/0)
  • There is a NACL rule allowing TCP traffic on RDP (port 3389) to all hosts (0.0.0.0/0)
  • There is a NACL rule allowing all traffic on all ports to all hosts (Note: This will often be the case as this is also the default settings.)

Before the update, this rule evaluated that a NACL rule allowed TCP traffic on both an SSH and RDS port to all hosts. This change will impact customers with CIS Benchmark version 1.3.0 or 1.4.0 Rule Bundle enabled. Customers should expect a change in the compliance score of this rule.



added
a month ago

CREATED status added to the Tasks API

As part of the improvements to the creation and scheduling of tasks with the Tasks API, a new OperationStatus of CREATED has been added to the API. Read more.

Fix
a month ago

CIS Benchmark version 1.4.0 Rule Bundle update for unused credentials

Stax has released an update to the CIS Benchmark version 1.4.0 bundle to align with a change introduced to rule 1.12 in the CIS 1.4 Amazon Web Services Foundation Benchmark specification.

The following rule has been removed from the CIS Benchmark version 1.4.0 Rule Bundle:

  • CIS 1.12 - Ensure access keys are rotated every 90 days or less

The following rule has been added to the CIS Benchmark version 1.4.0 Rule Bundle:

  • CIS 1.12 - Ensure credentials unused for 45 days or greater are disabled

To avoid any loss of historical compliance data, Stax has automatically added the removed rule to your Organization Rules Bundle for customers that had CIS1.4 enabled. If you do not wish to keep the rule, you can remove it from your Organization Rules Bundle by following the process to Disable a Rule.

Fix
a month ago

Real-Time Rule Alerts now ignores disabled rules

Stax has resolved an issue so that the Real-Time Rule Alerts feature ignores disabled Rules. Previously only individual resources which had been ignored within a rule were excluded from Real-Time Rule Alerts. 

Fix
a month ago

Update to Rule - CloudFront distributions support insecure SSL protocols

The Rule CloudFront distributions support insecure SSL protocols has been updated to evaluate that Amazon CloudFront distributions are configured with TLSv1.2 as the minimum protocol version. CloudFront distributions configured with insecure or deprecated security policies, such as TLS1.1, will now fail this rule. 

To add this rule to your Organization Rule Bundle, head to the Rules Catalog page.

security
a month ago

EventBridge cross-account event bus targets IAM role

AWS has notified of an upcoming change for Amazon EventBridge cross-account event bus targets.

EventBridge cross-account event bus targets deployed as part of Stax Events have an associated IAM Role with sufficient permissions to perform the action.

No action is required as part of this change. If you have any questions, please raise a support case.

removed
a month ago

Explore the Cost of Your Services feature removed from Stax

The Explore the cost of your services feature in the Cost module has now been deprecated and removed from the console. Read more. 

removed
a month ago

Tag Policy feature removed from Stax

The Tag Policy feature in the Cost module has now been deprecated and removed from the console. Read more.

deprecated
a month ago

Deprecation of the stax-audit-bus EventBridge rule

The stax-audit-bus EventBridge rule has been deprecated and will be removed from all Stax-managed AWS accounts on 31 March 2023. To understand the impact, read more.

Fixchangedsecurity
2 months ago

Identity Service Database Update

An update has been applied to the Stax Identity Service to improve its performance and reliability.

This update upgrades the Stax Identity Service Database's underlying software. This modernises and standardises the infrastructure in use across all of Stax's customers. 

These changes have been applied automatically by Stax during the advertised maintenance window. There is no impact to service expected as a result of this upgrade. Should you experience any issues, please raise a support case. 

To ensure you receive notice of upcoming changes to Stax, make sure you're subscribed to the status page.