April 2025

New Features

• Compliance Standards Mapping Displayed in Issues
  The Issue page now shows a mapping from the Compliance category to the corresponding compliance framework category for the CWE associated with the issue. With this release, every reported issue is now mapped to OWASP API Top 10, OWASP Top 10, MITRE CWE Top 25, NIST, HITRUST CSF, HIPAA Security Rule, PCI DSS, and CAPEC.
• The GitLab DAST report output has been enhanced to include the compliance mappings.

Enhancements

• Sift: PoP Token Body Handling
  The Proof-of-Possession (PoP) token now includes "body" in the "ehts" claim only when the request has a non-empty body, improving token accuracy.
• Sift: Filter Operations by HTTP Method
  Sift now allows filtering operations based on their HTTP method, enabling more targeted scans.

Bug Fixes

• Generator Sets JSON Handling Fix
  Fixed an issue where a variable value of type JSON was not correctly stored in the Sift configuration.
• Configuration Editor PolicyEvaluator Fix
  Resolved an issue where the PolicyEvaluator analyzer could appear multiple times for the same Policy in the configuration generated by the Configuration Editor.
• Jira Integration Role-Based Access Fix
  Jira settings are now only displayed to users with the Owner role, ensuring proper access control.

Important Notes

• PostgreSQL Vector Extension Requirement
  The vector PostgreSQL extension must be installed in the database used by Aptori before installing or upgrading to Aptori Platform 25.4.3.
  
  • Install it using the SQL command: CREATE EXTENSION IF NOT EXISTS vector WITH SCHEMA public;

New Features

• Jira Multi-Server Support
  You can now configure multiple Jira servers within the platform.
  • Supports project mapping between a Jira project and an Aptori project.
  • Organization Owners can add or update Jira server configurations.
  • Organization Owners, Group Owners, and Group Maintainers can manage Jira-to-Aptori project mappings.
• API Settings – JSON Generator Support
  Under API Settings → Generators, you can now assign a JSON generator as a parameter to an operation.
• Cookie Ignore List
  A new setting in the Admin Portal allows administrators to define a list of regular expressions for cookies that should be excluded from security checks.

Enhancements

• Run Result Summary View
  The summary now clearly states whether an issue was found or not found, replacing the older Pass/Fail status for improved clarity.

Bug Fixes

• Postman Upload for Generators Fix
  Fixed issues related to uploading Postman collections for generator configuration.

New Features

• User Assignment Search
  Easily search for users when assigning issues, streamlining the triage and remediation process.
• Issues Report API
  Retrieve a comprehensive list of all issues using the Issues API and Python SDK, with support for advanced filtering options.
• Issues Report
  Generate and download a complete report of all issues, enabling better tracking, auditing, and communication.
• Pending Invitations Search
  Search capability added to the Pending Invitations list, making it easier to locate specific user invites.
• Policy Editor
  A new Policy Editor allows users to create and manage custom policies, supporting rules written in Rego.
• EPSSv4 Integration
  EPSS version 4 is now integrated into Aptori, providing enhanced risk-based prioritization for vulnerabilities.

Enhancements

• Configuration Editor Enhancement
  You can now select User Defined Policies for evaluation in a Sift scan of your application, offering more granular control over custom security checks.