Audit App Release Notes
The initial installation of ITRS Analytics includes all required app, such as the Web Console, bundled by default. No separate installation steps are required for individual apps. For installation guidance, refer to the Install ITRS Analytics apps documentation.
To stay informed about the most recent updates and packaging versions, you can refer to the ITRS Analytics Packaging Changelog. This resource provides direct links to release notes for each bundled version of the ITRS Analytics Platform and its apps, bill of materials listing all included components, and references to the published Docker images.
Audit 1.1.0 Copied
Released: 30 October 2025
Issues fixed Copied
These are the issues we have fixed in this release:
| Issue key | Release description |
|---|---|
| OAA-61 | Updated Spring Framework to version 3.5.6 to address a high-severity security vulnerability CVE-2025-41249. |
Audit 1.0.0 Copied
Released: 11 April 2025
These are the highlights of this release:
-
Source and target dimension filtering — Refine your search by specifying source and target dimensions. This enables targeted analysis, such as viewing all configuration changes made to
gateway xor all commands executed onhost x. -
Time-based analysis — Pinpoint specific events within precise timeframes, such as failed log-on attempts. You can easily retrieve all actions performed for a period, for example yesterday at 1 p.m.
-
User-centric tracking — Monitor individual user activity over defined periods. Track actions taken by a specific user, such as configuration changes, reported along with associated information.
Open Known issues Copied
These are the known issues affecting this release:
| Issue key | Known issue description |
|---|---|
| OAA-42 | A reported critical security vulnerability, CVE-2025-22228, can allow attackers to bypass authentication in the spring-security-crypto library by exploiting passwords longer than 72 characters due to how BCryptPasswordEncoder.matches() functions. |
| OAA-48 | All Samba AD DC versions are affected by a reported critical Kerberos elevation of privilege vulnerability, CVE-2022-37967. This allows a service account with constrained delegation to exploit RC4-HMAC weaknesses and forge powerful Kerberos tickets, enabling privilege escalation via unauthorized group additions to the Privilege Attribute Certificate (PAC). |
Disclaimer
The information contained in this document is for general information and guidance on our products, services, and other matters. It is only for information purposes and is not intended as advice which should be relied upon. We try to ensure that the content of this document is accurate and up-to-date, but this cannot be guaranteed. Changes may be made to our products, services, and other matters which are not noted or recorded herein. All liability for loss and damage arising from reliance on this document is excluded (except where death or personal injury arises from our negligence or loss or damage arises from any fraud on our part).