v1.30.0-B0080

What's changed since pre-release v1.30.0-B0047:

• General improvements:
  • Important change: Replaced the Azure_AllowedRegions option with AZURE_RESOURCE_ALLOWED_LOCATIONS.
    #941
    • For compatibility, if Azure_AllowedRegions is set it will be used instead of AZURE_RESOURCE_ALLOWED_LOCATIONS.
    • If only AZURE_RESOURCE_ALLOWED_LOCATIONS is set, this value will be used.
    • The default will be used neither options are configured.
    • If Azure_AllowedRegions is set a warning will be generated until the configuration is removed.
    • Support for Azure_AllowedRegions is deprecated and will be removed in v2.
• Engineering:
  • Bump Microsoft.NET.Test.Sdk to v17.7.2.
    #2407
  • Bump BenchmarkDotNet to v0.13.8.
    #2425
  • Bump BenchmarkDotNet.Diagnostics.Windows to v0.13.8.
    #2425
• Bug fixes:
  • Fixed false positive with Azure.Storage.SecureTransfer on new API versions by @BernieWhite.
    #2414
  • Fixed false positive with Azure.VNET.LocalDNS for DNS server addresses out of local scope by @BernieWhite.
    #2370
    • This bug fix introduces a configuration option to flag when DNS from an Identity subscription is used.
    • Set AZURE_VNET_DNS_WITH_IDENTITY to true when using an Identity subscription for DNS.

See change log.

v1.30.0-B0047

What's changed since pre-release v1.30.0-B0026:

• Engineering:
  • Bump Microsoft.CodeAnalysis.NetAnalyzers to v7.0.4.
    #2405
• Bug fixes:
  • Fixed lambda map in map variable by @BernieWhite.
    #2410

See change log.

v1.30.0-B0026

What's changed since pre-release v1.30.0-B0011:

• New rules:
  • Azure Container Apps:
    • Check that Container Apps uses a supported API version by @BenjaminEngeset.
      #2398
• Bug fixes:
  • Fixed non-resource group rule triggering for a resource group by @BernieWhite.
    #2401

See change log.

v1.30.0-B0011

What's changed since v1.29.0:

• New rules:
  • Azure Database for MySQL:
    • Check that Azure AD-only authentication is configured for Azure Database for MySQL databases by @BenjaminEngeset.
      #2227
  • Azure Firewall:
    • Check that Azure Firewall polices has configured threat intelligence-based filtering in alert and deny mode by @BenjaminEngeset.
      #2354
  • Backup vault:
    • Check that immutability is configured for Backup vaults by @BenjaminEngeset.
      #2387
  • Front Door:
    • Check that managed identity for Azure Front Door instances are configured by @BenjaminEngeset.
      #2378
  • Public IP address:
    • Check that Public IP addresses uses Standard SKU by @BenjaminEngeset.
      #2376
  • Recovery Services vault:
    • Check that immutability is configured for Recovery Services vaults by @BenjaminEngeset.
      #2386
• Engineering:
  • Bump BenchmarkDotNet to v0.13.7.
    #2385
  • Bump BenchmarkDotNet.Diagnostics.Windows to v0.13.7.
    #2382
  • Bump Microsoft.NET.Test.Sdk to v17.7.1.
    #2393

See change log.

v1.29.0

What's changed since v1.28.2:

• New rules:
  • Databricks:
    • Check that workspaces use secure cluster connectivity by @BernieWhite.
      #2334
• General improvements:
  • Use policy definition name when generating a rule from it by @BernieWhite.
    #1959
  • Added export in-flight data for Defender for Storage from Storage Accounts by @BernieWhite.
    #2248
  • Added export in-flight data for Defender for APIs from API Management by @BernieWhite.
    #2247
• Bug fixes:
  • Fixed policy expansion with unquoted field property by @BernieWhite.
    #2352
  • Fixed array contains with JArray by @BernieWhite.
    #2368
  • Fixed index out of bounds of array with first function on empty array by @BernieWhite.
    #2372

What's changed since pre-release v1.29.0-B0062:

• No additional changes.

See change log.

v1.29.0-B0062

What's changed since pre-release v1.29.0-B0036:

• Bug fixes:
  • Fixed array contains with JArray by @BernieWhite.
    #2368
  • Fixed index out of bounds of array with first function on empty array by @BernieWhite.
    #2372

See change log.

v1.29.0-B0036

What's changed since pre-release v1.29.0-B0015:

• General improvements:
  • Added export in-flight data for Defender for Storage from Storage Accounts by @BernieWhite.
    #2248
  • Added export in-flight data for Defender for APIs from API Management by @BernieWhite.
    #2247

See change log.

v1.29.0-B0015

What's changed since v1.28.2:

• New rules:
  • Databricks:
    • Check that workspaces use secure cluster connectivity by @BernieWhite.
      #2334
• General improvements:
  • Use policy definition name when generating a rule from it by @BernieWhite.
    #1959
• Bug fixes:
  • Fixed policy expansion with unquoted field property by @BernieWhite.
    #2352

See change log.

v1.28.2

What's changed since v1.28.1:

• Bug fixes:
  • Fixed policy rules with no effect conditions are evaluated incorrectly by @BernieWhite.
    #2346

See change log.

v1.28.1

What's changed since v1.28.0:

• Bug fixes:
  • Fixed parseCidr with /32 is not valid by @BernieWhite.
    #2336
  • Fixed mismatch of resource group type on policy as code rules by @BernieWhite.
    #2338
  • Fixed length cannot be less than zero when converting policy to rules by @BernieWhite.
    #1802
  • Fixed naming rules for MariaDB by @BernieWhite.
    #2335
    • Updated Azure.MariaDB.VNETRuleName to allow for parent resources.
    • Updated Azure.MariaDB.FirewallRuleName to allow for parent resources.
  • Fixed network watcher existence check by @BernieWhite.
    #2342

See change log.