v1.41.3

What's changed since v1.41.2:

• Bug fixes:
  • Fixed ordering of symbolic copy loop dependencies by @BernieWhite.
    #3257

See change log.

v1.41.2

What's changed since v1.41.1:

• Bug fixes:
  • Fixed recursive lookup of cross module resources in the deployment by @BernieWhite.
    #3251
    • This improves the ability to reference resource properties in the same parent deployment.
    • Additionally, projection of runtime properties has been improved.
  • Fixed literal strings may be incorrectly interpreted as expressions by @BernieWhite.
    #3252

See change log.

v1.41.1

What's changed since v1.41.0:

• Bug fixes:
  • Fixed incorrect generation of resource ID for tenant scoped deployments by @BernieWhite.
    #3237
  • Fixed in-flight export of subscription resource type Microsoft.Subscription by @BernieWhite.
    #3231

See change log.

v1.41.0

What's changed since v1.40.0:

• New features:
  • Added December 2024 baselines Azure.GA_2024_12 and Azure.Preview_2024_12 by @BernieWhite.
    #3165
    • Includes rules released before or during December 2024.
    • Marked Azure.GA_2024_09 and Azure.Preview_2024_09 baselines as obsolete.
• Updated rules:
  • Azure Kubernetes Service:
    • Updated Azure.AKS.Version to use 1.30.6 as the minimum version by @BernieWhite.
      #3206
  • Container Registry:
    • Updated documentation and promoted Azure.ACR.AnonymousAccess to GA by @BernieWhite.
      #3119
      • Bumped rule set to 2024_12.
• General improvements:
  • Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
    #3102
    • The following rules are deprecated:
      • Azure.APIM.ProductTerms
• Engineering:
  • Updated resource providers and policy aliases by @BernieWhite.
    #3166

What's changed since pre-release v1.41.0-B0015:

• No additional changes.

See change log.

v1.41.0-B0015

What's changed since v1.40.0:

• New features:
  • Added December 2024 baselines Azure.GA_2024_12 and Azure.Preview_2024_12 by @BernieWhite.
    #3165
    • Includes rules released before or during December 2024.
    • Marked Azure.GA_2024_09 and Azure.Preview_2024_09 baselines as obsolete.
• Updated rules:
  • Azure Kubernetes Service:
    • Updated Azure.AKS.Version to use 1.30.6 as the minimum version by @BernieWhite.
      #3206
  • Container Registry:
    • Updated documentation and promoted Azure.ACR.AnonymousAccess to GA by @BernieWhite.
      #3119
      • Bumped rule set to 2024_12.
• General improvements:
  • Important change: Deprecated rules with no clear WAF alignment by @BernieWhite.
    #3102
    • The following rules are deprecated:
      • Azure.APIM.ProductTerms
• Engineering:
  • Updated resource providers and policy aliases by @BernieWhite.
    #3166

See change log.

v1.40.0

What's changed since v1.39.3:

• New features:
  • Added support for expanding from .jsonc parameter files by @BernieWhite.
    #2053
    • Previously only parameter files with the .json extension where automatically expanded.
    • This feature adds support so that JSON parameter files with the .jsonc extension are also discovered and expanded.
    • No additional configuration is required if expansion of JSON parameter files is enabled.
    • To enable parameter file expansion set the AZURE_PARAMETER_FILE_EXPANSION configuration option to true.
• Updated rules:
  • Deployment:
    • Updated Azure.Deployment.SecureValue to check additional resource types by @BernieWhite.
      #2650
      #2651
      • Added support for container apps secret properties.
      • Added support for deployment script secret properties.
      • Bumped rule set to 2024_12.
    • Updated Azure.Deployment.SecureParameter to reduce false positives by @BernieWhite.
      #3149
      • Parameters named ending with name, uri, url, path, type, id, or options are ignored.
      • The customerManagedKey parameter is ignored.
  • Microsoft Defender for Cloud:
    • Updated Azure.DefenderCloud.Contact to use emails property and removed phone by @BernieWhite.
      #3117
      • Renamed rule to Azure.Defender.SecurityContact to better align with naming for defender rules.
      • Bumped rule set to 2024_12.
• General improvements:
  • Added first time contributor guide in docs by @that-ar-guy.
    #3097
  • Additional quality updates to documentation by @BernieWhite.
    #3102
• Engineering:
  • Quality updates to rule documentation by @BernieWhite.
    #3102
  • Migrated Azure samples into PSRule for Azure by @BernieWhite.
    #3085
• Bug fixes:
  • Fixed evaluation of APIM policies when using embedded C# with quotes by @BernieWhite.
    #3184
  • Fixed resource group ID is incorrect under subscription scope by @BernieWhite.
    #3198
  • Fixed object to hashtable conversion for default parameter values by @BernieWhite.
    #3033
  • Fixed deployments with more than one module at tenant scope by @BernieWhite.
    #3167
  • Fixed projection of default role authorization property principalType by @BernieWhite.
    #3163
  • Fixed user defined function not found when used as parameter default by @BernieWhite.
    #3169
  • Fixed evaluation of Azure.NSG.LateralTraversal with empty string properties by @BernieWhite.
    #3130
  • Fixed evaluation of Azure.Deployment.AdminUsername with symbolic references by @BernieWhite.
    #3146
  • Fixed output map expansion with resource IDs by @BernieWhite.
    #3153

What's changed since pre-release v1.40.0-B0206:

• No additional changes.

See change log.

v1.40.0-B0206

What's changed since pre-release v1.40.0-B0147:

• General improvements:
  • Added first time contributor guide in docs by @that-ar-guy.
    #3097
• Engineering:
  • Quality updates to rule documentation by @BernieWhite.
    #3102
• Bug fixes:
  • Fixed evaluation of APIM policies when using embedded C# with quotes by @BernieWhite.
    #3184
  • Fixed Resource group ID is incorrect under subscription scope by @BernieWhite.
    #3198

See change log.

v1.40.0-B0147

What's changed since pre-release v1.40.0-B0103:

• Bug fixes:
  • Fixed object to hashtable conversion for default parameter values by @BernieWhite.
    #3033
  • Fixed deployments with more than one module at tenant scope by @BernieWhite.
    #3167

See change log.

v1.40.0-B0103

What's changed since pre-release v1.40.0-B0063:

• New features:
  • Added support for expanding from .jsonc parameter files by @BernieWhite.
    #2053
    • Previously only parameter files with the .json extension where automatically expanded.
    • This feature adds support so that JSON parameter files with the .jsonc extension are also discovered and expanded.
    • No additional configuration is required if expansion of JSON parameter files is enabled.
    • To enable parameter file expansion set the AZURE_PARAMETER_FILE_EXPANSION configuration option to true.
• General improvements:
  • Additional quality updates to documentation by @BernieWhite.
    #3102
• Bug fixes:
  • Fixed projection of default role authorization property principalType by @BernieWhite.
    #3163
  • Fixed user defined function not found when used as parameter default by @BernieWhite.
    #3169

See change log.

v1.40.0-B0063

What's changed since pre-release v1.40.0-B0029:

• Updated rules:
  • Microsoft Defender for Cloud:
    • Updated Azure.DefenderCloud.Contact to use emails property and removed phone by @BernieWhite.
      #3117
      • Renamed rule to Azure.Defender.SecurityContact to better align with naming for defender rules.
      • Bumped rule set to 2024_12.
• Bug fixes:
  • Fixed evaluation of Azure.NSG.LateralTraversal with empty string properties by @BernieWhite.
    #3130
  • Fixed evaluation of Azure.Deployment.AdminUsername with symbolic references by @BernieWhite.
    #3146

See change log.