chore(release): prepare v3.4.0#398
Merged
Merged
Conversation
- Bump CheckID.psd1 ModuleVersion 3.0.0 -> 3.4.0 - Bump scripts/Build-Registry.py SCHEMA_VERSION 3.0.0 -> 3.4.0 - Bump data/registry.json schemaVersion 3.0.0 -> 3.4.0 (single-line) - Move CHANGELOG [Unreleased] content into [3.4.0] - 2026-04-30 with theme summary; new empty [Unreleased] above Theme: Authoritative Narrative Audit & Coverage Closure (M#42). 14 domain pattern catalogs (#326-#340) + CIS M365 v6 enrichment infrastructure (#347) with consumer-side prose ingestion model. Additive-only release — no breaking changes. Schema gained optional fields (sectionNumber, assessmentStatus, cisSafeguardsByVersion, defaultValue, references on cis-m365-v6 mapping; cisAuthored block on frameworkMapping); existing v3.0 consumers continue to work unchanged. Reconciles the gap between M#42 milestone closing on GitHub and no v3.4.0 tag being cut at the time. After this PR merges, the v3.4.0 tag will be pushed pending user approval per established release pattern (see v3.0.0 prep #315). Note: ENTRA-SSPR-001 rebadge (#355) and CIS v6.0.1 reconciliation (#352) are included in this release scope (closed against Backlog milestone but shipped in the v3.0.0..main window). Misfiled-milestone cleanup will follow as Step 1.5 of the broader semver reconciliation plan. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Framework mapping count delta
Result: ✓ PASS — no framework mapping regressions detected. |
Content enrichment populationOverall (1105 checks): rationale 26.3% (291/1105) • impact 26.3% (291/1105) • references 26.3% (291/1105)
Informational only — does not gate the build. The hard release-gate for Critical/High enrichment lives in #281 (v3.2.0). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reconciles the gap between M#42 (
v3.4.0 — Authoritative Narrative Audit & Coverage Closure) closing on GitHub last week and nov3.4.0tag being cut at the time. All 16 milestone issues plus 4 adjacent fixes shipped tomainbetweenv3.0.0and current HEAD; this PR labels what shipped.Step 1 of the milestone/release reconciliation plan discussed here. Subsequent steps (move #295 to v4.0.0, resolve #317 spike, sequence remaining minors) will follow as separate PRs.
Changes
CheckID.psd1ModuleVersion3.0.0→3.4.0scripts/Build-Registry.pySCHEMA_VERSION3.0.0→3.4.0data/registry.jsonschemaVersion3.0.0→3.4.0(single-line)CHANGELOG.md[Unreleased]content into[3.4.0] - 2026-04-30with theme summary; new empty[Unreleased]section aboveSemver classification
Additive-only — no breaking changes. Schema gained optional fields:
frameworks.cis-m365-v6.*:sectionNumber,assessmentStatus,cisSafeguardsByVersion,defaultValue,referencesframeworkMapping.*:cisAuthoredblock (consumer-side ingestion path)Existing v3.0 consumers continue to work unchanged. No removed fields. No type changes. The
ConvertTo-LegacyRemediationStringdeprecation shim from v3.0.0 is still present — its removal (#295) belongs in v4.0.0, not v3.3.0 as currently scheduled.What shipped (per CHANGELOG)
14 domain pattern catalogs (#326 umbrella, spikes #327–#340): conditional access, privileged access, MFA enforcement, authentication methods, token + session security, external collaboration, defender for office, sharepoint + onedrive, teams, mail flow, intune, defender for cloud apps, power platform, purview.
CIS M365 v6 enrichment infrastructure (#347):
tools/import-cis-prose.py+cisAuthoredschema block) respecting CIS SecureSuite licensingdata/registry.jsonalways prose-free;data/registry.local.json(gitignored) carries merged prose when consumer artifact presentForce-replace override mode (#316): new
mode: "force-replace"inapply_fw_overrides()for cases where SCF mapping needs to be discarded rather than appended.Adjacent fixes:
ENTRA-TOU-001SOC 2 mapping retargeted CC2.2 → CC5 (SOC2 mapping conflict: ENTRA-TOU-001 maps to CC2.2 (manual-override) but framework classifies CC2 as nonAutomatableCriteria #316)ENTRA-PASSWORD-003/004missing NIST CSF override added (data-quality: ENTRA-PASSWORD-003 and ENTRA-PASSWORD-004 missing nist-csf override #253)ENTRA-SSPR-001rebadged to MFA Registration Campaign semantics (ENTRA-SSPR-001 mapping mismatch: collector reads MFA Registration Campaign but CheckId+name imply SSPR enablement #355)Test plan
[Unreleased]empty above,[3.4.0]populated)Get-Module CheckID -ListAvailablereports 3.4.0 after merge + repullpython scripts/Build-Registry.pyand confirmschemaVersion: "3.4.0"is emittedAfter merge (deferred to user approval)
Per established release pattern (see #315 for v3.0.0 precedent):
git tag -a v3.4.0 -m "v3.4.0 — Authoritative Narrative Audit & Coverage Closure"git push origin v3.4.0[3.4.0]bodyv4.0.0milestone for v4.0.0: remove ConvertTo-LegacyRemediationString deprecation shim #295🤖 Generated with Claude Code