Changes in results post upgrade - 8.3.41

Created by James Hurrell, last modified on Dec 23, 2021

Summary:

  • Impacts of changes made to AIP Core 8.3.41 on Quality Model results post upgrade

  • Other impacts of changes made in AIP Core 8.3.41

All changes in results related to extensions are listed in the extension documentation and will not appear in this page.

User Input Security

Three new rules have been implemented for JEE and .NET technologies to support the detection of 'Server-side request forgery' violations:

  • Avoid server-side request forgery (8560)
  • Avoid server-side request forgery through API requests (8562)
  • Avoid second order server-side request forgery (8564)

As a result of this improvement, the generation of a new snapshot on unchanged source code using this release may impact your results: additional violations may be found.

Universal Analyzer framework analyzers

In previous releases of AIP Core, when analyzing a new version of an existing application and source code for any technology managed by a UA framework analyzer (PHP, RPG, Shell, Kotlin, Swift, HTML5, TypeScript, Python and SQL (when the SQL Analyzer extension is used)) was no longer delivered in the new version, the existing analysis results (from the previous version) for these specific technologies were incorrectly re-used for this new version. This issue has now been fixed and existing analysis results are no longer re-used when a UA analyzer managed technology has been removed from a new version. As a result of this change, some impact to your results may be visible, however, results are now more accurate, because they now reflect the fact that source code of the given technology has been removed.