Page tree
Skip to end of metadata
Go to start of metadata

1.7.0-funcrel

Note

Moved to funcrel.

1.7.0-alpha1

Note

In this release, a change has been made to the security rules provided in AIP Core which are triggered when a User Input Security analysis is enabled. Details can be found in the "Rules" section of the release notes below.

Rules

Rule IdNew RuleDetails
8482FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid cross-site scripting" previously
8484FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid HTTP response splitting" previously
8486FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid resource injection" previously
8488FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid resource URL manipulation" previously
8492FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid LDAP injection" previously
8494FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid OS command injection" previously
8496FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid process control" previously
8498FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid thread injection" previously
8500FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid code injection" previously
8502FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid reflection injection" previously
8504FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid XPath injection" previously
8506FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid file path manipulation" previously
8508FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid log forging" previously
8510FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid uncontrolled format" previously
8512FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid mixing trusted and untrusted data in HTTP requests" previously
8514FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid NoSQL injection" previously
8516FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid URL redirection to untrusted site" previously
8522FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid regular expression injection" previously
8528FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid deserialization injection" previously
8534FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid XQuery injection" previously
8490FALSEFor AIP >= 8.3.27, this rule is enabled for input received in REST API exposed, instead of "Avoid SQL injection" previously