1.2.5
Resolved Issues
Customer Ticket Id | Details |
---|---|
22630 | Update in the rule 'Avoid storing passwords in config files' description to include the information that the rule only considers the passwords stored in the connection string |
1.2.4
Note
ASP.NET Web API Framework and Security Rules - 1.2.4 is now in LTS (Long Term Support).
1.2.4-funcrel
Other Updates
Details |
---|
Unit Tests Cleanup for saving disk space. |
Missing links from DotNet XXX operation to C# Method. |
1.2.3-funcrel
Resolved issues
The following issue has been fixed in this release of the extension.
Internal ID | Call ID | Summary |
---|---|---|
WEBAPI-187 | - | Multiple DOTNET_XXX_operations are created when they should not be |
1.2.2-funcrel
Resolved issues
The following issue has been fixed in this release of the extension.
Internal ID | Call ID | Summary |
---|---|---|
WEBAPI-182 | 21313 | WHATSAPP R20-1 - Extension com.castsoftware.dotnetweb has encountered an issue |
1.2.1-funcrel
Updates
Technologies associated with the rules have been updated. This would avoid any discrepancy in violation count. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.1-funcrel)
Resolved issues
The following issues have been fixed in this release of the extension.
Internal ID | Call ID | Summary |
---|---|---|
WEBAPI-172 | 20190 | Extension com.castsoftware.dotnetweb has encountered an issue |
WEBAPI-174 | 20422 | Inconsistency in the number of violation - Avoid disabling ValidateRequest in ASPX page (1043016) |
WEBAPI-175 | - | Inconsistency in the number of violation - Avoid disabling EnableViewStateMac in ASPX page (1043028) |
WEBAPI-176 | - | Inconsistency in the number of violation - Avoid having ASPX pages with tracing activated (1043032) |
1.2.0-funcrel
Rule descriptions have been improved. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-funcrel)
1.2.0-beta1
Rule descriptions have been improved. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-beta1)
1.2.0-alpha1
New rules
Following rules have been added in this release - see: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-alpha1
1043030 | Ensure the X-Frame-Options header is setup (ASP.NET) |
---|---|
1043054 | Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy |
1043058 | Avoid disabling Header Checking flag in config file |
1043062 | Ensure to limit users access only to authorized resources (C#) |
1043060 | Avoid disabling HMAC signature verification (C#) |
Resolved issues
The following issue has been fixed in this release of the extension.
WEBAPI-142 | Statements filter over-captures, causing data loss |
---|