Created by user-1a1b1, last modified by N Padmavathi on Sep 23, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.


  • 1.2.3-funcrel
  • 1.2.2-funcrel
  • 1.2.1-funcrel
  • 1.2.0-funcrel
  • 1.2.0-beta1
  • 1.2.0-alpha1

    • 1.2.5

    Resolved Issues

    Customer Ticket IdDetails
    22630Update in the rule 'Avoid storing passwords in config files' description to include the information that the rule only considers the passwords stored in the connection string

    1.2.4

    Note

    ASP.NET Web API Framework and Security Rules - 1.2.4 is now in LTS (Long Term Support).

    1.2.4-funcrel

    Other Updates

    Details
    Unit Tests Cleanup for saving disk space.
    Missing links from DotNet XXX operation to C# Method.

    1.2.3-funcrel

    Resolved issues

    The following issue has been fixed in this release of the extension.

    Internal IDCall IDSummary
    WEBAPI-187-

    Multiple DOTNET_XXX_operations are created when they should not be

    1.2.2-funcrel

    Resolved issues

    The following issue has been fixed in this release of the extension.

    Internal IDCall IDSummary
    WEBAPI-18221313WHATSAPP R20-1 - Extension com.castsoftware.dotnetweb has encountered an issue

    1.2.1-funcrel

    Updates

    Technologies associated with the rules have been updated. This would avoid any discrepancy in violation count. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.1-funcrel)

    Resolved issues

    The following issues have been fixed in this release of the extension.

    Internal ID

    Call ID

    Summary

    WEBAPI-17220190Extension com.castsoftware.dotnetweb has encountered an issue
    WEBAPI-17420422Inconsistency in the number of violation - Avoid disabling ValidateRequest in ASPX page (1043016)
    WEBAPI-175-Inconsistency in the number of violation - Avoid disabling EnableViewStateMac in ASPX page (1043028)
    WEBAPI-176-Inconsistency in the number of violation - Avoid having ASPX pages with tracing activated (1043032)

    1.2.0-funcrel

    Rule descriptions have been improved. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-funcrel)

    1.2.0-beta1

    Rule descriptions have been improved. (Refer: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-beta1)

    1.2.0-alpha1

    New rules

    Following rules have been added in this release - see: https://technologies.castsoftware.com/rules?sec=srs_dotnetweb&ref=||1.2.0-alpha1

    1043030Ensure the X-Frame-Options header is setup (ASP.NET)
    1043054Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy
    1043058Avoid disabling Header Checking flag in config file
    1043062Ensure to limit users access only to authorized resources (C#)
    1043060Avoid disabling HMAC signature verification (C#)

    Resolved issues

    The following issue has been fixed in this release of the extension.

    WEBAPI-142

    Statements filter over-captures, causing data loss