This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.
1.2.2-funcrel
Resolved issues
| Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-132 | CWE-601: Avoid Unvalidated Redirect changed to Avoid Unvalidated URL Redirect results in missing violation | |
| JEEQRS-134 | 18443 | Duplicate defects displayed for critical violation in ED |
| JEEQRS-135 | Update the title of the rule, 1039010: Avoid using risky cryptographic hash (JEE) | |
| JEEQRS-143 | QR Cleanup to speed up the performance of JEEQR Extension | |
| JEEQRS-147 | Attribute error | |
| JEEQRS-150 | Deleted the rule 1039048: DELETED: Always prefer to set Array designators "[]" on the type and not at variable |
1.2.1-funcrel
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-112 | - | Mismatch in grades between original and simulated grade in Action Plan Optimizer due to one JEE QR |
| JEEQRS-124 | - | Modified the total population value as "Number of Java Methods" |
1.2.0-funcrel
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-99 | - | Improved the QR Master files: 1039002 (Avoid using deprecated SSL protocols to secure connection) and 1039044 (Avoid usage of BannedAPI when using ESAPI library) |
| JEEQRS-98 | - | Incorrect metamodel modification |
1.2.0-beta1
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-93 | - | False positive on Avoid using DocumentBuilder without restriction of XML External Entity Reference (XXE) |
| JEEQRS-94 | - | AttributeError: 'Parenthesis' object has no attribute 'get_statements' |
| JEEQRS-95 | - | AttributeError: 'list' object has no attribute 'replace' |
1.2.0-alpha2
New feature
The following new rules have been added in this release of the extension (see https://technologies.castsoftware.com/rules?sec=srs_jeerules&ref=||1.2.0-alpha2 for more information).
| 1039056 | Avoid insecure use of YAML deserilization |
| 1039058 | Avoid Use of Insufficiently Random Generated keys in cookies |
| 1039062 | Avoid Explicitly not "define final readObject()" to prevent un-trusted deserialization |
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-91 | - | Update the rule 1039052 |
| JEEQRS-92 | - | UnicodeDecodeError raised by com.castsoftware.jeerules on code containing Chinese comments |
1.2.0-alpha1
New feature
The following new rule has been added in this release of the extension (see https://technologies.castsoftware.com/rules?sec=srs_jeerules&ref=||1.2.0-alpha1 for more information).
| 1039052 | Avoid Http Session never expires |
Resolved issues
Internal ID | Call ID | Summary |
|---|---|---|
| JEEQRS-75 | - | Typo in description of XXE QRs : wrong verb --> opposite meaning |
| JEEQRS-79 | - | Avoid thrown Exceptions in servlet methods (1039008) - scope = detail |
| JEEQRS-80 | - | Avoid using risky cryptographic hash (JEE) (1039010) - BC is not weak |
| JEEQRS-81 | - | Incorrect scope stored procedures for 4 QRs - filter on same property makes : scope = detail |
