This documentation is not maintained. Please refer to to find the latest updates.

On this page:

Summary: This document provides information about changes and new features introduced in this release.


Resolved issues

Internal IDCall IDSummaryImpact
SECJAVA-100-BuildAgent.guid not able to identify the error when it is observed in the BuildAgent.datatrasferSecurity for java now logs with a WARN level (instead of INFO) if a class is not correctly defined in its own java file.
SECJAVA-102-Not able to create a castil file if the length of the file name is longSecurity for java now supports long file names.
SECJAVA-112-java.lang.NullPointerException after all castil files generationBetter behavior in rare case of a discovered type name contains the symbol "&".
SECJAVA-114-Add log information if getPackage() fails on a typeBindingBetter behavior in rare case of a discovered type name contains the symbol "&"


-Analysis crashed with warning: Extension com.castsoftware.securityforjava crash while calling subprocess.callSevere random bug fixed in Security for java


Resolved issues

Internal IDCall IDSummary

Provides regular information in logs on SecurityForJava process.


Fix a castil generation issue in the case of loops.


Fix a castil generation issue with array access.


Resolved issues

Internal IDCall IDSummary


-This fixes an issue linked to the creation of the GUID when analyzing an application having JSP files and with the JEE Analyzer: now the same ID is generated.
SECJAVA-63-This fixes an issue with the discovery of jar files.

Analysis run time has improved.



Resolved issues

Internal IDCall IDSummary
SECJAVA-24-Change dynamically the memory heap size parameter.
SECJAVA-67-Error message is displayed in the JEE castlog file for the url encoding in the project name.




Improvements have been made to reduce the time taken to generate the bytecode (CASTIL).



SECJAVA-54 - Log improvements

The log mechanism has been improved:

  • Review of log levels (log levels have been reclassified)
  • Log memory more frequently and at regular intervals
  • The list of missing imports will be sorted
  • Remove some extraneous logs from JDT
  • Log memory in castlog before running java2castil

SECJAVA-62 - URL encoding of project names

Special characters such as /\:"*?<>| used in Analysis Unit names will now be transformed during the analysis to use URL encodings. This will enable the analysis to proceed.

Resolved issues

Internal IDCall IDSummary
SECJAVA-7-securityforjava fails error with "[com.castsoftware.securityforjava] java.lang.ArrayIndexOutOfBoundsException: -1 "
SECJAVA-37-Exception in JDT while generating entry points : java.lang.NullPointerException
SECJAVA-50-Parsing Information is showing as "WARN" instead of "INFO"
SECJAVA-51-AttributeError: 'module' object has no attribute 'error'
SECJAVA-58-Wrong GUIDs for parameterized types, generics and varargs
SECJAVA-59-[Perm Fix] CAST for Security - Analysis fails with Error "Illegal characters in path."
SECJAVA-61-JDT errors for entry points "java.lang.Nullpointer Exception"
SECJAVA-65-Exception during analysis "AttributeError: 'module' object has no attribute 'error'"