This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.
1.7.2-funcrel
Other Updates
| Details |
|---|
| Improved support of Thymeleaf web service calls. |
1.7.1-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 32701 | Misssing link from MVC operation to Implementation method. |
| 32535 | Spring MVC Operation name and link is wrong. |
1.7.0-funcrel
Note
Moved to funcrel.
1.7.0-alpha1
Note
In this release, a change has been made to the security rules provided in AIP Core which are triggered when a User Input Security analysis is enabled. Details can be found in the "Rules" section of the release notes below.
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 8490 | FALSE | For AIP >= 8.3.27, the rule "Avoid SQL injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid SQL injection" previously. |
| 8514 | FALSE | For AIP >= 8.3.27, the rule "Avoid NoSQL injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid NoSQL injection" previously. |
| 8482 | FALSE | For AIP >= 8.3.27, the rule "Avoid cross-site scripting through API requests" is enabled for input received in REST API exposed, instead of "Avoid cross-site scripting" previously. |
| 8488 | FALSE | For AIP >= 8.3.27, the rule "Avoid resource URL manipulation through API requests" is enabled for input received in REST API exposed, instead of "Avoid resource URL manipulation" previously. |
| 8492 | FALSE | For AIP >= 8.3.27, the rule "Avoid LDAP injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid LDAP injection" previously. |
| 8496 | FALSE | For AIP >= 8.3.27, the rule "Avoid process control through API requests" is enabled for input received in REST API exposed, instead of "Avoid process control" previously. |
| 8498 | FALSE | For AIP >= 8.3.27, the rule "Avoid thread injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid thread injection" previously. |
| 8500 | FALSE | For AIP >= 8.3.27, the rule "Avoid code injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid code injection" previously. |
| 8502 | FALSE | For AIP >= 8.3.27, the rule "Avoid reflection injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid reflection injection" previously. |
| 8486 | FALSE | For AIP >= 8.3.27, the rule "Avoid resource injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid resource injection" previously. |
| 8506 | FALSE | For AIP >= 8.3.27, the rule "Avoid file path manipulation through API requests" is enabled for input received in REST API exposed, instead of "Avoid file path manipulation" previously. |
| 8510 | FALSE | For AIP >= 8.3.27, the rule "Avoid uncontrolled format string through API requests" is enabled for input received in REST API exposed, instead of "Avoid uncontrolled format" previously. |
| 8512 | FALSE | For AIP >= 8.3.27, the rule "Avoid mixing trusted and untrusted data in HTTP requests through API requests" is enabled for input received in REST API exposed, instead of "Avoid mixing trusted and untrusted data in HTTP requests" previously. |
| 8494 | FALSE | For AIP >= 8.3.27, the rule "Avoid OS command injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid OS command injection" previously. |
| 8504 | FALSE | For AIP >= 8.3.27, the rule "Avoid XPath injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid XPath injection" previously. |
| 8508 | FALSE | For AIP >= 8.3.27, the rule "Avoid log forging through API requests" is enabled for input received in REST API exposed, instead of "Avoid log forging" previously. |
| 8484 | FALSE | For AIP >= 8.3.27, the rule "Avoid HTTP response splitting through API requests" is enabled for input received in REST API exposed, instead of "Avoid HTTP response splitting" previously. |
| 8522 | FALSE | For AIP >= 8.3.27, the rule "Avoid regular expression injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid regular expression injection" previously. |
| 8528 | FALSE | For AIP >= 8.3.27, the rule "Avoid deserialization injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid deserialization injection" previously. |
| 8534 | FALSE | For AIP >= 8.3.27, the rule "Avoid XQuery injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid XQuery injection" previously. |
| 8516 | FALSE | For AIP >= 8.3.27, the rule "Avoid URL redirection to untrusted site through API requests" is enabled for input received in REST API exposed, instead of "Avoid URL redirection to untrusted site" previously. |
