Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In previous releases of CAST AIP, support of the API org.springframework.jdbc for the User Input Security feature relied on automatic blackboxing. In CAST AIP ≥ 8.3.23, this has now changed and static rules will be used instead. As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: additional positive violations of related rules are likely, therefore changing grades but providing improved accuracy.

Miscellenous

Variations in the number of violations between two consecutive snapshots with the same source code

A bug has been fixed which was causing varying numbers of violations to be displayed for certain User Input Security related rules between two consecutive snapshots of the same application with unchanged source code. This was due to a bug causing different paths to be calculated for a given entrypoint. As a results of this fix, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: number of violations may change again, but will be stable in future snapshots.