...

User Input Security now detects violations for the rule Avoid use of a reversible one-way hash in .NET source code. Previously, only JEE source code was supported. Therefore after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code, results may change: additional violations of this rule providing more accuracy.

User Input Security

The following new rules have been implemented, therefore after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code, results may change: additional violations may be visible for these new rules:

Other impacts of changes made in CAST AIP 8.3.26

...

In order to provide greater accuracy, the calculation of AETP values has been modified in this release. Previously, all added/deleted/updated AETP detail values between 0 and 1 were calculated with no decimal places, effectively giving the impression in some circumstances (when all added/deleted/updated values were below 1) that total AETP = 0. This behaviour has been changed and AETP detail values are now considered to two decimal places for added/deleted/updated. In addition AETP total values will now be rounded up as discussed in Changes or new features - 8.3.26. As a result of this change, some impact to results may be evident after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code: AETP values may change and as a result overall AEP values may also change.

User Input Security

A bug has been discovered in the implementation of the support for the resthub-web-client-2.2.0 framework (introduced in CAST AIP 8.3.25). Some methods were not taken into account due to the way in which the support was programmed. As a result of this change, after an upgrade to 8.3.26 and the generation of a consistency snapshot on unchanged source code, results may change: potentially more violations on methods that were not taken into account in previous analyses.