Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Summary: this page lists:

  • Impacts of changes made to CAST AIP 8.3.31 on Quality Model results post upgrade
  • Other impacts of changes made in CAST AIP 8.3.31

All changes in results related to extensions are now listed in the extension documentation and will not appear in this page.

Impacts of changes made in CAST AIP 8.3.31 on Quality Model results post upgrade

N/A

Other impacts of changes made in CAST AIP 8.3.31

User Input Security

Improved support for .NET uncontrolled string format

User Input Security is now more precisely able to detect Uncontrolled string format vulnerabilities for .NET source code. As a consequence, some false positive violations reported when using previous releases of AIP Core may be removed after upgrade.

Improved support for the detection of SQL injections in applications using the Entity Framework for .NET

The methods SqlQuery and ExecuteSqlCommandAsync are now considered as database targets for SQL injection. System.Data.Find methods are no longer considered as database targets for SQL injection. As a result of these changes your results may be impacted after upgrade.

Improved support for the detection of SQL injections in applications using the Oracle framework for .NET

The methods ExecuteNonQuery(), ExecuteReader(), ExecuteReader([System.Data]System.Data.CommandBehavior), ExecuteScalar() and ExecuteStream() are now considered as database targets for SQL injection. As a result of these changes your results may be impacted after upgrade.



  • No labels