On this page:


Summary: CAST AIP 8.3.14 introduces a number of features and changes as listed below.

.NET

Rules

Avoid using untyped DataSet - 7460

The rule Avoid using untyped DataSet - 7460 (which is delivered as part of AIP, rather than the .NET Analyzer extension) has been set as deactivated and detached by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: the rule will no longer be triggered during an analysis.

Avoid NoSQL injection on MongoDB (C#) - 8418 and Avoid second order SQL injection - 8420

The rules Avoid NoSQL injection on MongoDB (C#) - 8418 and Avoid second order SQL injection - 8420 (which are delivered as part of AIP, rather than the .NET Analyzer extension) are now set as "critical" by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: there may be an increase in critical violations and a corresponding decrease in non-critical violations.

.NET Framework 4.7.1 now installed by CAST AIP setup

When running the the CAST AIP setup and a previous release of CAST AIP is NOT already present on the target workstation (i.e. a "from scratch installation"), the CAST AIP setup will now automatically install the .NET Framework 4.7.1 if it (or a more recent version of the framework) is not present on the target workstation.

Notes:

  • When running the CAST AIP setup and a previous release of CAST AIP is already present on the target workstation (i.e. "Service Pack installation"), the CAST AIP setup will NOT install .NET Framework 4.7.1 even if it (or a more recent version of the framework) is not present on the target workstation. In this scenario, it is the responsibility of the end-user to install the required .NET Framework.
  • The .NET Framework 4.7.1 or higher is present out-of-the box with latest updates on Windows 10 and Windows Server 2016.

JEE

Rules

Avoid multiple validation form with the same name - 7364

The rule Avoid multiple validation form with the same name - 7364 (which is delivered as part of AIP, rather than the JEE Analyzer extension) has been set as deactivated and detached by default. Therefore after an upgrade to CAST AIP 8.3.14 and the generation of a post-upgrade consistency snapshot, results may differ: the rule will no longer be triggered during an analysis.

CSSOptimize tool -user option

The option -user has been deprecated and should no longer be used. Instead, please use the option -username (available in AIP ≥ 8.3.13) if you need to specify a user other than Operator. See CAST Storage Service - Maintenance activities.

CSS Upgrade Wizard

It is now possible to select multiple schemas for for upgrade to CSS3 instead of having to select them on-by-one. Use the SHIFT + arrow keys to select the items, then SPACE to check/uncheck them: