On this page:

Target audience:

CAST AI Administrator


Summary: this page lists:

  • Impacts of changes made to CAST AIP 8.3.23 on Quality Model results post upgrade
  • Other impacts of changes made in CAST AIP 8.3.23


All changes in results related to extensions are now listed in the extension documentation and will not appear in this page.

Impacts of changes made in CAST AIP 8.3.23 on Quality Model results post upgrade

VisualBasic

Utilization of "DoEvents" inside a loop - 2586 - has been disabled

The VisualBasic rule Utilization of "DoEvents" inside a loop - 2586 has been disabled out of the box in this release of CAST AIP. This means that:

Mainframe - Cobol

Never truncate data in MOVE statements - 7688

A bug has been fixed with regard to the Cobol rule Never truncate data in MOVE statements - 7688 and a change has been made to the way in which numeric signs are handled to avoid false positive violations of the rule:

 As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code: false positive violations will be reduced, therefore changing grades but providing improved accuracy.

Other impacts of changes made in CAST AIP 8.3.23

JEE

Change to support of org.springframework.jdbc for User Input Security

In previous releases of CAST AIP, support of the API org.springframework.jdbc for the User Input Security feature relied on automatic blackboxing. In CAST AIP ≥ 8.3.23, this has now changed and static rules will be used instead. As a result of these changes, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: additional positive violations of related rules are likely, therefore changing grades but providing improved accuracy.

Miscellaneous

Variations in the number of violations between two consecutive snapshots with the same source code

A bug has been fixed which was causing varying numbers of violations to be displayed for certain User Input Security related rules between two consecutive snapshots of the same application with unchanged source code. This was due to a bug causing different paths to be calculated for a given entrypoint. As a results of this fix, some impact to existing results is to be expected when re-analyzing existing source code with the User Input Security feature: number of violations may change again, but will be stable in future snapshots.