Release Notes - 1.5 | Documentation

1.5.1-funcrel

jakarta.ws.rs.Path and other

Support jakarta.ws.rs.* annotations

1.5.0-funcrel

This extension now generates a new “ServiceEntryPoints.blackbox-v2.xml” file containing additional data to enrich and improve the results of the com.castsoftware.securityanalyzer extension (≥ 1.0.10-funcrel).

1.5.0-beta2

In this release, a change has been made to trigger a different set of rules during a Security Analyzer analysis than was previously the case: all rules that are now triggered are tagged with “API input” instead of “input” alone. The list of changes can be found in the “Rules” section below. This change will occur when using this release of the JAX-RS extension (or newer), AIP Core >= 8.3.27 and when a Security Analyzer analysis is enabled. As such, your Security Analyzer results may be impacted.

	For AIP >= 8.3.27, the rule “Avoid SQL injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid SQL injection” previously.	💎 8490
	For AIP >= 8.3.27, the rule “Avoid expression language injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid expression language injection” previously.	💎 8540
	For AIP >= 8.3.27, the rule “Avoid server-side request forgery through API requests” is enabled for input received in REST API exposed, instead of “Avoid server-side request forgery” previously.	💎 8562
	For AIP >= 8.3.27, the rule “Avoid cross-site scripting through API requests” is enabled for input received in REST API exposed, instead of “Avoid cross-site scripting” previously.	💎 8482
	For AIP >= 8.3.27, the rule “Avoid HTTP response splitting through API requests” is enabled for input received in REST API exposed, instead of “Avoid HTTP response splitting” previously.	💎 8484
	For AIP >= 8.3.27, the rule “Avoid resource injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid resource injection” previously.	💎 8486
	For AIP >= 8.3.27, the rule “Avoid resource URL manipulation through API requests” is enabled for input received in REST API exposed, instead of “Avoid resource URL manipulation” previously.	💎 8488
	For AIP >= 8.3.27, the rule “Avoid LDAP injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid LDAP injection” previously.	💎 8492
	For AIP >= 8.3.27, the rule “Avoid OS command injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid OS command injection” previously.	💎 8494
	For AIP >= 8.3.27, the rule “Avoid process control through API requests” is enabled for input received in REST API exposed, instead of “Avoid process control” previously.	💎 8496
	For AIP >= 8.3.27, the rule “Avoid thread injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid thread injection” previously.	💎 8498
	For AIP >= 8.3.27, the rule “Avoid code injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid code injection” previously.	💎 8500
	For AIP >= 8.3.27, the rule “Avoid reflection injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid reflection injection” previously.	💎 8502
	For AIP >= 8.3.27, the rule “Avoid XPath injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid XPath injection” previously.	💎 8504
	For AIP >= 8.3.27, the rule “Avoid file path manipulation through API requests” is enabled for input received in REST API exposed, instead of “Avoid file path manipulation” previously.	💎 8506
	For AIP >= 8.3.27, the rule “Avoid log forging through API requests” is enabled for input received in REST API exposed, instead of “Avoid log forging” previously.	💎 8508
	For AIP >= 8.3.27, the rule “Avoid uncontrolled format string through API requests” is enabled for input received in REST API exposed, instead of “Avoid uncontrolled format” previously.	💎 8510
	For AIP >= 8.3.27, the rule “Avoid mixing trusted and untrusted data in HTTP requests through API requests” is enabled for input received in REST API exposed, instead of “Avoid mixing trusted and untrusted data in HTTP requests” previously.	💎 8512
	For AIP >= 8.3.27, the rule “Avoid NoSQL injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid NoSQL injection” previously.	💎 8514
	For AIP >= 8.3.27, the rule “Avoid URL redirection to untrusted site through API requests” is enabled for input received in REST API exposed, instead of “Avoid URL redirection to untrusted site” previously.	💎 8516
	For AIP >= 8.3.27, the rule “Avoid regular expression injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid regular expression injection” previously.	💎 8522
	For AIP >= 8.3.27, the rule “Avoid deserialization injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid deserialization injection” previously.	💎 8528
	For AIP >= 8.3.27, the rule “Avoid XQuery injection through API requests” is enabled for input received in REST API exposed, instead of “Avoid XQuery injection” previously.	💎 8534

1.5.0-beta1

Remove client side analysis (calls to web services through WebTarget). Use the com.castsoftware.java.service extension instead.

Release Notes - 1.5

1.5.1-funcrel

1.5.1-funcrel

🚀 New Support ▾

1.5.0-funcrel

1.5.0-funcrel

✨ Other Updates ▾

1.5.0-beta2

1.5.0-beta2

📝 Note ▾

💎 Rules ▾

1.5.0-beta1

1.5.0-beta1

✨ Other Updates ▾