Functionally equivalent (i.e. includes all fixes and changes) to com.castsoftware.jee 1.3.22-funcrel (these are also listed below).
Please take note of the section Isofunctionality which explains some of the result changes in comparison to previous releases.
Stability
Customer Ticket Id
Technical Details
Customer Details
Fixes a runtime error in the inference engine: "Error when launching jeeiecmd".
Fixes an internal failure.
Prevents a runtime error due to a large number of open files during the analysis.
Stabilizes the analyzer when a large number of files are open during the analysis.
JEE analysis fails with error code 255
Stabilizes the JEE analyzer.
Fixes/Bugs
Customer Ticket Id
Technical Details
Customer Details
Missing objects of CAST_Web_Directory Objtyp in linux when compared to windows env
Resolves an issue where "eDirectory" objects were missing.
Empty projects called "JV_EJB_GROUP" are prevented from being created.
Fixes an issue causing the creation of duplicate objects.
Enhancement/Improvements
Customer Ticket Id
Technical Details
Customer Details
Vulnerabilities detected in Java analyzers - These JAR should be removed.
Removes unnecessary embedded libraries.
Performance
Customer Ticket Id
Technical Details
Customer Details
Improves analysis performance for applications containing over 30,000 .java files.
Better performance for applications containing over 30,000 .java files.
2.0.11-funcrel
Note
Functionally equivalent (i.e. includes all fixes and changes) to com.castsoftware.jee 1.3.21-funcrel (these are also listed below). Please take note of the section Isofunctionality which explains some of the result changes in comparison to previous releases.
Resolved Issues
Customer Ticket Id
Details
50020
1.3.21-funcrel: Fixed the cause of the unexpected JAVA124 logs messages.
50821
1.3.21-funcrel: Upgrades the Struts Environment Profile jars to the latest version.
1.3.21-funcrel: Fixed some missing links from Java to Property Mappings.
Other Updates
Details
1.3.21-funcrel: Fixes some missing links from Java to Property Mappings.
1.3.21-funcrel: Fixes a bug where some Hibernate Mapping files were neither being analyzed nor passed on to Python extensions.
1.3.21-funcrel: Fixes a bug where some Hibernate Mapping files were neither being analyzed nor passed on to Python extensions.
1.3.21-funcrel: Two Hibernate related rules have been deprecated - see the details in the "Rules" section below.
2.0.11-funcrel: Fixes an issue where fewer Java Resource Service objects are created when comparing the results of the extension with a V2 deployment.
2.0.11-funcrel: Fixes an issue where a missing object (*.xsl) negatively impacts transaction values when running the extension on Linux (in compared to a Microsoft Windows deployment).
2.0.11-funcrel: Fixes an issue causing missing violation bookmarks for various Java objects and links.
2.0.11-funcrel: Fixes an issue causing the creation of many erroneous "overloading" type links between Java Method objects when running the extension on Linux/Docker.
2.0.11-funcrel: Fixes an issue where a "JSP_APPDESCRIPTOR" object type (resulting from an environment profile) is missing on Linux/Docker installations but present on Microsoft Windows installations.
2.0.11-funcrel: Fixes an issue causing the number of Spring DATA JPQL/JPA JPQL queries to differ in v. 2.x of the extension (in comparison to 1.3 releases).
2.0.11-funcrel: Fixes an issue causing 'call close Connection pool' and 'super clone' metrics to not be saved.
2.0.11-funcrel: Fixes an issue causing the path property for "JSP pages" to be erroneously converted to lowercase.
2.0.11-funcrel: Fixes an issue causing the "JSP_XMLCONFIG_FILE" to be missing in a Linux/Docker installation.
2.0.11-funcrel: Fixes an error preventing com.castsoftware.python from providing correct link resolution on "java.lang.Runtime.exec" when com.castsoftware.jee has the option "saveInheritanceInExternalLibraries =0".
2.0.11-funcrel: Fixes an issue causing missing CRC values when an object is both internal and external.
Rules
Rule Id
New Rule
Details
7488
FALSE
1.3.21-funcrel: "Lazy fetching should be used for Hibernate collection" has been deprecated in JEE. The same rule is now implemented in com.castsoftware.java.hibernate with Rule ID 1045000.
7712
FALSE
1.3.21-funcrel: "Avoid public/protected setter for the generated identifier field" has been deprecated in JEE. The same rule is now implemented in com.castsoftware.java.hibernate with Rule ID 1045012.
Fixes an issue where post migration to v3/8.4, links between "Struts Form Bean" (with "requestScope" in the fullname) and "Java Class" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, links between "J2EE Scoped Bean" and "Java Class" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, links between "Struts Action Mapping" and "eFile" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, "JSP_BEAN" object types erroneously underwent a GUID change causing "added/deleted" object records.
Fixes an issue where post migration to v3/8.4, some client/server links are erroneously matched without matching to the WholeWord parameter.
Fixes an issue where post migration to v3/8.4, the LOC values for JEE source code erroneously increased in comparison to results produced with v2/8.3.
Fixes an issue causing missing violations for the rule 1039050 "Add @Override on methods overriding or implementing a method declared in a super type".
Fixes an issue where post migration to v3/8.4, "Lambda Expression" objects types were duplicated and also erroneously underwent a GUID change causing "added/deleted" object records.
Fixes an issue where post migration to v3/8.4, some "JSP_BEAN" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, "CDI_BEAN" object types erroneously underwent a GUID change causing "added/deleted" object records.
Fixes an issue where post migration to v3/8.4, some "JV_INST_CLASS" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, some "JV_GENERIC_INTERFACE" object types were missing in comparison to results produced with v2/8.3.
Fixes an issue where post migration to v3/8.4, "JV_INST_CLASS" object types erroneously underwent a GUID change causing "added/deleted" object records.
Fixes an issue where post migration to v3/8.4, "J2EE Scoped Bean" object types erroneously underwent a GUID change causing "added/deleted" object records.
Fixes an issue where JSP Generated classes were erroneously exposed as regular classes in comparison to results produced with v2/8.3.
Fixes an issue causing missing overloading links when compared to results generated with v2/8.3.
Fixes an issue where the associated extension com.castsoftware.jeerules causes the following error: "During start_xml_file. FileNotFoundError: [Errno 2] No such file or directory".
Rules
Rule Id
New Rule
Details
1039051
FALSE
Fixes an issue causing missing violations for the rule 1039050 "Add @Override on methods overriding or implementing a method declared in a super type".
Fixes an issue causing missing links to "Entity" type objects.
Fixes an causing a missing bookmark on "JSP_PROPERTY_MAPPING" objects.
Fixes an issue causing modified object GUIDs for many JEE related objects (and therefore added/deleted objects) during the first rescan post migration to v3/8.4.
Fixes an issue causing "JSP_BEAN_PROP_TILES_DEF_ATTRIBUTE" type objects to be recorded as added/deleted during the first rescan post migration to v3/8.4.
Fixes an issue where there is a difference in the number of "SPRING_BEAN" type objects in v3/8.4 when compared to the same source code analyzed with v2/8.3.
Fixes an issue causing the error "[TRACEBACK] Extension com.castsoftware.jeerules has encountered an issue with jee-2.0.8-build927 During start_xml_file on File" to appear in the analysis log.
Fixes an issue where some "CAST_Java_Service_CallToPost" type objects are missing in v3/8.4 when compared to the same source code analyzed with v2/8.3.
An internal technical change to add improved verbose mode logging for JEE analyses.
Fixes an issue where some "CAST_Java_Lambda" type objects are missing in v3/8.4 when compared to the same source code analyzed with v2/8.3.
Fixes an issue causing some objects of type "JSP_BEAN_PROP_TILES_DEF_ATTRIBUTE" to be recorded as deleted and then added.
Fixes an issue causing the object GUIDs to change for many objects when performing a full rescan of an application in CAST Imaging V3 post migration V2 to V3.
Fixes an issue causing an error in the analysis log: "[TRACEBACK] Extension com.castsoftware.jeerules has encountered an issue".
Fixes an issue causing the JEE analysis to fail with "Cannot compute sets from analysis units that have not been analyzed or that are not up to date".
Fixes an issue where some objects of type "CAST_Java_Service_CallToPost" are missing in CAST Imaging V3 when using com.castsoftware.jee 2.0.5 and comparing to results generated with CAST Imaging V2 and com.castsoftware.jee 1.3.19.
Fixes an issue where some objects of type "CAST_Java_Lambda" are missing in CAST Imaging V3 when using com.castsoftware.jee 2.0.5 and comparing to results generated with CAST Imaging V2 and com.castsoftware.jee 1.3.19.
Fixes an issue where JEE Lombok environment profile configuration was missing from previous releases of the extension, causing some objects to be missing from the analysis results.
Fixes an issue where the analysis fails with an "out of memory" error in the "external link" step for application source code containing both java and SQL.
Fixes an issue causing the JEE analyzer (release 2.0.4-funcrel, specifically when used in a Linux via Docker installation) to fail when a second analysis unit is analyzed.
Fixes an issue identified in the previous release of this extension (2.0.3-funcrel) where attempting to install the extension with CAST Imaging Core 8.4.0 on Linux via Docker fails with the error "Incompatible version on extension dependency: CAIP.8.4.1, actual version: 8.4.0".
Fixes an issue where when comparing the results of an analysis of the same source code with v2/1.3.19 there are differences in the number of objects such as CAST_Java_JPA_Entity, CAST_Java_JPA_Entity_Operation, CAST_Java_JPA_SQLQuery, CAST_JAVA_JDBC_SQLQuery, CAST_Java_JPA_JPQLQuery, CAST_Java_Unknown_JPA_SQLQuery, CAST_Java_Unknown_JPA_Entity and CAST_Java_Unknown_JPA_Entity_Operation.
Fixes an issue where when comparing the results of an analysis of the same source code with v2/1.3.19 there are differences in the number of Hibernate objects
Fixes an issue where when comparing the results of an analysis of the same source code with v2/1.3.19 there are differences in the number of objects, specifically for JSP_BEAN, JPA_ENTITY_PROPERTY, JV_PACKAGES objects, in turn causing missing links to JPA_ENTITY objects and virtual methods.
Note also that this release requires CAST Imaging Core ≥ 8.4.1 when working with CAST Imaging 3.x installed on Linux via Docker (due to a change in the compilation engine). When working with CAST Imaging 3.x installed on Microsoft Windows, CAST Imaging Core ≥ 8.4.0 is supported.
Other Updates
Details
Fixes an issue causing the analyzer to fail to find taglib references in jar files when used in JSP pages.
Fixes an issue causing the generation of an erroneous GUID for "taglib".
Fixes an issue causing the tag "<%@ taglib" to not be correctly managed.
Fixes an issue causing a bad name for the webDirectory folder.
Fixes an issue causing missing links between JSP and java objects.
Fixes an issue causing JSP page objects to have no checksum property.
Fixes an issue causing a bad comment line number for JSP page objects.
Fixes an issue causing missing links between jee objects and SQL table columns.
Fixes an issue causing a missing devirtualisation call.
Rules
Rule Id
New Rule
Details
8220
FALSE
Fixes a missing violation for the rule "Avoid using deprecated method, constructor, field, type or package" due to an incorrect property.
2232
FALSE
Fixes an issue causing missing violations for the rule "Pages should use error handling page".
Fixes an issue where some logs generated by the extension are not visible in CAST Imaging UI.
Fixes a traceback error in the analysis log with regard to extensibility: "traceback on start_type".
Fixes an error during the analysis when incorrect UTF-8 is identified in the source code.
Fixes an issue causing a difference in the number of violations (structural flaws) produced, compared with com.castsoftware.com 1.3.x and CAST AIP 8.3. Previously, the rule "Avoid using deprecated method, constructor, field, type or package" was not computed on anonymous classes.
2.0.0-beta5
Note
A new release of the JEE Analyzer to support installation on Linux and Windows with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.17.
Other Updates
Details
Fixes two issues: 1) fixes an issue with the JEE environment profile "Log4J 1_2_14" which contained an incorrect JAR file and caused the "[WARNING] JAVA048: %CAUSE%" message to appear in the analysis log, and 2) fixes a secondary problem with the "[WARNING] JAVA048: %CAUSE%" message itself.
Fixes an issue where the com.castsoftware.securityforjava extension fails to run therefore causing the com.castsoftware.securityanalyzer to fail.
Fixes an issue causing an error when several applications are analyzed at the same time.
2.0.0-beta4
Note
A new release of the JEE Analyzer to support installation on Linux and Windows with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.17.
Other Updates
Details
Manage upgrade between 1.3.x and 2.0.0 releases of the extension and also between AIP Core 8.3.x and Imaging Core 8.4.x
2.0.0-beta3
Note
A new release of the JEE Analyzer to support installation on Linux and Windows with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.17.
Other Updates
Details
Fixes an issue where the analyzer fails to run on Microsoft Windows 10.
2.0.0-beta2
Note
A new release of the JEE Analyzer to support installation on Linux and Windows with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.17.
2.0.0-beta1
Note
A new release of the JEE Analyzer to support installation on Linux server with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.16, however, some functionality has been removed (see documentation).
2.0.0-alpha6
Note
A new release of the JEE Analyzer to support installation on Linux server with CAST Imaging Core ≥ 8.4. Functionally equivalent to com.castsoftware.jee 1.3.10, however, some functionality has been removed (see documentation).