Release Notes - 2.0

2.0.0-alpha1

Rules

Rule Id	New Rule	Details
1039002	FALSE	Improved support for rule "Avoid using deprecated SSL protocols to secure connection"
1039008	FALSE	Support of jakarta.servlet package for rule "Avoid thrown Exceptions in servlet methods"
1039012	FALSE	Support of jakarta.servlet package for rule "Avoid using referer header field in HTTP request"
1039014	FALSE	Improved support for rule "Avoid using Cipher with no HMAC to ensure data integrity"
1039016	FALSE	Deprecation of rule "Avoid Unvalidated URL Redirect"
1039020	FALSE	Improved support for rule "Avoid using javax.crypto.NullCipher"
1039024	FALSE	Support of jakarta.servlet package for rule "Avoid using unsecured cookie (JEE)"
1039026	FALSE	Support of jakarta.servlet package for rule "Avoid creating cookie without setting httpOnly option (JEE)"
1039028	FALSE	Improved support for rule "Avoid weak encryption providing not sufficient key size (JEE)"
1039030	FALSE	Improved support for rule "Avoid using DefaultHttpClient constructor"
1039044	FALSE	Improved support for rule "Avoid usage of BannedAPI when using ESAPI"
1039050	FALSE	Improved suppport for rule "Add @Override on methods overriding or implementing a method declared in a super type"
1039052	FALSE	Support of jakarta.servlet package for rule "Avoid Http Session without expiration"
1039056	FALSE	Improved suppport for rule "Avoid insecure use of YAML deserialization when using SnakeYaml (JEE)"
1039058	FALSE	Deprecation of rule "Avoid generating key with insufficient random generator in cookies"
1039064	FALSE	Support of jakarta.servlet package for rule "Avoid having cookie with an overly broad domain (JEE)"
1039066	FALSE	Support of jakarta.servlet package for rule "Avoid creating cookie with an overly broad path (JEE)"
1039068	FALSE	Support of jakarta.servlet package for rule "Avoid using the Non-Serializable Object Stored in Session"
1039070	FALSE	Improved support for rule "Avoid using URL.equals(Object obj) or URL.hashCode()"
1039072	FALSE	Improved support for rule "Avoid using jYAML to deserialize YAML (JEE)"
1039074	FALSE	Improved support for rule "Avoid using Apache ActiveMQ 5.x before 5.13.0"

Performance Improvements

Summary
The execution time of version 2.0.x has been improved compared to version 1.5.x. Depending on the source code analysed, the extension com.castsoftware.jeerules can be executed up to 5 times faster.