Release Notes - 2.1 | Documentation

Updates internal evaluation engine

Improves analysis speed and accuracy by adding optimized filtering.

Improve stability of rules:
	1039044 - Avoid usage of BannedAPI when using ESAPI library
	1039096 - Ensure httpOnly option is enabled when creating session (JEE)
	1039098 - Ensure secure option is enabled when creating session (JEE)
	1039102 - Ensure SameSite option is enabled when creating session (JEE)

Updates internal evaluation engine leading to an on overall accuracy of quality rules.

Fixes a harmless traceback due to a bug in old versions of com.castsoftware.jee. No impact on results.

Improve scope of 💎 1039116 - “Ensure setting origins when using @CrossOrigin Spring annotation”.

Fixes a harmless traceback due to a bug in old versions of com.castsoftware.jee. No impact on results.

Security rules evaluation engine has been updated to provide better/accurate results
Updates embedded libraries.

Improve accuracy of rule 1039044 “Avoid usage of BannedAPI when using ESAPI library”.
Improve accuracy of rule 1039046 “Always use {@code} to wrap code statements or values such as null”.
Improve accuracy of rules 1039018 “Avoid using cryptography hash with predictable salt (JEE)” and 1039022 “Avoid using Insecure PBE Iteration Count”.

Updated internal librairies. No impact on results.
Workaround for a bug in internal library. No impact on results.
Workaround for a bug in old versions of JEE Analyzer which produced an harmless Traceback. No impact on results.

NEW	Avoid weak password requirements (JEE)	💎 1039120
NEW	Avoid enabling directory listing (JEE)	💎 1039118
NEW	Ensure setting origins when using @CrossOrigin Spring annotation	💎 1039116
NEW	Avoid predictable initialization vector (JEE)	💎 1039114
NEW	Avoid mutable fields inside a class with JCIP @Immutable annotation	💎 1039112
NEW	Ensure initializing cryptographic key generators (JEE)	💎 1039110

Release Notes - 2.1