Release Notes - 2.1
2.1.0-funcrel
Enhancement/Improvements
| Customer Ticket Id | Customer Details |
|---|---|
| Security rules evaluation engine has been updated to provide better/accurate results | |
| Updates embedded libraries. |
2.1.0-beta1
Fixes/Bugs
| Customer Ticket Id | Customer Details |
|---|---|
| Improve accuracy of rule 1039044 "Avoid usage of BannedAPI when using ESAPI library". | |
| Improve accuracy of rule 1039046 "Always use {@code} to wrap code statements or values such as null". | |
| Improve accuracy of rules 1039018 "Avoid using cryptography hash with predictable salt (JEE)" and 1039022 "Avoid using Insecure PBE Iteration Count". |
Enhancement/Improvements
| Customer Ticket Id | Customer Details |
|---|---|
| Updated internal librairies. No impact on results. | |
| Workaround for a bug in internal library. No impact on results. | |
| Workaround for a bug in old versions of JEE Analyzer which produced an harmless Traceback. No impact on results. |
2.1.0-alpha1
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1039120 | TRUE | Avoid weak password requirements (JEE) |
| 1039118 | TRUE | Avoid enabling directory listing (JEE) |
| 1039116 | TRUE | Ensure setting origins when using @CrossOrigin Spring annotation |
| 1039114 | TRUE | Avoid predictable initialization vector (JEE) |
| 1039112 | TRUE | Avoid mutable fields inside a class with JCIP @Immutable annotation |
| 1039110 | TRUE | Ensure initializing cryptographic key generators (JEE) |