Release Notes - 2.1
2.1.0-beta1
Fixes/Bugs
| Customer Ticket Id | Technical Details | Customer Details |
|---|---|---|
| Handle cases where banned APIs where called by fields or inside initialisation blocks. | Improve accuracy of rule 1039044 "Avoid usage of BannedAPI when using ESAPI library". | |
| Limit rule to Javadoc comments /** … */. | Improve accuracy of rule 1039046 "Always use {@code} to wrap code statements or values such as null". | |
| Handle cases where PBEParameterSpec was instancied by a field. | Improve accuracy of rules 1039018 "Avoid using cryptography hash with predictable salt (JEE)" and 1039022 "Avoid using Insecure PBE Iteration Count". |
Enhancement/Improvements
| Customer Ticket Id | Technical Details | Customer Details |
|---|---|---|
| Replace executable jars by source jars | Updated internal librairies. No impact on results. | |
| Skip analysis of cookie rules when method call is not found. | Workaround for a bug in internal library. No impact on results. | |
| Skip analisys of _jspService methods | Workaround for a bug in old versions of JEE Analyzer which produced an harmless Traceback. No impact on results. |
2.1.0-alpha1
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1039120 | TRUE | Avoid weak password requirements (JEE) |
| 1039118 | TRUE | Avoid enabling directory listing (JEE) |
| 1039116 | TRUE | Ensure setting origins when using @CrossOrigin Spring annotation |
| 1039114 | TRUE | Avoid predictable initialization vector (JEE) |
| 1039112 | TRUE | Avoid mutable fields inside a class with JCIP @Immutable annotation |
| 1039110 | TRUE | Ensure initializing cryptographic key generators (JEE) |