Release Notes - 1.2
1.2.12-funcrel
Resolved Issues
Customer Ticket Id |
Details |
49240 |
Remove false positive for rule "Avoid unsafe object binding" when bound parameter is an array or a collection. |
1.2.11-funcrel
Resolved Issues
Customer Ticket Id |
Details |
48873 |
Remove false positive for rule "Avoid unsafe object binding" when bound parameter is a Boolean or a LocalDate. |
1.2.10-funcrel
Resolved Issues
Customer Ticket Id |
Details |
48873 |
Remove false positive for rule "Avoid unsafe object binding" when bound parameter is a Data Transfer Object. |
1.2.9-funcrel
Other Updates
Details |
Updated an internal library to provide improved resolutions and compatibility with Python 3.9/Linux. |
1.2.8-funcrel
Resolved Issues
Customer Ticket Id |
Details |
44764 |
Correction of false positive violation for rule "Ensure declaring formLogin after requesting authorization and authentication" (1040008). |
1.2.7-funcrel
Other Updates
Details |
Added support for Jakarta EE 9.0+ |
1.2.6-funcrel
Other Updates
Details |
A change has been made to reduce the amount of log messages provided during the analysis. As a result some less important log messages have been changed from "info" to "debug". |
1.2.5-funcrel
Resolved Issues
Customer Ticket Id |
Details |
41280 |
Fixed false violation for the rule (1040016): 'PermitAll or user role should be specified to access URL(s) of the application'. |
Other Updates
Details |
Fixed missing violation for rule (1040002): 'Avoid disabling CSRF Protection'. |
Rules
Rule Id |
New Rule |
Details |
1040048 |
TRUE |
Avoid unsafe object binding (Spring) |
1.2.4-funcrel
Resolved Issues
Customer Ticket Id |
Details |
39495 |
Fixes an issue causing the rule "Avoid disabling CSRF Protection (Spring Security)" (1040002) to report no violations at all. |
40067 |
Fixes an issue causing the rule "Avoid disabling CSRF Protection (Spring Security)" (1040002) to report no violations at all. |
Rules
Rule Id |
New Rule |
Details |
1040046 |
TRUE |
Avoid weak encryption algorithm (Spring) |
1.2.3-funcrel
Resolved Issues
Customer Ticket Id |
Details |
35537 |
Fixes false negative for QR "Avoid disabling CSRF Protection (Spring Security)" |
36075 |
Fixes analyzer crash during parsing of xml files with lxml.etree.XMLSyntaxError error. |
39396 |
Fixes false positives violations for the following rules "PermitAll or user role should be specified to access URL(s) of the application", "Avoid disabling CSRF Protection (Spring Security)" and "HTTP user session must be invalidated during logout". |
Other Updates
Details |
Fixes inconsistency between Analysis Unit configuration. |
Rules
Rule Id |
New Rule |
Details |
1040002 |
FALSE |
Fixed false negatives for the rule "Avoid disabling CSRF Protection (Spring Security)". |
1040016 |
FALSE |
Removed false positives for the rule "PermitAll or user role should be specified to access URL(s) of the application". |
1040002 |
FALSE |
Fixed false positives for the rule "Avoid disabling CSRF Protection (Spring Security)". |
1040012 |
FALSE |
Fixed false positives for the rule "HTTP user session must be invalidated during logout". |
1.2.2-funcrel
Other Updates
Details |
JEE analyzer freeze when analyzing application with Spring Security. |
Fix to resolve the error "Extension com.castsoftware.springsecurity has encountered an issue" during an analysis. |
1.2.1-funcrel
Note
Extension withdrawn.
1.2.0-funcrel
Note
This release of the extension contains a large number of rule related improvements, which will have a significant impact on any existing analysis results generated with a previous release of the extension. When re-analyzing existing and unchanged source code with this new extension, you should therefore expect grade and violation changes. When using AIP Console, if you do not want this extension to be used, you should ensure that you implement an extension strategy to prevent the automatic download and installation of the extension. If you are onboarding a new application, CAST actively encourages you to use this new release to take advantage of the improvements that have been implemented.
Other Updates
Details |
Thresholds has been updated for critical rules. |
Rules
Rule Id |
New Rule |
Details |
1040010 |
FALSE |
Always delete the cookies during the logout. |
1040018 |
FALSE |
Ensure the X-Frame-Options header is setup (Spring). |
1040012 |
FALSE |
HTTP user session must be invalidated during logout. |
1040024 |
FALSE |
Spring Boot Shutdown Actuator Endpoint must be secured from unauthenticated access. |