Release Notes - 1.0

  • 1.0.15-funcrel
    This release embeds Highlight Agent version 5.11.5-RELEASE.
    Added ContainerizationImpact of ‘Code’. 💎 1200397
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200377
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200376
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200375
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200374
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200373
    Added ContainerizationCriticality of ‘Medium’ and ContainerizationImpact of ‘Code and/or Framework’. 💎 1200372
    The list of open-source components is now more accurate, thus users might experience inconsistencies with results from previous versions.Highlight Agent version 5.11.5 brings an improvement in open-source component detection, reducing false positives.
  • 1.0.14-funcrel
    This release embeds Highlight Agent version 5.10.0-RELEASE.
    Fixes case inconsistencies between paths generated by Highlight automation tools and paths generated by CAST analyzers. This issue led to missing CloudReady and Green violations. 📝 54797
    Fixes a bug where imports to the Highlight server were failing due to incompatibility between the Highlight Agent and the Highlight server in cloud environment only.
  • 1.0.13-funcrel
    Contains Highlight Agent 5.10.1-RELEASE
    Changes in highlight2mri extension for license details
    Error while saving cloudready property “Use_SecuredProtocolsLib” due to wrong URL generated in CSV file
    When multiple Java versions are installed, the extension sometimes chooses the wrong one, resulting in failure with the following message : “Java runtime found but Highlight Analyzer requires at least Java JRE 11 or newer…”
    NEW Using Docker in Cloud-based build specifications 💎 1200349
    NEW Using a Cloud-based build specification 💎 1200351
    NEW Using Docker Tags and Versions 💎 1200352
    NEW Avoid Space Before Equal in Dockerfile 💎 1200353
    NEW Use Docker labels and metadata 💎 1200357
    NEW Using Docker Named Multi Stage builds 💎 1200358
    NEW Avoid Docker apt upgrade command 💎 1200364
    NEW Avoid Consecutive RUN Instructions in Dockerfile 💎 1200365
    NEW Avoid lowercase instructions in Dockerfile 💎 1200366
    Updated description to : “Using log to file system” 💎 1200024
    Updated description to : “Using hardcoded network IP address” 💎 1200029
    Updated description to : “Use of unsecured network protocols or URI libraries” 💎 1200042
    Updated description to: “Using stateful session (i.e. Socket / Servlet)” 💎 1200052
    Updated description to: “Use of Windows Authentication” 💎 1200064
    Rule is now deprecated 💎 1200067
    Updated description to: “Using a Cloud-based data analysis services” 💎 1200096
    Updated description to: “Avoid OPEN/CLOSE inside loops” 💎 1200127
    Updated description to: “Avoid Using Wildcard Characters to Start Search Criteria” 💎 1200128
    Updated description to: “Avoid Cursors inside a loop” 💎 1200129
    Updated description to: “Avoid using “SELECT DISTINCT”” 💎 1200130
    Updated description to: “Avoid “SELECT *” queries” 💎 1200131
    Updated name to: “Green_NotOperatorInWhereClause” and description to: “Avoid using the NOT operator in WHERE clauses” 💎 1200132
    Updated description to: “Avoid Artifacts with queries on too many Tables and/or Views” 💎 1200133
    Updated description to: “Avoid queries without WHERE condition” 💎 1200134
    Updated description to: “Avoid SQL queries using functions in the WHERE clause” 💎 1200135
    Updated name to: “Green_ConcatInLoop” 💎 1200136
    Updated name to: “Green_EndLoopTest” and description to: “Avoid calling a function in a loop condition” 💎 1200141
    Updated name to: “Green_RiskyFunctionCalls” 💎 1200143
    Updated description to: “Avoid query in a loop” 💎 1200144
    Updated description to: “Avoid Tables without Primary Key' 💎 1200145
    Updated description to: “Avoid empty catch blocks” 💎 1200205
    Using a Cloud-based cache in-memory database (Memcached) 💎 1200122
    Using Cloud Memorystore for Redis fully managed in-memory data store service 💎 1200078
    NEW Ensure NVL function is not used 💎 1200178
    NEW Using in-memory caching libraries 💎 1200372
    NEW Using CORBA (Common Object Request Broker Architecture) 💎 1200373
    NEW Using JAX-RPC technology 💎 1200374
    NEW Using JCA (Java Connector Architecture) 💎 1200375
    NEW Using JNA (Java Native Access) and JNI (Java Native Interface) 💎 1200376
    NEW Using Java RMI (Remote Method Invocation) 💎 1200377
    NEW Use of deprecated SQL server database service dependency 💎 1200378
    NEW Using Application Request Routing (IIS) 💎 1200379
    NEW Using ISAPI filters (IIS) 💎 1200380
    NEW Using modified HTTP logging (IIS) 💎 1200381
    NEW Using unsupported protocol in bindings (IIS) 💎 1200382
    NEW Using more than one application pool (IIS) 💎 1200383
    NEW Windows profile API usage detected 💎 1200384
    NEW Using Windows Native API 💎 1200385
    NEW Using Windows Management Instrumentation (WMI) 💎 1200386
    NEW Using Crystal Report reporting tool 💎 1200387
    NEW Using Named Pipes Communication 💎 1200388
    NEW Using dynamic assembly 💎 1200389
    NEW Using message queue system 💎 1200390
    NEW Using deprecated hashing algorithms 💎 1200391
    NEW Use # for single and multi-line comments 💎 1200392
    NEW Use nouns for resource names and do not include the type in the name 💎 1200393
    NEW Declaring a variable without description 💎 1200394
    NEW Declaring a variable without type 💎 1200395
    NEW Declaring an output block without description 💎 1200396
    NEW Using a bad indentation 💎 1200397
    NEW Indentation style is not two spaces 💎 1200398
    NEW The equal sign of an argument is not aligned with that of the previous argument 💎 1200399
    NEW Declaring an argument after a block 💎 1200400
    NEW Missing Blank line between meta-argument et argument 💎 1200401
    NEW Using dot syntax instead of bracket syntax to access a list 💎 1200402
    NEW Interpolation is the only content of a string 💎 1200403
    NEW Lookup() fonction has only two arguments 💎 1200404
    NEW Using comparison to empty bracket ( ==[] ) 💎 1200405
    NEW Using a duplicated key inside a map 💎 1200406
    NEW Using GIT or Mercurial repository not pinned to a version 💎 1200407
    NEW Missing argument version in a module block 💎 1200408
    NEW Missing version constraint in “required_providers” for a provider 💎 1200409
    NEW Missing ‘required_version’ for terraform block 💎 1200410
    NEW A variable or output block in not placed in variable.tf or output.tf file 💎 1200411
    NEW Declaring a variable or data without using it 💎 1200412
    NEW Declaring a provider without using it in the module 💎 1200413
    NEW ‘count’ or ‘for_each’ arguments not placed in first position in the block 💎 1200414
    NEW ‘count/for_each’ using expression in “then” or “else” clause 💎 1200415
    NEW Wrap the resource type and name in double quotes in your resource definition 💎 1200416
    NEW Declaration order in a variable do not comply with : description, type, default, validation 💎 1200417
    NEW Using element(concat(…)…) instead of try(…) 💎 1200418
    NEW A block variable, output, data or resource is not preceded by a comment 💎 1200419
    NEW A bloc is commented out 💎 1200420
    NEW Using nested dynamic blocks 💎 1200241
    Updated description to “Using Azure SQL database service” 💎 1200116
    Licensing details include license name, compliance, and link to license documentation.The extension now provides licensing information for third-party components
  • 1.0.12-funcrel
    Resolves an issue where incorrect handling of mapped network drives prevented analysis results for CloudReady and Green assessments. 📝 51204
    Resolves an issue where HL analysis stalls in restricted internet access environments due to repeated attempts to load DTDs referenced in XML files.
  • 1.0.11-funcrel
    Fixes an issue causing the extension to fail if an old version of “Highlight Code Reader” is installed on the same machine.
    Fixes an issue where application names containing blank spaces generate an erroneous output folder.
    Fixes an issue specific to Linux deployments (CAST Imaging v3) where the extension is not able to see the JRE embedded in the CAST Imaging Core install folder within the container..
    Fixes an issue causing the incorrect release date to be displayed for third-party components.
  • 1.0.10-funcrel
    The Perl runtime (required by the extension) is no longer embedded and shipped with the com.castsoftware.highlight2mri, therefore significantly reducing the overall extension size. The Perl runtime is now delivered in a newly created extension called com.castsoftware.perl.runtimeexternal link and as a result the com.castsoftware.highlight2mri extension now has a new dependency to com.castsoftware.perl.runtime.
    Fixes an issue where Highlight data was not visible in CAST Imaging due to warnings encountered during the com.castsoftware.highlight2mri analysis while processing “green ready” data. 📝 49741
    Fixes an issue where the wrong local file path location was indicated within Highlight for OSS Third-Party vulnerabilities. 📝 50567
    Fixes an issue where the Highlight analysis was not correctly running in a Linux environment.
    Removed Perl runtime from the extension and created a new dedicated extension com.castsoftware.perl.runtimeexternal link (and a dependency to it).
    Added Highlight options “–mavenRepository” and “–includeAllDependencies” in order to improve third-party discovery.
    Fixes an issue where CloudReady results were inconsistent from one run to another.
    Using file system 💎 1200025
    Perform File Manipulation 💎 1200007
    Perform Directory Manipulation 💎 1200006
    NEW Detect Docker files in application 💎 1200242
    The extension has been tested on Rocky Linux.Extension now working in Linux environments
    Specifying the object is not enough, as an object may have several source files. The source file is now specified. Moreover bookmarks are now more accurate as we specify the start column and end column.Violation bookmarks now specify file, start column and end column
  • 1.0.9-funcrel
    Fixes an issue that occurs when handling long paths leading to missing results. 📝 48470
    Green Deficiencies rules are now supported by the extension.Support for Green Deficiencies
  • 1.0.8-funcrel
    This release contains one update to fix an issue with the 1.0.7-funcrel which has been withdrawn. All fixes and updates included in 1.0.7-funcrel are also included in 1.0.8-funcrel.
    Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. 📝 47684
    Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. 📝 47666
  • 1.0.7-funcrel
    This extension has been withdrawn and is no longer available. All fixes and updates included in 1.0.7-funcrel are also available in 1.0.8-funcrel.
    An update has been implemented to ensure the extension function correctly with regard to changes made to the Console proxy configuration. 📝 46635
    Fixes an issue where multiple apps are using same TEMP folder for result storage causing analysis failure. 📝 47273
    A change has been introduced to ensure that minified JS files (the generated CSV exceeds max column length), and the vendor folder (as it is not part of the application) are excluded from the analysis.
    It is now possible to connect to Highlight through a proxy server. The proxy connection data (host, port, possibly user and password) should be set in Console (v2.11.6 or higher required).Connection to Highlight through a Proxy Server with or without authentication (Console v2.11.6 or higher required)
  • 1.0.6-funcrel
    This is the first version compatible with Imaging Cloud.The extension can be used in both Cloud and non-Cloud contexts.
    Improved support for long paths: folders that are not relevant to the Highlight analysis, such as the “node_modules” folder created by the Node.js framework, are no longer copied to the working folder.
    Fixes a regression introduced in 1.0.5-funcrel where some rule violations for SQL objects were missing.
    First release that is compatible with CAST Imaging Cloud.Imaging Cloud compatibility
  • 1.0.5-funcrel
    Contains Highlight Agent 5.5.25-RELEASE
    Fixes the message “RuntimeError: Property was not declared as handled for that type " by ensuring that the category “metric” (1041) now inherits from the category “CloudReady_Metrics”. 📝 46375
    Fixes an issue causing the extension to crash with the message “RuntimeError: Analysis ran with errors” caused by the CLI hanging with dbgMatchPatternDetail flag. Fixed by including 5.5.25-RELEASE version of the Highlight agent. 📝 45586
    Provides a circumvention of the long path issue. See the section “New Support” below for more details. 📝 43990
    Due to a change in the documentation URLs for CloudReady patterns, the method for processing links to this documentation has been updated.
    Provides a circumvention of the long path issue. See the section “New Support” below for more details.
    Fixes an issue causing the message “[INFO] [ERR4] HighlightAutomation”. Fixed by including 5.5.25-RELEASE version of the Highlight agent.
    If long paths are spotted in the source code, and if enough disk space is available, the extension will copy the source to a tmp folder, then assign new short names to subfolders, and keep a map between new short paths and original paths.Support of files with long paths
  • 1.0.4-funcrel
    Contains the Highlight Agent 5.4.91 and replaces the previous 1.0.3-funcrel release that has been withdrawn.
    Fixes an issue causing an API error on GET: “HTTP Error 400: highlight.server.client.campaignApplication.update.NoAnalysis”. 📝 42150
    Fixes an issue causing the log warning message “RuntimeError: Analysis ran with errors”.
    Fixes an issue causing the log warning message “RuntimeError: Analysis ran with errors” and causing the HLAutomation.log to not be created.
    Added “Safer Closest Version” and “Safest Version” - see also: https://doc.castsoftware.com/display/IMAGING/User+Guide+-+GUI+-+Welcome+Page+-+Modernizing+Applicationsexternal link.Additional data for Third Party Component feature in CAST Imaging
  • 1.0.3-funcrel
    This extension has been withdrawn.
  • 1.0.2-funcrel
    An update has been implemented to ensure that the log file contains information about which Java JRE the extension is using. 📝 40661
    Fixes an issue causing a warning entry in the analysis log: “No CloudReady patterns found for Mainframe”. This fix ensures that Mainframe related technologies are now supported correctly. 📝 41248
    Added bookmarks for CloudReady blockers/boosters for Mainframe technologies.CloudReady support for Mainframe technologies
  • 1.0.1-funcrel
    This release fixes a breaking change added to the Highlight Agent when introducing Green IT. As a result, a new Highlight Agent (5.4.64) is provided in this release.
    Fixes an issue causing the Highlight to MRI extension to fail to load data into CAST Highlight with the error “Highlight API Error on GET”. 📝 40076
  • 1.0.0-funcrel
    Update hardcoded links to Highlight documentation.
    Fixes an issue where the analysis of source code containing a folder called “node_modules” takes too much time. This folder is now excluded.
  • 1.0.0-beta1
    Please note that Highlight Agent requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
    Fixes an issue where it is not possible to find highlight tags after importing application into CAST Imaging. 📝 38281
    The Highlight Agent has been updated from 5.4.29 to 5.4.43.
    The error message to explain that the extension requires a minimum release of Java 11 has been updated and clarified. In previous releases of the extension, using an older release of Java caused an error with an unclear message in the log.
    NEW New CloudReady pattern definition: “Use of Active Directory / LDAP authentication is not fully compatible with cloud providers (AWS, Azure…)”. 💎 1200124
  • 1.0.0-alpha4
    Please note that Highlight Agent version 5.4.29 requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
    Update Highlight Agent from 5.3.76 to 5.4.29.
    CloudReady patterns for Google Cloud Platform have been added.Added additional CloudReady patterns
  • 1.0.0-alpha3
    Fixed an issue where a warning error was seen in the log during the analysis “IndexError: list index out of range”. 📝 35420
    Fixed an issue causing a crash when long paths are involved. As part of the fix, the extension calls the Highlight agent only on source code and no longer on Maven/Nuget/.NET assembly folders (which often contain long paths).
  • 1.0.0-alpha2
    Fixed an issue where the following error is displayed: “plugin has encountered the following error : IndexError: list index out of range while running com.castsoftware.highlight2mri.1.0.0-alpha1”.
  • 1.0.0-alpha1
    This is the first release of this extension.