Release Notes - 1.0
1.0.13-funcrel
Note
Contains Highlight Agent 5.10.1-RELEASE
Other Updates
| Details |
|---|
| Error while saving cloudready property "Use_SecuredProtocolsLib" due to wrong URL generated in CSV file |
| Changes in highlight2mri extension for license details |
| When multiple Java versions are installed, the extension sometimes chooses the wrong one, resulting in failure with the following message : "Java runtime found but Highlight Analyzer requires at least Java JRE 11 or newer…" |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200384 | TRUE | Windows profile API usage detected |
| 1200383 | TRUE | Using more than one application pool (IIS) |
| 1200382 | TRUE | Using unsupported protocol in bindings (IIS) |
| 1200381 | TRUE | Using modified HTTP logging (IIS) |
| 1200380 | TRUE | Using ISAPI filters (IIS) |
| 1200379 | TRUE | Using Application Request Routing (IIS) |
| 1200378 | TRUE | Use of deprecated SQL server database service dependency |
| 1200377 | TRUE | Using Java RMI (Remote Method Invocation) |
| 1200376 | TRUE | Using JNA (Java Native Access) and JNI (Java Native Interface) |
| 1200375 | TRUE | Using JCA (Java Connector Architecture) |
| 1200374 | TRUE | Using JAX-RPC technology |
| 1200373 | TRUE | Using CORBA (Common Object Request Broker Architecture) |
| 1200372 | TRUE | Using in-memory caching libraries |
| 1200178 | TRUE | Ensure NVL function is not used |
| 1200078 | FALSE | Using Cloud Memorystore for Redis fully managed in-memory data store service |
| 1200122 | FALSE | Using a Cloud-based cache in-memory database (Memcached) |
| 1200205 | FALSE | Updated description to: "Avoid empty catch blocks" |
| 1200145 | FALSE | Updated description to: "Avoid Tables without Primary Key' |
| 1200144 | FALSE | Updated description to: "Avoid query in a loop" |
| 1200143 | FALSE | Updated name to: "Green_RiskyFunctionCalls" |
| 1200141 | FALSE | Updated name to: "Green_EndLoopTest" and description to: "Avoid calling a function in a loop condition" |
| 1200136 | FALSE | Updated name to: "Green_ConcatInLoop" |
| 1200135 | FALSE | Updated description to: "Avoid SQL queries using functions in the WHERE clause" |
| 1200134 | FALSE | Updated description to: "Avoid queries without WHERE condition" |
| 1200133 | FALSE | Updated description to: "Avoid Artifacts with queries on too many Tables and/or Views" |
| 1200132 | FALSE | Updated name to: "Green_NotOperatorInWhereClause" and description to: "Avoid using the NOT operator in WHERE clauses" |
| 1200131 | FALSE | Updated description to: "Avoid "SELECT *" queries" |
| 1200130 | FALSE | Updated description to: "Avoid using "SELECT DISTINCT"" |
| 1200129 | FALSE | Updated description to: "Avoid Cursors inside a loop" |
| 1200128 | FALSE | Updated description to: "Avoid Using Wildcard Characters to Start Search Criteria" |
| 1200127 | FALSE | Updated description to: "Avoid OPEN/CLOSE inside loops" |
| 1200096 | FALSE | Updated description to: "Using a Cloud-based data analysis services" |
| 1200067 | FALSE | Rule is now deprecated |
| 1200064 | FALSE | Updated description to: "Use of Windows Authentication" |
| 1200052 | FALSE | Updated description to: "Using stateful session (i.e. Socket / Servlet)" |
| 1200042 | FALSE | Updated description to : "Use of unsecured network protocols or URI libraries" |
| 1200029 | FALSE | Updated description to : "Using hardcoded network IP address" |
| 1200024 | FALSE | Updated description to : "Using log to file system" |
| 1200366 | TRUE | Avoid lowercase instructions in Dockerfile |
| 1200365 | TRUE | Avoid Consecutive RUN Instructions in Dockerfile |
| 1200364 | TRUE | Avoid Docker apt upgrade command |
| 1200358 | TRUE | Using Docker Named Multi Stage builds |
| 1200357 | TRUE | Use Docker labels and metadata |
| 1200353 | TRUE | Avoid Space Before Equal in Dockerfile |
| 1200352 | TRUE | Using Docker Tags and Versions |
| 1200351 | TRUE | Using a Cloud-based build specification |
| 1200349 | TRUE | Using Docker in Cloud-based build specifications |
| 1200116 | FALSE | Updated description to "Using Azure SQL database service" |
| 1200241 | TRUE | Using nested dynamic blocks |
| 1200420 | TRUE | A bloc is commented out |
| 1200419 | TRUE | A block variable, output, data or resource is not preceded by a comment |
| 1200418 | TRUE | Using element(concat(…)…) instead of try(…) |
| 1200417 | TRUE | Declaration order in a variable do not comply with : description, type, default, validation |
| 1200416 | TRUE | Wrap the resource type and name in double quotes in your resource definition |
| 1200415 | TRUE | 'count/for_each' using expression in "then" or "else" clause |
| 1200414 | TRUE | 'count' or 'for_each' arguments not placed in first position in the block |
| 1200413 | TRUE | Declaring a provider without using it in the module |
| 1200412 | TRUE | Declaring a variable or data without using it |
| 1200411 | TRUE | A variable or output block in not placed in variable.tf or output.tf file |
| 1200410 | TRUE | Missing 'required_version' for terraform block |
| 1200409 | TRUE | Missing version constraint in "required_providers" for a provider |
| 1200408 | TRUE | Missing argument version in a module block |
| 1200407 | TRUE | Using GIT or Mercurial repository not pinned to a version |
| 1200406 | TRUE | Using a duplicated key inside a map |
| 1200405 | TRUE | Using comparison to empty bracket ( ==[] ) |
| 1200404 | TRUE | Lookup() fonction has only two arguments |
| 1200403 | TRUE | Interpolation is the only content of a string |
| 1200402 | TRUE | Using dot syntax instead of bracket syntax to access a list |
| 1200401 | TRUE | Missing Blank line between meta-argument et argument |
| 1200400 | TRUE | Declaring an argument after a block |
| 1200399 | TRUE | The equal sign of an argument is not aligned with that of the previous argument |
| 1200398 | TRUE | Indentation style is not two spaces |
| 1200397 | TRUE | Using a bad indentation |
| 1200396 | TRUE | Declaring an output block without description |
| 1200395 | TRUE | Declaring a variable without type |
| 1200394 | TRUE | Declaring a variable without description |
| 1200393 | TRUE | Use nouns for resource names and do not include the type in the name |
| 1200392 | TRUE | Use # for single and multi-line comments |
| 1200391 | TRUE | Using deprecated hashing algorithms |
| 1200390 | TRUE | Using message queue system |
| 1200389 | TRUE | Using dynamic assembly |
| 1200388 | TRUE | Using Named Pipes Communication |
| 1200387 | TRUE | Using Crystal Report reporting tool |
| 1200386 | TRUE | Using Windows Management Instrumentation (WMI) |
| 1200385 | TRUE | Using Windows Native API |
New Support
| Summary | Details |
|---|---|
| The extension now provides licensing information for third-party components | Licensing details include license name, compliance, and link to license documentation. |
1.0.12-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 51204 | Resolves an issue where incorrect handling of mapped network drives prevented analysis results for CloudReady and Green assessments. |
Other Updates
| Details |
|---|
| Resolves an issue where HL analysis stalls in restricted internet access environments due to repeated attempts to load DTDs referenced in XML files. |
1.0.11-funcrel
Other Updates
| Details |
|---|
| Fixes an issue causing the extension to fail if an old version of "Highlight Code Reader" is installed on the same machine. |
| Fixes an issue where application names containing blank spaces generate an erroneous output folder. |
| Fixes an issue specific to Linux deployments (CAST Imaging v3) where the extension is not able to see the JRE embedded in the CAST Imaging Core install folder within the container.. |
| Fixes an issue causing the incorrect release date to be displayed for third-party components. |
1.0.10-funcrel
Note
The Perl runtime (required by the extension) is no longer embedded and shipped with the com.castsoftware.highlight2mri, therefore significantly reducing the overall extension size. The Perl runtime is now delivered in a newly created extension called com.castsoftware.perl.runtime and as a result the com.castsoftware.highlight2mri extension now has a new dependency to com.castsoftware.perl.runtime.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 49741 | Fixes an issue where Highlight data was not visible in CAST Imaging due to warnings encountered during the com.castsoftware.highlight2mri analysis while processing "green ready" data. |
| 50567 | Fixes an issue where the wrong local file path location was indicated within Highlight for OSS Third-Party vulnerabilities. |
Other Updates
| Details |
|---|
| Fixes an issue where the Highlight analysis was not correctly running in a Linux environment. |
| Removed Perl runtime from the extension and created a new dedicated extension com.castsoftware.perl.runtime (and a dependency to it). |
| Added Highlight options "–mavenRepository" and "–includeAllDependencies" in order to improve third-party discovery. |
| Fixes an issue where CloudReady results were inconsistent from one run to another. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200025 | FALSE | Using file system |
| 1200007 | FALSE | Perform File Manipulation |
| 1200006 | FALSE | Perform Directory Manipulation |
| 1200242 | TRUE | Detect Docker files in application |
New Support
| Summary | Details |
|---|---|
| Extension now working in Linux environments | The extension has been tested on Rocky Linux. |
| Violation bookmarks now specify file, start column and end column | Specifying the object is not enough, as an object may have several source files. The source file is now specified. Moreover bookmarks are now more accurate as we specify the start column and end column. |
1.0.9-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 48470 | Fixes an issue that occurs when handling long paths leading to missing results. |
New Support
| Summary | Details |
|---|---|
| Support for Green Deficiencies | Green Deficiencies rules are now supported by the extension. |
1.0.8-funcrel
Note
This release contains one update to fix an issue with the 1.0.7-funcrel which has been withdrawn. All fixes and updates included in 1.0.7-funcrel are also included in 1.0.8-funcrel.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 47684 | Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. |
| 47666 | Provides a fix for the issue identified in 1.0.7-funcrel that is preventing the extension from running when called during an analysis. |
1.0.7-funcrel
Note
This extension has been withdrawn and is no longer available. All fixes and updates included in 1.0.7-funcrel are also available in 1.0.8-funcrel.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 46635 | An update has been implemented to ensure the extension function correctly with regard to changes made to the Console proxy configuration. |
| 47273 | Fixes an issue where multiple apps are using same TEMP folder for result storage causing analysis failure. |
Other Updates
| Details |
|---|
| A change has been introduced to ensure that minified JS files (the generated CSV exceeds max column length), and the vendor folder (as it is not part of the application) are excluded from the analysis. |
New Support
| Summary | Details |
|---|---|
| Connection to Highlight through a Proxy Server with or without authentication (Console v2.11.6 or higher required) | It is now possible to connect to Highlight through a proxy server. The proxy connection data (host, port, possibly user and password) should be set in Console (v2.11.6 or higher required). |
1.0.6-funcrel
Note
This is the first version compatible with Imaging Cloud.The extension can be used in both Cloud and non-Cloud contexts.
Other Updates
| Details |
|---|
| Improved support for long paths: folders that are not relevant to the Highlight analysis, such as the "node_modules" folder created by the Node.js framework, are no longer copied to the working folder. |
| Fixes a regression introduced in 1.0.5-funcrel where some rule violations for SQL objects were missing. |
New Support
| Summary | Details |
|---|---|
| Imaging Cloud compatibility | First release that is compatible with CAST Imaging Cloud. |
1.0.5-funcrel
Note
Contains Highlight Agent 5.5.25-RELEASE
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 46375 | Fixes the message "RuntimeError: Property was not declared as handled for that type " by ensuring that the category "metric" (1041) now inherits from the category "CloudReady_Metrics". |
| 45586 | Fixes an issue causing the extension to crash with the message "RuntimeError: Analysis ran with errors" caused by the CLI hanging with dbgMatchPatternDetail flag. Fixed by including 5.5.25-RELEASE version of the Highlight agent. |
| 43990 | Provides a circumvention of the long path issue. See the section "New Support" below for more details. |
Other Updates
| Details |
|---|
| Due to a change in the documentation URLs for CloudReady patterns, the method for processing links to this documentation has been updated. |
| Provides a circumvention of the long path issue. See the section "New Support" below for more details. |
| Fixes an issue causing the message "[INFO] [ERR4] HighlightAutomation". Fixed by including 5.5.25-RELEASE version of the Highlight agent. |
New Support
| Summary | Details |
|---|---|
| Support of files with long paths | If long paths are spotted in the source code, and if enough disk space is available, the extension will copy the source to a tmp folder, then assign new short names to subfolders, and keep a map between new short paths and original paths. |
1.0.4-funcrel
Note
Contains the Highlight Agent 5.4.91 and replaces the previous 1.0.3-funcrel release that has been withdrawn.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 42150 | Fixes an issue causing an API error on GET: "HTTP Error 400: highlight.server.client.campaignApplication.update.NoAnalysis". |
Other Updates
| Details |
|---|
| Fixes an issue causing the log warning message "RuntimeError: Analysis ran with errors". |
| Fixes an issue causing the log warning message "RuntimeError: Analysis ran with errors" and causing the HLAutomation.log to not be created. |
New Support
| Summary | Details |
|---|---|
| Additional data for Third Party Component feature in CAST Imaging | Added "Safer Closest Version" and "Safest Version" - see also: https://doc.castsoftware.com/display/IMAGING/User+Guide+-+GUI+-+Welcome+Page+-+Modernizing+Applications . |
1.0.3-funcrel
Note
This extension has been withdrawn.
1.0.2-funcrel
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40661 | An update has been implemented to ensure that the log file contains information about which Java JRE the extension is using. |
| 41248 | Fixes an issue causing a warning entry in the analysis log: "No CloudReady patterns found for Mainframe". This fix ensures that Mainframe related technologies are now supported correctly. |
New Support
| Summary | Details |
|---|---|
| CloudReady support for Mainframe technologies | Added bookmarks for CloudReady blockers/boosters for Mainframe technologies. |
1.0.1-funcrel
Note
This release fixes a breaking change added to the Highlight Agent when introducing Green IT. As a result, a new Highlight Agent (5.4.64) is provided in this release.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 40076 | Fixes an issue causing the Highlight to MRI extension to fail to load data into CAST Highlight with the error "Highlight API Error on GET". |
1.0.0-funcrel
Other Updates
| Details |
|---|
| Update hardcoded links to Highlight documentation. |
| Fixes an issue where the analysis of source code containing a folder called "node_modules" takes too much time. This folder is now excluded. |
1.0.0-beta1
Note
Please note that Highlight Agent requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 38281 | Fixes an issue where it is not possible to find highlight tags after importing application into CAST Imaging. |
Other Updates
| Details |
|---|
| The Highlight Agent has been updated from 5.4.29 to 5.4.43. |
| The error message to explain that the extension requires a minimum release of Java 11 has been updated and clarified. In previous releases of the extension, using an older release of Java caused an error with an unclear message in the log. |
Rules
| Rule Id | New Rule | Details |
|---|---|---|
| 1200124 | TRUE | New CloudReady pattern definition: "Use of Active Directory / LDAP authentication is not fully compatible with cloud providers (AWS, Azure…)". |
1.0.0-alpha4
Note
Please note that Highlight Agent version 5.4.29 requires at least Java 11 runtime in system path. Java 8 runtime is no longer supported by Highlight Agent.
Other Updates
| Details |
|---|
| Update Highlight Agent from 5.3.76 to 5.4.29. |
New Support
| Summary | Details |
|---|---|
| Added additional CloudReady patterns | CloudReady patterns for Google Cloud Platform have been added. |
1.0.0-alpha3
Resolved Issues
| Customer Ticket Id | Details |
|---|---|
| 35420 | Fixed an issue where a warning error was seen in the log during the analysis "IndexError: list index out of range". |
Other Updates
| Details |
|---|
| Fixed an issue causing a crash when long paths are involved. As part of the fix, the extension calls the Highlight agent only on source code and no longer on Maven/Nuget/.NET assembly folders (which often contain long paths). |
1.0.0-alpha2
Other Updates
| Details |
|---|
| Fixed an issue where the following error is displayed: "plugin has encountered the following error : IndexError: list index out of range while running com.castsoftware.highlight2mri.1.0.0-alpha1". |
1.0.0-alpha1
Note
This is the first release of this extension.