Release Notes - 1.1

  • 1.1.5-funcrel
    This release provides an internal technical change to ensure that the extension is compatible with CAST Imaging v3 for Linux/Docker. No other changes are included.
  • 1.1.4-funcrel
    Fixed rule (1060022) description. πŸ“ 34949
  • 1.1.3-funcrel
    Fixes a false positive violation of the πŸ’Ž 1060114 - Always enable authorization checks at function level for functions called on by APIs. πŸ“ 34435
    False positive for the rule: Always enable authorization checks at function level for functions called on by APIs πŸ’Ž 1060114
    deprecate : Avoid filtering sensitive data using front-end πŸ’Ž 1060110
    deprecate : Avoid data fields binded to columns to return sensitive data via APIs πŸ’Ž 1060108
    deprecate: Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data πŸ’Ž 1060106
    deprecate : Always review APIs returning sensitive data fields πŸ’Ž 1060104
    deprecate : Always avoid http redirects to unknown or untrusted URLs πŸ’Ž 1060116
  • 1.1.2-funcrel
    Fix some path incompatibilities when installing extension under Linux.Support installation of extension under Linux OS
  • 1.1.1-funcrel
    Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs πŸ“ 31662
    Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs πŸ“ 31554
    Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs πŸ“ 30366
    “Always enable authorization checks at function level for functions called on by APIs” - false positives removed and scope changed to add “Spring Security”. πŸ’Ž 1060114
  • 1.1.0-funcrel
    NEW Always avoid http redirects to unknown or untrusted URLs πŸ’Ž 1060116
    NEW Always enable authorization checks at function level for functions called on by APIs πŸ’Ž 1060114
    NEW Review APIs not accessed by frontend functions πŸ’Ž 1060112
    NEW Avoid filtering sensitive data using front-end πŸ’Ž 1060110
    NEW Avoid data fields binded to columns to return sensitive data via APIs πŸ’Ž 1060108
    NEW Avoid using generic methods such as ‘ToJson’ or ‘ToString’ to save sensitive or PII data πŸ’Ž 1060106
    NEW Review APIs returning sensitive data fields πŸ’Ž 1060104