Release Notes - 1.1
1.1.5-funcrel
Note
This release provides an internal technical change to ensure that the extension is compatible with CAST Imaging v3 for Linux/Docker. No other changes are included.
1.1.4-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 34949 |
Fixed rule (1060022) description. |
1.1.3-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 34435 |
Fixes a false positive violation of the rule: 1060114 - Always enable authorization checks at function level for functions called on by APIs. |
Rules
| Rule Id |
New Rule |
Details |
| 1060114 |
FALSE |
False positive for the rule: Always enable authorization checks at function level for functions called on by APIs |
| 1060110 |
FALSE |
deprecate : Avoid filtering sensitive data using front-end |
| 1060108 |
FALSE |
deprecate : Avoid data fields binded to columns to return sensitive data via APIs |
| 1060106 |
FALSE |
deprecate: Avoid using generic methods such as 'ToJson' or 'ToString' to save sensitive or PII data |
| 1060104 |
FALSE |
deprecate : Always review APIs returning sensitive data fields |
| 1060116 |
FALSE |
deprecate : Always avoid http redirects to unknown or untrusted URLs |
1.1.2-funcrel
New Support
| Summary |
Details |
| Support installation of extension under Linux OS |
Fix some path incompatibilities when installing extension under Linux. |
1.1.1-funcrel
Resolved Issues
| Customer Ticket Id |
Details |
| 31662 |
Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
| 31554 |
Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
| 30366 |
Spring Security scope added to the rule Always enable authorization checks at function level for functions called on by APIs |
Rules
| Rule Id |
New Rule |
Details |
| 1060114 |
FALSE |
"Always enable authorization checks at function level for functions called on by APIs" - false positives removed and scope changed to add "Spring Security". |
1.1.0-funcrel
Rules
| Rule Id |
New Rule |
Details |
| 1060116 |
TRUE |
Always avoid http redirects to unknown or untrusted URLs |
| 1060114 |
TRUE |
Always enable authorization checks at function level for functions called on by APIs |
| 1060112 |
TRUE |
Review APIs not accessed by frontend functions |
| 1060110 |
TRUE |
Avoid filtering sensitive data using front-end |
| 1060108 |
TRUE |
Avoid data fields binded to columns to return sensitive data via APIs |
| 1060106 |
TRUE |
Avoid using generic methods such as 'ToJson' or 'ToString' to save sensitive or PII data |
| 1060104 |
TRUE |
Review APIs returning sensitive data fields |