Latest Versions |
|
This Change Log summarizes the latest updates and improvements of this release.
It includes critical bug fixes, enhancements to Insights and Code Analysis, expanded API functionality, and improved handling of false positives.
Improvements
- SSO - Added support for changing Single Sign-On from OIDC to SAML.
- Objective-C Kiuwan now properly parses the API_AVAILABLE macro.
- Kiuwan Local Analyzer GUI now supports Insights with partial deliveries, enabling better Insights tracking of smaller code changes.
Bugs
- Removed erroneous status parameter from documentation for GET /insights/analysis/summary/export
- C - Resolved false positives for rule OPT.C.CERTC.EXP34 - NULL Pointer dereference.
- C Sharp - Resolved false positive in C# rule OPT.CSHARP.NullDereference when using IsNullOrEmpty() in logical validations.
- C++ - Fixed parsing errors for statements containing user-defined literals.
- C++ - Resolved false positives in C++ for rule OPT.CPP.DontUseCast.
- HTML - Resolved false positive in rule OPT.HTML.VARIOUS.ALT1 - Alt Attribute Required.
- HTML - Added rule OPT.JAVA.UNSANITIZED.ThymeleafXSSDetection to detect the use of unescaped Thymeleaf text, which may lead to an XSS vulnerability.
- Java - Insights now correctly displays component versions when defined dynamically.
- Java - Fixed invalid sample code for the rule OPT.JAVA.SEC_JAVA.HttpSplittingRule.
- Java - Kiuwan detects Java XML files in the latest versions of Spring Boot.
- Java - Resolved false positives for rule OPT.JAVA.NullDereference.
- Java - Resolved false positives related to Java rules for XSS detection.
- Java - Resolved false positives for CSRF (Cross-Site Request Forgery).
- Java - Resolved false positive in rule OPT.JAVA.SWITCH.CaseWithReturn.
- Java - Resolved false positive in rule OPT.JAVA.PB.SBC.
- Java - Resolved false positive in rule OPT.JAVA.PB.SBDF.
- Javascript - Rule OPT.JAVASCRIPT.CrossSiteRequestForgery updated to support csrf-sync and csrf-csrf packages.
- Javascript - Resolved false positive in rule OPT.HTML.UseDocType for Angular files.
- Natural - Kiuwan now parses asterisk operand for Reduce Array.
- Natural - Kiuwan no longer fails to parse Natural when an INCLUDE is found inside a DECIDE statement.
- Natural - Kiuwan now displays all defects for the rule Avoid writing multiple sentences in one code line.
- The Code Analysis summary PDF report now includes the engine version.
- Insights - Improved accuracy of CVEs and reduction of false positives.
- RPG - Rule OPT.RPG4.SEC.InsecureRandomness no longer generates false positives when using CEERAN0.
- PL-SQL - Fixed parsing errors related to Compound Triggers.
- Fixed missing or incorrect labels when promoting Delivery Analysis to Baseline in the Web UI.
- PHP - Updated reference links in some rules' metadata.
API fixes
- GET users/applications/permissions API now returns View permissions.
- GET /user/{username}/portfolios/roles now returns correct data when using a PortfolioValue parameter..
- GET /insights/analysis/summary/export endpoint now generates PDF reports correctly.
- PUT /userGroups/ properly updates businessValueRoles data if providerRoles data is not included in the request.