Skip to main content

Release Updates for Version 3.12.0

6501138657.png

We are introducing IAST Version 3.12.0! Read on to check out what's new.

Release Highlights

This section highlights the main features of this version.

Platform Updates for Applications under Testing

  • Java support has been extended to Java 17 (LTS version) and ranges now from Java 8 to Java 17.

  • Complete support for .NET 3.1 API coverage.

  • .NET support has been extended to .NET 6.0.

Enhanced Reliability

  • The Java agent does not block the AUT anymore when the IAST server is not responding.

  • Optimized the triggering of exceptions by unknown frameworks to avoid compromising the performance of the application under testing caused by inflated logs.

  • The Exploitable parameter now appears always in the attack vector on the Java Springs operations, even in POST and PUT operations.

  • Added a reporting and cleanup utility that allows controlling and reducing the use of the database.

  • Improved and optimized the pre-installation questionnaire.

  • Optimized the .NET Agent logging. The performance footprint has been removed.

Optimized Usability

  • The IAST Manager's user interface provides direct access to Access Control.

  • Users who attempt to delete a query now receive a warning and have to confirm their request before the query is deleted.

  • Users who refresh the IAST Manager interface receive a warning, if the latest scan has not been saved.

  • The license information such as expiration date, the number of available projects and the number of used projects is now available from the IAST Manager's user interface.

  • The AUT Framework's version appears now on the Dashboard.

  • The API and SCA tabs are now available in aggregated scans.

  • The misleading New label has been removed from displayed vulnerabilities.

  • Documentation has been added on how to handle expired TLS certificates.

Improved SAST Correlation

  • The set of queries correlated with SAST has been increased.

  • The SAST connectivity is now indicated clearly.

  • If a correlated SAST scan has been deleted and a user follows the correlation link from the IAST side, a message appears that there is no SAST correlation for this scan. Previously, an empty page appeared instead.

  • If an IAST project has been connected to a SAST project, all correlated vulnerabilities are displayed, not only the most recent ones.

Resolved Limitations

The following limitations have been resolved with this release:

  • The Windows Power Shell installation performs now properly.

  • The HSTS header has been enforced in IAST.

  • The IAST API Swagger pages are now displayed instead of the Access Control Swagger pages, even if they reside behind a proxy.

  • Vulnerabilities do not switch anymore to Resolved automatically as this functionality proved unreliable.