9.6.0 Hotfixes

HF15

November 2024

Fixed a bug where short descriptions appeared incomplete in PHP queries and where scanned code contained <?.

Resolved a database deadlock when counting projects, which occurred with tens of thousands of projects.

Updated the compare scan algorithm to a faster method.

Fixed an issue where GET results API didn’t retrieve results if the preset was deleted.

Corrected an error message for non-existing project IDs. Changed from Unauthorized to view project/branch 2 to Project with ID ‘x’ was not found.

Improved the data retention process to clean orphan scan data.

Enhanced data management for canceled scans is now only saved in the CanceledScans table and removed from other tables.

HF14

October 2024

Fixed an issue where a deleted custom query ignored its own results in compare scan mode.

Resolved a problem that caused the loss of a query description when its group was deleted.

Corrected an issue where results appeared fixed instead of recurrent during scan comparisons involving a deleted custom query.

Fixed an issue where CxAudit would fail to load a project with long path support.

Addressed database deadlock errors that occurred when creating multiple projects simultaneously.

Fixed an error in the results retrieval API when no query description was present.

Added paging support to the GET /projects API to handle large numbers of projects efficiently. You can now control how many projects will be retrieved in each bulk.

HF13

September 2024

Fixed an issue in the Results Viewer to prevent invalid source details from displaying in the vulnerability description.

Fixed an issue in the cxrestapi/help/sast/results API to prevent a casting error when a result detail is a decimal value.

Performance improvements on XML report generation.

Fixed an issue where an ERROR message was not logged after Post Scan Actions; now, an INFO message will be logged instead.

Improved the REST API endpoint /sast/results to include the Result Description text in the output.

HF12

August 2024

Fixed an error in the SAST scan statistics API call when dbo.TaskScanEnvironment was missing.

Corrected code display in the results viewer where backticks were converted to single quotes, affecting triaging accuracy.

Resolved issue in the results viewer code view where code was not visible with long paths.

Fixed duplicated results retrieval in OData responses when mixing private and public scans within the same project.

Fixed sorting issue in the direct link view when sorted by the Destination FileName column.

Restored PreScanActionId value when a project was edited.

Created a new REST API endpoint for CxSAST to return a paged results list for a specific ScanId.

Added a toggle button in access control settings for LDAP server to allow wildcard searches.

HF11

July 2024

The compare scan mechanism incorrectly displayed severity when the query’s severity had been modified and overridden.

Fixed a bug causing report creation failure when multiple branches were defined in a project.

Several bugs related to results triage were resolved - particularly where private and public scans coexisted within the same project.

Timestamps were reinstated in various fields on the Scan Summary page.

The report mechanism issue—where the Change template option affected CSV reports—has been addressed; this option should only impact PDF and RTF formats.

Fixed inconsistencies regarding line numbers between the results viewer and the scan report.

Resolved a bug causing the license importer to get an error when not in focus.

HF10

June 2024

The Origin column in the Scans tables displays incorrect values when a scan identified as unchanged was not initiated.

Fixed a vulnerability discovered in Apache Tomcat 9.0.72.

Resolved an issue where accent characters in file names of the source code were stored incorrectly and led to a broken path.

Fixed an error found in the portal log that occurred when logging in.

Resolved an issue where the API, designed to fetch result labels, was incorrectly retrieving labels. This occurred when multiple labels from various projects were linked to the same result, and the API did not always fetch the most recent label.

Added back the timestamp to several fields on the Scan Summary page.

Fixed a missing column name, ScanCompletedStatus, in the results viewer.

HF9 May 2024

Fixed an issue when pasting a static link with applied filters from the results viewer.

Fixed a bug that marked recurrent results as New in the SAST reports when the query with the results had an override query performed between the scans.

Resolved an issue where the deletion of a customized query influenced the results state when viewed in Compare mode.

The config key MAX_RESULTS_PER_QUERY has been deprecated.

Resolved an issue that was causing certain results and their descriptions to be absent from the results viewer. This issue occurred when a result was identified by an override query that had been removed after the scan was completed.

Fixed a bug that caused the OData to display empty results when a project was created by a branching process and the original project was deleted.

Fixed oData parameter: $expand=QueryGroupType. When this parameter was used, the QueryGroup and QueryGryoupType did not expand.

Fixed errors and timeouts when using the /cxrestapi/userpersistence API endpoint.

Fixed the Full Scan Results link in the Project State summary page to properly redirect to that specific project's View Project Scans page.

HF8 April 2024

SAST reliance on C++ Redistributable versions 2010 and 2015 has been completely removed; now, it only requires .NET Core.

Resolved an issue that excluded .ini files during the scan’s unzip process.

Improved database connection stability in High Availability (HA) environments.

Fixed a zip encoding error that prevented the proper display of code in the results viewer when set to support Japanese characters.

Fixed a timeout error when loading scan summaries due to an excessive number of teams. ( >130,000)

Fixed a general error encountered during a project update using TFS as source control.

Fixed multiple portal sections where the user interface appeared broken when a specific string was present in the Path Filter field of the project settings.

Fixed the SAST progress status widget where, sometimes, the bars failed to display new results.

HF7 March 2024

The tree view now displays the original count of vulnerabilities and will not change if the user changes the result severity.

Fixed the API PATCH /sast/scansQueue/{id} to support the Postponed Status.

Fixed a bug in Odata; it returned empty when using a path filter.

Fixed translations for all supported languages in the Status column on the results viewer page.

Fixed a general error in some cases when loading the results viewer with older scans.

Fixed a failure to generate a PDF report, which happened in cases where the source code had been deleted from the CxSrc folder.

Fixed a timeout error when uploading a source code via Perforce, which exceeds a 15-minute loading time. The 15 minutes is hardcoded, but now it can be configured via the database.

HF6 February 2024

Added a description for the Compare Scan API in Swagger.

Eliminated the dependency on C++ Redistributable versions, 2010 & 2015. Now exclusively dependent on .NET Core.

Fixed a bug that prevented the WebPortal from displaying GIT branches that contained @ in its name.

Fixed a bug where the result metadata (state, severity, comment, etc.) was reset in cases where the original scan was deleted via the data retention process.

Fixed an error in the JobsManager that led to inconsistent behavior in the LOC calculation.

Fixed a backward compatibility issue for the UI persistency; sometimes, there was an error loading a results viewer page after an upgrade from 9.5 to 9.6.

Added support for the Security field in the JIRA on-prem v8 REST API.

HF5 January 2024

Added license validation when scanning Rust source code through the CxPortal.

Fixed an issue where the Upload Zip File modal displayed when triggering a full or incremental scan for a Git project.

Fixed an issue preventing scans from completing.

Enhancement added to include the SimilarityId in the response of the GET /sast/scans/{oldScanId}/compareResultsTo/{newScanId} REST API.

Fixed an issue where the customFields attribute would not return as a response of the POST /sast/scanWithSettings REST API.

Fixed an issue that displayed incorrect totals on the Project State dashboard.

Fixed an issue that displayed incorrect attack vectors for incremental scan results.

HF4 December 2023

Fixed an issue on the Projects page where users could not move between tabs in projects that have excluded files\folders.

Fixed an issue where a user could not launch the reporting service via the Web Portal because the icon did not exist.

Fixed the time stamp for recurrent results to show the date and time of the first finding instead of the date and time of the latest scan.

Fixed the Azure DevOps plugin link to lead to the Projects State page instead of an unavailable page that returned a 500 error.

Fixed an issue where clicking on a target link that is not the first result on the Results Viewer page incorrectly redirects to the first result.

Fixed a bug where filtering by State and Severity in the Results Viewer page did not work.

Results in the Results Viewer remain checked after performing an action, like changing a severity state or assigning a user.

Fixed an inconsistency in the number of results between the Results Viewer page and a generated report in cases where the base similarity ID was calculated per project and not per team.

Fixed an inconsistency in the button names in the Access Control pages. Instead of Update, it is now Save.

The success messages of actions performed on the Access Control pages will now appear in the bottom-right corner as a pop-up instead of at the top of the form.

HF3 November 2023

ActiveMQ version was replaced with version 5.17.6

HF2 October 2023

Fixed an issue where GIT scans failed when the default value of the SourcePullingTemporaryPath was changed.

Fixed a bug where moving projects from one team to another while filters were applied overwrote an existing project name.

Added a new checkbox in the UI to enable or disable the support for wildcard * in LDAP management. The default behavior will remain as is for customers without wildcard support.

Changed the color of the Auth Plain authentication method button to be more visible.

Added missing translations in Access Control pages. Languages added: Chinese, Portuguese, Korean, Japanese, French, and Spanish.

Added the ability to block LDAP user access to the SAST UI.

Fixed the logout URL configured in SAML, which redirected to a broken page.

HF1

Resolved an issue in the SAST web portal that caused the result status to be incorrectly displayed in the generated CSV reports.

Fixed a performance issue caused in the Results Viewer page, by controlling the query timeout with the CxComponentConfiguration\SqlExecuteCommandTimeout configuration key.

Fixed a performance issue caused in the Results Viewer page, by providing an additional timeout adjustment for backend SOAP calls with the new web.config\CxPriorityWebServicesTimeout configuration key.

Fixed an issue with PDF scan reports that prevented files from being included under the Scanned Files section of the reports. This occurred for files with long paths.

Fixed an issue to prevent null values when configuring JIRA custom fields in the project settings.

Fixed an issue for plugins (CLI, ADO, Jenkins, TeamCity, and Bamboo ) that wouldn’t start to scan for the project with Location = Source Control.