Skip to main content

9.6.0 Hotfixes

Installation Notes


  • Hotfixes and content packs are cumulative and include previous hotfix/content package updates.

  • In a distributed environment, the relevant hotfix must be installed on the CxManager server(s) and the Web Portal server.

  • After upgrades (major versions or hotfixes) or Content Pack updates, it is highly recommended that full scans be run first, followed by incremental scans.

Resolved Issues and Changes


Resolved Issues

HF9 May 2024

Fixed an issue when pasting a static link with applied filters from the results viewer.

Fixed a bug that marked recurrent results as New in the SAST reports when the query with the results had an override query performed between the scans.

Resolved an issue where the deletion of a customized query influenced the results state when viewed in Compare mode.

The config key MAX_RESULTS_PER_QUERY has been deprecated.

Resolved an issue that was causing certain results and their descriptions to be absent from the results viewer. This issue occurred when a result was identified by an override query that had been removed after the scan was completed.

Fixed a bug that caused the OData to display empty results when a project was created by a branching process and the original project was deleted.

Fixed oData parameter: $expand=QueryGroupType. When this parameter was used, the QueryGroup and QueryGryoupType did not expand.

Fixed errors and timeouts when using the /cxrestapi/userpersistence API endpoint.

Fixed the Full Scan Results link in the Project State summary page to properly redirect to that specific project's View Project Scans page.


Resolved Issues

HF8 April 2024

SAST reliance on C++ Redistributable versions 2010 and 2015 has been completely removed; now, it only requires .NET Core.

Resolved an issue that excluded .ini files during the scan’s unzip process.

Improved database connection stability in High Availability (HA) environments.

Fixed a zip encoding error that prevented the proper display of code in the results viewer when set to support Japanese characters.

Fixed a timeout error when loading scan summaries due to an excessive number of teams. ( >130,000)

Fixed a general error encountered during a project update using TFS as source control.

Fixed multiple portal sections where the user interface appeared broken when a specific string was present in the Path Filter field of the project settings.

Fixed the SAST progress status widget where, sometimes, the bars failed to display new results.


Resolved Issues

HF7 March 2024

The tree view now displays the original count of vulnerabilities and will not change if the user changes the result severity.

Fixed the API PATCH /sast/scansQueue/{id} to support the Postponed Status.

Fixed a bug in Odata; it returned empty when using a path filter.

Fixed translations for all supported languages in the Status column on the results viewer page.

Fixed a general error in some cases when loading the results viewer with older scans.

Fixed a failure to generate a PDF report, which happened in cases where the source code had been deleted from the CxSrc folder.

Fixed a timeout error when uploading a source code via Perforce, which exceeds a 15-minute loading time. The 15 minutes is hardcoded, but now it can be configured via the database.


Resolved Issues

HF6 February 2024

Added a description for the Compare Scan API in Swagger.

Eliminated the dependency on C++ Redistributable versions, 2010 & 2015. Now exclusively dependent on .NET Core.

Fixed a bug that prevented the WebPortal from displaying GIT branches that contained @ in its name.

Fixed a bug where the result metadata (state, severity, comment, etc.) was reset in cases where the original scan was deleted via the data retention process.

Fixed an error in the JobsManager that led to inconsistent behavior in the LOC calculation.

Fixed a backward compatibility issue for the UI persistency; sometimes, there was an error loading a results viewer page after an upgrade from 9.5 to 9.6.

Added support for the Security field in the JIRA on-prem v8 REST API.


Resolved Issues

HF5 January 2024

Added license validation when scanning Rust source code through the CxPortal.

Fixed an issue where the Upload Zip File modal displayed when triggering a full or incremental scan for a Git project.

Fixed an issue preventing scans from completing.

Enhancement added to include the SimilarityId in the response of the GET /sast/scans/{oldScanId}/compareResultsTo/{newScanId} REST API.

Fixed an issue where the customFields attribute would not return as a response of the POST /sast/scanWithSettings REST API.

Fixed an issue that displayed incorrect totals on the Project State dashboard.

Fixed an issue that displayed incorrect attack vectors for incremental scan results.


Resolved Issues

HF4 December 2023

Fixed an issue on the Projects page where users could not move between tabs in projects that have excluded files\folders.

Fixed an issue where a user could not launch the reporting service via the Web Portal because the icon did not exist.

Fixed the time stamp for recurrent results to show the date and time of the first finding instead of the date and time of the latest scan.

Fixed the Azure DevOps plugin link to lead to the Projects State page instead of an unavailable page that returned a 500 error.

Fixed an issue where clicking on a target link that is not the first result on the Results Viewer page incorrectly redirects to the first result.

Fixed a bug where filtering by State and Severity in the Results Viewer page did not work.

Results in the Results Viewer remain checked after performing an action, like changing a severity state or assigning a user.

Fixed an inconsistency in the number of results between the Results Viewer page and a generated report in cases where the base similarity ID was calculated per project and not per team.

Fixed an inconsistency in the button names in the Access Control pages. Instead of Update, it is now Save.

The success messages of actions performed on the Access Control pages will now appear in the bottom-right corner as a pop-up instead of at the top of the form.


Resolved Issues

HF3 November 2023

ActiveMQ version was replaced with version 5.17.6


Resolved Issues

HF2 October 2023

Fixed an issue where GIT scans failed when the default value of the SourcePullingTemporaryPath was changed.

Fixed a bug where moving projects from one team to another while filters were applied overwrote an existing project name.

Added a new checkbox in the UI to enable or disable the support for wildcard * in LDAP management. The default behavior will remain as is for customers without wildcard support.

Changed the color of the Auth Plain authentication method button to be more visible.

Added missing translations in Access Control pages. Languages added: Chinese, Portuguese, Korean, Japanese, French, and Spanish.

Added the ability to block LDAP user access to the SAST UI.

Fixed the logout URL configured in SAML, which redirected to a broken page.


Resolved Issues


Resolved an issue in the SAST web portal that caused the result status to be incorrectly displayed in the generated CSV reports.

Fixed a performance issue caused in the Results Viewer page, by controlling the query timeout with the CxComponentConfiguration\SqlExecuteCommandTimeout configuration key.

Fixed a performance issue caused in the Results Viewer page, by providing an additional timeout adjustment for backend SOAP calls with the new web.config\CxPriorityWebServicesTimeout configuration key.

Fixed an issue with PDF scan reports that prevented files from being included under the Scanned Files section of the reports. This occurred for files with long paths.

Fixed an issue to prevent null values when configuring JIRA custom fields in the project settings.

Fixed an issue for plugins (CLI, ADO, Jenkins, TeamCity, and Bamboo ) that wouldn’t start to scan for the project with Location = Source Control.