Release Notes for Engine Pack (EP) 9.6.7 Patches

Version 9.6.7.1006 Date 06-04-2025
Improved Java support to prevent False Positives for Reflected XSS All Clients. Parsing improvement on COBOL to prevent False Negatives.

Version 9.6.7.1005 Date 02-10-2025
Improved JavaScript parsing to prevent scanning from getting unintentionally stuck. Improved VBNet support to: Prevent false negatives for SQL Injection. Better handling of Integer type. Improvements to prevent false positives for the Go_Medium_Threat\Privacy_Violation query: Ignored results that pass through the error handling of a method invocation, as the likelihood of a vulnerability is low. Improved the gin/gonic web outputs support regarding io.writer web outputs. Previously, io.writer methods were being added as web outputs regardless of they were part of their intended context, gin-gonic. Improvements to prevent false positives for the: Go_Medium_Threat\Reflected_Absolute_Path_Traversal() and Go_Medium_Threat.Reflected_Relative_Path_Traversal() queries: Removed io.Copy calls that only copy data from one request to another (no file accesses). Go_Insecure_Credential_Storage\Insufficient_Output_Length query: Fixed query that validates the if the value is within a valid range. Query was unable to find the definition of a value in a specific context. Context was added. Go_Insecure_Credential_Storage\PBKDF2_Insufficient_Iteration_Count query: Improved the query to return a flow, meaning, added context to reflect with the entirety of the result, from the insufficient value definition to its use. Go_Low_Visbility\Race_Condition_Concurrent_Instances query: Removed references of casts that cannot be influenced or altered. Go_Medium_Threat\Denial_Of_Service_Resource_Exhaustion

Version 9.6.7.1005 Date 02-10-2025

Improved JavaScript parsing to prevent scanning from getting unintentionally stuck.
Improved VBNet support to:
- Prevent false negatives for SQL Injection.
- Better handling of Integer type.
Improvements to prevent false positives for the Go_Medium_Threat\Privacy_Violation query: Ignored results that pass through the error handling of a method invocation, as the likelihood of a vulnerability is low.
Improved the gin/gonic web outputs support regarding io.writer web outputs. Previously, io.writer methods were being added as web outputs regardless of they were part of their intended context, gin-gonic.
Improvements to prevent false positives for the:
- Go_Medium_Threat\Reflected_Absolute_Path_Traversal() and Go_Medium_Threat.Reflected_Relative_Path_Traversal() queries: Removed io.Copy calls that only copy data from one request to another (no file accesses).
- Go_Insecure_Credential_Storage\Insufficient_Output_Length query: Fixed query that validates the if the value is within a valid range. Query was unable to find the definition of a value in a specific context. Context was added.
- Go_Insecure_Credential_Storage\PBKDF2_Insufficient_Iteration_Count query: Improved the query to return a flow, meaning, added context to reflect with the entirety of the result, from the insufficient value definition to its use.
- Go_Low_Visbility\Race_Condition_Concurrent_Instances query: Removed references of casts that cannot be influenced or altered.
- Go_Medium_Threat\Denial_Of_Service_Resource_Exhaustion

Version 9.6.7.1004 Date 12-22-2024
Improvements to prevent compilation and scan errors when inactive or empty queries are included in the executed queries within the preset.

Version 9.6.7.1003 Date 12-16-2024
Improved the Java_High_Risk\Reflected_XSS_All_Clients query to prevent False Negatives.

Version 9.6.7.1002 Date 11-12-2024
Several parsing improvements for the APEX language Several improvements in FLS_Update and FLS_Read APEX queries FLS_Read APEX query enhanced to include WITH USER_MODE support C++ parsing enhancements made to ensure scans run successfully both in Windows and Linux OS

Version 9.6.7.1001 Date 10-15-2024
Several parsing improvements have been made to C++ language support Enhanced the following C++ queries, to prevent false positives: CPP_Buffer_Overflow.Buffer_Improper_Index_Access CPP_Medium_Threat\Divide_By_Zero Enhanced the query CPP_Buffer_Overflow\Buffer_Overflow_AddressOfLocalVarReturned to prevent performance issues Improved tracking and debugging by adding a log message to show when cxDefaultMacros is loaded

Version 9.6.7.1001 Date 10-15-2024

Several parsing improvements have been made to C++ language support
Enhanced the following C++ queries, to prevent false positives:
- CPP_Buffer_Overflow.Buffer_Improper_Index_Access
- CPP_Medium_Threat\Divide_By_Zero
Enhanced the query CPP_Buffer_Overflow\Buffer_Overflow_AddressOfLocalVarReturned to prevent performance issues
Improved tracking and debugging by adding a log message to show when cxDefaultMacros is loaded

In this section:

Release Notes for Engine Pack (EP) 9.6.7 Patches

Search results