Skip to main content

Current Multi-Tenant Version | 3.48

New Features and Enhancements

Increased File Upload Limit via CLI to 6GB

The platform now supports binary file uploads up to 6GB via the CLI, a significant increase from the previous 100MB limit.

This update improves efficiency and scalability for enterprise users by enabling faster, frictionless transfer of large binaries, reducing operational overhead, and ensuring the platform is better equipped to support complex, high-volume workflows.

IaC

Updated to version 2.1.15

New Features and Enhancements

  • Logging enhancement: Added parsing summary and scan summary counters to verbose logs.

  • IaC now uses a path-based reference instead of Levenshtein distance to generate similarityIDs, fixing duplication issues in repetitive files like OpenAPI and AzureResourceManager.

Fixes and Improvements

  • Query Fixes

    • Fixed false positives (FP) and false negatives (FN) for:

      • Passwords and Secrets – Generic Token & Generic Secret

    • API Gateway with CloudWatch Logging Disabled.

    • Operation without successful HTTP status code.

    • SQL Server Ingress From Any IP.

    • Added support for:

      • azurerm_mssql_firewall_rule in 2 Azure queries.

      • aws_launch_template in IMDSv1 detection query.

      • azurerm_linux_web_app, azurerm_windows_web_app, and function_app resources in Azure queries.

    • Removed BETA naming from Tencent Cloud & Databricks queries.

  • Engine Fixes

    • Fixed issue where Bicep files were not being included/excluded with type flags.

  • Bug Fixes

    • Fixed issue where results did not include stateID.

    • Fixed issue where user was Unable to change IaC predicates if username exceeds 50 characters.

    • Fixed request results limit bug in IaC Security Policy Management (limit set to 200).

Resolved Issues

Item

Description

AST-119223

Uploading YAML configurations to API Scans failed.

AST-116208

Configuring the Code Repository in project settings got stuck for certain projects.

AST-113866

The Assign Tags dropdown did not work under Access Management Phase 1.

AST-113813

Group assignment during project creation did not work when Access Management Phase 1 was enabled.

AST-113481

The API endpoint GET /api/projects returned null for projects without groups.

AST-112222

Setting incremental scan caused an exception in the log.

AST-112071

Integration with self-hosted SCM via CxLink displayed an incorrect error message.

AST-110745

Searching for a branch to scan returned: Branch not found.

AST-110436

Azure DevOps integration truncated the last character when it was a parenthesis in an optional field.

AST-109098

The PATCH /api/applications endpoint did not allow changing the application name back to its original name.

AST-108808

Setting a primary branch in projects associated with inaccessible applications failed under Access Management Phase 1.

AST-107278

Automatic assignment of SCM projects to applications via tag association did not work as expected.

AST-117026

The Groups page in IAM displayed only ten subgroups.

AST-117004

Each load of the DAST Environment tab generated a new API key.

AST-116190

Grouping by path in DAST results broke the UI when the path was very long.

AST-117961

The frontend displayed an endless loader when repository information was missing, with no option to refresh.

SCA-24193

SBOM-only scans failed to execute.

SCA-24109

The Downstream Remediation status remained “scanning” after the scan finished.

SCA-23891

The package com.atlassian.util.concurrent was not detected by SCA.

SCA-23804

Scans failed with the error: Scan failed due to internal error. Please contact support and provide the Scan ID.

SCA-24337

State updates were ignored due to case-sensitive package names.

AST-116201

The project conversion process logged information improperly.

AST-111421

Loading vulnerabilities in Analytics and Dashboard was slow on specific tenants.

AST-113506

The KICS query for “SQL Server Ingress From Any IP” required an update.

AST-116793

Changing IaC predicates failed when the username exceeded 50 characters.

AST-116787

IaC results did not include the stateID field.

AST-111591

IaC generated a runtime panic error due to “index out of range [4] with length 4.”

AST-116113

Assigning a project to an application failed when the Application page was opened in a new tab.

AST-115875

A project in the database remained stuck and required manual deletion.

AST-113695

Running scans for public repositories in manual projects required a token.

AST-115388

The project conversion process remained stuck for 24 hours.

AST-111113

Swagger authorization failed for tenants with names shorter than three characters.

AST-83025

Scan details were not reflected on the Projects page.

AST-113375

Project group filtering did not work for users under Access Management Phase 1.

AST-110660

The filter status for api/results returned incorrect results for Container scans.

AST-113656

ZAP produced excessive duplicate alerts for passive scan rules in DAST

AST-84342

The SAST migration process caused service crashes with a Redis error.

AST-110019

The Service User account was missing the ast-admin permission.

In this section: