Skip to main content

9.5.0 Hotfixes

Installation Notes


  • Hotfixes and content packs are cumulative and include previous hotfix/content package updates.

  • The relevant hotfix must be installed on the CxManager server(s). In a distributed environment, the hotfix must also be installed on the Web Portal server.

  • After upgrades (major versions or hotfixes) or Content Pack updates, it is highly recommended to first run full scans before running incremental scans.

Resolved Issues and Changes


Resolved Issues


Fixed an issue in the REST API POST /{ProjectId}/sourceCode/remoteSettings/shared that prevented the API from working when a shared folder was set on the manager drive.

Fixed an issue which prevented the viewer from displaying the source code of a file with a long path, even when the long path option was enabled.

Fixed an issue that was causing log information loss.

Fixed the link on the Full Scan Results button, which incorrectly redirected to the Project State page.

Fixed an issue that prevented the selection of Pre and Post Scan actions.

Fixed the Japanese description of a Java High Risk Code Injection query.

Added the version number on the inventory libraries list in the HTML OSA report.

Fixed an issue in the Checkmarx SAST Portal that caused usernames containing special characters to be displayed incorrectly.

Fixed an issue that caused the SAST to SCA integration to fail when the project name contains the ampersand (&) character.

Fixed an issue that caused scans to fail when unzipping the projects from shared folders.

Fixed an issue that allowed unauthorized users access to the following Access Control APIs:

  • GET/AssignableUsers

  • GET/AuthenticationProviders

  • GET/Configurations

  • POST/Users/FirstAdmin

  • GET/LDAPTeamMappings

  • PUT/LDAPServers/{id}/TeamMappings

  • PATCH/LDAPServers/{id}/TeamMappings

  • DELETE/LDAPTeamMappings/{id}

  • POST/Users/ChangePassword

  • POST/Users/ForgotPassword

  • POST/Users/ResetPassword

Fixed an issue in the Access Control API that allowed the API to retrieve privileged information.

Fixed an issue that allowed XSS vulnerabilities in SCA Swagger pages.

The jQuery UI library was upgraded to v1.13.2.

For security fixes, click this link for additional information.


Resolved Issues


Fixed an issue that caused the confidence level to be displayed in the Results Viewer screen incorrectly as 0%. This occurred when the scan was executed for a project that had no source code changes.

Fixed an issue, which occurred when the severity of the OOTB queries was changed, that caused the result states for recurrent results to be incorrectly displayed in the following UI dialogs:

  • Scan Compare\Summary table

  • Scan Compare\Results details

Fixed an issue that caused the report generation to fail.

Fixed a performance issue affecting the Results Viewer that was caused by a previous fix to prevent audits of private projects from being displayed in public projects. The current fix improves the performance, but reverts back to the previous behavior where the comments and results state history of private scans are visible from the public scans.

Improvements were made in the scanning mechanism to prevent displaying incorrect numbers of projects and scans in the Checkmarx Web Portal.

Fixed a performance issue caused in the Results Viewer page, by controlling the query timeout with the CxComponentConfiguration\SqlExecuteCommandTimeout configuration key.

Fixed a performance issue caused in the Results Viewer page, by providing an additional timeout adjustment for backend SOAP calls with the new web.config\CxPriorityWebServicesTimeout configuration key.

Fixed an issue that caused OSA scans to fail when the maximum number of client connections was exceeded.

The following have been added to Access Control:

  • A multifactor authentication (MFA) feature is now available for providing additional security for SAST and SCA application users. When this feature is enabled, a one time password (OTP) is provided during the login process.

  • An IP Whitelisting feature now enables an organization to restrict access to the SAST and SCA application portals using a predefined IP whitelist, which is stored in the database. All other IPs will be blocked.


  • By default, these features are disabled. See Access Control.

  • Hosted customers can contact the Checkmarx CloudOps team to activate and define the features.