Skip to main content

Release Notes for Engine Pack (EP) 9.5.5 Patches

Version 9.5.5.1009 Date 01-28-2024

  • Improvements in JSP support have been made to prevent scans from getting stuck when JavaScript code is included within JSP files.

  • Enhancements to the following JavaScript queries to prevent false negatives:

    • SQL_Injection

    • Second_Order_SQL_Injection

  • Several improvements on RPG parsing.

  • Improvement in the Python query for Python_High_Risk\SQL_Injection to prevent false negatives and false positives

  • Improvements in the following Python High queries to prevent false positives:

    • Reflected_XSS_All_Clients

    • Stored_XSS

    • Second_Order_SQL_Injection

Version 9.5.5.1008 Date 11-27-2023

  • .Net Core upgraded to version 6.0.24

  • Several improvements in VB6 parsing.

  • Improvements in C# support to prevent NullReferenceException errors.

Version 9.5.5.1007 Date 11-05-2023

  • C/C++, RPG, and COBOL support has been improved to prevent parsing issues.

  • Improvements in Dapper library support to prevent false positives for SQL injection.

  • Improvements in C# support to prevent exceptions while running the queries.

  • Improvements in Go support to prevent OutOfMemory exceptions.

  • Improvements in JSP support have been made to prevent scans from getting stuck when JavaScript code is included within JSP files.

  • Improvements in VB6 parsing.

Version 9.5.5.1006 Date 26-09-2023

  • Improved the Java query Java_Medium_Threat\Missing_HSTS_Header to prevent false positives.

  • Improved JavaScript, JSP, and Python support to prevent parsing issues.

  • Improvements in the engine now ensure consistent results when scanning the same source code with varying CPU counts.

  • Several improvements were implemented in CxAudit when overriding queries.

  • Improved the JavaScript query JavaScript_Server_Side_Vulnerabilities\SQL_Injection to prevent false negatives.

  • Improved the Java query Java_High_Risk\LDAP_Injection to prevent false negatives.

Version 9.5.5.1004 Date 13-08-2023

  • Improved Scala language support to prevent an error causing the scans to fail.

Version 9.5.5.1003 Date 23-07-2023

  • Improved Apex query Apex_Force_com_Critical_Security_Risk\Stored_XSS to prevent False Positives.

  • Improvements in Apex language to prevent scans from failing when source code includes multiple single-line comments.

  • Improvements in Java language to prevent stuck scans when the package names include special characters.

  • Improvements in JavaScript language to prevent parsing issues.

  • Improved Python query Python_High_Risk\Reflected_XSS_All_Clients to prevent False Negatives.

Version 9.5.5.1002 Date 5-06-2023

Improvements in CSharp language to prevent exception issues when parsing the source code.

Version 9.5.5.1001 Date 30-05-2023

Improvements in RPG language to prevent parsing issues and scan failure.