- Checkmarx Documentation
- IAST Documentation
- IAST Release Notes
- Release Notes for Version 3.11.1
- Release Updates (v3.11.1) - Raw Content
Release Updates (v3.11.1) - Raw Content
CxIAST v3.11.1 is a maintenance update for the release CxIAST v3.11. This maintenance release contains the following fixes that were reported on top of v3.11:
Upgrade from .NET Core 2.1 to .NET Core 3.1
.NET Core 2.1 was end of life and CxIAST v3.11.1 is requiring .NET Core 3.1 or higher. Since Microsoft is not supporting .NET Core 2.1, CxIAST is from this version supporting only .NET Core 3.1 and higher.
CxIAST Agent for .NET Core is now requiring .NET 3.1 and can scan .NET Core applications from version 3.1
CxIAST Server is requiring .NET Core 3.1 for the Access Control component
Additional important fixes were also introduced to CxIAST v3.11.1
SAST correlation fix: Connectivity with SAST was lost in long sessions
Non default port for Access Control was not functional
Java agent was failing when using IBM JVM and accessing CxIAST Manager via proxy
log4j internal usage has been upgraded to version 2.17 to address reported vulnerabilities of log4j reported in previous versions, as detailed in https://logging.apache.org/log4j/2.x/security.html
Change in Windows Operating Systems
From this update, CxIAST server will run properly only on Windows systems that do not supports http2, so the installer will fail on windows version 8.1 and earlier versions, or on Windows Server 2012 R2 and earlier versions.