Skip to main content

Release Updates (v3.8.0)

The following release updates are available for the latest CxIAST version. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 3.8.0 includes the following new features and changes:

Category

Feature

Service Flows

  • .NET & Node.js - Service flows support was extended to include .NET and Node.js applications

  • DB View - Service flows macro graph now shows an indication that a service has DB connections

    • Supported databases:

      • .NET services:

        • Microsoft SQL Server

        • Microsoft SQL Server Compact

        • Oracle

        • MySQL

        • SQLite

      • Java services:

        • Any database that can be accessed with a JDBC based driver

  • Message Queue - Kafka & RabbitMQ - Service flows based on message queue communication can now be detected

  • UI Improvements - Better look and feel

Manager

  • SAST Correlation Authorization - Enabling compartmentalization by saving the unique SAST server URL and credentials for each IAST user

API Security Top 10 .NET

  • API 7 - Permissive_Content_Security_Policy

  • API 7 - Overly_Permissive_Cross_Origin_Resource_Sharing_Policy

  • API 4 - ReDoS_From_Regex_Injection

New Vulnerabilities .NET

  • SSRF

  • Mail_Header_Injection

  • Sensitive_Cookie_Without_HttpOnly

Deployment

  • Agent diagnostics - Notifications from the Java CxIAST agent are sent if there are any deployment problems, such as low memory, or if a double restart is required.

  • PCF support - Full integration: Added built-in support for the PCF Java Buildpack so now PCF users can easily use the CxIAST agent without a custom buildpack.

.NET

  • Improved the accuracy of the .NET queries

Known Limitations

Category

Limitation

.NET Core Agent

We recommend that .NET Core v2.1 is installed, even if the AUT is running on another version or is self-contained. If .NET Core v2.1 is not installed, the upgrade and code snippets features will not be available.

.NET Framework Agent

If you are using SSL, upgrading from Agent version 3.4 or below cannot be performed automatically. Please download and install the .NET Framework Agent again.

Java Multi Thread support

Support disabled

CxSAST Correlation

The CxSAST Correlation feature is not supported where CxSAST is configured for SSO. For more information, please contact Support.

.

In this section: