Skip to main content

Release Updates (v3.7.0)

The following release updates are available for the latest CxIAST version. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 3.7.0 includes the following new features and changes:

Category

Feature

Setup & Configuration

  • Added CxIAST Manager Diagnostics for alerting users about problems, such as when there are connectivity issues between components.

  • It is now possible to have multiple .NET Core versions on the CxIAST Manager machine (including version 3.x), provided at least one of them satisfies the CxIAST Server Host requirements.

Plugins

  • CxIAST Jenkins Plugin includes improvements to the pipeline configuration. The new plugin has the ability to set the build status based on IAST scan results.

Management Enhancements

  • Global search: Enabled searching for specific vulnerabilities among all the vulnerabilities from all the scans of a particular application.

  • API discovery: Enabled discovering .NET (Framework and Core) APIs

Java Agent

  • Added Kafka support.

  • Added RabbitMQ support.

  • Added Nakadi support.

  • Added the Micro services execution flow (HTTP Breadcrumb) to identify the relationships between different micro-services while scanning.

  • Added the following API vulnerabilities to the OWASP API Security Top 10:

    • API5 – Broken Function Level Authorization

    • API9 – Improper Assets Management

  • Improved vulnerability coverage for:

    • CSRF

    • Weak Hashing

    • Weak Cryptography

    • Permissive_Content_Security_Policy

  • Added PCF support (build-pack).

  • Improved the installation guide for the Java Agent.

  • Improved agent stability

Node.js Agent

  • Improved performance

  • Improved the installation guide for the Node.js Agent.

  • Improved vulnerability coverage for:

    • CSRF

.NET Framework Agent

  • Added the ability to create and customize lists and queries from the user interface.

  • Added Docker support.

  • Improved vulnerability coverage for:

    • CSRF

  • Added additional .NET Framework vulnerability coverage for:

    • Code_Injection

.NET Core Agent

  • Added Azure support.

  • Added Docker support.

  • Added additional .NET Core vulnerability coverage for:

    • Missing HSTS Header

    • Missing CSP Header

    • Missing Expect CT Header

  • Improved vulnerability coverage for:

    • CSRF

API

The following APIs now return an array of IDs:

  • iast/projects/id

  • iast/projects/id/original

Known Limitations

Category

Limitation

.NET Core Agent

We recommend that .NET Core v2.1 is installed, even if the AUT is running on another version or is self-contained. If .NET Core v2.1 is not installed, the upgrade and code snippets features will not be available.

.NET Framework Agent

If you are using SSL, upgrading from Agent version 3.4 or below cannot be performed automatically. Please download and install the .NET Framework Agent again.

.