Release Updates (v3.5.0)

The following release updates are available for the latest CxIAST version. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 3.5.0 includes the following new features and changes:

Category

Feature

Setup & Configuration

Management Enhancements

Added three new information tables to the execution summary. These tables are available as PDF and inside the API.

Enabled Micro Service discovery in Kubernetes. The Kubernetes discovery allows viewing registered services using the Kubernetes API.

Java

Enabled Micro Services discovery.
Added FIPS compliancy.
Added additional Java vulnerabilities:
- Mail_Header_Injection
- Unrestricted_Upload_of_File_with_Dangerous_Size
- Null_Byte_Injection
- Login_Information_Exposure_Through_Discrepancy
- Code_Injection
- Expression_Language_Injection_OGNL.
Added Easy-Buggy to the IAST demo applications. Easy-Buggy is a broken web application in order to understand behavior of bugs and vulnerabilities.
Added HttpOnlyCookie and SSRF, two new Java queries.
Added multi-thread support.
Enhanced the set of post scan actions.

Node.js

.NET Core

Added .NET Core support to Windows stations with IIS, IIS Express, Kestrel and to self-hosted stations.

Known Limitations

Category	Limitation
Setup & Configuration	Only supports .NET Core versions 2.1.x (2.1.15 and higher).
.NET Core	Requires .NET Framework 4.5. .NET Core and .NET Framework share the same environment variables. Refer to the .NET Core Troubleshooting document for additional information.
.NET Framework	If you are using SSL, upgrading the .NET Framework may fail on the first attempt. In this case, re-download and install the .NET Framework agent.

In this section: