Skip to main content

CxPS Release Internal Note (v3.2.x)

The following release updates are available for this CxIAST version. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 3.2.1 includes the following new features and changes:



Setup & Configuration

Version upgrade: The upgrade is supported from v3.0.0 and above. Otherwise, it is required to clean the DB and uninstall the version before upgrading to v3.2.1 installation.

Action Ability and Usability

  • Export scan to PDF - Create a PDF report of the all vulnerabilities detected per scan or aggregated scan.

  • Attach CWE to query result – CWE ID is now attached to queries (when applicable) and presented in the query description and on scan export

New Queries

  • XXE ( Java, .NET) - XXE injection occurs when untrusted XML input containing a reference to an external entity is processed by a weakly configured XML parser.

  • Improper_HTTP_Get_Usage (.NET) - A GET request identified as changing data on the server. As best practice, GET should never change data on the server.

  • Debug_Mode_Enabled(.NET) – When Debug Mode is enabled custom error massages may expose sensitive information to untrusted parties.


  • Node.js v10 support

  • Major performance improvements - adding a caching mechanism to reduce the parsing of JavaScript loading overhead due to the instrumentation.

  • Accuracy and stability improvements


  • Accuracy and stability improvements

  • New queries (exists already for Java and Node.js):

    • Blind_SQL_Injection

    • CSRF

    • Failed_Login_Without_Audit

    • Trust_Boundary_Violation

    • File_Upload_To_Unprotected_Directory

    • Successful_Login_Without_Audit

    • Missing_X_Content_Type_Options_Header

    • Missing_X_XSS_Protection_Header

    • Click_Jacking


Accuracy and stability improvements.

Known Limitations



.NET Agent

  • C# and ASP.NET only

  • Missing capabilities (compared to Java)

    • Query customization is performed manually (not from the UI)

    • Code Coverage

    • Agent auto upgrade is performed only on agent registration

Node.js Agent

  • Missing capabilities (compared to Java)

    • Code Coverage

    • Application tags

Java Agent

  • On upgrade, application restart is required.

  • Java 11 and higher is not supported.

  • Standalone applications are partially supported.

Supported Environments

The following environments have been tested with CxIAST version 3.2.1

Operating System


10 (or higher)

Windows Server

2012 (or higher)


Any official Linux distribution (excl. macOS)

SQL Server


2012 (or higher)

* SQL express is supported, but as it is targeted for small-scale installations it is not recommended to be used.




Google Chrome

43 (or higher)

Build Servers


1.580.1 (or higher)

Supported Code Languages

The following code languages can be scanned using CxIAST version 3.2.0

Language Supported



Application Server


Java 6-10

Windows or Linux

Apache Tomcat v7 (or higher)

Jetty v8 (or higher)

JBoss EAP v4 (or higher)

Wildfly v10.1 (or higher)

WebLogic Server 12cR2

Eclipse Vert.x v3.1 (or higher)

WebSphere Liberty – 18 (or higher)

WebSphere Traditional - 8.5 (or higher)

Payara - 4.1.x and 5


.NET framework 3.5 (or higher)


IIS, IIS Express


Node.js LTS 6 (or higher)

Windows or Linux

Not Applicable