CxPS Release Internal Note (v3.2.x)

The following release updates are available for this CxIAST version. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 3.2.1 includes the following new features and changes:

Category	Feature
Setup & Configuration	Version upgrade: The upgrade is supported from v3.0.0 and above. Otherwise, it is required to clean the DB and uninstall the version before upgrading to v3.2.1 installation.
Action Ability and Usability	Export scan to PDF - Create a PDF report of the all vulnerabilities detected per scan or aggregated scan. Attach CWE to query result – CWE ID is now attached to queries (when applicable) and presented in the query description and on scan export
New Queries	XXE ( Java, .NET) - XXE injection occurs when untrusted XML input containing a reference to an external entity is processed by a weakly configured XML parser. Improper_HTTP_Get_Usage (.NET) - A GET request identified as changing data on the server. As best practice, GET should never change data on the server. Debug_Mode_Enabled(.NET) – When Debug Mode is enabled custom error massages may expose sensitive information to untrusted parties.
Node.js	Node.js v10 support Major performance improvements - adding a caching mechanism to reduce the parsing of JavaScript loading overhead due to the instrumentation. Accuracy and stability improvements
.NET	Accuracy and stability improvements New queries (exists already for Java and Node.js): Blind_SQL_Injection CSRF Failed_Login_Without_Audit Trust_Boundary_Violation File_Upload_To_Unprotected_Directory Successful_Login_Without_Audit Missing_X_Content_Type_Options_Header Missing_X_XSS_Protection_Header Click_Jacking
Java	Accuracy and stability improvements.

Known Limitations

Category	Limitation
.NET Agent	C# and ASP.NET only Missing capabilities (compared to Java) Query customization is performed manually (not from the UI) Code Coverage Agent auto upgrade is performed only on agent registration
Node.js Agent	Missing capabilities (compared to Java) Code Coverage Application tags
Java Agent	On upgrade, application restart is required. Java 11 and higher is not supported. Standalone applications are partially supported.

Supported Environments

The following environments have been tested with CxIAST version 3.2.1

Operating System

Windows	10 (or higher)	Windows Server	2012 (or higher)
Linux	Any official Linux distribution (excl. macOS)

SQL Server

SQL

2012 (or higher)

* SQL express is supported, but as it is targeted for small-scale installations it is not recommended to be used.

Browsers

Microsoft

Edge

Google Chrome

43 (or higher)

Build Servers

Jenkins

1.580.1 (or higher)

Supported Code Languages

The following code languages can be scanned using CxIAST version 3.2.0

Version	OS	Application Server
Java 6-10	Windows or Linux	Apache Tomcat v7 (or higher) Jetty v8 (or higher) JBoss EAP v4 (or higher) Wildfly v10.1 (or higher) WebLogic Server 12cR2 Eclipse Vert.x v3.1 (or higher) WebSphere Liberty – 18 (or higher) WebSphere Traditional - 8.5 (or higher) Payara - 4.1.x and 5
.NET framework 3.5 (or higher)	Windows	IIS, IIS Express
Node.js LTS 6 (or higher)	Windows or Linux	Not Applicable

Language Supported

Version

Application Server

Java 6-10

Windows or Linux

Apache Tomcat v7 (or higher)

Jetty v8 (or higher)

JBoss EAP v4 (or higher)

Wildfly v10.1 (or higher)

WebLogic Server 12cR2

Eclipse Vert.x v3.1 (or higher)

WebSphere Liberty – 18 (or higher)

WebSphere Traditional - 8.5 (or higher)

Payara - 4.1.x and 5

.NET framework 3.5 (or higher)

Windows

IIS, IIS Express

Node.js LTS 6 (or higher)