Skip to main content

Release Notes for Version 2.5.0

Release Notes are available for the following CxIAST versions. Use the search tool to find a specific subject.

6501144664.png

Release Updates (v2.5.0)

6501144661.png

Supported Environments (v2.5.0)

6501144658.png

Supported Code Languages and Frameworks (v2.5.0)

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!

CxPS Release Internal Note (v2.5.0)

Notice

IMPORTANT NOTE

  • This is an internal page for Checkmarx only, and should not be shared with customers, prospects, or partners.

  • Updates in this version are not final and therefore subject to change.

The following release updates are available for CxIAST version 2.5.0. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 2.5.0 includes the following new features and changes:

Category

Feature

Change to Documentation

Additional Information

Setup & Configuration

CxIAST now supports SQL (instead of PostgreSQL)

Server Host Requirements (up to v2.6.1)

Checkmarx CxIAST User Guide V2.5.0 (final).pdf

Supports MSSQL Server 2012 (and higher).

Now supports JBoss EAP (version 7 and above) and Wildfly (version 10.1 and above)

Installation & User Management

Full integration with the Checkmarx Access Control Manager (CxAC) replacing the temporary access control mechanism (KeyCloack) used in the previous versions of CxIAST.

Configuring CxIAST Users in Access Control

Interface

Selective Application Monitoring. Applications are discovered automatically (as in previous CxIAST versions), but now you can choose which applications to monitor.

All Applications (v2.5.0)

System Management

Supports a new Query Editor. This provides the ability to improve scan accuracy and coverage by customizing existing queries as well as creating new ones (similar to CxAudit for CxSAST).

Query Editor (v2.5.0)

Vulnerabilities

New vulnerabilities for this version:

  • Log Forging

  • No Log on Exception

  • Login Without Audit

CxIAST Vulnerabilities

Known Limitations

Category

Limitation

Setup and Configuration

MSSQL domain users are not supported in this version. During the SQL Express installation you will need to change the authentication mechanism to SQL Server Authentication and use Microsoft SQL Server Manager Studio (SSMS) to validate "sa" user login.

Supported Environments

The following environments have been tested with CxIAST version 2.5.0

Operating System

Windows

10 (or higher)

Windows Server

2012 (or higher)

Linux

Any official Linux distribution (excl. macOS)

SQL Server

SQL

2012

* SQL express is supported, but as it is targeted for small-scale it is not recommended to be used.

Application Server

Apache Tomcat

7 (or higher)

Jetty

8 (or higher)

JBoss EAP

7 (or higher)

Wildfly

10.1 (or higher)

Browsers

Microsoft

Edge

Google Chrome

43 (or higher)

Build Servers

Jenkins

2.91 (or higher)

Java Version

Java

6

Supported Code Languages

The following code languages can be scanned using CxIAST version 2.5.0

103252038

Java

6501144843.png

*Node.JS

*design partner ready

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!

Release Updates (v2.5.0)

The following release updates are available for CxIAST version 2.5.0. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 2.5.0 includes the following new features and changes:

Category

Feature

Setup & Configuration

CxIAST now supports SQL (instead of PostgreSQL)

Supports MSSQL Server 2012 (and higher).

Now supports JBoss EAP (version 7 and above) and Wildfly (version 10.1 and above)

Installation & User Management

Full integration with the Checkmarx Access Control Manager (CxAC) replacing the temporary access control mechanism ((KeyCloack) used in the previous versions of CxIAST.

Interface

Selective Application Monitoring. Applications are discovered automatically (as in previous CxIAST versions), but now you can choose which applications to monitor.

System Management

Supports a new Query Editor. This provides the ability to improve scan accuracy and coverage by customizing existing queries as well as creating new ones (similar to CxAudit for CxSAST).

Vulnerabilities

New vulnerabilities for this version:

  • Log Forging

  • No Log on Exception

  • Login Without Audit

Known Limitations

Category

Limitation

Setup and Configuration

MSSQL domain users are not supported in this version. During the SQL Express installation you will need to change the authentication mechanism to SQL Server Authentication and use Microsoft SQL Server Manager Studio (SSMS) to validate "sa" user login.

The release update is also available for download here - PDF

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!

Supported Code Languages (v2.5.0)

The following code languages can be scanned using CxIAST version 2.5.0. Use the search tool to find a specific subject.

103252038

Java

6501144990.png

*Node.J

*design partner ready

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!

Supported Environments (v2.5.0)

The following environments have been tested with CxIAST version 2.5.0. Use the search tool to find a specific subject.

Operating System

Windows

10 (or higher)

Windows Server

2012 (or higher)

Linux

Any official Linux distribution (excl. macOS)

SQL Server

SQL

2012

* SQL express is supported, but as it is targeted for small-scale it is not recommended to be used.

Application Server

Apache Tomcat

7 (or higher)

Jetty

8 (or higher)

JBoss EAP

7 (or higher)

Wildfly

10.1 (or higher)

Browsers

Microsoft

Edge

Google Chrome

43 (or higher)

Build Servers

Jenkins

2.91 (or higher)

Java Version

Java

6 (or higher)

.

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!