Skip to main content

Release Updates (v2.6.1)

The following release updates are available for CxIAST version 2.6.1. Use the search tool to find a specific subject.

New Features and Changes

CxIAST version 2.6.1 includes the following new features and changes:

Category

Feature

Setup & Configuration

Version upgrade: If you have CxIAST version 2.5.0 installed, it is required to clean the DB and uninstall the version before upgrading to v2.6.1 installation.

  • Eclipse Vert.x for Java - version 3.1 and above

  • WebLogic Server - version 12cR2 and above

  • Supports domain user access to MSSQL server

Installation & User Management

Role-based Access Control: Roles determine what actions a user is allowed to do - ranging from a limited reviewing capability (CxIAST Reviewer) to full control (CxIAST Admin)

Users: Import new LDAP users from LDAP directory, add roles & teams to users, edit user details, reset existing user password

Teams: Map groups to the LDAP directory, structure hierarchy of teams, assign users to teams, add/delete/rename teams

Settings: Configure LDAP Server settings & Directory settings, performing LDAP synchronization

Single Sign-On (SSO) over LDAP:

  • Authenticates CxIAST users against the LDAP server

  • Synchronizes users and groups with the LDAP server

Interface

Enhanced interface allows assignment of vulnerabilities to CxIAST users, and has an improved vulnerability presentation for several vulnerability types:

  • Click_Jacking

  • Missing_X_Content_Type_Options_Header

  • Missing_X_XSS_Protection_Header

  • Insecure_Outgoing_Communication

  • Outgoing_Connection_Discovery

  • Application_Entry_Point

System Management

Query Editor with User Experience improvements (such as programming language selector) and IDE-like capabilities

Licensing

Time-based license enforcement, with the ability to be extended if needed

Node.js closed beta

Version highlights:

  • Supported versions: Node.js 6 and above

  • Supporting all Web frameworks

  • Ecmasript6 and below

  • Supported databases: MongoDB, MySQL, PostgreSQL

Known Limitations

Category

Limitation

Setup & Configuration

When JAVA_HOME is set incorrectly, some components and services cannot be installed/run correctly.

To solve this, remove JAVA_HOME or re-configure it correctly (will be fixed in 2.6.1).

If the installer fails in the middle you can observe the inner logs in the TEMP folder. In Windows → type:

%temp% and look for the last i4j_log*.log file

If you run CxIAST services (CxIAST_Manger & CxAccessControl) under a user domain account and the account's password is changed, the services should be logged on again with the new password -

otherwise the services won't start.

Access Control (CxAC)

CxAccessControl doesn’t support .NET Core SDK 2.1. Only .NET Core SDK 2.0 is supported at the moment (will be fixed in 2.6.1).

Query Editor

Custom queries created on the previous version should be fixed, as the syntax was slightly changed:

  • FindOnTraces should be removed

  • Click on Validate to see if the syntax is correct

The release update is also available for download here.

Send Documentation Feedback - If you have comments about this documentation, you can contact the documentation team by sending your feedback to us. We appreciate your feedback!