Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • CxEnterprise ReleaseNotes 712

    Загружено:

    Stephanie Alexander
    89 просмотров8 страниц
    This document summarizes the release notes for CxSuite version 7.1.2 released on 28/10/2013. It includes new features such as parsing enhancements, improved scan performance, and partial scan results. It also lists resolved issues, supported operating systems and plugins, and known limitations.

    Исходное описание:

    Checkmarx Enterprise Release Notes

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    This document summarizes the release notes for CxSuite version 7.1.2 released on 28/10/2013. It includes new features such as parsing enhancements, improved scan performance, and partial scan results. It also lists resolved issues, supported operating systems and plugins, and known limitations.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    89 просмотров8 страниц

    CxEnterprise ReleaseNotes 712

    Загружено:

    Stephanie Alexander
    This document summarizes the release notes for CxSuite version 7.1.2 released on 28/10/2013. It includes new features such as parsing enhancements, improved scan performance, and partial scan results. It also lists resolved issues, supported operating systems and plugins, and known limitations.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 8

    CxSuite

    Version 7.1.2
    Release Notes

    Release date: 28/10/2013

    Contents
    1.

    Introduction

    2.

    Requirements

    3.

    2.1.

    Supported Operating Systems

    2.2.

    Supported Browsers (for the web client)

    2.3.

    Supported Eclipse versions (for the Eclipse plugin)

    2.4.

    Supported Visual Studio versions (for the Visual Studio plugin)

    2.5.

    Supported IntelliJ versions (for IntelliJ plugin)

    Version 7.1.2 Updates

    3.1.

    Important notes:

    3.2.

    New features

    3.3.

    Resolved Issues

    3.4.

    Known Limitations

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    1.

    Introduction

    These release notes describe the requirements, new features, resolved issues, and known
    limitations existing in CxSuite version 7.1.2.

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    2.

    Requirements
    2.1.

    Tested Operating Systems

    Windows XP, 7 32/64-bit

    Windows Server 2003, 2008, 2012 32/64-bit

    2.2.

    Tested Browsers (for the web client)

    Internet Explorer 7-9

    Safari 5

    Chrome 9, 18

    Firefox 11.0

    2.3.

    Tested Eclipse versions (for the Eclipse plugin)

    2.4.

    Eclipse 3.5.2, 3.6.2, 3.7.2


    Tested Visual Studio versions (for the Visual Studio plugin)

    2.5.

    Visual Studio 2005, 2008, 2010, 2012


    Tested IntelliJ versions (for IntelliJ plugin)

    IntelliJ IDEA 11.1.5, 12.1.3

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    3.

    Version 7.1.2 Updates


    3.1.

    Important notes:

    Due to major version changes, the CLI and plugins need to be updated to the
    current version (7.1.2.x) to remain compatible with server components. Please
    download the following components from http://www.checkmarx.com/instructions,
    as relevant to your environment:
    o

    CLI

    Eclipse Plugin

    Visual Studio Plugin

    IntelliJ plugin

    CLI commands scanfolder and scanproject, as well as CLI interactive mode are now
    deprecated.

    For CxSuite installation to succeed on Windows Server 2003 64-bit, Windows must
    be updated with all latest Microsoft updates.

    3.2.

    New features

    The following features are new in version 7.1.2, relative to version 6.2.9.
    Module

    Feature

    Engine

    Parsing enhancements allowing discovering additional


    results and eliminating false positive results in all
    languages.
    Improved scan time for projects in all languages
    Improved parsing of ASP resulting in shorter scan times
    and better scan results
    Significant Improvements in performance and in query
    results for Ruby and Perl scanning
    Android scan result improvements

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    Module
    Application

    Feature

    Installation

    API
    CLI

    Partial scan results are now available for review before the
    scan is completed.
    Multiple code languages can be scanned in one project
    (can be disabled by Checkmarx professional services)
    New query preset: OWASP Top 10 2013
    User management features:
    o Any user with the Scanner role can be granted
    Audit permissions. Previously, only company and
    server managers could be Auditors.
    o Server Managers can now change any users
    password.
    o New secure password reset mechanism from login
    page, for users who forgot their password.

    The HID generator and License importer are now


    integrated into the installation process.
    Hotfix installation is automatic upon installation or
    upgrade.
    Full API allowing developers to create scripts that configure CxSuite
    projects, initiate scans, and retrieve scan results.
    Exclude folders: New scan command attribute allows
    excluding folders and files from being scanned.
    Scan comment: New scan command attribute for adding a
    comment to a scan.
    The Locationtype attribute is no longer mandatory.

    IDE Plugins

    New CxSuite plugin for IntelliJ IDEA .

    Audit

    Query customizations can now be applied to projects by specified


    team or company. Previously, each project had to be individually
    specified.

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    3.3.

    Resolved Issues

    Description

    Module
    Application

    Queries

    Fixed Change preset name failure


    Email can now be sent using SSL
    The CX Query Severity is inherited in case of query
    override.
    In Data Analysis, when using Last Month (High & Medium)
    it is now possible to see the full project scope instead of
    just the last month.
    Domain users no longer fail to create new projects.
    Project details including special characters are no longer
    overwritten.
    The number of results shown in the scan result tree is now
    properly updated in cases of similar IDs.
    Graph View no longer hangs the browser upon clicking
    Trust Boundary Violation result nodes.
    .setParameter is now recognized as a sanitizer.
    Exposure_of_Resource_to_Wrong_Sphere now returns
    only public fields and not protected fields.
    Fixed false-positive results of Find_XSS_Output().
    Stored_XXS is now found for Session.GetAtribute.
    The trust_boundary _violation vulnerability is not found for
    SetAtribute. It is now found in a new query:
    Stored_Boundary_Violation.
    setAttribute and getAttribute in the same Java method no
    longer produce a false-positive XSS result.
    Struts class DispatchAction has been added to the
    Find_Action_Classes() query.

    3.4.

    Known Limitations

    Module

    Description

    Application

    Import of query presets and of queries from a higherversion CxSuite server to a lower-version CxSuite server is
    not supported.
    Due to a Microsoft limitation, the server name that hosts
    the CxSuite web portal cannott contain an underscore ( _ ).

    Installation

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    Module

    Description

    Installation

    Using UltiDev as the web server is supported only in a


    centralized (single server) architecture.
    When using Internet Explorer 7, there is some user
    interface inconsistency.
    When configuring a CxSuite project for a shared folder,
    only the single selected server is shown.

    User
    Interface
    Web Portal

    When configuring a CxSuite project for an SVN source


    location, folders that include only files are displayed.
    Audit

    In CxAudit, Full Graph view is presented only for results of


    scans performed from CxAudit, not for results of scans
    retrieved from the server.

    CHECKMARX SOURCE CODE ANALYSIS TECHNOLOGIES | WWW.CHECKMARX.COM


    TELEPHONE: +972-3-7581800 | INFO@CHECKMARX.COM | FAX: +972-3-6959743

    Вам также может понравиться