change log

Code Dx 2.8.7

Code Dx 2.8.7 5/1/2018

What’s different since v2.8.6

Fixes

  • Enterprise Fixed an issue causing git over SSH to not work
  • Enterprise Made a fix to ensure the git config modal is always visible

Tools

  • Enterprise Added missing handling for "high" severity vulnerabilities from Netsparker
  • SWAMP Added Coverty support for SWAMP edition

Code Dx 2.8.6

Code Dx 2.8.6 4/5/2018

What’s different since v2.8.5

Fixes

  • Fixed a problem causing slow analysis performance with certain inputs
  • Fixed a layout bug with the findings table in Firefox
  • Fixed Dependency-Check update failures due to NIST NVD URL change

Tools

  • Enterprise Tweaked Veracode report identifier to accept inputs containing 0 flaws or only component analysis flaws

Code Dx 2.8.5 Application Security Tool Integration

Code Dx 2.8.5 3/23/2018

What’s different since v2.8.4

Changes

  • Improved analysis cleanup performance and reduced the likelihood of database deadlock exceptions

Fixes

  • Fixed a potential deadlock when running analyses with many input files
  • Fixed an issue causing occasional page refreshes
  • Enterprise Fixed a bug causing JIRA integration to stop working if the priority or description fields are hidden in JIRA

Tools

  • Enterprise Improved ZAP tool output support

Code Dx 2.8.4 Application Security Tool Integration

Code Dx 2.8.4 3/13/2018

What’s different since v2.8.3

Changes

  • Improved performance of data ingestion and finding correlation

Fixes

  • Fixed incorrect namespace in codedx_input.xsd
  • Made a tweak to result cleanup to work around a potential database crash issue on newer versions of MariaDB
  • Made a fix to address an analysis error when blank file paths are reported by Gendarme
  • Fixed some scrolling issues with some drop down UI elements
  • Enterprise Fixed some issues with the project metadata filter not updating

Code Dx Version 2.8.3 for Application Security Testing

Code Dx 2.8.3 2/2/2018

What’s different since v2.8.2

Release Notes

This update removes case-sensitivity from user principals that may have occurred on some installations of Code Dx. If you have conflicting user principals, your database will be left with case-sensitive user principals. Please ensure all users have unique names before upgrading.

Fixes

  • Retroactively fixed a potential issue causing lost results when upgrading from Code Dx v1.8.4 and earlier
  • Fixed an issue causing case sensitivity on user principals

Code Dx 2.8.2 Application Security Tool Integration

Code Dx 2.8.2 1/12/2018

What’s different since v2.8.1

Additions

  • Added ability to configure JVM system properties via Code Dx props file

Tools

  • Enterprise Fixed issue causing Black Duck connector configuration to only show ten items
  • Enterprise Addressed issue causing all Black Duck projects to be listed, regardless of permissions (for Black Duck version 4.3.0 and newer)
  • Enterprise Added support for new ZAP XML format
  • Enterprise Added/updated CWEs for ZAP rule definitions

Code Dx 2.8.1 Application Security Tool Integration

Code Dx 2.8.1 12/20/2017

What’s different since v2.8.0

Additions

  • Documented REST API for managing user roles

Fixes

  • Restored missing items in WAR file (XML schema/example zip, bundled Dependency-Check database)
  • Enterprise Corrected missing Burp reader fix from Code Dx version 2.7.2

Tools

  • Enterprise Added tool reader support for Netsparker Cloud