change log

Code Dx 4.4.4

Code Dx 4.4.4 2/24/2020

Fixes

  • Fixed a bug making it possible for the findings table to incorrectly indicate source code being available for archived inputs
  • Fixed a bug allowing access to the finding details page under certain circumstances for a finding that has been purged
  • Fixed a bug with the finding pending purge cleanup process
  • Fixed a bug causing rendering problems with the ‘Show X’ menu on the findings page
  • Enterprise Fixed an error condition when purging observed tool codes
  • Enterprise Fixed a bug causing incorrect font size on dashboard badges

Changes

  • Made some tweaks to the user admin UI
  • Fixed bug causing "last analyzed" field for project to incorrectly reflect failed analyses
  • Enterprise Made improvements to the CVE list logic on the details page
  • Enterprise Made tweak to collapse standards violations section on details page by default

Tools

  • Fixed an issue causing PMD to fail with certain JS inputs
  • Enterprise+InfraSec Fixed a bug causing multiple CVEs and bugtraq IDs to be ignored by Qualys reader
  • Enterprise+InfraSec Fixed an issue with the Nessus reader considering risk factor to be mandatory

Code Dx 4.4.3

Code Dx 4.4.3 1/31/2020

Tools

  • Enterprise Fixed an issue with Black Duck where timestamps were incorrectly assumed to be local time

Code Dx 4.4.2

Code Dx 4.4.2 1/31/2020

Fixes

  • Enterprise Improved error message when Azure issue tracker fails to update due to missing fields
  • Enterprise+InfraSec Fixed a potential parsing issue for protocol names containing a ‘/’ character

Code Dx 4.4.1

Code Dx 4.4.1 1/24/2020

Additions

  • Modal dialogs will now close when pressing the escape button
  • Enterprise Added visual log entries when users are created, deleted, enabled, and disabled

Fixes

  • Made a fix causing background tasks to prematurely run during installation and upgrade
  • Fixed a bug causing zip exclusion filters to not work as expected
  • Fixed an issue causing slow page interactions in Edge
  • Fixed some display issues with modals when increasing page zoom
  • Fixed a rendering bug with markdown descriptions
  • Fixed a bug causing early ingestion errors to potentially hang the entire analysis
  • Made a fix to ensure project list filter isn’t shown on admin page before any projects are created
  • Enterprise Fixed a display issue when increasing page zoom on the instrumentation page
  • Enterprise Fixed an issue causing live update delays during issue tracker updates
  • Enterprise Fixed a bug causing the manual result entry modal to close when collapsing sections
  • Enterprise Fixed a bug causing the dashboard to erroneously include findings pending deletion
  • Enterprise Fixed a bug causing the dashboard to not load properly in certain scenarios
  • Enterprise Fixed a bug causing out of memory errors when deleting a large number of issue tracker associations

Tools

  • Updated bundled Node.js runtime to v12.14.0
  • Updated bundled ESLint to v6.7.2, bundled eslint-plugin-react
  • Updated bundled PMD to v6.20.0, added configuration options
  • Added error detection when attempting to run FxCop on .NET Core projects
  • Enterprise Fixed a bug causing Black Duck login failure when username or password contains special characters
  • Enterprise+InfraSec Fixed a bug causing Qualys integration to be unavailable with certain licenses

Code Dx 4.4.0

Code Dx 4.4.0 1/6/2020

Additions

  • Added user grouping functionality with group-based permissions
  • Added user auto-create and user grouping settings based on LDAP groups
  • Enterprise Added Dashboard option for simple average of children project scores
  • Enterprise Added standards violations to finding details page and reports
  • Enterprise Added issue tracker information to reports

Changes

  • Improved display and performance of finding details page for findings with a large amount of evidence
  • Overhauled admin page
  • Enterprise Made general improvements to Dashboard

Tools

  • Enterprise+InfraSec Add Nessus Plugin ID as metadata
  • Enterprise+InfraSec Add AppDetective Pro tool reader support
  • Enterprise Added Protecode SHA1 as metadata
  • Enterprise Standardized Protecode metadata key names

Code Dx 4.3.5

Code Dx 4.3.5 12/12/2019

Tools

  • Enterprise Updated Acunetix tool reader
  • Enterprise Updated Fortify tool reader

Code Dx 4.3.4

Code Dx 4.3.4 11/19/2019

Tools

  • Enterprise Made a fix to treat category URLs from CodeSonar as optional

Code Dx 4.3.3

Code Dx 4.3.3 11/13/2019

Fixes

  • Enterprise Fixed a bug causing trace execution page display problems
  • SWAMP Fixed a permission causing SWAMP users to not be allowed to re-correlate
  • SWAMP Removed unsupported configuration options from analysis config dialog

Tools

  • Enterprise Improved logic for mapping severity for non-English Checkmarx inputs
  • Enterprise Improved logic for mapping severity for Coverity results
  • Enterprise Improved logic for mapping severity for Protecode results

Code Dx 4.3.2

Code Dx 4.3.2 10/30/2019

Changes

  • Made changes to support more SSL cipher suites for tool connectors
  • Fixed a bug causing path normalization to fail with certain path inputs
  • Enterprise Fixed a failure case when reading tool results with an unspecified CVSS vector

Code Dx 4.3.1

Code Dx 4.3.1 10/22/2019

Changes

  • Made a slight performance tweak for project creation when many projects exist

Tools

  • Enterprise Fixed an issue causing errors for Fortify SSC results not specifying milliseconds in their timestamps