Contents:
ET5 (Kiuwan Engine)
- QAK-5991 [New rule] Forms without captcha
- QAK-6009 New security ASP.net rule (or XSS improve)
- QAK-6080 Error from [org.codenarc.rule.size.AbcComplexityRule] java.lang.NoClassDefFoundError
- QAK-6441 Preprocessing .dtsx files to parse as sql
- QAK-6520 False positives validation Loop with Unreachable Exit Condition ('Infinite Loop')
- QAK-6521 [FP] OPT.CPP.CERTC.EXP33
- QAK-6528 False positive for OPT.ABAP.ADR.NamingConventions
- QAK-6531 False positive OPT.JAVASCRIPT.ESTILO.NeverUseHistory
- QAK-6536 False positive OPT.SWIFT.SECURITY.ThirdPartyKeyboardAllowed
- QAK-6538 [FP] OPT.RPG4.REL.CallParameterMismatch
- QAK-6550 [FP] OPT.JAVA.SEC_JAVA.ExecutionAfterRedirect
- QAK-6552 ENHANCEMENT New rule PATH RELATIVE STYLE SHEET IMPORT
- QAK-6554 False positive found during python code analysis
- QAK-6557 [FP] OPT.CSHARP.MVCNonActionPublicMethods
- QAK-6571 Inconsistent results of OPT.JAVA.SPRING.AvoidBeansWithTheSameIdAcrossDiferentDescriptors
- QAK-6574 Update PHP language level to 8
- QAK-6575 PARSE ERROR for file PL/SQL
- QAK-6578 PARSE ERROR for PL/SQL files
- QAK-6579 FP OPT.JAVA.ANDROID.UseASafeCipher
- QAK-6587 Defects copied from one file to another in rule OPT.JSP.SEC_JSP.TargetBlankVulnerability
- QAK-6588 Review suspicious code at OPT.JAVA.CONV.ObjectTypeVerification rule
- QAK-6589 Allow empty values in parameter rule OPT.JSP.SEC_JSP.TargetBlankVulnerability
- QAK-6590 [FP] OPT.CPP.CERTC.EXP33 using 'auto' keyword
- QAK-6591 Parsing Error in .cs Files (Csharp Technology)
- QAK-6592 False negatives for OPT.JAVA.SEC_JAVA.HardcodedUsernamePassword and OPT.PYTHON.SECURITY.HardcodedCryptoKey
- QAK-6593 FP in typical example in rule OPT.HTML.SpecifyCharacterEncoding
- QAK-6594 Kiuwan does not detect hardcoded passwords in XML
- QAK-6595 Custom Neutralization not working for Java rule in latest release
- QAK-6596 Parsing error C# in CSHTML files: MismatchedTokenException
- QAK-6597 PARSE ERROR para 4GL files
- QAK-6602 [FP] OPT.JAVASCRIPT.ESTILO.NeverUseHistory
- QAK-6603 False positive in OPT.PYTHON.DJANGO.MissingBrowserXssFilter
- QAK-6604 False positive OPT.VBNET.VBnet.RemoveUnusedLocals
- QAK-6605 OPT.COBOL.SQL_COBOL.AvoidSelectAsterisk wrong defect code in copys
- QAK-6606 False positive In rule OPT.CSHARP.ResourceLeakStream due to scope of disposal in C# v8
- QAK-6609 False positive in OPT.JAVASCRIPT.TYPESCRIPT.UseTypeAnnotations rule
- QAK-6612 False positive OPT.JAVA.SEC_JAVA.XmlEntityInjectionRule
- QAK-6613 False positive OPT.JAVA.SEC_JAVA.FormatStringInjectionRule
- QAK-6615 False positive in OPT.JAVA.SEC_JAVA.HttpSplittingRule
- QAK-6617 False positive OPT.JAVASCRIPT.ERRORCOMUN.UnusedLocalVar
- QAK-6619 Parse error in COBOL Tandem source
- QAK-6620 False positive OPT.JAVA.CNU.UI
- QAK-6621 False positive OPT.JAVASCRIPT.SensitiveInfoInConfigurationFile
- QAK-6622 False positive detecting XSS in Java types
- QAK-6623 PARSE ERROR for file ASP.NET VB.NET
- QAK-6626 ERROR while analyzing CS file with SQL query
- QAK-6629 StackOverflowError while doing analysis of Swift Technology
- QAK-6630 Possible false positive in rule OPT.CSHARP.NullDereference
- QAK-6631 COBOL parse error in XML GENERATE statement
- QAK-6639 RPG parse error due to left margin and ? character at indicator column (column 6)
- SAS-5442 Kiuwan support for Expression Language Injection with Thymeleaf & Spring
- SAS-5543 java.lang.NoSuchMethodError Executing clone detection
MT5 (Kiuwan general bug fixing)
- SAS-5320 ENHANCEMENT insights report
- SAS-5357 Cannot create username if similar username existed
- SAS-5397 ENHANCEMENT encoded HTTP auth when indicating username of lDP in agent.properties file
- SAS-5478 Compare of different Models is not matching correctly
- SAS-5479 Set "Effort=0" in a rule makes report processing to fail
- SAS-5499 Last part of email in update user in REST-API can only be lowercase
- SAS-5525 Normative Filter is not working sometimes for defects in Life Cycle
MT6 (Kiuwan general bug fixing)
- SAS-5349 Security / Analysis / Insights links are not working properly
- SAS-5355 ERROR in exclude.patterns and supported.technologies Jenkins Plugin not updated
- SAS-5369 ERROR readlink illegal option --f in rdev.sh MacOS Catalina
- SAS-5425 ERROR in URL audit fail checkpoint detail
- SAS-5426 Mismatch in Lines of Code
- SAS-5458 User cannot create a new portfolio
- SAS-5489 KLA Copy-paste options don't properly work in MacOS
- SAS-5494 ERROR while promoting delivery to baseline java.lang.NullPointerException
- SAS-5496 NPE viewing checkpoint detail with user custom rules
- SAS-5501 Error generating insight security csv report
- SAS-5506 INSIGHTS Obsolescense wrong date in component org.ow2.asm:asm version 8.0.1
- SAS-5530 INSIGHTS Obsolescense wrong date in component org.ow2.asm:asm
- SAS-5549 BUG prefijos de normativas no listados causan que no se muestren al exportar a csv
- SAS-5571 NPEs when calculating customerID for jobs in queue
- SAS-5578 Error updating artifacts in KOP insights batch
Oauth2/OIDC Integration
- SAS-5449 OAuth SSO project
- SAS-5467 Refactor SAML Dependencies out of main flows
- SAS-5468 Create Oauth2 configuration model
- SAS-5469 Create Oauth configuration GUI and integrate model
- SAS-5470 Configure SPRING SECURITY to handle Oauth2 login
- SAS-5523 Change password screen appeared for SSO logged in user into application
- SAS-5531 Unable to log in with SSO=on on ADFS AD server 16
- SAS-5532 Reconfiguring/updating SSO configuration on Successfully activated SSO is throwing error "incorrect result size"
- SAS-5545 Unable to Update the values for OAuth-OpenID SSO configuration
- SAS-5568 OIDC redirect_uri protocol does not match with the configured one in Azure
- SAS-5569 OAuth SSO settings are not saved in KLA
- SAS-5575 NoClassDefFoundError when launching KLA after Oauth and MT5 integration
- SAS-5577 User deletion fails
- SAS-5579 OIDC with KLA does not complete
- SAS-5581 Intermittent error in KLA with OIDC