Switch branches/tags
Azure-Add-Nuget-Settings-Update CONTRAST-7831 CONTRAST-8781 CONTRAST-12222-protect-docs CONTRAST-14638-trouble-java CONTRAST-17463-re/move-articles CONTRAST-17470-what-is-contrast CONTRAST-17566 CONTRAST-18659-profiler-docs CONTRAST-20358-config CONTRAST-20381 CONTRAST-20663-update-ruby-config CONTRAST-20961-freemium-docs CONTRAST-21091-Add-VS-Plugin-Doc CONTRAST-21316-remove-appname CONTRAST-21554-remove-assembly CONTRAST-23556-integrated-service CONTRAST-23556-speedracer CONTRAST-23895-flask-app CONTRAST-25182-Add-Dotnet-Chaining CONTRAST-25297-java-command CONTRAST-25851-service-clarification CONTRAST-25851-service-flag CONTRAST-26040-common-config CONTRAST-26040-dotnet-adjust CONTRAST-26040-node-common-config-changes CONTRAST-26732-pki CONTRAST-26736-cert-config CONTRAST-26737-node-docs CONTRAST-26999-java-common-config CONTRAST-27030 CONTRAST-27167-vulns-grid CONTRAST-27312-node-config-emph CONTRAST-27409-changes-to-support-contrast-env-var-prefix CONTRAST-27463-node-10-lts CONTRAST-27975-remove-dotnet-proxy-host CONTRAST-28172-java-docker CONTRAST-28194 CONTRAST-28440-vsts-backlogs CONTRAST-28941-build-based-view-options Contrast-AlexB-patch-1 DanFiedler-AddSystemReqs DanFiedler-FormatSuppTech Node-Install-Config-Updates OD3-Test-LayoutUpdates OD3-Test-Merged OD3-Test-TerraGood-MikeGood-Synced OD3-Test-TerraGood OD3-Test Release-356-Profiler-Chaining-Flag-Fix Update_General_Properties ZD#9080-Supported-LDAP-Servers bamboo contrast-25989-exec-helper-troubleshooting contrast-26111-verify-java-exec-helper ddooley77-patch-1 dhafley-patch-1 distributed-config dotnet-directory-changes fix-appname ide-plugins installer_doc j0nS3idman-patch-1 j0nS3idman-patch-2 j0nS3idman-patch-3 j0nS3idman-patch-4 j0nS3idman-patch-5 javaagent-appname-change linux-pkgs master mobile-help-doc nahsra-cve-shields nahsra-protect-rules-update node-8 node-env opendocs-redesign-links org-stats-filename-bug orientation-tests philtest rebranding remove-profilerBehavior revert-525-CONTRAST-27047 reword-node-OS-support route-coverage-jersey rss search solarisSupport static-site-generator test-image-standards update-node-config wrong-min-version zookeeper_docs
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
40 lines (23 sloc) 2.32 KB

Good work, Python! The Protect agent is ready for the big time!


  • Assess rules take effect for child applications.
  • Tags render correctly for IE11 users.
  • Removed appearance of Apply License options for View-level users.
  • Use the link to clear Advanced filters in the Libraries page.
  • Critical vulnerabilities disappear from your Dashboard as soon as you mark them "Not a Problem".

Agent Updates

Java summary

Contrast now allows users to set the Application Code attribute of an application by passing the contrast.application.code System property to the Java agent. The Java team also added System property contrast.stderr for directing Contrast logs to STDERR instead of a log file, improved accuracy for XSS detection, and fixed a deadlock at start-up which affects WebLogic 12. When bot-blocking is enabled, the Java agent will always block the Mozilla bot even when the user hasn't included any bots to block in their Contrast application configuration

.NET summary

The .NET team added an Assess rule for HSTS header missing as well as support for Contrast.AppName in DPAPI protected configs. We also fixed a concurrency issue that could cause an InvalidOperationException along with issues where headers set in global.asax weren't analyzed by Assess sensors and incorrect sources were reported for some Assess vulnerabilities.

Node.js summary

The Node team made a variety of performance and compatibility improvements including: better compatibility with the New Relic APM agent, fixing an issue with PostgreSQL options, and compatibility with applications that run uglify-js in their deployment pipeline. The agent also handles the case where the package.json isn't included in a application. Finally, the team added some propagation enhancements for better Assess accuracy in String.split and Array.join.

Ruby summary

The Ruby team improved class name resolution from the code file paths.

Python summary

Python Protect enters General Availability with this release! Remaining tasks for the Python team included tracking routes identified in the application for coverage statistics. We also added a new default location for configuration files under /etc/contrast.