Permalink
Switch branches/tags
Azure-Add-Nuget-Settings-Update CONTRAST-7831 CONTRAST-8781 CONTRAST-12222-protect-docs CONTRAST-14638-trouble-java CONTRAST-17463-re/move-articles CONTRAST-17470-what-is-contrast CONTRAST-17566 CONTRAST-18659-profiler-docs CONTRAST-20358-config CONTRAST-20381 CONTRAST-20663-update-ruby-config CONTRAST-20961-freemium-docs CONTRAST-21091-Add-VS-Plugin-Doc CONTRAST-21316-remove-appname CONTRAST-21554-remove-assembly CONTRAST-23556-integrated-service CONTRAST-23556-speedracer CONTRAST-23895-flask-app CONTRAST-25182-Add-Dotnet-Chaining CONTRAST-25297-java-command CONTRAST-25851-service-clarification CONTRAST-25851-service-flag CONTRAST-26040-common-config CONTRAST-26040-dotnet-adjust CONTRAST-26040-node-common-config-changes CONTRAST-26732-pki CONTRAST-26736-cert-config CONTRAST-26737-node-docs CONTRAST-26999-java-common-config CONTRAST-27030 CONTRAST-27167-vulns-grid CONTRAST-27312-node-config-emph CONTRAST-27409-changes-to-support-contrast-env-var-prefix CONTRAST-27463-node-10-lts CONTRAST-27975-remove-dotnet-proxy-host CONTRAST-28172-java-docker CONTRAST-28194 CONTRAST-28440-vsts-backlogs CONTRAST-28941-build-based-view-options Contrast-AlexB-patch-1 DanFiedler-AddSystemReqs DanFiedler-FormatSuppTech Node-Install-Config-Updates OD3-Test-LayoutUpdates OD3-Test-Merged OD3-Test-TerraGood-MikeGood-Synced OD3-Test-TerraGood OD3-Test Release-356-Profiler-Chaining-Flag-Fix Update_General_Properties ZD#9080-Supported-LDAP-Servers bamboo contrast-25989-exec-helper-troubleshooting contrast-26111-verify-java-exec-helper ddooley77-patch-1 dhafley-patch-1 distributed-config dotnet-directory-changes fix-appname ide-plugins installer_doc j0nS3idman-patch-1 j0nS3idman-patch-2 j0nS3idman-patch-3 j0nS3idman-patch-4 j0nS3idman-patch-5 javaagent-appname-change linux-pkgs master mobile-help-doc nahsra-cve-shields nahsra-protect-rules-update node-8 node-env opendocs-redesign-links org-stats-filename-bug orientation-tests philtest rebranding remove-profilerBehavior revert-525-CONTRAST-27047 reword-node-OS-support route-coverage-jersey rss search solarisSupport static-site-generator test-image-standards update-node-config wrong-min-version zookeeper_docs
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (28 sloc) 2.73 KB

Just in: Ruby agent 2.0 and improvements for your integrations!

Fixes

  • Filter Attacks by IP address to find the right ones in the grid.
  • See the right vulnerabilities in your server's Overview page.
  • Non-internet connected Enterprise-on-Premises (EOP) users can see the complete list of their libraries.
  • Don't get tripped up by Security Controls for invalid targets.
  • Set up auto-licensing for servers, and see your saved selection across the UI.
  • Build Number and Untracked filters work exactly as expected for your vulnerabilities.
  • Delete an organization with assigned licenses.

Improvements

  • Contrast stores the credentials you entered in your last Jira configuration, and automatically applies them when you set up the next one. You can also manage your credentials by adding news ones or editing an existing set.

  • EOP users can set proxy settings and rest assured that all integration traffic will flow through it.

Agent Updates

Java summary

The Java team reduced the amount of memory used by agent’s Assess analysis. We fixed an issue where certain java.lang.String methods, if added as sanitizers or validators, could cause application errors. We also added a new Malformed Header rule as well as protection against CVE-2018-1261.

.NET summary

The .NET team improved the performance of the agent’s communication with the Contrast interface as well as the accuracy of unvalidated redirect analysis when the data source was System.Web.HttpRequest.RawUrl. Also, the Azure App Service Site Extension now checks for framework requirements.

Node.js summary

The Node team added agent compatibility with the NewRelic APM agent. In the Protect feature, we improved the NoSQLi rule with support for classifier detection in MongoDB, and SQLi now has a new hook in the MySQL query interface. In the Assess feature, we can now track data propagation through user-defined input to the required statement, and we improved data flow on global constructors (e.g., String, Function).

Ruby summary

The Ruby agent entered 2.0 with an embedded service that eliminates the need for a second gem. The embedded service starts on application launch, is compatible with multiple applications on the same server, and can be controlled via rake tasks. The 2.0 version of the agent includes improvements in how the application name is determined and better application version determination.

Python summary

The Python agent has safer common configuration loading, and can accept configuration items from command line and environment variables. The team also added additional tests for Django applications with MySQL.