Permalink
Switch branches/tags
Azure-Add-Nuget-Settings-Update CONTRAST-7831 CONTRAST-8781 CONTRAST-12222-protect-docs CONTRAST-14638-trouble-java CONTRAST-17463-re/move-articles CONTRAST-17470-what-is-contrast CONTRAST-17566 CONTRAST-18659-profiler-docs CONTRAST-20358-config CONTRAST-20381 CONTRAST-20663-update-ruby-config CONTRAST-20961-freemium-docs CONTRAST-21091-Add-VS-Plugin-Doc CONTRAST-21316-remove-appname CONTRAST-21554-remove-assembly CONTRAST-23556-integrated-service CONTRAST-23556-speedracer CONTRAST-23895-flask-app CONTRAST-25182-Add-Dotnet-Chaining CONTRAST-25297-java-command CONTRAST-25851-service-clarification CONTRAST-25851-service-flag CONTRAST-26040-common-config CONTRAST-26040-dotnet-adjust CONTRAST-26040-node-common-config-changes CONTRAST-26732-pki CONTRAST-26736-cert-config CONTRAST-26737-node-docs CONTRAST-26999-java-common-config CONTRAST-27030 CONTRAST-27167-vulns-grid CONTRAST-27312-node-config-emph CONTRAST-27409-changes-to-support-contrast-env-var-prefix CONTRAST-27463-node-10-lts CONTRAST-27975-remove-dotnet-proxy-host CONTRAST-28172-java-docker CONTRAST-28194 CONTRAST-28440-vsts-backlogs CONTRAST-28941-build-based-view-options Contrast-AlexB-patch-1 DanFiedler-AddSystemReqs DanFiedler-FormatSuppTech Node-Install-Config-Updates OD3-Test-LayoutUpdates OD3-Test-Merged OD3-Test-TerraGood-MikeGood-Synced OD3-Test-TerraGood OD3-Test Release-356-Profiler-Chaining-Flag-Fix Update_General_Properties ZD#9080-Supported-LDAP-Servers bamboo contrast-25989-exec-helper-troubleshooting contrast-26111-verify-java-exec-helper ddooley77-patch-1 dhafley-patch-1 distributed-config dotnet-directory-changes fix-appname ide-plugins installer_doc j0nS3idman-patch-1 j0nS3idman-patch-2 j0nS3idman-patch-3 j0nS3idman-patch-4 j0nS3idman-patch-5 javaagent-appname-change linux-pkgs master mobile-help-doc nahsra-cve-shields nahsra-protect-rules-update node-8 node-env opendocs-redesign-links org-stats-filename-bug orientation-tests philtest rebranding remove-profilerBehavior revert-525-CONTRAST-27047 reword-node-OS-support route-coverage-jersey rss search solarisSupport static-site-generator test-image-standards update-node-config wrong-min-version zookeeper_docs
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
53 lines (29 sloc) 3.26 KB

Want to find more details but spend less time searching? Use the new page for application route coverage and reorganized sections for all your keys.

Fixes

  • Create a new organization with the email address of an existing Contrast account.
  • The last-reported date for vulnerabilities will display more accurately.
  • The Applications grid displays correctly for Safari users.
  • Applications that don't have Assess enabled won't be counted in the overall score for your organization.
  • Contrast will test your Jira configuration with the latest credential set selected.
  • Advanced filters will work together to show you the right results in the Servers grid.

Improvements

  • Keep track of security for your entire application in the new Route Coverage tab. Contrast breaks down the data for discovered - including exercised and unexercised routes - as well as the specific routes with critical vulnerabilities. See the Agent Updates section for each agent's current list of supported frameworks.

  • Set global vulnerability threshold conditions in the Contrast Jenkins plugin. Teams may then override the conditions for specific jobs.

  • Only OrgAdmin-level users and above can see empty servers in the Contrast UI. (Servers that have applications will be visible as they are today and honor all the usual access rules.)

  • We've moved the keys around a bit to make them easier to find. Go to the user menu > Organization Settings > Profile page to see your Organization ID, API key, and Agent Service key; or, go to the Profile > Your Account tab to find your personal keys.

Agent Updates

Java summary

The Java agent team improved the agent's handling of XML inputs, and reduced the amount of memory used by the agent's Assess analysis. We also implemented route coverage for Spring MVC 4.

.NET summary

The .NET agent team has improved performance by enabling the CLR to inline methods not instrumented by Contrast. We improved error handling when certain reports to Contrast fail. We also implemented route coverage for MVC 4, MVC5, WebForms, ASMX, WCF and Web API frameworks.

Node.js summary

The Node agent team added Protect support for Hapi 17, and is finishing up support for Assess rules in that framework. We fixed an issue in reporting traces to the Contrast UI in Assess mode as well as an issue where propagation wasn't being followed through custom toString method calls.

Ruby summary

The Ruby agent team has been focused on performance issues, including adding a timeout in cases where IP resolution appeared to take longer than a few seconds on startup and optimizing the XXE rule source input generation. We fixed an issue where rake tasks had a namespace conflict. We also completed route coverage for Rails and Sinatra frameworks.

Python summary

The Python agent team implemented auto-start of the service when the instrumented application is started. We improved the application name generation for display in the Contrast UI. We also enabled the route coverage feature.