Permalink
Switch branches/tags
Azure-Add-Nuget-Settings-Update CONTRAST-7831 CONTRAST-8781 CONTRAST-12222-protect-docs CONTRAST-14638-trouble-java CONTRAST-17463-re/move-articles CONTRAST-17470-what-is-contrast CONTRAST-17566 CONTRAST-18659-profiler-docs CONTRAST-20358-config CONTRAST-20381 CONTRAST-20663-update-ruby-config CONTRAST-20961-freemium-docs CONTRAST-21091-Add-VS-Plugin-Doc CONTRAST-21316-remove-appname CONTRAST-21554-remove-assembly CONTRAST-23556-integrated-service CONTRAST-23556-speedracer CONTRAST-23895-flask-app CONTRAST-25182-Add-Dotnet-Chaining CONTRAST-25297-java-command CONTRAST-25851-service-clarification CONTRAST-25851-service-flag CONTRAST-26040-common-config CONTRAST-26040-dotnet-adjust CONTRAST-26040-node-common-config-changes CONTRAST-26732-pki CONTRAST-26736-cert-config CONTRAST-26737-node-docs CONTRAST-26999-java-common-config CONTRAST-27030 CONTRAST-27167-vulns-grid CONTRAST-27312-node-config-emph CONTRAST-27409-changes-to-support-contrast-env-var-prefix CONTRAST-27463-node-10-lts CONTRAST-27975-remove-dotnet-proxy-host CONTRAST-28172-java-docker CONTRAST-28194 CONTRAST-28440-vsts-backlogs CONTRAST-28941-build-based-view-options Contrast-AlexB-patch-1 DanFiedler-AddSystemReqs DanFiedler-FormatSuppTech Node-Install-Config-Updates OD3-Test-LayoutUpdates OD3-Test-Merged OD3-Test-TerraGood-MikeGood-Synced OD3-Test-TerraGood OD3-Test Release-356-Profiler-Chaining-Flag-Fix Update_General_Properties ZD#9080-Supported-LDAP-Servers bamboo contrast-25989-exec-helper-troubleshooting contrast-26111-verify-java-exec-helper ddooley77-patch-1 dhafley-patch-1 distributed-config dotnet-directory-changes fix-appname ide-plugins installer_doc j0nS3idman-patch-1 j0nS3idman-patch-2 j0nS3idman-patch-3 j0nS3idman-patch-4 j0nS3idman-patch-5 javaagent-appname-change linux-pkgs master mobile-help-doc nahsra-cve-shields nahsra-protect-rules-update node-8 node-env opendocs-redesign-links org-stats-filename-bug orientation-tests philtest rebranding remove-profilerBehavior revert-525-CONTRAST-27047 reword-node-OS-support route-coverage-jersey rss search solarisSupport static-site-generator test-image-standards update-node-config wrong-min-version zookeeper_docs
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (32 sloc) 3.28 KB

Fixes

  • Export data for all libraries in your organization without errors.
  • SuperAdmins can upload new user data.
  • Create Master applications during application merge.
  • The Dashboard shows the appropriate vulnerability count for each user's application access.
  • All vulnerability URL info is displayed correctly.
  • LDAP connection issues for group creation are resolved.

Improvements

  • As of Contrast version 3.5.8, the auto-updating version of the Java agent is no longer available for download. The auto-update feature is not compatible with Contrast's design changes made to support the Java Platform Module System included in Java beginning with version 9. Existing agents with the auto-update feature will continue to function; however, once Contrast releases an agent capable of supporting Java 9+, they will no longer update to the latest version.

For more details on Java agent updates, see the Java summary below.

  • See your Protect data logs in SumoLogic via integration with the SIEM API. Browse through logs, and quickly find exactly what you’re looking for.

  • Contrast upgraded to MySQL 5.7 for embedded MySQL.

Agent Updates

Java summary

The Java agent team improved accuracy of the Assess Path Traversal rule on Spring applications. We added better Assess support for Jersey 2.0, including route detection for Jersey 2.0+ applications. The agent also supports configuration of common configuration properties via environment variables.

.NET summary

The .NET team fixed a bug in which the agent wasn't respecting the legacy TeamServerValidateCert configuration setting. We also fixed a bug in which the agent failed to restart properly when profiler chaining was enabled and the Assess or Protect mode was changed. We made improvements to:

  • The display of System.Char[] values in the trigger event of Assess vulnerabilities
  • The performance of Assess analysis of applications that communicate with web services using System.Net.Http.HttpClient
  • Assess accuracy for unvalidated redirects against the current request's URL

The agent supports Azure Application Service-hosted applications that are hosted outside of the wwwroot/bin directory.

Node.js summary

The Node agent now supports Node 10, the latest long-term support (LTS) version of Node. The Node team also updated support for TLS connections to Contrast UI using common configuration options. We modified the logging levels for the agent to match the other agents, and closed a bug in the Winston logger. We also enhanced logging around Process.argv.

Ruby summary

Ruby team has released the Assess agent! The Ruby agent also supports the common configuration entries to customize TLS connections to Contrast UI. Due to performance issues, we removed log enhancers for classes loaded after the agent has initialized. (This functionality will be re-enabled in the next release.)

Python summary

The Python agent now supports communication to the Contrast Service using Unix sockets. The Python team updated configuration to support customized TLS connections to the Contrast UI. The agent also supports a periodic thread for verifying connection status in Contrast UI.