Release Notes - 1.7

---

1.7.6-funcrel

Fixes/Bugs

Customer Ticket Id	Customer Details
53614	Creates Spring Mvc Operations when class is decorated with @RequestMapping("").

1.7.5-funcrel

Enhancement/Improvements

Customer Ticket Id	Customer Details
52404	Removes traceback without impact on results.
50556	Removes traceback without impact on results.

1.7.4-funcrel

Resolved Issues

Customer Ticket Id	Details
51794	Fixes missing Spring MVC operations.
51872	Fixes missing Spring MVC operations.
49454	Fixes an unresolved Spring MVC operation url from .properties file.

Other Updates

Details
Fixes an issue where Services were incorrectly created in case of Feign.

1.7.3-funcrel

Other Updates

Details
This extension now generates a new "ServiceEntryPoints.blackbox-v2.xml" file containing additional data to enrich and improve the results of the com.castsoftware.securityanalyzer extension (≥ 1.0.10-funcrel).

1.7.2-funcrel

Other Updates

Details
Improved support of Thymeleaf web service calls.

1.7.1-funcrel

Resolved Issues

Customer Ticket Id	Details
32535	Spring MVC Operation name and link is wrong.
32701	Misssing link from MVC operation to Implementation method.

1.7.0-funcrel

Note

Moved to funcrel.

1.7.0-alpha1

Note

In this release, a change has been made to the security rules provided in AIP Core which are triggered when a User Input Security analysis is enabled. Details can be found in the "Rules" section of the release notes below.

Rules

Rule Id	New Rule	Details
8516	FALSE	For AIP >= 8.3.27, the rule "Avoid URL redirection to untrusted site through API requests" is enabled for input received in REST API exposed, instead of "Avoid URL redirection to untrusted site" previously.
8534	FALSE	For AIP >= 8.3.27, the rule "Avoid XQuery injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid XQuery injection" previously.
8528	FALSE	For AIP >= 8.3.27, the rule "Avoid deserialization injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid deserialization injection" previously.
8522	FALSE	For AIP >= 8.3.27, the rule "Avoid regular expression injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid regular expression injection" previously.
8484	FALSE	For AIP >= 8.3.27, the rule "Avoid HTTP response splitting through API requests" is enabled for input received in REST API exposed, instead of "Avoid HTTP response splitting" previously.
8508	FALSE	For AIP >= 8.3.27, the rule "Avoid log forging through API requests" is enabled for input received in REST API exposed, instead of "Avoid log forging" previously.
8504	FALSE	For AIP >= 8.3.27, the rule "Avoid XPath injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid XPath injection" previously.
8494	FALSE	For AIP >= 8.3.27, the rule "Avoid OS command injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid OS command injection" previously.
8512	FALSE	For AIP >= 8.3.27, the rule "Avoid mixing trusted and untrusted data in HTTP requests through API requests" is enabled for input received in REST API exposed, instead of "Avoid mixing trusted and untrusted data in HTTP requests" previously.
8510	FALSE	For AIP >= 8.3.27, the rule "Avoid uncontrolled format string through API requests" is enabled for input received in REST API exposed, instead of "Avoid uncontrolled format" previously.
8506	FALSE	For AIP >= 8.3.27, the rule "Avoid file path manipulation through API requests" is enabled for input received in REST API exposed, instead of "Avoid file path manipulation" previously.
8486	FALSE	For AIP >= 8.3.27, the rule "Avoid resource injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid resource injection" previously.
8502	FALSE	For AIP >= 8.3.27, the rule "Avoid reflection injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid reflection injection" previously.
8500	FALSE	For AIP >= 8.3.27, the rule "Avoid code injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid code injection" previously.
8498	FALSE	For AIP >= 8.3.27, the rule "Avoid thread injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid thread injection" previously.
8496	FALSE	For AIP >= 8.3.27, the rule "Avoid process control through API requests" is enabled for input received in REST API exposed, instead of "Avoid process control" previously.
8492	FALSE	For AIP >= 8.3.27, the rule "Avoid LDAP injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid LDAP injection" previously.
8488	FALSE	For AIP >= 8.3.27, the rule "Avoid resource URL manipulation through API requests" is enabled for input received in REST API exposed, instead of "Avoid resource URL manipulation" previously.
8482	FALSE	For AIP >= 8.3.27, the rule "Avoid cross-site scripting through API requests" is enabled for input received in REST API exposed, instead of "Avoid cross-site scripting" previously.
8514	FALSE	For AIP >= 8.3.27, the rule "Avoid NoSQL injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid NoSQL injection" previously.
8490	FALSE	For AIP >= 8.3.27, the rule "Avoid SQL injection through API requests" is enabled for input received in REST API exposed, instead of "Avoid SQL injection" previously.