Lucent Sky AVM 2.7 release information

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 2.7, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 2.7 released.

Enhanced analysis accuracy - Lucent Sky AVM relies on six different analysis engines for vulnerability identification and mitigation. With this release, the contextual analysis engine was rebuilt and the semantic analysis engine was improved. These enhancements will allow for higher accuracy (lower false positives and lower false negatives) as well as for greater source code coverage.
Increased Java compatibility and faster scans - The compilation engine for Java was redesigned and rebuilt from the ground up to increase compatibility with Java applications. A great "side effect" of this is a dramatic improvement in performance. Scanning Java applications is now up to 300% faster.
Mitigation "Diff" - The option to create a "diff" file between the mitigated source code and the original one has been added to the Web UI, the CLI and the API. The "diff" file is an XML file that documents every change made to the original source code, and the mitigated vulnerability corresponding to each change.
UI enhancements - Several minor UI enhancements were included as a result of customer feedback. One example is the support of direct uploading and downloading of JAR files (.jar) and WAR files (.war) through the Web UI.

CLEAR Engine
- Fixed an issue that prevented the encoding of certain .jsp files from being detected correctly.
- Fixed an issue that prevented certain .jsp files from being analyzed correctly.
Web UI
- Fixed an issues that caused certain cross-site scripting (CWE-79) vulnerabilities to be displayed twice in the result list.
- Fixed an issue that caused the Create Scan dialog to change its position unexpectedly.

There are currently no known issue of Lucent Sky AVM 2.7. If you encounter an issue that is not listed below, contact Lucent Sky support.