Lucent Sky AVM version 2112 releases
- Lucent Sky AVM version 2112 SU1 (build 8.3.5242)
- Lucent Sky AVM version 2112 MR (build 8.3.5192)
Lucent Sky AVM version 2112 SU1
New features in 2112 SU1
Pre-analysis
- Performance improvements to the pre-analysis algorithms
Binary analysis
- Improvements to direct binary analysis for .NET And Java applications
Remediation
- Improved remediation for PHP applications
Administration
- Improved error handling during the update process
Issues fixed in 2112 SU1
- We fixed an issue where activation error messages do not accurately represent the underlying error
- We fixed an issue where the ROI page on the Web UI returns an error
Lucent Sky AVM version 2112 MR
New features in 2112 MR
Technology stack
- Support for .NET 6
- Support for Java 17
- Support for Java application developed with Groovy
- Support for ActionScript
Build
- Compatibility improvements for applications using Ant builds
- Compatibility improvements for JDK IL generation algorithms
- Compatibility improvements for ASP.NET, JSP, and PHP webpages
Binary analysis
- Performance and scalability improvements for the secondary binary analysis engine
- Accuracy improvements for the JDK binary analysis engine
- General improvements for the binary analysis engines
Source code analysis
- Performance improvements for the dataflow source code analysis engine
- General improvements for the source code analysis engines
Dependency analysis
- Improved performance for minified ECMAScript libraries
- General improvements for the dependency analysis engine
Remediation
- Forth-generation remediation engine is generally-available
- Accuracy and performance improvements to the remediation algorithms
- Update guidance is available for vulnerable dependencies
Reporting
- History for individual result is available on the Web UI, HTML, and PDF reports
- New scoring logic for remediation confidence
- Support for CWE 4.6 and OWASP Top 10 2021
- More accurate reporting for CWE-311 and its child categories
- Dependencies with CVE are reported as CWE-1104 when the corresponding CWE rules are disabled by weakness policies
- Dark mode is available for HTML reports
- Improved syntax highlighting for HTML and PDF reports
Interface
- Dark mode is available on the Web UI
- Scan progress is visible on the application and scan index pages
- Improved syntax highlighting for the Web UI
- Accessibility and usability improvements to the Web UI
- The CLI supports scriptable configuration of WCF endpoints
Administration
- Improvements for the update process
Issues fixed in 2112 MR
- We fixed an issue where the CLI help text is inconsistent
- We fixed an issue where the 'Information' field is missing in the HTML report
- We fixed an issue where some OWASP Mobile Top 10 mappings were missing
- We fixed an issue where some multiple class-scoped results in the same class appear as a single result
- We fixed an issue where some results in Java applications appear as multiple results
- We fixed an issue where Gradle logs are not available on the Web UI when build failed
Breaking changes in 2112 MR
Build
-
Built-in runtime .NET 5.0 renamed to .NET Core 3.1
No functional change. Both the .NET Core 3.1 runtime and the new .NET 6.0 runtime use the latest MSBuild.
-
JDK 14 updated to JDK 17
No functional change. Custom runtimes and applications using JDK 14 will be migrated to JDK 17 automatically. If these runtimes or applications need to use JDK 11, contact Lucent Sky support.
-
Maven updated to 3.8.4
Breaking change. Custom repositories using HTTP are no longer supported due to changes in Maven 3.8. Migrate custom repositories to HTTPS to enable customer repositories using HTTP in Maven settings.
-
Custom PHP runtime is no longer supported
Breaking change. Support for custom PHP runtime is removed as it was for the legacy PHP source code analysis engine. Existing custom PHP runtimes will be migrated to the built-in PHP runtime automatically.
Analysis
-
Analysis mode migrated to scan arguments
Breaking change. Analysis mode has been migrated from the AnalysisMode property (Scan.Create.AnalysisMode) to part of the Arguments property (Project.Create.Arguments, Project.Edit.Arguments, and Scan.Create.Arguments). Third-party tools relying on the API and the CLI might need to be updated.
-
Legacy PHP source code analysis engine is no longer available
Breaking change. Applications set to explicitly use the legacy PHP source code analysis engine (analysis engine ID 14) will be migrated to use the default PHP source code analysis engine, and may have different analysis results.
Reporting
-
Individual result history
No functional change. Individual result history is not available for scans completed prior to updating to version 2112 MR unless a manual migration is performed.
-
New confidence scoring logic
Breaking change. Scan results prior to 2112 MR will be recalculated automatically using the new scoring logic. However, third-party tools relying on the XML report need to be updated. The following table illustrates the changes of the scoring logic:
Score Value 2112 MR and later Score Meaning 2112 MR and later Score Value prior to 2112 MR Score Meainng prior to 2112 MR 13 High confidence Instant Fix 3 High confidence Instant Fix 12 High confidence Instant Fix 2 High confidence Instant Fix 11 Low confidence Instant Fix 1 Low confidence Instant Fix 1 Contextual remediation suggestion New to 2112 MR 0 Basic remediation suggestion 0 Remediation suggestion
Interface
-
CLI command for creating scans
Breaking change. The Mode argument for the Scan.Create method has been deprecated. To create scans with intelligent analysis, remove the Mode argument from the command. To create scans with comprehensive analysis, remove the Mode argument from the command and add AnalysisMode,comprehensive to the Arguments argument.