Lucent Sky AVM version 2503 releases
- Lucent Sky AVM version 2503 MR (build 11.2.6375)
Lucent Sky AVM version 2503 MR
New features in 2503 MR
Technology stack
- Support for Perl
- Support for PHP 8.4
Weakness policies
- Support for mappings between OWASP Mobile Top 10 2024 and CWE IDs
- Revision of mappings between PCI DSS 4.0 and CWE IDs
Binary analysis
- General improvements on the .NET and Java binary analysis engines
Source code analysis
- Expanded secret scanning
- Performance and accuracy improvements on the source code analysis engines
- Compatibility improvements on Java applications with JSF and JSP files
- Compatibility improvements on static web sites
- General improvements on the ABAP, ASP, C/C++, ECMAScript, Go, PHP, Python, and static web pages source code analysis engines
Dependency analysis
- Improvements on Maven packages and Node modules analysis
- General improvements on dependency analysis engines
Hybrid analysis
- General improvements on the hybrid analysis engines
Remediation
- General improvements on remediation for ASP applications
- General improvements on ML-augmented vulnerability remediation and explanations
Reporting
- Intelligence System configuration in HTML and PDF reports
Interfaces
-
Dependency interface available on the API, CLI, and Web UI
On the CLI, the
GetList
method in theDependency
interface returns a list of dependencies discovered in previous scans, while theGetProjectList
method returns a list of applications which have a dependency in the most recent scan.On the Web UI, a dedicated interface enables browsing dependencies discovered in previous scans, filtering dependencies by their vendors, product names, and versions, as well as viewing a list of applications which have a dependency in the most recent scan.
The
Dependency
interface in the API enables these features and provide additional ways to interact with discovered dependnecies. - Performance, security, and user experience improvements on the Web UI
- Intelligence System configuration on the Web UI
Administration
- General improvements of the CLEAR Engine installer
Issues fixed in 2503 MR
- We fixed a bug where remediated CWE-94 vulenrabilities are still reported
- We fixed a bug where a long-running scan might fail with certain storage configurations
- We fixed a bug where enforcing MFA system-wide has no effect on certain users
Breaking changes in 2503 MR
-
The Query.QueryDependency method of the API
Deprecation. The
Query.QueryDependency
method of the API has been deprecated in favor of methods introduced in theDependency
interface of the API. The deprecated methods might be removed in a later release. -
80-bit TOTP MFA shared secret
Deprecation. The shared secret for TOTP multi-factor authentication has been increased to 160-bit. Existing TOTP MFA will continue to work, but MFA-enabled users are recommended to adopt 160-bit shared secret by resetting their TOTP MFA.