Lucent Sky AVM 3.9.1 release information

2018/12/26 |

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 3.9.1, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 3.9.1 released.

New features and updates included in Lucent Sky AVM 3.9.1

  • Fine-tuning to the 3rd generation mitigation engine - Numerous small improvements were done to the 3rd generation mitigation engine to improve the precision of vulnerability remediation, especially in the case when existing code already uses some security mechanism but is insufficient.

  • Support of CWE-501 (Trust Boundary Violation) - Some Trust Boundary Violation issues can now be identified and remediated, such as storing untrusted data into an otherwise trusted data structure or storage. Due to the design-oriented nature of this type of issues, the rule is disabled by default.

  • Bug fixes - Several bugs that exist in Lucent Sky AVM 3.8 and 3.9 were fixed, such as inability to identifying some CWE-601 (Open Redirect) issues in Java applications.

List of fixes included in Lucent Sky AVM 3.9.1

Identifying some CWE-601 (Open Redirect) vulnerabilities in Java applications

When scanning a Java application using the built-in rule package, some CWE-601 (Open Redirect) vulnerabilities might not be identified. This is due to a misconfiguration in the built-in rule package.

This issue has been resolved in Lucent Sky AVM 3.9.1.

Known issues of Lucent Sky AVM 3.9.1

There is no known issue of Lucent Sky AVM 3.9.1.