Lucent Sky AVM 4.7 release information

2018/12/26 |

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 4.7, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 4.7 released.

Updates in Lucent Sky AVM 4.7

  • Performance improvements - scanning performance were improved across multiple areas, including the analysis and remediation engines and the IO stack. Additionally, optimization was added to the IO stack to better support virtual machines with high IO latency.

  • Context-aware remediation suggestions - in with Lucent Sky AVM 4.6, we added context-aware remediation suggestions to some vulnerability categories involving insecure designs (such as use of weak encryption) or where Instant Fixes are otherwise unavailable. The goal was to provide guidance to developers on how to evaluate and address these issues. In this release, we expanded the availability of context-aware remediation to all vulnerability categories where Instant Fixes are not available. This feature remains in preview for the moment, although it no longer requires enabling preview mode to function.

  • Remediation algorithms improvements - a new set of algorithms were added to the remediation engine to provide better accuracy of Instant Fix generation and confidence score calculation.

  • Report improvements - a pie chart of result priority distribution and a list of the number of results of each priority is included in the HTML and PDF report.

  • Minor improvements and bug fixes - minor improvements and bug fixes were done to the Web UI and CLI.

List of fixes included in Lucent Sky AVM 4.7

The Edit Application box is broken when the application has a large number of members

You are unable to save changes made in the Edit Application box when it has a large number of members, because the Save button is obstructed.

This issue has been resolved in Lucent Sky AVM 4.7.

Known issues of Lucent Sky AVM 4.7

IDE plug-ins are unable to include Application Protection Library to a project after a scan

On new installations of IDE plug-ins, such as Visual Studio extensions and Eclipse plug-in, are unable to include Application Protection Library to a project after a scan. This is due to that starting with v4.7, the CLI no longer include copies of Application Protection Library binaries.

To workaround this issue, download the Application Protection Library binaries from a Lucent Sky AVM server running v4.7, and place them under the Resources\APL directory of the CLI. This issue is expected to be resolved in Lucent Sky AVM 5.0.