Introduction

This article describes the known issues of the recent releases of Lucent Sky AVM.

More Information

This is a list of known issues of the current and previous releases of Lucent Sky AVM, including the symptoms, impacted versions, workarounds and fixes.

Build

.NET web site scan failed with result -49999990

When scanning a .NET web site, the scan failed with the result code -49999990. Additionally, the compilation logs include the following: An unexpected error has occurred. The correlation ID is c8ebd46a-f8dc-43b8-a94c-dd9c046c5b1c.

This is an issue related to the way .NET web sites are detected.

This issue impacts 1810, and has been fixed in 1811 MR.

Ant log entries were saved to the generic scan log file instead of Ant log file

When building a Java application with Ant, build log entries were saved to the generic log file (ScanId.log) instead of Ant log file (ScanId-Ant.log). Additionally, when a scan failed due to Ant build errors, Ant log is not available to download on the Web UI.

This issue impacts 1811 SU3, and has been fixed in 1903 MR.

Analysis

Suppressed results reappear in C# applications scanned with source code analysis

When scanning a C# application with only source code analysis, previously suppressed results may reappear.

This is an issue related to the suppression algorithm in C# source code analysis engine.

This issue impacts versions between 1807 and 1811 MR, and has been fixed in 1811 SU1.

Scanning .NET Core projects fails with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound)

When scanning some .NET Core projects with explicitly specified project file, the scan might fail with result code -62300001 (BinaryAnalysis_Error_ValidILNotFound).

This is an issue related to the binary file detection mechanisms. When a project file was explicitly specified, Lucent Sky AVM uses the project file to locate the primary assembly file of the project. Some .NET Core project do not specify a primary assembly file in their project files.

To workaround this issue, do not explicitly specify a project file and let Lucent Sky AVM automatically detect it.

This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.

Reporting

The Priority attribute is set at an incorrect level in XML reports

When generating an XML report, the Priority attribute of a Result is sometime generated at the InstantFix element instead of the Result element.

This issue impacts 1811 MR, SU1 and SU2, and has been fixed in 1811 SU3.

JavaScript syntax highlighting is not available in HTML reports

Statements of JavaScript might not be properly highlighted in HTML reports. In addition, an error message ‘Couldn’t find brush for: jscript’ might appear.

This issue impacts 1903 MR, and has been fixed in 1903 SU1.

The file list in the reports has incorrect analysis marking

The file list in the HTML, PDF and XML reports might not have the correct marking to indicate the analyses conducted on files.

This issue impacts 1903 MR, and has been fixed in 1903 SU1.

Remediation

Remediation becomes stuck when paths in the application archive have more than 158 characters

The remediation process appears to stuck when the paths in the application archive have more than 158 characters.

This issue impacts all recent versions up to 1811 SU2, and has been fixed in 1811 SU3.

Remediated vulnerabilities in remediation information are displayed in the wrong order

When remediating an application with the ‘Include mitigation info’ option enabled, remediated vulnerabilities in remediation information are displayed in the wrong order (such as CWE359, CWE79 mitigated instead of CWE79, CWE359 mitigated).

This issue impacts 1906 MR, and is expected to be fixed in 1906 SU1.

Interface

Project list does not load when the Web UI is opened in the background

When opening the project list or the scan list, if the browser tab is in the background, the list does not load.

This is an issue related to the AJAX API calls.

This issue impacts 1811 MR and most earlier versions, and has been fixed in 1811 SU1.

System information shows version 1812 when the instance is running 1811 SU1

The system information page shows the current version as 1812 (5.8.4100) when the instance is running 1811 SU1 (5.8.4100). Additionally, the generated reports also show version 1812 instead of 1811 SU1.

This is an issue related to the new Minor Release/Servicing Update release rhythm.

This issue impacts 1811 SU1, and has been fixed in 1811 SU2.

The Query method in the CLI is using the legacy priority calculation algorithm

The Query method in the CLI is using the legacy priority calculation algorithm. This results in inconsistency of the priority score between CLI queries and other interfaces and reports.

This issue impacts all versions between 1807 and 1811 SU2, and has been fixed in 1811 SU3.

The batch delete function on the Web UI returns DATA_ERROR even when the operation completed successfully

When deleting applications in batch on the Web UI, the operation sometimes return a data error even when it has completed successfully.

This issue impacts all currently supported versions. To workaround this issue, ignore the returned data error message.

Report and Remediate options appear in the Action Bar when they are not available

When viewing a completed scan on the Web UI, the Report and Remediate options appear in the Action Bar even though they are not available.

This issues impacts 1903 MR, and has been fixed in 1903 SU1.

Administration

Rule package is not properly installed when CLEAR Engine setup was interrupted and resumed

When installing CLEAR Engine for the first time, if the setup program was interrupted and resumed, the rule package might not be properly installed.

To workaround this issue, do not resume the setup program if it was interrupted. Instead, uninstall the installed components, delete the installation directory (C:\Program Files\Lucent Sky), and start the setup program again.

This issue impacts 1903 MR and SU1, and has been fixed in 1906 MR. Instances that were updated to 1903 MR or SU1 from an earlier version are not impacted.

Unable to update from Lucent Sky AVM version 1807

When updating an instance running Lucent Sky AVM version 1807, the update process failed with the error message: SkyAnalyzer.Engine.Installer has stopped working.

This is an issue related to the data migration process. Although it prevents the direct update from Lucent Sky AVM version 1807 to version 1811, it will not cause any data loss.

To workaround this issue, first uninstall Lucent Sky AVM version 1807, then install Lucent Sky AVM version 1811.

This issue impacts 1811 MR and has been fixed in 1811 SU1.

Web UI update fails if storage root is set to a drive other than C:\

When updating an instance using the Web UI, the update fails if storage root is set to a drive other than C:\.

This issue impacts 1811 SU1 and earlier releases, and has been fixed in 1811 SU2.

The source of CLEAR Engine events is shown as ‘Service1’ in Windows Events

The source of events generated by CLEAR Engine is shown as ‘Service1’ instead of ‘CLEAR Engine’ in Windows Events.

This issue impacts 1811 MR and SU1, and has been fixed in 1811 SU2.