This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 3.6, as well as known issues of this release.
For more information about this release, visit the blog post Lucent Sky AVM 3.6 released.
New features and updates included in Lucent Sky AVM 3.6
-
Performance improvements on the mitigation algorithm - Updates were made to the mitigation algorithm to streamline the remediation process. Users are expected to experience a modest improvement on the vulnerability mitigation performance. The performance improvement will be more visible for complex applications or those with more than several thousand of vulnerabilities.
-
More accurate confidence scoring - Since Lucent Sky AVM 2.0, confidence score has been the cornerstone of ensuring Instant Fixes are applied reliably and without impact on application functionalities. In Lucent Sky AVM 3.6, it's been expanded to cover not just each Instant Fix, but all statements related to this Instant Fix. The result of the expansion is statement-level confidence score, an indicator allowing users to more accurately predict the impact of Instant Fixes prior to applying them.
-
Numerous bug fixes - Lucent Sky AVM 3.6 resolves several issues in prior releases, including a bug related to the calculation of LOCe and a bug related to incorrect file path in XML reports.
List of fixes included in Lucent Sky AVM 3.6
Scanning Java GUI applications
Certain vulnerabilities are no longer identified in Java GUI applications (such as those developed with Swing or SWT).
This issue has been resolved in Lucent Sky AVM 3.6.
Generating reports and mitigated source code of ASP.NET applications
If an ASP.NET application contains vulnerabilities involving .aspx files, the path of these .aspx files are displayed incorrectly on the Web UI and HTML/PDF/XML reports. Furthermore, if the Instant Fixes of these vulnerabilities are in the .aspx files, these Instant Fixes will not be included when generating mitigated source code.
This issue has been resolved in Lucent Sky AVM 3.6.
Known issues of Lucent Sky AVM 3.6
Scanning Java applications
When scanning a Java application, the alternative Java compiler will be used instead of the primary one. This bug might cause scan to fail on a very small number of Java applications due to compilation failures.
To workaround this issue, add javacompilation,primary to the scan arguments of the application or scan.
This issue is present in Lucent Sky AVM 3.6 and has been resolved in Lucent Sky AVM 3.7.