Lucent Sky AVM 4.6 release information

2018/12/26 |

This article includes a list the new features and bug fixes that are included in Lucent Sky AVM 4.6, as well as known issues of this release.

For more information about this release, visit the blog post Lucent Sky AVM 4.6 released.

Updates in Lucent Sky AVM 4.6

  • Context-aware remediation suggestion - Lucent Sky AVM has long focused on providing direct and functional vulnerability remediation, Instant Fixes, that developers can just drop-in to replace vulnerable code. However, there are some vulnerabilities that are resulted from insecure design, such as use of insecure cryptographic algorithms and storing sensitive data in plaintext. Although still unable to directly replace the vulnerable code that causes these issues, starting in Lucent Sky AVM 4.6, context-aware remediation suggestion will be generated for these vulnerabilities, so developers will have a better understanding on what causes the vulnerabilities and how to remediate them. Context-aware suggestions are currently only available to a limited set of vulnerability types, but will be extended to cover more vulnerability types in the next few releases. This feature is currently in preview and requires enabling preview mode to function. To enable preview features on your Lucent Sky AVM instances, join the Lucent Sky AVM Preview Program.

  • Improved intelligent scan - The algorithms for intelligent scan have been updated, allowing the scope of both new and subsequent scans be determined more accurately. Additionally, the new algorithms are capable of supporting more application structures of Java (both JDK and Android) applications.

  • Improved confidence score calculation - The algorithms for confidence score have been modified to more accurately calculate the confidence score of Instant Fixes. The modification only impacts new scans - results in existing scans will retain their current confidence score.

  • CLI updates - The CLI has been updated to provide user management capabilities. To learn how to use CLI to manage users, visit Getting Started with Lucent Sky AVM – Using CLI.

List of fixes included in Lucent Sky AVM 4.6

Unable to upload source code archive containing files with long paths using the Web UI

When running Lucent Sky AVM 4.5 on a system that supports Win32 long paths, an error message about exceeding path length limit is shown and the upload cannot continue. This is due to the zip archive verifier in the Web UI unaware of the long path settings in Windows, and affects version 4.5.

This issue has been resolved in Lucent Sky AVM 4.6.

Syntax highlighting does not work in HTML reports of some iOS apps

When opening an HTML report of an iOS app and at least one result contains Swift code, an error message about syntax highlighting is shown. Additionally, Swift code in the report is not highlighted. This is due to the syntax highlighter used by Swift is not packaged in the HTML report template, and affects version 4.5.

This issue has been resolved in Lucent Sky AVM 4.6.

Known issues of Lucent Sky AVM 4.6

When updating a Lucent Sky AVM instance running a previous version through the web UI, you receive a message that the update package is corrupted. This is due to a different algorithm setting was used to generate the signature, which resulted in the incompatible signature.

Update can still be performed by executing the setup package on the server, instead of through the web UI. If you must perform the update via the web UI, contact Lucent Sky support to obtain a modified setup package.