In this release, we have addressed the widely discussed log4shell (CVE-2021-44228) and CVE-2021-45046, CVE-2021-44832 security vulnerability by upgrading the Apache Log4j version to 2.17.

Release date:

30, December 2021

What is new?

  • New JAVA checks:
    We have added 12 new Java CWE checks. Get more insights into Embold’s rich Java checks here.
Sr. NoJava checksCWE tags
1Do Not Call System ExitCWE-382
2Redirect Without ExitCWE-698
3Missing Required Cryptographic StepCWE-325
4Sensitive Data In Serializable ClassCWE-499
5Missing Break Statement In SwitchCWE-484
6Avoid Throwing Generic ExceptionCWE-397
7Direct Object ReferenceCWE-639
8Explicit Call to FinalizeCWE-586
9Return In FinallyCWE-584
10Public Static Field Should Be FinalCWE-500
11Static Final Array Should Be PrivateCWE-582
12Error Message Containing Sensitive DataCWE-209
  • New CPP checks:
    We have added 3 new C++ checks that map to CWE.
Sr. NoCPP checksCWE tags
1unvalidated param as indexCWE-129
2unvalidated memory allocationCWE- 20
3unconditional pointer dereference
  • Added 41 new checks for solidity by integrating new linter Sohlint. (available on docker)
  • Added 38 new checks for python by integrating new linter dlint. (available on docker)
  • Added support for SQL checks and custom SQL checks using PMD.
  • LDAP groups/multiple users are mapped to Embold global and project level roles. Know more here.
  • Bug fixes and improvements.

Release scope:

  • Available via all installers, docker.

Upgrade paths:

  • All versions from 1.8.4.0 can be upgraded to 1.9.4.1