In this release, we have addressed the widely discussed log4shell (CVE-2021-44228) and CVE-2021-45046, CVE-2021-44832 security vulnerability by upgrading the Apache Log4j version to 2.17.
30, December 2021
What is new?
- New JAVA checks:
We have added 12 new Java CWE checks. Get more insights into Embold’s rich Java checks here.
|Sr. No||Java checks||CWE tags|
|1||Do Not Call System Exit||CWE-382|
|2||Redirect Without Exit||CWE-698|
|3||Missing Required Cryptographic Step||CWE-325|
|4||Sensitive Data In Serializable Class||CWE-499|
|5||Missing Break Statement In Switch||CWE-484|
|6||Avoid Throwing Generic Exception||CWE-397|
|7||Direct Object Reference||CWE-639|
|8||Explicit Call to Finalize||CWE-586|
|9||Return In Finally||CWE-584|
|10||Public Static Field Should Be Final||CWE-500|
|11||Static Final Array Should Be Private||CWE-582|
|12||Error Message Containing Sensitive Data||CWE-209|
- New CPP checks:
We have added 3 new C++ checks that map to CWE.
|Sr. No||CPP checks||CWE tags|
|1||unvalidated param as index||CWE-129|
|2||unvalidated memory allocation||CWE- 20|
|3||unconditional pointer dereference||—|
- Added 41 new checks for solidity by integrating new linter Sohlint. (available on docker)
- Added 38 new checks for python by integrating new linter dlint. (available on docker)
- Added support for SQL checks and custom SQL checks using PMD.
- LDAP groups/multiple users are mapped to Embold global and project level roles. Know more here.
- Bug fixes and improvements.
- Available via all installers, docker.
- All versions from 22.214.171.124 can be upgraded to 126.96.36.199