In this release, we have addressed the widely discussed log4shell (CVE-2021-44228) and CVE-2021-45046, CVE-2021-44832 security vulnerability by upgrading the Apache Log4j version to 2.17.
Release date:
30, December 2021
What is new?
- New JAVA checks:
We have added 12 new Java CWE checks. Get more insights into Embold’s rich Java checks here.
| Sr. No | Java checks | CWE tags |
| 1 | Do Not Call System Exit | CWE-382 |
| 2 | Redirect Without Exit | CWE-698 |
| 3 | Missing Required Cryptographic Step | CWE-325 |
| 4 | Sensitive Data In Serializable Class | CWE-499 |
| 5 | Missing Break Statement In Switch | CWE-484 |
| 6 | Avoid Throwing Generic Exception | CWE-397 |
| 7 | Direct Object Reference | CWE-639 |
| 8 | Explicit Call to Finalize | CWE-586 |
| 9 | Return In Finally | CWE-584 |
| 10 | Public Static Field Should Be Final | CWE-500 |
| 11 | Static Final Array Should Be Private | CWE-582 |
| 12 | Error Message Containing Sensitive Data | CWE-209 |
| Sr. No | CPP checks | CWE tags |
| 1 | unvalidated param as index | CWE-129 |
| 2 | unvalidated memory allocation | CWE- 20 |
| 3 | unconditional pointer dereference | — |
- Added 41 new checks for solidity by integrating new linter Sohlint. (available on docker)
- Added 38 new checks for python by integrating new linter dlint. (available on docker)
- Added support for SQL checks and custom SQL checks using PMD.
- LDAP groups/multiple users are mapped to Embold global and project level roles. Know more here.
- Bug fixes and improvements.
Release scope:
- Available via all installers, docker.
Upgrade paths:
- All versions from 1.8.4.0 can be upgraded to 1.9.4.1