8.8.0 Hotfixes
Installation Notes
- Hotfixes and content packs are cumulative and include previous hotfix/content package updates.
- The relevant hotfix must be installed on the CxManager, CxEngines and the CxAudit stations, unless otherwise indicated. In a distributed environment, the hotfix must also be installed on the Portal station.
Resolved Issues and Changes
| Category | |
|---|---|
| HF30 | Log information has been added to the audit trail for cases when a team has been created or deleted or when users have been deleted as a result of deleting a team. |
.
| Category | |
|---|---|
| HF29 | For GIT integrations, the redundant display of the token has been removed from the user interface. |
In SAML integrations, an issue has been fixed that caused users to be assigned to a different team hierarchy due to identical team names. | |
In SAML integrations, an issue was fixed that caused permission errors for teams whose team name ended with a space. |
.
| Category | Resolved Issues |
|---|---|
| HF28 | Fixed a connection issue when attempting to connect a new project to the Git repository and the repository path contains the string "-b". |
| Fixed an issue that caused the scan clone to fail when using a a tag in GIT. | |
| Improved the performance of source files in case the Scans Manager stops responding. | |
| Merging results from a scan without code change with the results of previous scans proceeds faster. |
.
| Category | Resolved Issues |
|---|---|
| HF27 | Added an option to configure the Day Count parameter before a pending scan times out. This parameter is configured by changing the setting for the MaxDaysForRunningScan parameter. |
Merging results from an incremental scan with the previous scan results performs now faster. |
.
| Category | Resolved Issues |
|---|---|
| HF26 | An issue has been corrected that caused deleting scan related files to fail, which resulted in storage overflow. |
Corrected a scenario that caused the engine service to be reset as a result of I/O issues. |
.
| Category | Resolved Issues |
|---|---|
| HF25 | A mandatory security fix was performed for an unauthenticated remote code execution. |
.
| Category | Resolved Issues |
|---|---|
| HF24 | Corrected status errors for cases when a scan is mistakenly marked as completed. |
Corrected cases when overriding queries in two different teams was only reflected in the first team |
.
| Category | Resolved Issues |
|---|---|
| HF23 | Improved performance for scans with invalid IDs. |
.
| Category | Resolved Issues |
|---|---|
| HF22 | Corrected an issue that caused the Results Viewer not to display results in cases when the Results Similarity ID is configured per project (‘RESULT_ATTRIBUTES_PER_SIMILARITY’ flag is set to ‘false’). |
Added additional debug logs for GIT issues at the target. |
.
| Category | Resolved Issues |
|---|---|
| HF21 | Improved the support for setting GIT repository definitions via CxSAST REST API. |
.
| Category | Resolved Issues |
|---|---|
| HF20 | A plugin concurrency issue was corrected. |
The performance of the update scan statistics process was improved. | |
Added the ability to switch the automatic best fix location statistics calculation on and off in case of performance issues. | |
Corrected an issue issue that caused a duplication of the results in cases where the IO of the database could not complete the transaction. | |
Improved the performance of the “best fix location” statistics calculation. | |
| Corrected an issue that caused the “best fix location” internal calculation to lock the database. |
.
| Category | Resolved Issues |
|---|---|
| HF19 | Incremental scans that were reverted to full scans due to the threshold were still presented as incremental. |
.
| Category | Resolved Issues |
|---|---|
| HF18 | A behavior change has been applied to all hotfixes, starting from v8.8 HF18. Refer to Hotfix (HF) Behavior Changes for more information. |
Improvements in the decision mechanism for determining if an incremental scan should run | |
Fix for an error in scans for unchanged code, ensuring that the ExtSrc folder gets cleaned | |
Fix for a security issue in the Query description screen | |
Fix for an error when generating a PDF report with "Result description" in template | |
| Fix for an error when unzipped files were not cleaned up | |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF17 | Numerous JavaScript parsing fixes, subsequently increasing the number of found vulnerabilities for JavaScript projects |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF16 | This hotfix includes multiple fixes to improve overall user experience for the ‘All Projects’, ‘Project‘ and ‘All Scans’ areas |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF15 | Performance improvements of the scans queue |
Fixes for the following issues:
| |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF14 | You should manually backup your 'web.config.xml' file before running this HF, then replace it back after installation is done. This should be done on each machine where the Checkmarx Web Portal is installed. The 'web.config.xml' file is located at: ..\Checkmarx\CheckmarxWebPortal\Web\). |
Fix for the issue: UI shows that Engine executes more scans than configured | |
Fix for the issue: Downloaded logs do not contain the Application logs for configured logs location | |
Fix for the issue: the New Scan Requests process doesn't thread-safe | |
Fix for the issue: Scan Manager tries to allocate scan to Engine that is blocked | |
Fix for the issue: Scan Requests stuck on stage 1 (New) | |
Fix for the issue: Some of the Filters do not function properly in Projects state | |
Fix for the issue: The scan is still listed in ReservedScans.mcx when the ScansManager sees it as finished | |
Fix for the issue: CxEngineAgent stay as Ghost in Engine Server Machine | |
Fix for the issue: Engine Service fails to create a folder for scan and Engine Agent fails to do his job | |
Fix for the issue: Engine Service startup taking too long | |
Fix for the issue: EngineSessionToServer table rows using the wrong ScanTime | |
Fix for the issue: Fail to open Engine Management screen and fail some of the scans | |
Fix for the issue: Incorrect Available Engines calculation for Engine State widget of Utilization page | |
Fix for the issue: Scan fails - create a project with email in advanced actions (post-scan e-mail ) | |
Fix for the issue: Missing paging in Preset Manager page | |
Fix for the issue: LoadBalancerCore.getLeaseLoadedServer return one instead of a list of possible engine servers | |
Performance Improvement in ReserveMemory | |
| Added a configuration keys to enable a new feature flags | |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF13 | Fix for issue with filters and sorting not functioning properly in some pages |
| Fix for the issue with AbsInt stage in a scan | |
| The configuration key INCREMENTAL_SCAN_THRESHOLD_ACTION, if does not exist in DB, will be created with the default value FAIL | |
| Fix for issue with the override of a query on the team level | |
| From HF13 onward v8.8.0 does not support SQL 2008 and SQL 2008R2 |
.
| Category | Resolved Issues |
|---|---|
| HF12 | Fix for Git configuration in SSH |
| Fix for comment issue and incorrect queue time in the Portal for an incremental scan without code-change | |
| Improved support for template strings on Javascript | |
| Improved support for object destructuring on Javascript | |
| New support for ES8 imports on Javascript | |
| Fix for issue when Deleted Projects shown on Projects State list | |
| Fix for Team fields doesn't show full path in Projects State screen |
.
| Category | Resolved Issues |
|---|---|
| HF11 | Due to UI slowness, the Project state, All projects and All scans screens where changed to allow paging |
| When using UnzipLocalDrive, the initially copied zip file not deleted at the end |
.
| Category | Resolved Issues |
|---|---|
| HF9 | CxAudit crash when unchecking "One level only" in query's dependenciesdependencies. |
| Duplication of result in DB due to error in reading numeric parameters in non English languages windows | |
| Overriding of general queries from all languages doesn’t work in case that executable query use common language. | |
| XML downloads being terminated if they are over 800 MB | |
| When an incremental scan is reverted to a full scan due to threshold limit, that scan is set as the new baseline full scan |
.
| Category | Resolved Issues |
|---|---|
| HF8 | Fix for [UI/Enterprise] - Performance improvement |
.
| Category | Resolved Issues |
|---|---|
| HF7 | Fix for Fail to un-compress files with Cyrillic characters |
Fix for Generate Report PDF hangs due to ERROR: System.ArgumentException: Illegal characters in path. at System.IO.Path.GetExtension(String path) | |
Fix for Sporadic disconnects | |
Fix for New MultiCores code for engine | |
Fix for changes OSA in SPA folder | |
Fix for inserting Chinese descriptions |
.
| Category | Resolved Issues |
|---|---|
| HF6 | Fix for Error occurred when changed result state for a large number of vulnerabilities |
.
| Category | Resolved Issues |
|---|---|
| HF5 | If a full scan is executed instead of Incremental scan, UI now presents the correct information |
| Fix for LDAP User Login with @ (email or userPrincipalName) | |
| Fix for Error occurred when changed result state for a large number of vulnerabilities | |
| Fix for queue performance degradation while one engine offline | |
| XML downloads are terminated if over 800 MB |
.
| Category | Resolved Issues |
|---|---|
| HF4 | Fix for Engine Service error |
Additional improvement for shared source folders extract performance | |
| Fix for security issue at the WebPortal | |
| Fix for PDF report generation | |
| Fix for Post Scan emails (password contains special symbols) |
.
| Category | Resolved Issues |
|---|---|
| HF3 | Fix the content of Method Invoke field while collecting confidence level data (when configuration flag is on) |
| Fix for incremental scan no code changes report | |
| Add the optional version of calculation Similarity ID in mode ignoring spaces at the beginning of the line (SIMILARITY_ID_VERSION) | |
| Fix for a vulnerability in parsing MyBatisXML | |
| Improvement in shared source folders extract performance (EnableUnzipLocalDrive, UnzipLocalPath) |
.
| Category | Resolved Issues |
|---|---|
| HF2 | CPP – Fixed a several parsing problems |
| Scala – Fixed parsing of right arrow | |
| OSA - Request timeout extended to 60 minutes | |
| OSA - Fix for duplicate vulnerabilities issue | |
Policy Management - Fixed problem with scan findings update | |
Fix for plugin's communicating with FIPS enabled manage |
.
| Category | Resolved Issues | Changed DLLs & Folders |
|---|---|---|
| HF1 - This hotfix should be installed ONLY on CxAudit and CxManager machines (not CxEngines) | Cross project query override conflict |
|
OSA viewer performance | ||
| Cve description is never loaded after upgrade | ||
| Audit host validation fix |
.