New features
- A new security rule has been added to check for REST and web service microflow actions using a template. Templates build up a string and if parameters are used this is a possibility for injection attacks. If the parameters are properly validated you can use an annotation to prevent the violation.
- A new security rule has been added to check strict page URL checking is turned on in the project security settings.
- A new API call has been added to the Code Review published API. With this call you can sync branches and revisions.
Improvements
- The rule ‘Access rules in multi tenant apps should lead to current user’ has been extended to support some more complex XPaths:
- OR-operation was not allowed and is now requiring left AND right to fullfill the specified XPaths.
- Removing spaces before matching, so match doesn’t fail on developers adding spaces
- The access rule number is shown in the message to better understand which access rule is violating
- Changes to an AppStore widget (new or changed) are now automatically scanned.
- They are scanned within the same widget if a widget with the same name was found in an earlier release
- They are not scanned if a widget with the same name in an earlier release was cleared from AppStore link
- The UI for widgets has an improved display of linked app store content
- AppStore module compare doing full scans on newly found modules. No longer linkes to the latest version
- For changed modules (compared to the previous revision that is reviewed) also a full scan is done to detect if a newer module from the app store was imported
- The UI for modules has an improved display of linked app store content
- Small UI change. Revisions overview change [Only team server models] into [Only team server revisions]
Fixes
- Bug fix CI/CD mail replacement failed in very specific situation
- Fix for rule declared variables should be used in expressions in show page actions
- Fixing and protecting against empty pipeline guids