A new security rule has been added to check for REST and web service microflow actions using a template. Templates build up a string and if parameters are used this is a possibility for injection attacks. If the parameters are properly validated you can use an annotation to prevent the violation.
A new security rule has been added to check strict page URL checking is turned on in the project security settings.
A new API call has been added to the Code Review published API. With this call you can sync branches and revisions.
Improvements
The rule ‘Access rules in multi tenant apps should lead to current user’ has been extended to support some more complex XPaths:
OR-operation was not allowed and is now requiring left AND right to fullfill the specified XPaths.
Removing spaces before matching, so match doesn’t fail on developers adding spaces
The access rule number is shown in the message to better understand which access rule is violating
Changes to an AppStore widget (new or changed) are now automatically scanned.
They are scanned within the same widget if a widget with the same name was found in an earlier release
They are not scanned if a widget with the same name in an earlier release was cleared from AppStore link
The UI for widgets has an improved display of linked app store content
AppStore module compare doing full scans on newly found modules. No longer linkes to the latest version
For changed modules (compared to the previous revision that is reviewed) also a full scan is done to detect if a newer module from the app store was imported
The UI for modules has an improved display of linked app store content
Small UI change. Revisions overview change [Only team server models] into [Only team server revisions]
Fixes
Bug fix CI/CD mail replacement failed in very specific situation
Fix for rule declared variables should be used in expressions in show page actions
Fixing and protecting against empty pipeline guids
