Quality Clouds 20.2.3.0 Release Notes

Release date: 4th June 2020


Highlights

  • We're drastically shortening the quality scan duration.

Starting with the new release, all new instances of our new customers (including trial users) and partners will be using the change-log based scanning which improves the scan performance and shortens its duration by 5 to 10 times.

You'll be able to get your scan results in real time. 


  • Our open source libraries analysis just got more accurate.

If you're worried about forgetting once imported open source libraries and loosing visibility on risks they may pose, we've got you covered. Our analysis now detects the actual name and version of each open source library used in your code, even though these might have gotten renamed.

You can find the Detected Open Source Libraries on our Profiling dashboard.

With that information we can highlight any reported library vulnerability.

Note

Not all reported vulnerabilities apply to the use of Open Source JavaScript libraries in the specific context of their use in SaaS platforms, versus their use in the development of stand alone web applications.

For now, we are including only a limited set of vulnerabilities - added in the form of two new Security rules for both ServiceNow and Salesforce, and these are the following:

Description

Severity

Area of impact

Full scanUpdate set scanLive Check
jQuery - XSS vulnerability under 3.5.0, when using htmlPrefilterWarningSecurity

XSS vulnerability in Ext JS Action Column getTipWarningSecurity

The new rules will be reported with severity Warning. We suggest you change the severity to High - see Managing rulesets.

In the next release, we expect to release a full set of relevant vulnerabilities.

  • We're further improving our Ruleset section

You can now use the new filter for configuration element, and sort the selected columns of the ruleset table, making the batch updates to rules easier. 


Quality Clouds for ServiceNow

  •  You've asked for it, and now we capture it - who uses Live Check

We've started registering the users who run Live Check. We'll be showing the info on a new dashboard after the next release. 


  • We've refined the algorithm for detecting out of the box changes

Previously, the detection of Out of the Box (OOTB) changes was omitting to flag some elements where the "created by" user was "admin". This has now been modified using additional attributes of the configuration elements.

As a result, you may see an increase in the number of OOTB modifications reported in the Upgradeability dashboard, and of warnings of type "Out of the Box element modified" in all the dashboards which show issues.


What's here


Related content

What's new




Last modified on Jun 5, 2020