release-notes
Puma Scan Pro 0.9.2.0 release with major data flow engine improvements, new XXE and XML security analyzers, and bug fixes.
Puma Scan’s 0.9.2.0 release includes major performance improvements in the data flow / taint analysis engine, introduces several new security analyzers, and squashes a few bugs in existing analyzers.
End User Edition requires Visual Studio v15.9 or higher
Server Edition requires a Windows Server with the .NET Framework v4.7.1 and Build Tools for Visual Studio 2017 installed.
Major performance enhancements to the data flow and taint analysis engine.
Bug fix: SEC0029 - Deserialization: Binary Formatter was not correctly performing taint analysis as strings were converted to byte array. This rule was reconfigured to raise diagnostics as a dangerous function call. Taint analysis will be re-added in a future release.
Bug fix: Fixed the reporting engine to correctly display custom rule risk rating (severity) levels.
Rule Enhancement: SEC0017 - Identity Weak Password Complexity upgraded to locate .NET Core password misconfigurations.
Rule Enhancement: SEC0105 - Unencoded Label Text upgraded to support add assignment expressions.
Rule Enhancement: SEC0025, SEC0027, SEC0028 upgraded to support object creation expressions.
Bug fix: The installation wizard failed on Windows Server 2016 Standard without .NET 4.7.1. The installer was fixed to install the appropriate prerequisites before moving forward.
Bug fix: Fix to stop command line calls from crashing if the report output directory did not exist. The directory will automatically be created going forward.
