Back to Resources

release-notes

Professional Edition 0.9.5 (November 2019)

18 Nov 2019

Professional Edition 0.9.5 Release Notes

Puma Scan’s 0.9.5 release is an update for the Puma Scan End User, Server, and Azure DevOps Editions.

System Requirements

  • End User Edition requires Visual Studio v15.9 or higher.

  • Server Edition requires a Windows Server with the .NET Framework v4.7.2 and the Build Tools for Visual Studio 2017 or the Build Tools for 2019 installed.

  • Azure DevOps Edition requires a hosted Azure Build Pipeline using the vs2017-win2016 or windows-2019 build agent.

Framework Enhancements

  • Rule Enhancement: SEC0019 - Missing AntiForgery Attribute now supports custom anti-forgery attributes or filters by registering cleanse methods in the scan configuration. For example, the following cleanse method configuration suppresses all actions and controllers that have the Puma.Security.Validation.Filters.CustomAntiForgeryAttribute attribute: 

      "CustomCleanseMethods": [
      {
      "RuleIds": [ "SEC0019" ],
      "Flag": "Filter",
      "Syntax": "AttributeSyntax",
      "Namespace": "Puma.Security.Validation.Filters",
      "Type": "CustomAntiForgeryAttribute"
      }
  ]


  • Rule Enhancement: SEC0120 - Missing Authorize Attribute now supports custom authorization attributes or filters by registering cleanse methods in the scan configuration. For example, the following cleanse method configuration suppresses all actions and controllers that have the Puma.Security.Authorization.Filters.CustomAuthorizationAttribute attribute: 

      "CustomCleanseMethods": [
      {
      "RuleIds": [ "SEC0120" ],
      "Flag": "Filter",
      "Syntax": "AttributeSyntax",
      "Namespace": "Puma.Security.Authorization.Filters",
      "Type": "CustomAuthorizationAttribute"
      }
  ]


  • Rule Enhancement: SEC0025 - Weak Symmetric Algorithm now finds usage of the RC2 and RC2CryptoServiceProvider algorithms.

  • Rule Enhancement: SEC0018 - Identity Password Lockout Disabled was updated to include disabling the lockout argument in the .NET Core CheckPasswordSignInAsync method.

  • Rule Enhancement: SEC0104 - Unencoded WebForms Property was updated to include over 300 new vulnerable Web Forms control properties.

  • Bug fix: SEC0131 - Hard-Coded Secret was updated to fix a typo in the default key variable name regular expression.

End User Edition Enhancements

  • Enhancement: Vulnerabilities in non-code files (e.g. .aspx, .cshtml, .config, .js) now support Error List double click navigation and spell checking in the open document.

    Puma Scan spell check warnings on non-code files.

Related Posts

release-notes

Professional Edition 1.5 (July 2022)

Professional Edition 1.5 Release Notes


/ 13 Jul 2022

release-notes

Professional Edition 1.3.1 (February 2022)

Professional Edition 1.3.1 Release Notes


/ 12 Feb 2022

release-notes

Professional Edition 1.2 (November 2021)

Professional Edition 1.2 Release Notes


/ 22 Nov 2021