Back to Resources

release-notes

Puma Scan Release Notes: 1.1 - 1.5 (2021 - 2022)

13 Jul 2022

Puma Scan release notes for versions 1.1–1.5. Covers Sonatype OSS Index, SARIF output, VS 2022 support, .NET 6, and custom sinks.

The 1.1 through 1.5 series added open source dependency scanning, new output formats, Visual Studio 2022 support, and .NET 6 compatibility with expanded custom sink support across the full rule catalog.

Version 1.1 (March 2021)

  • New rule: SEC0039 - Vulnerable Package Reference integrating with the Sonatype OSS Index for open source vulnerability detection
  • Fixed Dataflow Analysis Engine v2.0 false positives for const fields in nested static classes
  • New SARIF output format for Server and Azure DevOps editions
  • VS Code: fixed intermittent error dialog on manual scan

Version 1.1.2 (July 2021)

  • Fixed SEC0029 DataContractJsonSerializer ArgumentOutOfRangeException
  • Fixed SEC0039 ignoring project dependencies when Version attribute is missing
  • Server and Azure DevOps: asterisk glob pattern support for project and settings paths
  • Azure DevOps: license activation no longer requires manual PumaLicense pipeline variable updates
  • Server Edition: fixed exit code incorrectly returning error with version switch

Version 1.2 (November 2021)

  • Dataflow Analysis Engine v2.0 now the default for new installations
  • Existing projects with .pumafile retain their configured engine version
  • VS Code: .NET 5 SDK support

Version 1.3.1 (February 2022)

Visual Studio 2022 support.

  • Visual Studio 2022 (v17.0+) support added
  • Build Tools 2019 and 2022 both supported for Server and Azure DevOps editions
  • New dedicated Puma Scan Tool Window for findings, configuration, and report generation
  • On-demand scanning mode option for large solutions or lightweight development. See the User Guide for details.

Version 1.5 (July 2022)

.NET 6 SDK support with expanded custom sinks.

  • All rules updated for .NET 6 framework namespaces
  • Custom sinks support expanded to 40+ rules including SQL injection, XSS, command injection, deserialization, path tampering, LDAP injection, SSRF, and more. See the User Guide for configuration details.
  • VS 2022: fixed exception when opening without a solution
  • VS Code: fixed exception on first scan or license activation

Related Posts

release-notes

Puma Scan 1.0 Series Release Notes (2020 - 2021)

The 1.0 series marked Puma Scan Professional’s general availability milestone, bringing cross-platform VS Code support,...


Eric Mead / 05 Jan 2021

release-notes

Puma Scan Release Notes: 0.8 - 0.9.9 (2018 - 2020)

The 0.8 through 0.9 series transformed Puma Scan from a Visual Studio-only beta into a...


Eric Mead / 18 May 2020

release-notes

Puma Scan Release Notes: 0.5 - 0.7.5 (2017 - 2018)

The early beta period established Puma Scan Professional’s core capabilities: custom rules configuration, data flow...


Eric Mead / 13 Jul 2018