Skip to main content
Version: 25.0.0

Java Agent Release Notes (25.0.0 - GA)

Overview

Several improvements over previous 24.1.0.

New Features / Improvements

  • PM-289 Support CIDR notation in the ARMR Socket rule
  • PM-488 Load ARMR files from within a zip
  • PM-524 optional logging capabilities for execution of Patches
  • PM-495 improved ARMR protection for IO operations

New Features / Improvements Which Break Backward Compatibility

  • PM-511 simplification of Waratek CEF event format (simply “ARMR“ vs. “ARMR:ARMR“)

Feature Removals

  • PM-468 Remove support for OS variables
  • PM-532 removed old “JVC-based” agent naming options
  • W4J-844 Support removed for the deprecated Waratek Option com.waratek.rules.log. Use com.waratek.log.file instead

Bug Fixes

  • W4J-143 Internal rules should not generate Load and Link events
  • W4J-237 Insuficient expansion of String buffers was reported by BuiltInSelfTest
  • W4J-287 Weblogic 14.1.1.0 was not starting
  • W4J-308 On Windows, file system permissions are not reliable resulting in error when attempting to load ARMR rules from file which was actually NOT accessible.
  • W4J-415 Applications that utilize java.sql.* interfaces are failing to execute some methods.
  • W4J-422 Compilation error message of Java Patches written on Windows has incorrect line numbers in certain cases
  • W4J-447 Agent now uses name "Waratek Agent" for all log events
  • W4J-455 Removed duplicate link event logging for Path Traversal rules
  • W4J-458 Security Event message simplified to a single ARMR as the product name
  • W4J-473 Validation for Waratek flag values, they should not contain double-quotes
  • W4J-513 API Discovery events are sent in batches
  • W4J-674 Improved Agent behavior for when credentials are invalid
  • W4J-695 Use of ShowPatchExecution flag was not working as expected
  • W4J-746 Portal agent communication may trigger wildcarded Socket connect and Socket bind(client) rules
  • W4J-796 There are no unlink and unload events when Sanitization and XXE rules are disabled.
  • W4J-804 Stricter validation of HTTP Header names in ARMR HTTP set-header rule
  • W4J-806 Http input validation rule did not trigger in some cases
  • W4J-857 It is not possible to patch j.s.MessageDigest class
  • W4J-865 Recompilation is called for the classes where recompilation might not be possible
  • W4J-877 Order in which active ARMR apps were loaded was non-deterministic
  • W4J-952 DNS rule duplicate logging wasn't including "outcome" CEF extension
  • W4J-995 Minor, log message was not as expected when read permissions are denied to rules file on Windows
  • W4J-1048 Setting HTTP proxy breaks communication to the Portal
  • W4J-1049 JDK Proxy configuration was breaking Agent to Portal communication

Known Issues

  • W4J-64 In some cases the agent may not detect when a ARMR filesystem rule is duplicated
  • W4J-66 In some cases the agent may not detect when an ARMR filesystem rule is unreachable
  • W4J-252 Additional file read CEF events are generated for certain paths the first time an ARMR filesystem rule that contains the api() directive triggers
  • W4J-331 Under certain workloads running the Dacapo “h2” benchmark, an extra performance overhead may be incurred with rules in place
  • W4J-370 Under certain workloads running the SPECjvm2008 “derby" and "serial" benchmarks, an extra performance overhead may be incurred with rules in place
  • W4J-371 Under certain workloads running the SPECjvm2008 "crypto.signverify" and "xml.transform" benchmarks, an extra performance overhead may be incurred
  • REM-1855 IOException is unexpectedly thrown when the Deserial rule is absent in certain cases
  • REM-2422 When running JRockit 6 with Dynatrace, neither JBoss AS 7.1 nor JBoss EAP 6.x are supported by Java Agent
  • REM-2434 JBoss AS 7.1 and JBoss EAP 6.x running with IBM J9 are unsupported
  • REM-2445 Inconsistent warning messages logged when user inadvertently omits -Dcom.waratek.log.file property depending on whether log.mode is LOCAL or is BOTH
  • REM-2743 JBoss EAP 7.2 fails to start on Java Secure when running Java 11
  • REM-3045 Protected XSS attack on JamWiki webapp causes JBoss v4.2 shutdown to hang
  • REM-3126 Warning "OpenJDK 11 IllegalAccessError after JVMTI retransform/redefine" while onboarding an agent to later versions of the Management Console
  • REM-3230 Under certain workloads running JRockit 6, an extra performance overhead may be incurred
  • REM-3235 Under certain workloads running Tomcat, an extra performance overhead may be incurred with the XSS rule

Third Party / Open Source Dependencies

  • ANTLR
  • Log4j (version1) Library
  • ASM Library
  • OpenJDK JDK Source
  • JASYPT