W4J-1989. XSS security events now include a taint pattern of the payload in the taintPattern CEF extension
W4J-1967, PM-442. ARMR HTTP rule can now define CSRF STP protection for selected application URLs
W4J-1964, PM-596. Requirement to run java with add-opens flags in certain configurations removed. You should remove this flag if you added it for compatibility with prior Agent versions.
W4J-1872. Invalid calls to JavaField API in ARMR Patches are now not silently ignored
W4J-1866. Logging improvement to include line number in patch exceptions
W4J-1687. Improved ARMR Patch link rule warning messages reporting when duplicate location specifiers used
W4J-1256. Improved taint propagation for Base64 encoding and decoding operations
W4J-64 In some cases the agent may not detect when a ARMR filesystem rule is duplicated
W4J-66 In some cases the agent may not detect when an ARMR filesystem rule is unreachable
W4J-252 Additional filesystem read events are generated for certain Application and JDK folders the first time an ARMR filesystem rule that contains the api() directive triggers
W4J-331 Under certain workloads running the Dacapo “h2” benchmark, an extra performance overhead may be incurred with rules in place
W4J-370 Under certain workloads running the SPECjvm2008 “derby" and "serial" benchmarks, an extra performance overhead may be incurred with rules in place
W4J-371 Under certain workloads running the SPECjvm2008 "crypto.signverify" and "xml.transform" benchmarks, an extra performance overhead may be incurred
W4J-435 ARMR Socket input specifier not working on some Java6 JDK
W4J-989 ARMR Filesystem Pathtraversal is not detected on IBM J9 JDK if Application is utlizing Java NIO classes
W4J-1023 Apache Struts 2.5 test suite is failing due to usage of incomplete Servlet API library
W4J-1367 Payload extension of security event generated by XSS rule does not contan all of the payload characters in a specific case of a complex payload.
W4J-1431 ARMR HTTP CSRF rule is not working correctly on in JSP page on Tomcat 10, 11 and JBossEAP8
W4J-1432 ARMR HTTP XSS rule is not working correctly on JBoss EAP 8 and Wildfly 32
W4J-1454 RMI Client/Server connection fails with java.rmi.NoSuchObjectException on JRockit Java6 Windows
W4J-1473 SQLi protection does not work for a small number of attacks on at least one version of J9 Java 8
W4J-1475 Input attribute can not be used on ARMR Socket Connect rules on IBM J9 JDKs
W4J-1477 ARMR VCPU rule pack breaks DNS rules using input() specifier on Windows
REM-1855 IOException is unexpectedly thrown when the Deserial rule is absent in certain cases
REM-2422 When running JRockit 6 with Dynatrace, neither JBoss AS 7.1 nor JBoss EAP 6.x are supported
REM-2434 JBoss AS 7.1 and JBoss EAP 6.x running with IBM J9 are unsupported
REM-2445 Inconsistent warning messages logged when user inadvertently omits -Dcom.waratek.log.file property depending on whether log.mode is LOCAL or is BOTH
REM-2906 On some versions of IBM J9 JDK8, jdk-j9-8sr5fp10-linux-x64 being one such version, ARMR XSS is not detected in SpringBoot applications.
REM-3045 Protected XSS attack on JamWiki webapp causes JBoss v4.2 shutdown to hang
REM-3126 Warning "OpenJDK 11 IllegalAccessError after JVMTI retransform/redefine" while onboarding to the Portal
REM-3230 Under certain workloads running JRockit 6, an extra performance overhead may be incurred