Skip to main content
Version: 25.7.0

Java Agent Release Notes (25.7.0)

Overview

This release improves Portal connectivity, UNC support for Windows and Tainting Engine.

New Features / Improvements

  • W4J-894, W4J-1476, W4J-1822, W4J-2020, W4J-2024, W4J-2025, W4J-2042, W4J-2087, W4J-2093 improvements made to the Tainting Engine
  • W4J-2104, W4J-2143, ES-2283, ES-2289, 42144896307, improved support for UNC paths on Windows
  • W4J-2130, ES-2286, PM-608 honor ControllerSSLCertificateValidation flag for any Portal connection
  • W4J-2132, ES-2286, PM-608 honor custom trust store flags for any Portal connection
  • W4J-2134 NoSuchMethodError when using TraceHookEnable flag on some Applications
  • W4J-2136 NoClassDefFoundError when using TraceHookEnable flag on Spring-Boot and JDK11+

Bug Fixes

  • W4J-2095, ES-2295, 43009766566, Agent warning: Failure while fetching configuration
  • W4J-2148, ES-2283, 41523830027, ES-2302 OpenRedirect rule does not work as expected for invalid URL

Known Issues

  • W4J-252 Additional filesystem read events are generated for certain Application and JDK folders the first time an ARMR filesystem rule that contains the api() directive triggers
  • W4J-435 ARMR Socket input specifier not working on some Java6 JDK
  • W4J-989 ARMR Filesystem Pathtraversal is not detected on IBM J9 JDK if Application is utlizing Java NIO classes
  • W4J-1367 Payload extension of security event generated by XSS rule does not contan all of the payload characters in a specific case of a complex payload.
  • W4J-1431 ARMR HTTP CSRF rule is not working correctly on in JSP page on Tomcat 10, 11 and JBossEAP8
  • W4J-1432 ARMR HTTP XSS rule is not working correctly on JBoss EAP 8 and Wildfly 32
  • W4J-1473 SQLi protection does not work for a small number of attacks on at least one version of J9 Java 8
  • W4J-1475 Input attribute can not be used on ARMR Socket Connect rules on IBM J9 JDKs
  • W4J-1477 ARMR Patch for CVE-2016-5552 disables input() specifier on DNS/Socket rules on Windows
  • REM-2434 JBoss AS 7.1 and JBoss EAP 6.x running with IBM J9 are unsupported
  • REM-2906 On some versions of IBM J9 JDK8, jdk-j9-8sr5fp10-linux-x64 being one such version, ARMR XSS is not detected in SpringBoot applications.
  • REM-3126 Warning "OpenJDK 11 IllegalAccessError after JVMTI retransform/redefine" while onboarding to the Portal

Third Party / Open Source Dependencies

  • ANTLR
  • Log4j (version1) Library
  • ASM Library
  • OpenJDK JDK Source
  • JASYPT