Lucent Sky AVM 3.9.1 is the maintenance release, focusing on ironing out several issues in the previous release. Improvements include fine-tuning the 3rd generation mitigation engine, support of identifying and remediating Trust Boundary Violation issues, and a bug fix to the Java analysis engine.
Updates in Lucent Sky AVM 3.9.1 include:
- Fine-tuning to the 3rd generation mitigation engine - Numerous small improvements were done to the 3rd generation mitigation engine to improve the precision of vulnerability remediation, especially in the case when existing code already uses some security mechanism but is insufficient.
- Support of CWE-501 (Trust Boundary Violation) - Some Trust Boundary Violation issues can now be identified and remediated, such as storing untrusted data into an otherwise trusted data structure or storage. Due to the design-oriented nature of this type of issues, the rule is disabled by default.
- Bug fixes - Several bugs that exist in Lucent Sky AVM 3.8 and 3.9 were fixed, such as inability to identifying some CWE-601 (Open Redirect) issues in Java applications.
If you are using Lucent Sky AVM Enterprise, Standard or Test Edition (either on-premise or cloud), you can update to Lucent Sky AVM 3.9.1 immediately. Our support team will reach out to you shortly to schedule an update. If you are using Lucent Sky AVM On-Demand, your server will be updated to Lucent Sky AVM 3.9.1 in the next few days.