find-sec-bugs/find-sec-bugs version-1.3.0

Version 1.3.0 - Don't be X.M.Hell compliant !

on GitHub

Summary

This release improved the most risky API: XML Parsing and SQL query.

The messages associated to the discoveries will also more targeted.

Full Changelog

Implemented enhancements:

• XXE - Separate guidelines (XMLReader/SaxParser/DocumentParser) #27
• XXE - Avoid false positive when secure features are set. #26
• JDO Query - Potential Injections #23
• JDO PersistenceManager - Potential Injections #22
• Hibernate Restrictions API - Potential Injections #21