Skip to main content

Release news for hosted customers

The Release News is published every month for hosted customers.

December 2024

Contrast for hosted customers was released on December 10, 2024.

Advance notice regarding Contrast MS Teams Integration

  • On January 31st, 2025, the Microsoft Webhook-based connectors within the O365 Connectors service in Teams are transitioning to a new URL structure due to the implementation of further service hardening updates. This will impact the Contrast MS Teams Integration. As a result, we will update the MS Teams integration to support this change as part of our January release. We ask customers using the MS Teams integration to follow this guide to prepare themselves for the change. More information on our upcoming change can be found on the Microsoft Teams preview page.

New and improved

  • Added support for dynamic scoring when you change the status of a vulnerability to Not a Problem. (PROD-3103)

November 2024

Contrast for hosted customers was released on November 12, 2024.

New and improved

  • NEW: Attack event view based on a new data service that provides improved performance, better stability, expanded data retention time, and an overall better user experience. (PROD-2300, PROD-2308, PROD-2330, PROD-2654, PROD-2935)

  • NEW: Updated and improved view of the Audit log. (PROD-2094, PROD-3158, PROD-3083, PROD-3074, PROD-3075)

  • Release of role-based access control (RBAC) for all existing organizations in Preview mode. (PROD-3098, PROD-3211, PROD-3204)

    New organizations will use RBAC in Enforce mode.

October 2024

Contrast for hosted customers was released on October 8, 2024

New and improved

  • Improved and simplified agent deployment process with updated Agent wizards. (PROD-3079, PROD-3080, PROD-3081, and PROD-3089)

  • Added the ability to recommend a minimum library upgrade. This recommendation identifies the closest library version to the one you currently have that contains as few vulnerabilities as possible. (PROD-3072)

  • Added documentation for creating custom rule exclusions for the Contrast Scan local engine. (PROD-2824)

  • Added the ability to change the severity for Contrast Scan vulnerabilities. (PROD-2951)

  • Added the ability to filter Contrast Scan vulnerabilities by CWE. (PROD-3046)

  • Added Secure Code Warrior recommendations for fixing Contrast Scan vulnerabilities. (PROD-2577)

  • Preview: Added the ability to view role-based access control permissions for users in an organization. (PROD-2573)

    This feature is available only if role-based access control is turned on for your organization. This feature is not available if you are using user and groups for access control.

  • Preview: Added the ability for users to view their own role-based access control permissions. (PROD-2572)

    This feature is available only if role-based access control is turned on for your organization. This feature is not available if you are using user and groups for access control.

September 2024

Contrast for hosted customers was released on September 10, 2024

New and improved

  • NEW: Added the ability to use the API and CLI to generate a SARIF file for Assess or SCA vulnerabilities. (PROD-3084)

  • Added the ability to download a Scan CSV report that contains more than 2,000 results. (PROD-3005)

    You have the option of selecting individual pages of results to download.

August 2024

Contrast for hosted customers was released on August 13, 2024.

New and improved

  • Improved the workflow of Agent wizards (accessed from Add New) to simplify the task of adding applications to Contrast. (PROD-2812)

  • Added a link to the Agent Configuration Editor to Agent wizards. (PROD-2773)

  • PREVIEW: New Attack events page that makes it easier to view and manage attack event data. (PROD-2300).

    For access to this feature, contact your Contrast representative.

  • NEW: Added the ability to query audit log events using the new Audit API. (PROD-2887)

    The new API allows you to query the audit log for SAST, Assess, and role-based access control (RBAC) events. The new events for SAST (Contrast Scan) and RBAC include:

    • SAST

      • Creating/Deleting projects

      • Running scans

      • Changing vulnerability status

    • RBAC:

      • Creating/Updating/Deleting users

      • Creating/Updating/Deleting resource groups

      • Creating/Updating/Deleting roles: Includes updates to built-in roles.

      • Creating/Updating/Deleting user access groups

  • PREVIEW: Report dashboard that shows aggregated data for open and closed vulnerabilities, trends for meantime to remediate vulnerabilities, and more. To access the dashboard, go to user menu > Report Dashboard. (PROD-3097)

  • Role-based access control (preview): Added guidance to help you select resource groups that match your selected actions when you add custom roles. (PROD-2878)

    Contrast notifies you if your selected actions and resources don't match.

July 2024

Contrast for hosted customers was released on July 16, 2024.

New and improved

  • New! Contrast security observability: This new feature models an application’s security architecture and behavior at runtime. Use this information to better understand the underlying behavior of your applications for threat modeling, pen test support, and contextual information around vulnerabilities and attacks.

    Currently, this feature supports Java applications only.

  • New! Generate a SARIF file with Assess and SCA findings

    A new sarif CLI command lets you create a SARIF file that includes findings from Assess and SCA for a specific application. (PROD-2809)

  • Batch edit of Scan vulnerability status: You can now change the status for multiple Scan vulnerabilities at the same time. (PROD-2760)

  • Filter by last Contrast Scan: You can now create filters to view scans based on a specified time frame. (PROD-3045)

June 2024

Contrast for hosted customers was released on June 14, 2024.

New and improved

  • Protect for PHP. The PHP agent now supports Protect rules and features including Command Injection, SQL Injection, Path Traversal, Reflected XSS, Bot Blocking, IP Blocking, and Sensitive Data Masking. (PROD-1636)

  • Vulnerability tab enhancements. Added a column on the vulnerabilities tab under Scan projects that displays the specific language the vulnerability belongs to. You can also filter the results by language for the column. (PROD-2796, PROD-2798)

  • CSV report enhancements. CSV report can now be generated to include only specific criteria based on filter selections. (PROD-2933)

  • Authentication. It is strongly recommended to enable multi-factor authentication if single sign-on is not enabled for the organization. (PROD-1881)

  • Maven wrapper. Added CLI support for Maven wrapper. (PROD-3021)

  • Improved endpoint performance. Improved the performance of the /Contrast/api/ng/?/libraries/filter endpoint. (SCA-1671)

May 2024

Contrast for hosted customers was released on May 14, 2024.

New and improved

  • Compatibility Check. Contrast is now able to check if routing frameworks are supported after agent instrumentation. The Contrast dashboard will display details about which frameworks it finds during route discovery. Currently, the latest versions of the Java and .NET agents support this feature. (PROD-2447)

  • Java Agent. Added gRPC support for Java. (PROD-2546)

  • Java Agent. Added support for Glassfish/Payara 5 and 6 for Java. (PROD-2792)

  • .NET Agent. Added gRPC support for DOTNET.  (PROD-2289)