Skip to content

CAP Changelog

This is the list of version numbers of the Cryptosense Analyzer Platform and their deployment dates in SaaS at Each version number is shown with a list of changes brought by that version.

23.01.0 - 2023-01-03

  • Add analysis of PKCS#7 files found by the host scanner.

22.12.2 - 2022-12-19

  • Fix the trace/report auto-deletion threshold to work with slots.
  • Fix the computation of the "has private key" property for keys when reports have been deleted.
  • Add new analysis pipeline for OpenSSL (libssl) traces.
  • Add analysis of PuTTY private key (PPK) files found by the host scanner.

22.12.1 - 2022-12-05

  • Add "View traces" and "View reports" buttons to the slots page.

22.12.0 - 2022-12-05

  • Traces and Reports are now organized into Slots inside their project. Multiple traces of the same type can now be analyzed in parallel in the same project.
  • Add support for the PPK format.

22.11.0 - 2022-11-28

  • Added EC analysis to Evp

22.10.2 - 2022-10-28

  • Added optional resource parameter to OpenID Connect authorize URL.

22.10.1 - 2022-10-24

  • Improved performance of keys and certificates pages at the organization level.
  • Fixed error when OpenID server is unavailable by falling back to classic login.

22.10.0 - 2022-10-07

  • Add option to search projects by name through the API.
  • Add option to use OpenID Connect and Ping Federate for the on-premise version.

22.09.1 - 2022-09-07

  • Fix the deletion of projects.

22.09.0 - 2022-09-05

  • Fix bugs appearing when uploading and analyzing a large number of traces in parallel.
  • Traces and reports will now be timed out and marked as failed after 2 hours and 4 hours respectively.
  • Make traces / reports names and descriptions editable in their summary box.
  • OpenSSL (libcrypto) analysis now supports more cipher algorithms.
  • Improve the overall quality of the filesystem analysis with a new implementation.
  • Add the analysis of cleartext data in PKCS#12 keystores from filesystem scans.
  • Optimize the computation and improve the appearance of keys and certificates tables.

22.07.5 - 2022-07-26

  • Add support for SHA-2 and SHA-3 algorithms in OpenSSL libcrypto analysis.

22.07.4 - 2022-07-26

  • Pending traces and reports will now be marked as failed after a while.
  • Link report key to corresponding org key, report cert to its public key, report cert to corresponding org cert, org cert to its public key and org key to all corresponding org certs.

22.07.3 - 2022-07-26

  • Avoids accumulation of files resulting from incomplete uploads (e.g. because of a client error) by automatically removing those files after a certain time.
  • Add "Export" and "Compare" buttons to a report's "Inventory" page.
  • Add the current CAP version to the footer.
  • Add a "Keys" column to the operations table in an instance details page, with links pointing to the related keys for each operation. This only applies to application tracing.

22.07.2 - 2022-07-12

  • Maintenance release.

22.07.1 - 2022-07-12

  • Fix analysis failures not being reported as such in CAP. This could lead to some traces or report to get stuck in an "in progress" state.
  • Improve visual appearance of report details so that it matches that of trace details more closely.

22.07.0 - 2022-07-04

  • Fix an occasional analysis failure for PKCS#11 traces.
  • Avoid log warnings when analyzing concatenated trace files.

22.06.1 - 2022-06-17

  • Harden the CSP header to prevent the execution of inline JavaScript. This is an additional fix to defend against potential future XSS attacks.
  • On the main dashboard in the "Organization Issue Summary" bar chart, merge bars for the same project.
  • Add pagination to the organization certificates details page.

22.06.0 - 2022-06-13

  • Harden the CSP header to restrict possible connections. This is an additional fix to defend against potential future XSS attacks.
  • Update dependencies to secure versions. The security of CAP was not affected overall.
  • Add pagination to the organization keys details page.
  • Add a button to test the Venafi integration configuration.
  • Add an option to define custom certificates for the Venafi integration.
  • On the main dashboard in the "Overview", replace the number of applications/filesystems/tokens and the number of traces by just the number of projects (relevant to each category: application/filesystem/PKCS#11 token).

22.05.8 - 2022-05-25

  • Update dependencies to secure versions. The security of CAP was not affected overall.
  • Fix stored XSS on the certificates details page. This vulnerability could be triggered through manipulated traces. No indication of attempted attacks were found, but if you have CAP on-premises, upgrading is highly recommended.

22.05.7 - 2022-05-24

  • Update dependencies to secure versions. The security of CAP was not affected overall.
  • Fix analysis of certain libssl traces.
  • Fix the analysis of Fermat attack on RSA to mark safe RSA keys as "Passed".

22.05.6 - 2022-05-19

  • Fix totalCount field for some connections in the GraphQL API (for example: ReportConnection in a Project).
  • Improve error message in the GraphQL API when the ID of a profile, project, trace or report can't be found by the server.

22.05.5 - 2022-05-06

  • Rules specific to the Host Scanner are no longer included in FIPS specific profiles.
  • Improved appearance of the organization certificate details page.
  • Fix analysis of certain certificate chains picked up by the host scanner.

22.05.4 - 2022-05-05

  • Maintenance release.

22.05.3 - 2022-05-04

  • Maintenance release.

22.05.2 - 2022-05-03

  • Maintenance release.

22.05.1 - 2022-05-03

  • Maintenance release.

22.05.0 - 2022-05-02

  • Add rule for Java applications: Psychic signatures (CVE-2022-21449).
  • Add rule for hosts and applications: Fermat attack on RSA (CVE-2022-26320).
  • Sanitize Venafi instance URL: a trailing slash no longer causes invalid links to be generated by CAP.
  • Add createdAt date field to trace and report types in GraphQL API.
  • Remove api field from project type in GraphQL API.
  • Add deleteReport mutation to GraphQL API.
  • Improve appearance of organization key details page.
  • Improve parsing of PKCS#11 usage traces.

22.04.3 - 2022-04-15

  • Improve performance of the organization keys page.

22.04.2 - 2022-04-14

  • Improve loading time for report keys page.

22.04.1 - 2022-04-14

  • New organization certificates tab.
  • New page to display details of a key at the organization level.
  • Fix broken link in trace upload tutorial
  • Fix keys tab filter to stop hiding keys of unknown length

22.04.0 - 2022-04-04

  • Existing projects are no longer tied to a specific type of trace and can now contain any type of trace allowed by the organization.

22.03.7 - 2022-03-31

  • Fix a bug that would appear when the wrong files are uploaded to recent projects.
  • Add a keptByFilters: Boolean parameter to ReportDone.instances field in the GraphQL API.

22.03.6 - 2022-03-18

  • Add "Cryptosense 2022" profiles for everyone.
  • Check if a profile can be deleted before asking the user for confirmation.

22.03.5 - 2022-03-16

  • Add Jira integration:
    • The link to a Jira instance can be configured in the "Integrations" tab.
    • Users can then export individual findings as Jira issues.
    • Findings can also be exported in batches.
  • Add a Host Scanner download button for users authorized to analyze host scans.
  • Improve performance of dashboards for key store statistics coming from newly generated host scanner reports. This doesn't affect performance for existing reports.
  • Improve report generation performance when the organization has a lot of keys.
  • Add "Date Uploaded" and "Uploaded By" to traces in the project "Traces" tab.
  • Fix rule and instance counts in report export printable view.

22.03.4 - 2022-03-09

  • Update text shown only to users of the free demo account.

22.03.3 - 2022-03-09

  • Maintenance release.

22.03.2 - 2002-03-08

  • Add 5 new application analysis rules related to post-quantum readiness. Those rules are disabled by default.
  • Add a new "Post Quantum Readiness" builtin profile using only the aforementioned rules

22.03.1 - 2022-03-04

  • Fix a bug where the severity of certificate digest findings in host scan reports was not set to low for self-signed certificates inside keystores.

22.03.0 - 2022-03-02

  • Fix potential database synchronization issues associated with the organization keys table and automated deletion of old reports.
  • Fix overflow of a table in the report print view.

22.02.4 - 2022-02-18

  • Add a completedAt: String field to the Report type in the GraphQL API.
  • Add a url: String field to the Instance type in the GraphQL API.

22.02.3 - 2022-02-16

  • Fix CSV export of findings: the file was empty for some types of reports.

22.02.2 - 2022-02-15

  • Add new application analysis rule: "Asymmetric key-transport key outside cryptoperiod".
  • Enforce the uniqueness of project names within each organization.
  • In host scan reports, set severity of certificate digest findings to low if the certificate is self-signed.

22.02.1 - 2022-02-08

  • Maintenance release.

22.02.0 - 2022-02-01

  • Add organization keys tab. This shows all keys found in reports generated from now on. To see keys from old reports, you will need to run them again.

22.01.4 - 2022-01-31

  • Add help tooltips for some certificate filters: "Self-signed" and "CA certificates".
  • Improve performance of the "Certificates" tabs in all analyzer reports.

22.01.3 - 2022-01-21

  • Fix database migration script.

22.01.2 - 2022-01-21

  • Add pagination information (page number and next/previous page links) to the bottom of paginated lists.
  • Fix serialization and parsing of some key metadata.

22.01.1 - 2022-01-14

  • Fix issue with the filters for self-signed and CA certificates that caused some certificates to be hidden.
  • Add filters for key lengths to the keys and certificates tabs.

22.01.0 - 2022-01-10

  • Hide the "has-private-key" attribute in the key detail page for symmetric keys.

21.12.2 - 2021-12-29

  • Improve the performance of the "Keys" tab in host scanner reports, especially when the database contains a large number of file entries.

21.12.1 - 2021-12-20

  • Add the following rules to Java analysis:
    • Invalid certificate
    • Certificate validity too long
  • Extract certificates from KeyStore.getCertificateChain calls in Java.
  • Show organization name on dashboard.

21.12.0 - 2021-12-13

  • Add filters for key file type in host scanner reports
  • Add filters for self-signed and CA certificates for Java and host scanner reports.
  • Operations are now ordered by last call
  • Include Host Scanner rules into tracer profiles
  • Display compatible APIs for rules on the profile page
  • Improve performance of the keys tab in host scan reports.
  • New projects are multi-type, they can handle multiple trace types at once and summarize them.

21.11.3 - 2021-11-26

  • Fix parsing of X.509 certificate extensions, which caused wrong interpretations of whether some certificates are CA certificates or not.

21.11.2 - 2021-11-25

  • On the certificate details page, show whether a certificate is self-signed or a CA certificate.
  • Added certificate expiration and stale key warning limits to the profile.

21.11.1 - 2021-11-18

  • Display file type in key information column for keys tab in host scan reports.
  • Fix bug where all key files in a host scan were categorized as SSH keys. Key files are now categorized as SSH, PGP, PKCS#8, etc.
  • Change location stats computation: previously it was counting instances; now it counts locations and the maximum severity per location.

21.11.0 - 2021-11-16

  • First numbered version.