CSEC Java Agent Version 1.7.0

[lovesh-ap]

Adds

• PR-395 Support for Deserialization Vulnerability Detection: Implemented mechanisms to detect vulnerabilities arising from unsafe deserialization processes.
• PR-395 Support for Vulnerability Detection of Remote Code Invocation via Reflection: Enhanced capability to identify security risks associated with remote code execution through reflection.
• PR-343 HTTP Response Handling for Vulnerabilities: Developed the functionality to send HTTP responses for detected vulnerabilities directly to the UI.

Changes

• PR-343 Trimmed Response Body: Updated the response handling logic to trim response bodies to a maximum of 500KB when larger. This optimization aids in performance and resource conservation.
• PR-396 Upgraded commons-io:commons-io from version 2.7 to 2.14.0
• PR-403 GraphQL Supported Version Range: Restricted the supported version range for GraphQL due to the release of a new version on April 7th, 2025

Fixes

• PR-372 Repeat IAST Request Replay Commands: Reconfigured logic to repeat IAST control commands until the endpoint is confirmed.

Note

• The instrumentation for the module com.newrelic.instrumentation.security.java-reflection is disabled by default. This is due to its impact on CPU utilization, which can significantly increase when the module is active.
• Action Required: To detect unsafe reflection vulnerabilities effectively, enable the com.newrelic.instrumentation.security.java-reflection module.