Micro Focus Fortify Software, Version 22.2.0
Release Notes
Document Release Date: November 2022, updated: 1/31/2023
Software Release Date: November 2022

IN THIS RELEASE

This document provides installation and upgrade notes, known issues, and workarounds that apply to release 22.2.0 of the Fortify product suite.

This information is not available elsewhere in the product documentation. For information on new features in this release, see What's New in Micro Focus Fortify Software 22.2.0, which is available on the Micro Focus Product Documentation website:

https://www.microfocus.com/support/documentation.

FORTIFY DOCUMENTATION UPDATES

Accessing Fortify Documentation

The Fortify Software documentation set contains installation, user, and deployment guides. In addition, you may find technical notes and release notes that describe forthcoming features, known issues, and last-minute updates. You can access the latest HTML or PDF versions of these documents from the Micro Focus Product Documentation website:

https://www.microfocus.com/support/documentation.

If you have trouble accessing our documentation, please contact Fortify Customer Support.                                  

INSTALLATION AND UPGRADE NOTES

Complete instructions for installing Fortify Software products are provided in the documentation for each product.

Fortify Static Code Analyzer

Migrating from a Patched Release of Fortify Static Code Analyzer: If your Fortify Static Code Analyzer installation has been patched, the last digit in the version number will be greater than zero. For instance, release 21.2.0 has a zero as the last digit which identifies it as a major release that has not been patched. Versions 20.1.6, 20.2.4, 21.1.4, and 21.2.3 are examples of patched releases. When upgrading from a patched Fortify Static Code Analyzer release, your configuration files and properties (fortify-sca.properties) might not carry over to the new installation. If you would like to migrate your configuration and properties settings to the new installation, please contact Fortify Customer Support for assistance.

Fortify Audit Workbench, Secure Code Plugins, and Tools

USAGE NOTES FOR THIS RELEASE

There is a landing page (https://fortify.github.io/) for our consolidated (Fortify on Demand + Fortify On-Premises) GitHub repository. It contains links to engineering documentation and the code to several projects, including a parser sample, our plugin framework, and our JavaScript Sandbox Project.

Fortify Static Code Analyzer

Fortify Software Security Center

Fortify ScanCentral SAST

KNOWN ISSUES

The following are known problems and limitations in Fortify Software 22.2.0. The problems are grouped according to the product area affected.

Fortify Software Security Center

Please pay attention when using tools to auto-generate API clients from Swagger spec. This might cause conflicts due to case insensitive process, and the generated client might need manual modification.

Fortify Static Code Analyzer

Fortify Audit Workbench, Secure Code Plugins, and Tools

Fortify ScanCentral DAST

GET /api/v2/scans/{scanId}/download-dast-service-logs 

A ZIP file that may contain multiple ZIP files is downloaded. This is because each time a scan is paused, interrupted, or completed, the logs are uploaded to the database. A scan may be resumed on a different scanner each time the scan is paused or interrupted, and the logs are saved each time.

IF NOT EXISTS (SELECT Id FROM ConfigurationSetting WHERE SettingName = 'UtilityWorkerServiceSettings.MaxReceiveMessageSize')

INSERT INTO ConfigurationSetting (SettingName, SettingValue, IsEncrypted)

VALUES ('UtilityWorkerServiceSettings.MaxReceiveMessageSize', '31457280', 0)

GO

Fortify WebInspect Enterprise

·         Completed scan request data presented in the WebInspect Enterprise WebConsole - Scan Requests UI may be overwritten when a new scan request is submitted for the same application version in Fortify Software Security Center. This issue will be resolved in a hotfix to 22.2.0.

·         When exporting a scan in XML format to import as an artifact to Fortify Software Security Center, fewer findings may be present in the imported file than were in the original scan.

NOTICES OF PLANNED CHANGES

This section includes product features that will be removed from a future release of the software. In some cases, the feature will be removed in the very next release. Features that are identified as deprecated represent features that are no longer recommended for use. In most cases, deprecated features will be completely removed from the product in a future release. Fortify recommends that you remove deprecated features from your workflow at your earliest convenience.

Note: For a list of technologies that will lose support in the next release, please see the “Technologies to Lose Support in the Next Release” topic in the Micro Focus Fortify Software System Requirements document.

Fortify Static Code Analyzer

Fortify Software Security Center

Fortify WebInspect

FEATURES NOT SUPPORTED IN THIS RELEASE

The following features are no longer supported. 

Note: For a list of technologies that are no longer supported in this release, please see the “Technologies no Longer Supported in this Release” topic in the Micro Focus Fortify Software System Requirements document. This list only includes features that have lost support in this release.

SUPPORT

If you have questions or comments about using this product, contact Micro Focus Fortify Customer Support using the following option.

To Manage Your Support Cases, Acquire Licenses, and Manage Your Account: https://www.microfocus.com/support.

LEGAL NOTICES

© Copyright 2022-2023 Micro Focus or one of its affiliates.

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. 

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.