Release Notes 4.3
  • 1 Minute to read
  • Contributors
  • Dark

Release Notes 4.3

  • Dark

CodeScan 4.3

New Features

New Apex Security Hotspots

  • Deserializing JSON Is Security-Sensitive: Deserializing an object from an untrusted source is security-sensitive. An attacker could modify the content of the data.
  • Encrypting Data Is Security-Sensitive: Encrypting data is security-sensitive. Although most encryption problems are solved or managed by Salesforce, care must be taken when relying on encryption.
  • Type Reflection Is Security Sensitive: Dynamically executing code is security-sensitive. If the code comes from an untrusted source, the untrusted source may be able to choose which code to run.
  • Using Cookies Is Security-Sensitive: Attackers can use widely available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
  • Using UserInfo.GetSessionId() Is Security-Sensitive: The use of UserInfo.GetSessionId() is security-sensitive. Ensure that you need to do this.

New Visualforce Security Hotspots

  • Using GETSESSIONID() and $API.Session_Id is security-sensitive: The use of GETSESSIONID() and $API.Session_Id is security-sensitive. Ensure that you need to do this.

Quality Profiles

  • Removed Unescaped Source rule from default Apex profile (v4.3.12).
  • Removed deprecated rule javascript: S2228 from Salesforce Lightning Quality Profile (v4.3.9).


  • SonarQube™ Ant task has been updated to
  • SOQL Injection Rule updated and improved.(v4.3.11)
  • Open Redirect Rule updated and improved. (v4.3.11, v4.3.12)

Bug Fixes

  • Bug fixed in RightLineBracesPositions rule.
  • Bug fixed in Field Level Security Vulnerabilities rule. (v4.3.10)
  • Bug fixed in Preserve Stack Trace Rule (v4.3.12)
  • Bug fixed in Unescaped Source Rule (v4.3.12)

Was this article helpful?