Page tree

Skip to end of metadata
Go to start of metadata

In this release, we've focused on improvements to our security compliance solution and enhancements to Unit Test Assistant.

Extended Support for Java

We've added support for Java 11.

Extended Support for IDEs and Build Systems

We've added support for:

  • Eclipse 4.9, 4.10, and 4.11
  • IntelliJ 2018.3 and 2019.1
  • Maven 3.6.0

Support for Platforms

We've added support for:

  • Windows Server 2019

The following operating systems are no longer supported:

  • Windows 8
  • Windows Server 2008

Security Compliance Pack

In this release, we've introduced the Security Compliance Pack to give you instant access to test configurations that help you enforce compliance with security standards and practices. The Security Compliance Pack includes the following test configurations:

  • CERT for Java
  • CWE 3.2
  • CWE SANS Top 25 2011
  • CWE SANS Top 25 2011+On the Cusp
  • OWASP Top 10-2017
  • PCI DSS 3.2
  • UL 2900

See Built-in Test Configurations: Security Compliance Pack for details.

(info) Security Compliance Pack requires dedicated license features to be activated. Contact Parasoft Support for more details on licensing.

Unit Test Assistant Enhancements

In this release, we've enhanced the test creation process and improved the recommendations that appear after test execution.

New and Improved Recommendations

  • We've added the NullPointerException Thrown recommendation type to help you prevent NullPointerException from being thrown; see NullPointerException Thrown.
  • We've enhanced Exceptions and assertion errors recommendations to include action links that help you handle exceptions and automatically update your test code; see Exceptions and Assertion Errors.
  • We've extended Uncovered code recommendations to be displayed for exception catch blocks that are not covered by any tests; see Uncovered Code.

Enhanced Unit Test Creation

You can now:

We've also improved the deep initialization mode to automatically initialize inaccessible fields and fields in parent classes when the tests are created.

Test Impact Analysis Improvements

  • Information about correlations between tests and code now persists between restarts of the IDE.
  • You can now use the context menu in the Impacted Unit Tests view to navigate to the test code and run selected tests.

See Test Impact Analysis for details.

New and Updated Test Configurations

We've added the following test configurations:

  • CWE 3.2
  • CWE SANS Top 25 2011+On the Cusp
  • CWE SANS Top 25 2011
  • OWASP Top 10-2017
  • PCI DSS 3.2
  • UL 2900

The following test configuration has been moved from the Static Analysis category to the Security Compliance Pack category (see Security Compliance Pack):

  • CERT for Java

The following test configurations have been updated to improve analysis results:

  • Demo Configuration
  • Flow Analysis Aggressive

See Built-in Test Configurations for the list of test configurations shipped with Jtest.

Deprecated Test Configurations

  • CWE-SANS Top 25 2011 – deprecated and replaced with the new CWE SANS Top 25 2011 test configuraion
  • PCI Data Security Standard – deprecated and replaced with the new PCI DSS 3.2 test configuration.

  • UL 2900 – deprecated and replaced with the new UL 2900 test configuration that includes CWE SANS Top 25 2011 on the Cusp and OWASP Top 10 2017 rules.
  • OWASP Top 10 2017 – deprecated and replaced with the new OWASP Top 10-2017

The deprecated test configurations are not available by default and can only be applied as user-defined test configuration. They are now shipped with Jtest in the following location: [INSTALL_DIR]\configs\Deprecated.

New Static Analysis Rules

We've added the following static analysis rules:

Rule ID



Consistently check the returned value of non-void functions


Avoid integer overflows


Protect against using unprotected credentials


Ensure that comments do not contain task tags


Ensure that comments do not contain task tags


Ensure that comments do not contain task tags


Avoid parsing untrusted data with XMLDecoder


Disable XML external entity injection


Ensure proper session expiration


Disable LDAP deserialization


Ensure that sessions are configured to time out in 'web.xml' files


Avoid using custom MessageDigest implementations


Avoid using insecure cryptographic algorithms for data encryption with Spring


Avoid using insecure cryptographic algorithms in Spring XML configurations


Avoid using the javax.crypto.NullCipher class in non-test classes


Avoid using the DriverManagerDataSource class in production code


Avoid debug information from Spring Security framework to logs


Avoid using the 'getRequestedSessionId' method from the 'HttpServletRequest' class


Ensure the HostnameVerifier.verify() method validates the certificate


MessageDigest objects must process the data with the 'update' method


Use hash functions with a salt


Ensure sufficient protection against multiple failed authentication attempts


Mark cookies as HttpOnly


Initialize KeyGenerator instances


Properly validate server identity

Updated Static Analysis Rules

The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:


Resolved Bugs and FRs



JT-49237json test and resource paths does not exist
JT-70472'Flow Analysis Aggressive' test configuration unable to be edited when duplicated locally
JT-70473PB.NUM.UBD considers only float or double variables
JT-70475PB.IKICO false positive
JT-70584jtest-monitor goal is failing to generate coverage.xml file on the attached project
JT-70618Not able to collect Application Coverage on the prospect's project


The type Spring Security appear after jtest run in html report


The type Spring Security appear after jtest run in html report
JT-70817Import javafx.application cannot be resolved during analysis from CLI
JT-70827Providing . as an argument for project.location parameter does not work as expected


Mocking recommendation when using Mockito annotations.


Method not mocked for parameterized Spring test


Empty PDF report created in various versions of IntelliJ.


Unable to obtain license for Jtest run from IntelliJ IDE.


Can user name set inside the IDE override system user?


JUnit view is garbled when executing impact test in Eclipse.


Change based testing doesn't work in Japanese locale.


Mocking recommendation when using Mockito annotations.


Method not mocked for parameterized Spring test

  • No labels