Release date: October 12, 2021
Native Penetration Testing Support
Parasoft SOAtest now supports native penetration testing of API test scenarios. You can efficiently take your existing API functional testing scenarios and create security tests, adding penetration testing into your automated CI process. By leveraging already-existing functional tests for security scenarios, teams can approach security testing earlier, and address critical security defects before they are buried deep in the release.
See Penetration Testing for more details.
OpenAPI Validation
You can now perform well-formedness and semantic validation on OpenAPI and Swagger definitions. This helps ensure that your services can be properly consumed by other applications and is an important step toward better API governance.
See Open API and Swagger Validator for additional information.
Custom Test Configurations for the SOAtest and Virtualize Server Web Archive
You can now create custom test configurations in the SOAvirt.war workspace and use them to exercise your tests using different configurations.
As part of this change, the correct test configuration must be specified. The server will no longer substitute the default test configuration if no configuration or the incorrect configuration is specified.
Ability to Register SOAtest and Virtualize Server from the CTP UI
CTP administrators can now connect servers to CTP from the Virtualize Servers screen in CTP.
Read Operation Added to Native CRUD Tool
The native create, read, update, delete (CRUD) tool is now functionally complete. The addition of the Read operation enables you to copy (or extract) values from a data set record and update a record in the data repository.
Streamlined Test Impact Analysis
You can now generate the baseline coverage report by configuring and running a test configuration. See Test Impact Analysis.
Publishing Results from CTP Jobs to DTP
You can now configure your CTP jobs to send results to DTP. See Using Jobs with Automated Provisioning.
Ability to Generate Parameterized Messages From RESTful Service Definitions
You can now specify a RESTful service definition without recorded traffic to create parameterized clients and responders in the traffic wizard. This allows users to generate parameterized messages based solely on the service definition when recorded traffic is not available. It also allows users to easily update an existing template when a new resource is introduced to a service definition.
- You can now select Empty Groups to enable the traffic wizard to allow message groups defined in a service definition or template file to be created even if the groups do not contain messages from a traffic file.
Report Updates
The format of HTML, PDF, and XML reports produced by desktop installations is now consistent with the reports produced by the WAR deployment, with a more modern look and feel. Note: There are some limitations in the updated reports produced by desktop installations. See Legacy Report Format for more details.
Introduced an option in the WAR deployment to add details to the XML report about the active environment used during test execution.
Introduced an option in the WAR deployment to add details to the XML report about the results of individual assertions run by the JSON Assertor and XML Assertor tools.
Additional Updates
Ability to share URLs to .tst and .pva files in CTP.
- Right-click action menus on Test Scenario and Virtual Asset trees in CTP.
- The Parasoft Search can now search for tools and test suite variables by name.
- Internet Explorer 11 (IE11) will no longer be supported beyond this release (2021.2).
- CTP integration with SOAtest & Virtualize 9.10 will no longer be supported beyond this release (2021.2).
- Ability to create message proxies and modify HTTP, JMS, and MQ connection settings from CTP.
- Ability to configure localsettings properties in the SOAtest server REST API used for executing tests (/testExecutions).
- Addressed log4j vulnerability CVE-2021-44228 in version 2021.2.1.
Breaking Changes
- Silent installs of SOAtest and Virtualize on Linux or Mac in non-interactive mode will fail unless
--accept-eula yesis also passed as a command-line argument. - WAR deployment requires acceptance of the Parasoft End User License Agreement. See Configuring Virtualize Server for more details.
The extension for SOA policy configuration files has been changed from .policy to .soapolicy. To open existing policy files in the Policy Configuration panel, rename existing policy files to use the extension .soapolicy. See SOA Quality Governance and Policy Enforcement for details.
- Associations between tests and development artifacts no longer support specification of an individual URL for each association. Now, a URL template for each type of association must be configured for links to the artifacts to appear in generated reports. After SOAtest upgrade, you need to do one of the following in order for links to continue to appear in the reports:
Specify URL templates for the associations. See Linking to Correlated Artifacts in Reports for details.
Enable the legacy report format. See Legacy Report Format for details.
Resolved PRs and FRs
| ID | Description |
|---|---|
| CTP-6061 | Subscribe to CTP jobs to receive an email on job completion. |
| CTP-7460 | CTP server pages loading slowly. |
| CTP-7505 | Jobs get stuck in queue but stopping and starting the server fixes it |
| CTP-7589 | Excel data source files are corrupted after CTP upload. |
| SOA-3280 | Show all assertions used during test in report xml |
| SOA-8013 | Database Tool Returns zero or empty string for null values |
| SOA-12197 | Support for MongoDB 4.0 in the MongoDB Query Tool |
| SOA-13005 | Full support for suppressions in SOAtest desktop |
| SOA-13515 | Update Parasoft Findings for TeamCity to Accept SOAtest Reports from WAR Deployment |
| SOA-13641 | Document which proxy settings (Eclipse or SOAtest) to use for which purpose |
| SOA-13936 | Headless SOAtest Fails to Update Offline from 2020.2 to 2021.1 on Windows |
| SOA-13964 | SOAtest started with IBM java throws error with xlsx excel files |
| SOA-14014 | multipart/form-data table writes text parts using platform default charset |
| SOA-14057 | DB Tool appears to hang for certain SQL queries |
| VIRT-2588 | Custom Listeners Display Warnings When Not In Use |
| VIRT-3541 | Parameterized traffic wizard use service definition for grouping and Data Repository |
| VIRT-4146 | Create data repository from payload ability to name root record type |
| VIRT-4641 | Data Repository CRUD Tool Read Operation |
| VIRT-4759 | Parasoft search by tool name |
| VIRT-4760 | Parasoft search by test suite variable name |
| VIRT-4781 | NPE when attempting to get to parameterized traffic wizard from Desktop UI |
| VIRT-4876 | MIME Type hal+json Does Not Appear for Responders |
| VIRT-4880 | Database data source does not report failure event |
| VIRT-4892 | ISO8583 Extension support relative path for Packager Path |
| VIRT-4893 | Double byte numbers not handled correctly in data repository column names |
| VIRT-4894 | Documentation for HTTPS on SOAVirt WAR file is inaccurate |
